paraxial 0.6.0 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/paraxial/initializers/marshal_patch.rb +1 -1
  3. data/lib/paraxial/version.rb +1 -1
  4. data/lib/paraxial.rb +2 -2
  5. data/lib/rubocop/cop/paraxial/html_safe.rb +1 -1
  6. data/lib/rubocop/cop/paraxial/raw.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2ef49572c0555fdaea4bc13d94f4faa2d771a9919ee54304d832b5b97306cc09
4
- data.tar.gz: 3bd3f48e2517d1c309e8c57ec8814a6bf9077506c461904c5f38f1ecc7e35dd3
3
+ metadata.gz: a8acee8353bb32e2bebce880b05661b968904d02f9e0748b6041325d8f24491b
4
+ data.tar.gz: 4ef0694246bc93ae69c1f88a439be89e5fdbd29bcd0ee53406de63d19a791257
5
5
  SHA512:
6
- metadata.gz: 6ed1f565c95cffdc6e8940d2c92c1cee7c7cd6157fe5da9f304746a65c1687ca74141483add2ca13616cfe82371a27b396ae4fcb178dffb80cac014ace5ac152
7
- data.tar.gz: aa3ab3d9ff75cd0ff804a859eebd847ca60d2be053dd004c963d7ed612296d7a574691accfdd26b2788126c94ad9d6311a0f77d9d4dc44d97cb169bd26f6d015
6
+ metadata.gz: 8127e330796dcea327b3b8b029831c4b851e548df33bf114a4a7b07039e34ed1f48687525747ce11ce08298771a28f95edc0d420bae07d776f08e5b812fdd566
7
+ data.tar.gz: 40a7c37df1123e0f8dfc87d31e950f8fc35fbea1729f436405ae18c8af9d1f77d76217450e0e21cb44fd3a713afb6bf49d16bcfda8f5ad5ab00c87c42e492712
data/lib/paraxial/initializers/marshal_patch.rb CHANGED
@@ -4,7 +4,7 @@ unless Rails.env.test? || File.basename($0) == 'rake' || defined?(Rails::Generat
4
4
  alias_method :original_load, :load
5
5
 
6
6
  def load(source, proc = nil)
7
- exg = Paraxial.configuration.exploit_guard
7
+ exg = Paraxial.configuration&.exploit_guard || nil
8
8
  if [:monitor, :block].include?(exg)
9
9
  if source.is_a?(String) && source.match?(/ActionView|Net::BufferedIO|ERB|ActiveSupport/)
10
10
  puts "[Paraxial] Exploit Guard triggered, malicious input to Marshal.load"
data/lib/paraxial/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Paraxial
4
- VERSION = '0.6.0'
4
+ VERSION = '0.8.0'
5
5
  end
data/lib/paraxial.rb CHANGED
@@ -83,7 +83,7 @@ module Paraxial
83
83
 
84
84
  def self.check_exploit_guard
85
85
  if configuration.nil?
86
- puts "[Paraxial] Exploit Guard, no config exists, will not run"
86
+ puts "[Paraxial] Exploit Guard, no configuration exists, will not run"
87
87
  return
88
88
  end
89
89
 
@@ -95,7 +95,7 @@ module Paraxial
95
95
  when nil
96
96
  puts "[Paraxial] Exploit Guard, not configured, will not run"
97
97
  else
98
- puts "[Paraxial] Exploit Guard, bad value"
98
+ puts "[Paraxial] Exploit Guard, bad configuration value: #{configuration.exploit_guard}, will not run"
99
99
  end
100
100
  end
101
101
 
data/lib/rubocop/cop/paraxial/html_safe.rb CHANGED
@@ -2,7 +2,7 @@ module RuboCop
2
2
  module Cop
3
3
  module Paraxial
4
4
  class HTMLSafe < Base
5
- MSG = '`html_safe` leads to XSS when called on user input'
5
+ MSG = '`html_safe` leads to XSS when called on user input.'
6
6
 
7
7
  def on_send(node)
8
8
  method_name = node.method_name
data/lib/rubocop/cop/paraxial/raw.rb CHANGED
@@ -2,7 +2,7 @@ module RuboCop
2
2
  module Cop
3
3
  module Paraxial
4
4
  class Raw < Base
5
- MSG = '`raw` leads to XSS when called on user input'
5
+ MSG = '`raw` leads to XSS when called on user input.'
6
6
 
7
7
  def on_send(node)
8
8
  method_name = node.method_name
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: paraxial
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Lubas
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-09-04 00:00:00.000000000 Z
11
+ date: 2024-09-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec