pronto-brakeman 0.9.0 → 0.11.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +5 -5
  2. data/.github/CODEOWNERS +3 -0
  3. data/.github/workflows/checks.yml +24 -0
  4. data/README.md +14 -4
  5. data/lib/pronto/brakeman/version.rb +1 -1
  6. data/lib/pronto/brakeman.rb +29 -10
  7. data/pronto-brakeman.gemspec +3 -3
  8. metadata +8 -13
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 67abc178603d684561603dd2f90cbc192866f881
4
- data.tar.gz: 41bb50779dbfcf0013eb590b74af5ebe153f26ae
2
+ SHA256:
3
+ metadata.gz: cab70317e2e7947ea734fd71d2068ce514b9c9cbe5abafd31c0afd47f1dfeb8c
4
+ data.tar.gz: 69b0a138c4db8c02fd51bf5d55ac311e21b4dc153e8d200f6d150b53629aeb75
5
5
  SHA512:
6
- metadata.gz: bebd7595638dbb5854ee8a144bf0b92d4153b13ac1342857ecce189f98fade14243b6d9db1922c10762791eab6a8cd8cc9aee3b22b60e798dcd41bc1974a884f
7
- data.tar.gz: 01de7b0abf4bed57c8106ea9662c43980694281a637f1a06d21acfa4ac841e646871fd3584d359f2f9856b79ff793eaafbd6e73f13296021b9b022aa1e53b816
6
+ metadata.gz: 979f1c9c6ee6dd53b12334e38fb83fd81b203f0930dd7645a07d255de7e25dab31d43468273511b08d913e59fb80b66e8d5842537e90efb09ea04d674369cd10
7
+ data.tar.gz: 1de572cc71827b47ff58c376a52f0c585ef185540d7ec3c7e21becaacc7d73e61e725efc71894fb1ff2cd983c24fb294522c90955759534b004e7683c0e97776
data/.github/CODEOWNERS ADDED
@@ -0,0 +1,3 @@
1
+ # Order is important. The last matching pattern takes the most precedence.
2
+ # Default owners for everything in the repo.
3
+ * @prontolabs/core
data/.github/workflows/checks.yml ADDED
@@ -0,0 +1,24 @@
1
+ name: Checks
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ ruby:
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ ruby: ['2.5', '2.6', '2.7', '3.0']
15
+ steps:
16
+ - uses: actions/checkout@v2
17
+ with:
18
+ fetch-depth: 0 # required for "not a rails app" spec
19
+ - uses: ruby/setup-ruby@v1
20
+ with:
21
+ ruby-version: ${{ matrix.ruby }}
22
+ bundler-cache: true
23
+ - name: rake spec
24
+ run: bundle exec rake spec
data/README.md CHANGED
@@ -1,14 +1,24 @@
1
1
  # Pronto runner for Brakeman
2
2
 
3
- [![Code Climate](https://codeclimate.com/github/mmozuras/pronto-brakeman.png)](https://codeclimate.com/github/mmozuras/pronto-brakeman)
4
- [![Build Status](https://travis-ci.org/mmozuras/pronto-brakeman.png)](https://travis-ci.org/mmozuras/pronto-brakeman)
3
+ [![Code Climate](https://codeclimate.com/github/prontolabs/pronto-brakeman.png)](https://codeclimate.com/github/prontolabs/pronto-brakeman)
4
+ [![Build Status](https://github.com/prontolabs/pronto-brakeman/actions/workflows/checks.yml/badge.svg)](https://github.com/prontolabs/pronto-brakeman/actions/workflows/checks.yml)
5
5
  [![Gem Version](https://badge.fury.io/rb/pronto-brakeman.png)](http://badge.fury.io/rb/pronto-brakeman)
6
- [![Dependency Status](https://gemnasium.com/mmozuras/pronto-brakeman.png)](https://gemnasium.com/mmozuras/pronto-brakeman)
7
6
 
8
- Pronto runner for [Brakeman](https://github.com/presidentbeef/brakeman), security vulnerability scanner for RoR. [What is Pronto?](https://github.com/mmozuras/pronto)
7
+ Pronto runner for [Brakeman](https://github.com/presidentbeef/brakeman), security vulnerability scanner for RoR. [What is Pronto?](https://github.com/prontolabs/pronto)
9
8
 
10
9
  ## Severity mapping
11
10
 
12
11
  Brakeman [Confidence](https://github.com/presidentbeef/brakeman#confidence-levels) is mapped to severity levels on the
13
12
  messages generated by Pronto. High confidence maps to fatal, medium confidence maps to warning, and low confidence maps
14
13
  to info.
14
+
15
+ ## Run all checks
16
+
17
+ Brakeman also includes some optional checks and by setting the following in your `.pronto.yml` you can run every check included in the gem:
18
+
19
+ ```yaml
20
+ brakeman:
21
+ run_all_checks: true
22
+ ```
23
+
24
+ (This is the equivalent of running `brakeman -A` on the command line.)
data/lib/pronto/brakeman/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Pronto
2
2
  module BrakemanVersion
3
- VERSION = '0.9.0'.freeze
3
+ VERSION = '0.11.1'.freeze
4
4
  end
5
5
  end
data/lib/pronto/brakeman.rb CHANGED
@@ -4,23 +4,25 @@ require 'brakeman'
4
4
  module Pronto
5
5
  class Brakeman < Runner
6
6
  def run
7
- files = ruby_patches.map do |patch|
7
+ patches = ruby_patches | erb_patches
8
+ files = patches.map do |patch|
8
9
  patch.new_file_full_path.relative_path_from(repo_path).to_s
9
- end
10
+ end.sort
10
11
 
11
12
  return [] unless files.any?
12
13
 
13
14
  output = ::Brakeman.run(app_path: repo_path,
14
15
  output_formats: [:to_s],
15
- only_files: files)
16
- messages_for(ruby_patches, output).compact
16
+ only_files: files,
17
+ run_all_checks: run_all_checks?)
18
+ messages_for(patches, output).compact
17
19
  rescue ::Brakeman::NoApplication
18
20
  []
19
21
  end
20
22
 
21
- def messages_for(ruby_patches, output)
23
+ def messages_for(code_patches, output)
22
24
  output.filtered_warnings.map do |warning|
23
- patch = patch_for_warning(ruby_patches, warning)
25
+ patch = patch_for_warning(code_patches, warning)
24
26
 
25
27
  next unless patch
26
28
  line = patch.added_lines.find do |added_line|
@@ -34,7 +36,7 @@ module Pronto
34
36
  def new_message(line, warning)
35
37
  Message.new(line.patch.delta.new_file[:path], line,
36
38
  severity_for_confidence(warning.confidence),
37
- "Possible security vulnerability: #{warning.message}",
39
+ "Possible security vulnerability: [#{warning.message}](#{warning.link})",
38
40
  nil, self.class)
39
41
  end
40
42
 
@@ -49,10 +51,27 @@ module Pronto
49
51
  end
50
52
  end
51
53
 
52
- def patch_for_warning(ruby_patches, warning)
53
- ruby_patches.find do |patch|
54
- patch.new_file_full_path.to_s == warning.file
54
+ def patch_for_warning(code_patches, warning)
55
+ code_patches.find do |patch|
56
+ patch.new_file_full_path.to_s == warning.file.absolute
55
57
  end
56
58
  end
59
+
60
+ def run_all_checks?
61
+ pronto_brakeman_config['run_all_checks']
62
+ end
63
+
64
+ def pronto_brakeman_config
65
+ pronto_brakeman_config ||= Pronto::ConfigFile.new.to_h['brakeman'] || {}
66
+ end
67
+
68
+ def erb_patches
69
+ @erb_patches ||= Array(@patches).select { |patch| patch.additions > 0 }
70
+ .select { |patch| erb_file?(patch.new_file_full_path) }
71
+ end
72
+
73
+ def erb_file?(path)
74
+ File.extname(path) == '.erb'
75
+ end
57
76
  end
58
77
  end
data/pronto-brakeman.gemspec CHANGED
@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
14
14
  s.summary = 'Pronto runner for Brakeman, security vulnerability scanner for RoR'
15
15
 
16
16
  s.licenses = ['MIT']
17
- s.required_ruby_version = '>= 2.0.0'
17
+ s.required_ruby_version = '>= 2.5.0'
18
18
  s.rubygems_version = '1.8.23'
19
19
 
20
20
  s.files = `git ls-files`.split($RS).reject do |file|
@@ -32,8 +32,8 @@ Gem::Specification.new do |s|
32
32
  s.extra_rdoc_files = ['LICENSE', 'README.md']
33
33
  s.require_paths = ['lib']
34
34
 
35
- s.add_runtime_dependency('pronto', '~> 0.9.0')
36
- s.add_runtime_dependency('brakeman', '~> 3.2', '>= 3.2.0')
35
+ s.add_runtime_dependency('pronto', '~> 0.11.0')
36
+ s.add_runtime_dependency('brakeman', '>= 3.2.0')
37
37
  s.add_development_dependency('rake', '~> 12.0')
38
38
  s.add_development_dependency('rspec', '~> 3.4')
39
39
  s.add_development_dependency('rspec-its', '~> 1.2')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pronto-brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
4
+ version: 0.11.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mindaugas Mozūras
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-04-23 00:00:00.000000000 Z
11
+ date: 2021-12-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: pronto
@@ -16,21 +16,18 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.9.0
19
+ version: 0.11.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.9.0
26
+ version: 0.11.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: brakeman
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
32
- - !ruby/object:Gem::Version
33
- version: '3.2'
34
31
  - - ">="
35
32
  - !ruby/object:Gem::Version
36
33
  version: 3.2.0
@@ -38,9 +35,6 @@ dependencies:
38
35
  prerelease: false
39
36
  version_requirements: !ruby/object:Gem::Requirement
40
37
  requirements:
41
- - - "~>"
42
- - !ruby/object:Gem::Version
43
- version: '3.2'
44
38
  - - ">="
45
39
  - !ruby/object:Gem::Version
46
40
  version: 3.2.0
@@ -94,6 +88,8 @@ extra_rdoc_files:
94
88
  - LICENSE
95
89
  - README.md
96
90
  files:
91
+ - ".github/CODEOWNERS"
92
+ - ".github/workflows/checks.yml"
97
93
  - LICENSE
98
94
  - README.md
99
95
  - lib/pronto/brakeman.rb
@@ -111,15 +107,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
111
107
  requirements:
112
108
  - - ">="
113
109
  - !ruby/object:Gem::Version
114
- version: 2.0.0
110
+ version: 2.5.0
115
111
  required_rubygems_version: !ruby/object:Gem::Requirement
116
112
  requirements:
117
113
  - - ">="
118
114
  - !ruby/object:Gem::Version
119
115
  version: '0'
120
116
  requirements: []
121
- rubyforge_project:
122
- rubygems_version: 2.6.10
117
+ rubygems_version: 3.2.5
123
118
  signing_key:
124
119
  specification_version: 4
125
120
  summary: Pronto runner for Brakeman, security vulnerability scanner for RoR