paraxial 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/paraxial/cli.rb +26 -1
- data/lib/paraxial/version.rb +1 -1
- data/lib/paraxial.rb +1 -0
- data/lib/rubocop/cop/paraxial/raw.rb +22 -0
- metadata +17 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2ef49572c0555fdaea4bc13d94f4faa2d771a9919ee54304d832b5b97306cc09
|
|
4
|
+
data.tar.gz: 3bd3f48e2517d1c309e8c57ec8814a6bf9077506c461904c5f38f1ecc7e35dd3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6ed1f565c95cffdc6e8940d2c92c1cee7c7cd6157fe5da9f304746a65c1687ca74141483add2ca13616cfe82371a27b396ae4fcb178dffb80cac014ace5ac152
|
|
7
|
+
data.tar.gz: aa3ab3d9ff75cd0ff804a859eebd847ca60d2be053dd004c963d7ed612296d7a574691accfdd26b2788126c94ad9d6311a0f77d9d4dc44d97cb169bd26f6d015
|
data/lib/paraxial/cli.rb
CHANGED
|
@@ -18,6 +18,15 @@ module Paraxial
|
|
|
18
18
|
|
|
19
19
|
def scan
|
|
20
20
|
puts '[Paraxial] Scan starting...'
|
|
21
|
+
if check_rubocop_configuration
|
|
22
|
+
puts '[Paraxial] .rubocop.yml is valid.'
|
|
23
|
+
else
|
|
24
|
+
puts '[Paraxial] .rubocop.yml is missing rubocop-erb. To scan embedded Ruby files for security problems, add:'
|
|
25
|
+
puts '.rubocop.yml'
|
|
26
|
+
puts 'require:'
|
|
27
|
+
puts '- rubocop-erb'
|
|
28
|
+
end
|
|
29
|
+
|
|
21
30
|
|
|
22
31
|
if Paraxial::Helpers.get_api_key.nil?
|
|
23
32
|
puts '[Paraxial] Environment variable PARAXIAL_API_KEY not found'
|
|
@@ -40,7 +49,7 @@ module Paraxial
|
|
|
40
49
|
m = JSON.parse(response.body)
|
|
41
50
|
findings = m['ok']['findings']
|
|
42
51
|
puts
|
|
43
|
-
puts "[Paraxial] Scan count #{findings.length}"
|
|
52
|
+
puts "[Paraxial] Scan count: #{findings.length}"
|
|
44
53
|
puts
|
|
45
54
|
findings.each do |finding|
|
|
46
55
|
puts finding
|
|
@@ -89,5 +98,21 @@ module Paraxial
|
|
|
89
98
|
end
|
|
90
99
|
end
|
|
91
100
|
|
|
101
|
+
private
|
|
102
|
+
|
|
103
|
+
def check_rubocop_configuration
|
|
104
|
+
rubocop_file = File.join(Dir.pwd, '.rubocop.yml')
|
|
105
|
+
|
|
106
|
+
return false unless File.exist?(rubocop_file)
|
|
107
|
+
|
|
108
|
+
config = YAML.load_file(rubocop_file)
|
|
109
|
+
required_key = 'require'
|
|
110
|
+
|
|
111
|
+
if config.is_a?(Hash) && config[required_key].is_a?(Array)
|
|
112
|
+
config[required_key].include?('rubocop-erb')
|
|
113
|
+
else
|
|
114
|
+
false
|
|
115
|
+
end
|
|
116
|
+
end
|
|
92
117
|
end
|
|
93
118
|
end
|
data/lib/paraxial/version.rb
CHANGED
data/lib/paraxial.rb
CHANGED
|
@@ -8,6 +8,7 @@ require_relative 'rubocop/cop/paraxial/system'
|
|
|
8
8
|
require_relative 'rubocop/cop/paraxial/send'
|
|
9
9
|
require_relative 'rubocop/cop/paraxial/constantize'
|
|
10
10
|
require_relative 'rubocop/cop/paraxial/html_safe'
|
|
11
|
+
require_relative 'rubocop/cop/paraxial/raw'
|
|
11
12
|
require_relative 'rubocop/cop/paraxial/sql'
|
|
12
13
|
require_relative 'paraxial/version'
|
|
13
14
|
require_relative 'paraxial/cli'
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
module RuboCop
|
|
2
|
+
module Cop
|
|
3
|
+
module Paraxial
|
|
4
|
+
class Raw < Base
|
|
5
|
+
MSG = '`raw` leads to XSS when called on user input'
|
|
6
|
+
|
|
7
|
+
def on_send(node)
|
|
8
|
+
method_name = node.method_name
|
|
9
|
+
return unless send_methods.include?(method_name)
|
|
10
|
+
|
|
11
|
+
add_offense(node, message: format(MSG, method: method_name))
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def send_methods
|
|
17
|
+
[:raw]
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: paraxial
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Lubas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-09-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -66,6 +66,20 @@ dependencies:
|
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: rubocop-erb
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ">="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0'
|
|
76
|
+
type: :runtime
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ">="
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0'
|
|
69
83
|
description:
|
|
70
84
|
email:
|
|
71
85
|
- michael@paraxial.io
|
|
@@ -90,6 +104,7 @@ files:
|
|
|
90
104
|
- lib/rubocop/cop/paraxial/constantize.rb
|
|
91
105
|
- lib/rubocop/cop/paraxial/csrf.rb
|
|
92
106
|
- lib/rubocop/cop/paraxial/html_safe.rb
|
|
107
|
+
- lib/rubocop/cop/paraxial/raw.rb
|
|
93
108
|
- lib/rubocop/cop/paraxial/send.rb
|
|
94
109
|
- lib/rubocop/cop/paraxial/sql.rb
|
|
95
110
|
- lib/rubocop/cop/paraxial/system.rb
|