pronto-brakeman 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/lib/pronto/brakeman.rb +8 -12
- data/lib/pronto/brakeman/version.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 51706e33b76a1562ac59ba44ba24b8c5782aa043
|
|
4
|
+
data.tar.gz: 4a536cf904d54d8a4e77a88ebe616890e8b04590
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 55cfe0f0913211f954042780226759a7b47dfa275cedc40f5be7f7f3d84beb9c74c9bc201cd3b7da1b113c2e52711b25505d602ec955de117af6d19c764af414
|
|
7
|
+
data.tar.gz: e3e8cc01ca1c4a05cbd0663012c8bc467060e0951c356471efcb853d9e578a40e3cf0a77c133b4601441e6094880e668086df613f1ed7c9e5e30efe2357e494b
|
data/README.md
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
[](https://codeclimate.com/github/mmozuras/pronto-brakeman)
|
|
4
4
|
[](https://travis-ci.org/mmozuras/pronto-brakeman)
|
|
5
|
+
[](http://badge.fury.io/rb/pronto-brakeman)
|
|
5
6
|
[](https://gemnasium.com/mmozuras/pronto-brakeman)
|
|
6
7
|
|
|
7
8
|
Pronto runner for [Brakeman](https://github.com/presidentbeef/brakeman), security vulnerability scanner for RoR. [What is Pronto?](https://github.com/mmozuras/pronto)
|
data/lib/pronto/brakeman.rb
CHANGED
|
@@ -3,7 +3,7 @@ require 'brakeman'
|
|
|
3
3
|
|
|
4
4
|
module Pronto
|
|
5
5
|
class Brakeman < Runner
|
|
6
|
-
def run(patches)
|
|
6
|
+
def run(patches, _)
|
|
7
7
|
return [] unless patches
|
|
8
8
|
|
|
9
9
|
ruby_patches = patches.select { |patch| patch.additions > 0 }
|
|
@@ -15,39 +15,35 @@ module Pronto
|
|
|
15
15
|
output = ::Brakeman.run(app_path: '.',
|
|
16
16
|
output_formats: [:to_s],
|
|
17
17
|
only_files: files)
|
|
18
|
-
messages_for(ruby_patches, output)
|
|
18
|
+
messages_for(ruby_patches, output).compact
|
|
19
19
|
else
|
|
20
20
|
[]
|
|
21
21
|
end
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
def messages_for(ruby_patches, output)
|
|
25
|
-
result = []
|
|
26
|
-
|
|
27
25
|
output.checks.all_warnings.each do |warning|
|
|
28
26
|
patch = patch_for_warning(ruby_patches, warning)
|
|
29
27
|
|
|
30
28
|
if patch
|
|
31
|
-
line = patch.added_lines.
|
|
29
|
+
line = patch.added_lines.find do |added_line|
|
|
32
30
|
added_line.new_lineno == warning.line
|
|
33
|
-
end
|
|
31
|
+
end
|
|
34
32
|
|
|
35
|
-
|
|
33
|
+
new_message(line, warning) if line
|
|
36
34
|
end
|
|
37
35
|
end
|
|
38
|
-
|
|
39
|
-
result
|
|
40
36
|
end
|
|
41
37
|
|
|
42
|
-
def
|
|
38
|
+
def new_message(line, warning)
|
|
43
39
|
Message.new(line.patch.delta.new_file[:path], line, :warning,
|
|
44
40
|
"Possible security vulnerability: #{warning.message}")
|
|
45
41
|
end
|
|
46
42
|
|
|
47
43
|
def patch_for_warning(ruby_patches, warning)
|
|
48
|
-
ruby_patches.
|
|
44
|
+
ruby_patches.find do |patch|
|
|
49
45
|
patch.new_file_full_path.to_s == warning.file
|
|
50
|
-
end
|
|
46
|
+
end
|
|
51
47
|
end
|
|
52
48
|
end
|
|
53
49
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pronto-brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mindaugas Mozūras
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-10-
|
|
11
|
+
date: 2013-10-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: pronto
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ~>
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.2.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ~>
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.2.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: brakeman
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -96,8 +96,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
96
96
|
version: 1.3.6
|
|
97
97
|
requirements: []
|
|
98
98
|
rubyforge_project:
|
|
99
|
-
rubygems_version: 2.0.
|
|
99
|
+
rubygems_version: 2.0.7
|
|
100
100
|
signing_key:
|
|
101
101
|
specification_version: 4
|
|
102
102
|
summary: Pronto runner for Brakeman, security vulnerability scanner for RoR
|
|
103
103
|
test_files: []
|
|
104
|
+
has_rdoc:
|