pronto-brakeman 0.11.1 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/checks.yml +3 -2
- data/README.md +12 -2
- data/lib/pronto/brakeman/version.rb +1 -1
- data/lib/pronto/brakeman.rb +6 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9675b2199073a2d7c5a699566908e328857df5b8436883a4ba0e3cd13cd2a21b
|
|
4
|
+
data.tar.gz: 968a3ca4b5c61613b7fc332bf2d6392dbd0c2d8d348508179305e3c0f49ce34a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 272d5ccaabbfaa868d78d42fc95327206af72906c68f8f0ad0bee48e038a400647652ba027b9632c54c00943c7f5d093000ac9ce66170a15ae49960d95bf852b
|
|
7
|
+
data.tar.gz: 635580663ba6f66456e903e17a4f0acd1bb552e87edd382f15a3c687730d0e5a74a08a591de3bfbd61d0cbb939bf5efa74045ca90daafcd1feb1bd04973fd831
|
|
@@ -11,9 +11,10 @@ jobs:
|
|
|
11
11
|
runs-on: ubuntu-latest
|
|
12
12
|
strategy:
|
|
13
13
|
matrix:
|
|
14
|
-
ruby: ['2.5', '2.6', '2.7', '3.0']
|
|
14
|
+
ruby: ['2.5', '2.6', '2.7', '3.0', '3.1', '3.2']
|
|
15
|
+
fail-fast: false
|
|
15
16
|
steps:
|
|
16
|
-
- uses: actions/checkout@
|
|
17
|
+
- uses: actions/checkout@v3
|
|
17
18
|
with:
|
|
18
19
|
fetch-depth: 0 # required for "not a rails app" spec
|
|
19
20
|
- uses: ruby/setup-ruby@v1
|
data/README.md
CHANGED
|
@@ -12,13 +12,23 @@ Brakeman [Confidence](https://github.com/presidentbeef/brakeman#confidence-level
|
|
|
12
12
|
messages generated by Pronto. High confidence maps to fatal, medium confidence maps to warning, and low confidence maps
|
|
13
13
|
to info.
|
|
14
14
|
|
|
15
|
-
|
|
16
|
-
|
|
15
|
+
# Options
|
|
17
16
|
Brakeman also includes some optional checks and by setting the following in your `.pronto.yml` you can run every check included in the gem:
|
|
18
17
|
|
|
18
|
+
## Run all checks
|
|
19
|
+
|
|
19
20
|
```yaml
|
|
20
21
|
brakeman:
|
|
21
22
|
run_all_checks: true
|
|
22
23
|
```
|
|
23
24
|
|
|
24
25
|
(This is the equivalent of running `brakeman -A` on the command line.)
|
|
26
|
+
|
|
27
|
+
## Ignore file
|
|
28
|
+
|
|
29
|
+
```yaml
|
|
30
|
+
brakeman:
|
|
31
|
+
ignore_file: '.brakeman'
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
(This is the equivalent of running `brakeman -i IGNOREFILE` on the command line.)
|
data/lib/pronto/brakeman.rb
CHANGED
|
@@ -14,7 +14,8 @@ module Pronto
|
|
|
14
14
|
output = ::Brakeman.run(app_path: repo_path,
|
|
15
15
|
output_formats: [:to_s],
|
|
16
16
|
only_files: files,
|
|
17
|
-
run_all_checks: run_all_checks
|
|
17
|
+
run_all_checks: run_all_checks?,
|
|
18
|
+
ignore_file: ignore_file)
|
|
18
19
|
messages_for(patches, output).compact
|
|
19
20
|
rescue ::Brakeman::NoApplication
|
|
20
21
|
[]
|
|
@@ -61,6 +62,10 @@ module Pronto
|
|
|
61
62
|
pronto_brakeman_config['run_all_checks']
|
|
62
63
|
end
|
|
63
64
|
|
|
65
|
+
def ignore_file
|
|
66
|
+
pronto_brakeman_config['ignore_file']
|
|
67
|
+
end
|
|
68
|
+
|
|
64
69
|
def pronto_brakeman_config
|
|
65
70
|
pronto_brakeman_config ||= Pronto::ConfigFile.new.to_h['brakeman'] || {}
|
|
66
71
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pronto-brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.11.
|
|
4
|
+
version: 0.11.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mindaugas Mozūras
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: pronto
|
|
@@ -80,7 +80,7 @@ dependencies:
|
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '1.2'
|
|
83
|
-
description:
|
|
83
|
+
description:
|
|
84
84
|
email: mindaugas.mozuras@gmail.com
|
|
85
85
|
executables: []
|
|
86
86
|
extensions: []
|
|
@@ -99,7 +99,7 @@ homepage: http://github.com/mmozuras/pronto-brakeman
|
|
|
99
99
|
licenses:
|
|
100
100
|
- MIT
|
|
101
101
|
metadata: {}
|
|
102
|
-
post_install_message:
|
|
102
|
+
post_install_message:
|
|
103
103
|
rdoc_options: []
|
|
104
104
|
require_paths:
|
|
105
105
|
- lib
|
|
@@ -114,8 +114,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
114
114
|
- !ruby/object:Gem::Version
|
|
115
115
|
version: '0'
|
|
116
116
|
requirements: []
|
|
117
|
-
rubygems_version: 3.
|
|
118
|
-
signing_key:
|
|
117
|
+
rubygems_version: 3.0.9
|
|
118
|
+
signing_key:
|
|
119
119
|
specification_version: 4
|
|
120
120
|
summary: Pronto runner for Brakeman, security vulnerability scanner for RoR
|
|
121
121
|
test_files: []
|