rails_app_generator 0.2.30 → 0.2.33
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/after_templates/addons/brakeman/_.rb +39 -0
- data/after_templates/addons/brakeman/app/controllers/home_controller.rb +16 -0
- data/after_templates/addons/brakeman/app/controllers/posts_controller.rb +65 -0
- data/after_templates/addons/brakeman/app/views/home/examples.html.erb +43 -0
- data/after_templates/addons/brakeman/app/views/home/index.html.erb +93 -0
- data/after_templates/addons/brakeman/app/views/home/output.html.erb +145 -0
- data/after_templates/addons/brakeman/app/views/layouts/_footer.html.erb +1 -0
- data/after_templates/addons/brakeman/app/views/layouts/_navbar.html.erb +4 -0
- data/after_templates/addons/brakeman/app/views/layouts/application.html.erb +29 -0
- data/after_templates/addons/bundler_audit/_.rb +31 -0
- data/after_templates/addons/bundler_audit/app/assets/images/brakeman.png +0 -0
- data/after_templates/addons/bundler_audit/app/assets/images/curl.png +0 -0
- data/after_templates/addons/bundler_audit/app/assets/images/output.png +0 -0
- data/after_templates/addons/bundler_audit/app/controllers/home_controller.rb +4 -0
- data/after_templates/addons/bundler_audit/app/views/home/advisories.html.erb +10 -0
- data/after_templates/addons/bundler_audit/app/views/home/index.html.erb +20 -0
- data/{28: → after_templates/addons/bundler_audit/app/views/layouts/_footer.html.erb} +0 -0
- data/after_templates/addons/bundler_audit/app/views/layouts/_navbar.html.erb +3 -0
- data/after_templates/addons/bundler_audit/app/views/layouts/application.html.erb +29 -0
- data/after_templates/addons/kaminari/_.rb +70 -0
- data/after_templates/addons/kaminari/app/controllers/home_controller.rb +4 -0
- data/after_templates/addons/kaminari/app/views/home/index.html.erb +3 -0
- data/after_templates/addons/kaminari/app/views/layouts/_footer.html.erb +1 -0
- data/after_templates/addons/kaminari/app/views/layouts/_navbar.html.erb +5 -0
- data/after_templates/addons/kaminari/app/views/layouts/application.html.erb +29 -0
- data/after_templates/addons/kaminari/db/seeds.rb +7 -0
- data/docs/last_run/app_generator_class.json +24 -0
- data/docs/last_run/app_generator_data.json +8 -6
- data/docs/last_run/rails_options_class.json +24 -0
- data/docs/last_run/rails_options_data.json +8 -6
- data/lib/rails_app_generator/addons/brakeman.rb +2 -1
- data/lib/rails_app_generator/addons/bundler_audit.rb +13 -0
- data/lib/rails_app_generator/addons/kaminari.rb +21 -0
- data/lib/rails_app_generator/app_generator.rb +2 -0
- data/lib/rails_app_generator/rag_initializer.rb +2 -0
- data/lib/rails_app_generator/version.rb +1 -1
- data/package-lock.json +2 -2
- data/package.json +1 -1
- data/profiles/addons/brakeman.json +13 -0
- data/profiles/addons/bundler_audit.json +13 -0
- data/profiles/addons/kaminari.json +13 -0
- data/templates/thor_task/profile/profile.json.tt +1 -0
- metadata +32 -3
- data/app:template +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 66f1a50226d59e7d8a1b2308aed113cf1b1580e1aa9d267c63af8319d821f41f
|
4
|
+
data.tar.gz: 00e8cddf0d07d555f291c792eb32c49c06f77b42a873d95acba5d2b749cd2f85
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1b64d1128c409cdecbdef14b403782cafc44cecc9ad6e0880904189a904e35c8345b133bdeb0a5d4d89fe0a7f6b161c4b342a5f99c6c3bb73e58ea5e204355cd
|
7
|
+
data.tar.gz: 0cb3407c89cdb3edbfec3bfc944b59ce79eb2ce5939d93bdb0edfc4430ebe3fac353db2f5660213ee3d6d7fed8994848b93504fef1b593b5d22083956c5fcc9c
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,24 @@
|
|
1
|
+
## [0.2.32](https://github.com/klueless-io/rails_app_generator/compare/v0.2.31...v0.2.32) (2022-08-19)
|
2
|
+
|
3
|
+
|
4
|
+
### Bug Fixes
|
5
|
+
|
6
|
+
* add bundler-audit addon ([bb8c2bc](https://github.com/klueless-io/rails_app_generator/commit/bb8c2bce5b1925ffe0b4c745894d7cebfc25498d))
|
7
|
+
|
8
|
+
## [0.2.31](https://github.com/klueless-io/rails_app_generator/compare/v0.2.30...v0.2.31) (2022-08-19)
|
9
|
+
|
10
|
+
|
11
|
+
### Bug Fixes
|
12
|
+
|
13
|
+
* add brakeman profile ([5cb8166](https://github.com/klueless-io/rails_app_generator/commit/5cb8166a4a1630edd07b7fcb70ca5eff6d2e7136))
|
14
|
+
|
15
|
+
## [0.2.30](https://github.com/klueless-io/rails_app_generator/compare/v0.2.29...v0.2.30) (2022-08-19)
|
16
|
+
|
17
|
+
|
18
|
+
### Bug Fixes
|
19
|
+
|
20
|
+
* add brakeman addon ([1dcc1c2](https://github.com/klueless-io/rails_app_generator/commit/1dcc1c2b904d35f557daa688111baeaa0fa71495))
|
21
|
+
|
1
22
|
## [0.2.29](https://github.com/klueless-io/rails_app_generator/compare/v0.2.28...v0.2.29) (2022-08-19)
|
2
23
|
|
3
24
|
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
|
4
|
+
#
|
5
|
+
# exe/rag addons/brakeman
|
6
|
+
|
7
|
+
self.local_template_path = File.dirname(__FILE__)
|
8
|
+
|
9
|
+
gac 'base rails 7 image created'
|
10
|
+
|
11
|
+
prepare_environment
|
12
|
+
|
13
|
+
after_bundle do
|
14
|
+
scaffolds
|
15
|
+
setup_customizations
|
16
|
+
setup_db
|
17
|
+
end
|
18
|
+
|
19
|
+
def scaffolds
|
20
|
+
add_scaffold('post', 'title', 'body:text')
|
21
|
+
end
|
22
|
+
|
23
|
+
def setup_customizations
|
24
|
+
route("root 'home#index'")
|
25
|
+
|
26
|
+
force_copy
|
27
|
+
|
28
|
+
add_controller('home', 'index', 'examples', 'output')
|
29
|
+
|
30
|
+
directory "app/controllers"
|
31
|
+
directory "app/models"
|
32
|
+
directory "app/views"
|
33
|
+
template 'app/views/layouts/application.html.erb' , 'app/views/layouts/application.html.erb'
|
34
|
+
end
|
35
|
+
|
36
|
+
def setup_db
|
37
|
+
db_migrate
|
38
|
+
db_seed
|
39
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class HomeController < ApplicationController
|
2
|
+
def index
|
3
|
+
xmen_or_avengers = params[:xmen_or_avengers] || 'xmen'
|
4
|
+
puts send(xmen_or_avengers.to_sym)
|
5
|
+
end
|
6
|
+
|
7
|
+
private
|
8
|
+
|
9
|
+
def xmen
|
10
|
+
'Wolverine'
|
11
|
+
end
|
12
|
+
|
13
|
+
def avengers
|
14
|
+
'Captain America'
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
class PostsController < ApplicationController
|
2
|
+
before_action :set_post, only: %i[ show edit update destroy ]
|
3
|
+
|
4
|
+
def index
|
5
|
+
@posts = Post.all
|
6
|
+
end
|
7
|
+
|
8
|
+
# Dangerous Evaluation - User input in an eval statement is VERY dangerous
|
9
|
+
def show
|
10
|
+
message = params[:message] || 'hello world'
|
11
|
+
|
12
|
+
eval("echo '#{message}'")
|
13
|
+
end
|
14
|
+
|
15
|
+
def new
|
16
|
+
@post = Post.new
|
17
|
+
end
|
18
|
+
|
19
|
+
def edit
|
20
|
+
end
|
21
|
+
|
22
|
+
def create
|
23
|
+
@post = Post.new(post_params)
|
24
|
+
|
25
|
+
respond_to do |format|
|
26
|
+
if @post.save
|
27
|
+
format.html { redirect_to post_url(@post), notice: "Post was successfully created." }
|
28
|
+
format.json { render :show, status: :created, location: @post }
|
29
|
+
else
|
30
|
+
format.html { render :new, status: :unprocessable_entity }
|
31
|
+
format.json { render json: @post.errors, status: :unprocessable_entity }
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def update
|
37
|
+
respond_to do |format|
|
38
|
+
if @post.update(post_params)
|
39
|
+
format.html { redirect_to post_url(@post), notice: "Post was successfully updated." }
|
40
|
+
format.json { render :show, status: :ok, location: @post }
|
41
|
+
else
|
42
|
+
format.html { render :edit, status: :unprocessable_entity }
|
43
|
+
format.json { render json: @post.errors, status: :unprocessable_entity }
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
def destroy
|
49
|
+
@post.destroy
|
50
|
+
|
51
|
+
respond_to do |format|
|
52
|
+
format.html { redirect_to posts_url, notice: "Post was successfully destroyed." }
|
53
|
+
format.json { head :no_content }
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
private
|
58
|
+
def set_post
|
59
|
+
@post = Post.find(params[:id])
|
60
|
+
end
|
61
|
+
|
62
|
+
def post_params
|
63
|
+
params.require(:post).permit(:title, :body)
|
64
|
+
end
|
65
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
<h1>Brakeman</h1>
|
2
|
+
|
3
|
+
<h2>Examples</h2>
|
4
|
+
|
5
|
+
<p>Run the brakeman command from the root of your rails application</p>
|
6
|
+
|
7
|
+
<pre><code>brakeman</code></pre>
|
8
|
+
|
9
|
+
<h2>Example code that fails analysis</h2>
|
10
|
+
|
11
|
+
<h3>Dangerous Evaluation - User input in an eval statement is VERY dangerous</h3>
|
12
|
+
|
13
|
+
<code>app/controllers/posts_controller.rb</code>
|
14
|
+
|
15
|
+
<pre><code> def show
|
16
|
+
message = params[:message] || 'hello world'
|
17
|
+
|
18
|
+
eval("echo '#{message}'")
|
19
|
+
end
|
20
|
+
</code></pre>
|
21
|
+
|
22
|
+
|
23
|
+
<h3>Dangerous Send - Using unfiltered user data to select a Class or Method to be dynamically sent is dangerous.</h3>
|
24
|
+
|
25
|
+
<code>app/controllers/home_controller.rb</code>
|
26
|
+
|
27
|
+
<pre><code>class HomeController < ApplicationController
|
28
|
+
def index
|
29
|
+
xmen_or_avengers = params[:xmen_or_avengers] || 'xmen'
|
30
|
+
puts send(xmen_or_avengers.to_sym)
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def xmen
|
36
|
+
'Wolverine'
|
37
|
+
end
|
38
|
+
|
39
|
+
def avengers
|
40
|
+
'Captain America'
|
41
|
+
end
|
42
|
+
end
|
43
|
+
</code></pre>
|
@@ -0,0 +1,93 @@
|
|
1
|
+
<h1>Brakeman</h1>
|
2
|
+
|
3
|
+
<h2>Usage</h2>
|
4
|
+
|
5
|
+
<p>Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications</p>
|
6
|
+
|
7
|
+
<pre>
|
8
|
+
<code>
|
9
|
+
Usage: brakeman [options] rails/root/path
|
10
|
+
-n, --no-threads Run checks and file parsing sequentially
|
11
|
+
--[no-]progress Show progress reports
|
12
|
+
-p, --path PATH Specify path to Rails application
|
13
|
+
-q, --[no-]quiet Suppress informational messages
|
14
|
+
-z, --[no-]exit-on-warn Exit code is non-zero if warnings found (Default)
|
15
|
+
--[no-]exit-on-error Exit code is non-zero if errors raised (Default)
|
16
|
+
--ensure-latest Fail when Brakeman is outdated
|
17
|
+
--ensure-ignore-notes Fail when an ignored warnings does not include a note
|
18
|
+
-3, --rails3 Force Rails 3 mode
|
19
|
+
-4, --rails4 Force Rails 4 mode
|
20
|
+
-5, --rails5 Force Rails 5 mode
|
21
|
+
-6, --rails6 Force Rails 6 mode
|
22
|
+
-7, --rails7 Force Rails 7 mode
|
23
|
+
|
24
|
+
Scanning options:
|
25
|
+
-A, --run-all-checks Run all default and optional checks
|
26
|
+
-a, --[no-]assume-routes Assume all controller methods are actions (Default)
|
27
|
+
-e, --escape-html Escape HTML by default
|
28
|
+
--faster Faster, but less accurate scan
|
29
|
+
--ignore-model-output Consider model attributes XSS-safe
|
30
|
+
--ignore-protected Consider models with attr_protected safe
|
31
|
+
--[no-]index-libs Add libraries to call index (Default)
|
32
|
+
--interprocedural Process method calls to known methods
|
33
|
+
--no-branching Disable flow sensitivity on conditionals
|
34
|
+
--branch-limit LIMIT Limit depth of values in branches (-1 for no limit)
|
35
|
+
--parser-timeout SECONDS Set parse timeout (Default: 10)
|
36
|
+
-r, --report-direct Only report direct use of untrusted data
|
37
|
+
-s meth1,meth2,etc, Set methods as safe for unescaped output in views
|
38
|
+
--safe-methods
|
39
|
+
--sql-safe-methods meth1,meth2,etc
|
40
|
+
Do not warn of SQL if the input is wrapped in a safe method
|
41
|
+
--url-safe-methods method1,method2,etc
|
42
|
+
Do not warn of XSS if the link_to href parameter is wrapped in a safe method
|
43
|
+
--skip-files file1,path2,etc Skip processing of these files/directories. Directories are application relative and must end in "/"
|
44
|
+
--only-files file1,path2,etc Process only these files/directories. Directories are application relative and must end in "/"
|
45
|
+
--[no-]skip-vendor Skip processing vendor directory (Default)
|
46
|
+
--skip-libs Skip processing lib directory
|
47
|
+
--add-libs-path path1,path2,etc
|
48
|
+
An application relative lib directory (ex. app/mailers) to process
|
49
|
+
--add-engines-path path1,path2,etc
|
50
|
+
Include these engines in the scan
|
51
|
+
-E, --enable Check1,Check2,etc Enable the specified checks
|
52
|
+
-t, --test Check1,Check2,etc Only run the specified checks
|
53
|
+
-x, --except Check1,Check2,etc Skip the specified checks
|
54
|
+
--add-checks-path path1,path2,etc
|
55
|
+
A directory containing additional out-of-tree checks to run
|
56
|
+
|
57
|
+
Output options:
|
58
|
+
-d, --debug Lots of output
|
59
|
+
-f, --format TYPE Specify output formats. Default is text
|
60
|
+
--css-file CSSFile Specify CSS to use for HTML output
|
61
|
+
-i, --ignore-config IGNOREFILE Use configuration to ignore warnings
|
62
|
+
-I, --interactive-ignore Interactively ignore warnings
|
63
|
+
-l, --[no-]combine-locations Combine warning locations (Default)
|
64
|
+
--[no-]highlights Highlight user input in report
|
65
|
+
--[no-]color Use ANSI colors in report (Default)
|
66
|
+
-m, --routes Report controller information
|
67
|
+
--message-limit LENGTH Limit message length in HTML report
|
68
|
+
--[no-]pager Use pager for output to terminal (Default)
|
69
|
+
--table-width WIDTH Limit table width in text report
|
70
|
+
-o, --output FILE Specify files for output. Defaults to stdout. Multiple '-o's allowed
|
71
|
+
--[no-]separate-models Warn on each model without attr_accessible (Default)
|
72
|
+
--[no-]summary Only output summary of warnings
|
73
|
+
--absolute-paths Output absolute file paths in reports
|
74
|
+
--github-repo USER/REPO[/PATH][@REF]
|
75
|
+
Output links to GitHub in markdown and HTML reports using specified repo
|
76
|
+
--text-fields field1,field2,etc.
|
77
|
+
Specify fields for text report format
|
78
|
+
-w, --confidence-level LEVEL Set minimal confidence level (1 - 3)
|
79
|
+
--compare FILE Compare the results of a previous Brakeman scan (only JSON is supported)
|
80
|
+
|
81
|
+
Configuration files:
|
82
|
+
-c, --config-file FILE Use specified configuration file
|
83
|
+
-C, --create-config [FILE] Output configuration file based on options
|
84
|
+
--allow-check-paths-in-config
|
85
|
+
Allow loading checks from configuration file (Unsafe)
|
86
|
+
|
87
|
+
-k, --checks List all available vulnerability checks
|
88
|
+
--optional-checks List optional checks
|
89
|
+
-v, --version Show Brakeman version
|
90
|
+
--force-scan Scan application even if rails is not detected
|
91
|
+
-h, --help Display this message
|
92
|
+
</code>
|
93
|
+
</pre>
|
@@ -0,0 +1,145 @@
|
|
1
|
+
<h1>Brakeman</h1>
|
2
|
+
|
3
|
+
<h2>Output</h2>
|
4
|
+
|
5
|
+
<p>Run <code>brakeman</code> against this sample Rails 7 application</p>
|
6
|
+
|
7
|
+
<pre>
|
8
|
+
<code>brakeman
|
9
|
+
Loading scanner...
|
10
|
+
Processing application in /Users/davidcruwys/dev/kgems/rails_app_generator/a/addons/r7_brakeman
|
11
|
+
Processing gems...
|
12
|
+
[Notice] Detected Rails 7 application
|
13
|
+
Processing configuration...
|
14
|
+
[Notice] Escaping HTML by default
|
15
|
+
Parsing files...
|
16
|
+
Detecting file types...
|
17
|
+
Processing initializers...
|
18
|
+
Processing libs...
|
19
|
+
Processing routes...
|
20
|
+
Processing templates...
|
21
|
+
Processing data flow in templates...
|
22
|
+
Processing models...
|
23
|
+
Processing controllers...
|
24
|
+
Processing data flow in controllers...
|
25
|
+
Indexing call sites...
|
26
|
+
Running checks in parallel...
|
27
|
+
- CheckBasicAuth
|
28
|
+
- CheckBasicAuthTimingAttack
|
29
|
+
- CheckCrossSiteScripting
|
30
|
+
- CheckContentTag
|
31
|
+
- CheckCookieSerialization
|
32
|
+
- CheckCreateWith
|
33
|
+
- CheckCSRFTokenForgeryCVE
|
34
|
+
- CheckDefaultRoutes
|
35
|
+
- CheckDeserialize
|
36
|
+
- CheckDetailedExceptions
|
37
|
+
- CheckDigestDoS
|
38
|
+
- CheckDynamicFinders
|
39
|
+
- CheckEOLRails
|
40
|
+
- CheckEOLRuby
|
41
|
+
- CheckEscapeFunction
|
42
|
+
- CheckEvaluation
|
43
|
+
- CheckExecute
|
44
|
+
- CheckFileAccess
|
45
|
+
- CheckFileDisclosure
|
46
|
+
- CheckFilterSkipping
|
47
|
+
- CheckForgerySetting
|
48
|
+
- CheckHeaderDoS
|
49
|
+
- CheckI18nXSS
|
50
|
+
- CheckJRubyXML
|
51
|
+
- CheckJSONEncoding
|
52
|
+
- CheckJSONEntityEscape
|
53
|
+
- CheckJSONParsing
|
54
|
+
- CheckLinkTo
|
55
|
+
- CheckLinkToHref
|
56
|
+
- CheckMailTo
|
57
|
+
- CheckMassAssignment
|
58
|
+
- CheckMimeTypeDoS
|
59
|
+
- CheckModelAttrAccessible
|
60
|
+
- CheckModelAttributes
|
61
|
+
- CheckModelSerialize
|
62
|
+
- CheckNestedAttributes
|
63
|
+
- CheckNestedAttributesBypass
|
64
|
+
- CheckNumberToCurrency
|
65
|
+
- CheckPageCachingCVE
|
66
|
+
- CheckPermitAttributes
|
67
|
+
- CheckQuoteTableName
|
68
|
+
- CheckRedirect
|
69
|
+
- CheckRegexDoS
|
70
|
+
- CheckRender
|
71
|
+
- CheckRenderDoS
|
72
|
+
- CheckRenderInline
|
73
|
+
- CheckResponseSplitting
|
74
|
+
- CheckRouteDoS
|
75
|
+
- CheckSafeBufferManipulation
|
76
|
+
- CheckSanitizeConfigCve
|
77
|
+
- CheckSanitizeMethods
|
78
|
+
- CheckSelectTag
|
79
|
+
- CheckSelectVulnerability
|
80
|
+
- CheckSend
|
81
|
+
- CheckSendFile
|
82
|
+
- CheckSessionManipulation
|
83
|
+
- CheckSessionSettings
|
84
|
+
- CheckSimpleFormat
|
85
|
+
- CheckSingleQuotes
|
86
|
+
- CheckSkipBeforeFilter
|
87
|
+
- CheckSprocketsPathTraversal
|
88
|
+
- CheckSQL
|
89
|
+
- CheckSQLCVEs
|
90
|
+
- CheckSSLVerify
|
91
|
+
- CheckStripTags
|
92
|
+
- CheckSymbolDoSCVE
|
93
|
+
- CheckTemplateInjection
|
94
|
+
- CheckTranslateBug
|
95
|
+
- CheckUnsafeReflection
|
96
|
+
- CheckUnsafeReflectionMethods
|
97
|
+
- CheckValidationRegex
|
98
|
+
- CheckVerbConfusion
|
99
|
+
- CheckWithoutProtection
|
100
|
+
- CheckXMLDoS
|
101
|
+
- CheckYAMLParsing
|
102
|
+
Checks finished, collecting results...
|
103
|
+
Generating report...
|
104
|
+
|
105
|
+
== Brakeman Report ==
|
106
|
+
|
107
|
+
Application Path: /Users/davidcruwys/dev/kgems/rails_app_generator/a/addons/r7_brakeman
|
108
|
+
Rails Version: 7.0.3.1
|
109
|
+
Brakeman Version: 5.3.1
|
110
|
+
Scan Date: 2022-08-19 14:19:28 +1000
|
111
|
+
Duration: 0.228864 seconds
|
112
|
+
Checks Run: BasicAuth, BasicAuthTimingAttack, CSRFTokenForgeryCVE, ContentTag, CookieSerialization, CreateWith, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, DynamicFinders, EOLRails, EOLRuby, EscapeFunction, Evaluation, Execute, FileAccess, FileDisclosure, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONEncoding, JSONEntityEscape, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, MimeTypeDoS, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NestedAttributesBypass, NumberToCurrency, PageCachingCVE, PermitAttributes, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, RenderInline, ResponseSplitting, RouteDoS, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeConfigCve, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionManipulation, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, SprocketsPathTraversal, StripTags, SymbolDoSCVE, TemplateInjection, TranslateBug, UnsafeReflection, UnsafeReflectionMethods, ValidationRegex, VerbConfusion, WithoutProtection, XMLDoS, YAMLParsing
|
113
|
+
|
114
|
+
== Overview ==
|
115
|
+
|
116
|
+
Controllers: 3
|
117
|
+
Models: 2
|
118
|
+
Templates: 13
|
119
|
+
Errors: 0
|
120
|
+
Security Warnings: 2
|
121
|
+
|
122
|
+
== Warning Types ==
|
123
|
+
|
124
|
+
Dangerous Eval: 1
|
125
|
+
Dangerous Send: 1
|
126
|
+
|
127
|
+
== Warnings ==
|
128
|
+
|
129
|
+
Confidence: High
|
130
|
+
Category: Dangerous Eval
|
131
|
+
Check: Evaluation
|
132
|
+
Message: User input in eval
|
133
|
+
Code: eval("echo '#{(params[:message] or "hello world")}'")
|
134
|
+
File: app/controllers/posts_controller.rb
|
135
|
+
Line: 12
|
136
|
+
|
137
|
+
Confidence: High
|
138
|
+
Category: Dangerous Send
|
139
|
+
Check: Send
|
140
|
+
Message: User controlled method execution
|
141
|
+
Code: send((params[:xmen_or_avengers] or "xmen").to_sym)
|
142
|
+
File: app/controllers/home_controller.rb
|
143
|
+
Line: 4
|
144
|
+
</code>
|
145
|
+
</pre>
|
@@ -0,0 +1 @@
|
|
1
|
+
<hr />
|
@@ -0,0 +1,29 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title><%= camelized %></title>
|
5
|
+
<meta name="viewport" content="width=device-width,initial-scale=1">
|
6
|
+
<%%= csrf_meta_tags %>
|
7
|
+
<%%= csp_meta_tag %>
|
8
|
+
|
9
|
+
<%- if options[:skip_hotwire] || options[:skip_javascript] -%>
|
10
|
+
<%%= stylesheet_link_tag "application" %>
|
11
|
+
<%- else -%>
|
12
|
+
<%%= stylesheet_link_tag "application", "data-turbo-track": "reload" %>
|
13
|
+
<%- end -%>
|
14
|
+
</head>
|
15
|
+
|
16
|
+
<body>
|
17
|
+
<header>
|
18
|
+
<%%= render 'layouts/navbar' %>
|
19
|
+
<hr />
|
20
|
+
</header>
|
21
|
+
<main>
|
22
|
+
<%%= yield %>
|
23
|
+
</main>
|
24
|
+
<footer>
|
25
|
+
<%%= render 'layouts/footer' %>
|
26
|
+
</footer>
|
27
|
+
</body>
|
28
|
+
</html>
|
29
|
+
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Patch-level verification for Bundler
|
4
|
+
#
|
5
|
+
# exe/rag addons/bundler_audit
|
6
|
+
|
7
|
+
self.local_template_path = File.dirname(__FILE__)
|
8
|
+
|
9
|
+
gac 'base rails 7 image created'
|
10
|
+
|
11
|
+
prepare_environment
|
12
|
+
|
13
|
+
gem "brakeman", "4.5.0"
|
14
|
+
gem "curl"
|
15
|
+
|
16
|
+
after_bundle do
|
17
|
+
setup_customizations
|
18
|
+
end
|
19
|
+
|
20
|
+
def setup_customizations
|
21
|
+
route("root 'home#index'")
|
22
|
+
|
23
|
+
force_copy
|
24
|
+
|
25
|
+
add_controller('home', 'index', 'advisories')
|
26
|
+
|
27
|
+
directory "app/controllers"
|
28
|
+
directory "app/assets"
|
29
|
+
directory "app/views"
|
30
|
+
template 'app/views/layouts/application.html.erb' , 'app/views/layouts/application.html.erb'
|
31
|
+
end
|
Binary file
|
Binary file
|
Binary file
|
@@ -0,0 +1,20 @@
|
|
1
|
+
<h1>Bundler audit</h1>
|
2
|
+
|
3
|
+
<p>Provides patch-level verification for Bundler</p>
|
4
|
+
|
5
|
+
<p>The following two GEMs have vulnerabilities listed in the <b>ruby-advisory-db</b></p>
|
6
|
+
|
7
|
+
<p>If you add the following to your Gemfile</p>
|
8
|
+
|
9
|
+
<pre><code>gem "brakeman", "4.5.0"
|
10
|
+
gem "curl"</code></pre>
|
11
|
+
|
12
|
+
<p>And then run the following command</p>
|
13
|
+
|
14
|
+
<pre><code>rm -rf Gemfile.lock
|
15
|
+
bundle install
|
16
|
+
bundler-audit</code></pre>
|
17
|
+
|
18
|
+
<p>You will see this output</p>
|
19
|
+
|
20
|
+
<%= image_tag("output.png") %>
|
File without changes
|
@@ -0,0 +1,29 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title><%= camelized %></title>
|
5
|
+
<meta name="viewport" content="width=device-width,initial-scale=1">
|
6
|
+
<%%= csrf_meta_tags %>
|
7
|
+
<%%= csp_meta_tag %>
|
8
|
+
|
9
|
+
<%- if options[:skip_hotwire] || options[:skip_javascript] -%>
|
10
|
+
<%%= stylesheet_link_tag "application" %>
|
11
|
+
<%- else -%>
|
12
|
+
<%%= stylesheet_link_tag "application", "data-turbo-track": "reload" %>
|
13
|
+
<%- end -%>
|
14
|
+
</head>
|
15
|
+
|
16
|
+
<body>
|
17
|
+
<header>
|
18
|
+
<%%= render 'layouts/navbar' %>
|
19
|
+
<hr />
|
20
|
+
</header>
|
21
|
+
<main>
|
22
|
+
<%%= yield %>
|
23
|
+
</main>
|
24
|
+
<footer>
|
25
|
+
<%%= render 'layouts/footer' %>
|
26
|
+
</footer>
|
27
|
+
</body>
|
28
|
+
</html>
|
29
|
+
|
@@ -0,0 +1,70 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Description goes here
|
4
|
+
#
|
5
|
+
# exe/rag addons/kaminari
|
6
|
+
|
7
|
+
self.local_template_path = File.dirname(__FILE__)
|
8
|
+
|
9
|
+
gac 'base rails 7 image created'
|
10
|
+
|
11
|
+
prepare_environment
|
12
|
+
|
13
|
+
after_bundle do
|
14
|
+
scaffolds
|
15
|
+
setup_customizations
|
16
|
+
setup_db
|
17
|
+
end
|
18
|
+
|
19
|
+
def scaffolds
|
20
|
+
# add_scaffold('post', 'title', 'body:text', 'user:references')
|
21
|
+
# add_scaffold('people', 'first_name', 'last_name', 'age:integer', 'address:text')
|
22
|
+
# add_scaffold('product', 'name', 'price:integer')
|
23
|
+
end
|
24
|
+
|
25
|
+
def setup_customizations
|
26
|
+
route("root 'home#index'")
|
27
|
+
|
28
|
+
force_copy
|
29
|
+
|
30
|
+
add_controller('home', 'index')
|
31
|
+
|
32
|
+
directory "app/controllers"
|
33
|
+
directory "app/models"
|
34
|
+
directory "app/views"
|
35
|
+
template 'app/views/layouts/application.html.erb' , 'app/views/layouts/application.html.erb'
|
36
|
+
end
|
37
|
+
|
38
|
+
def setup_db
|
39
|
+
template 'db/seeds.rb' , 'db/seeds.rb'
|
40
|
+
|
41
|
+
db_migrate
|
42
|
+
db_seed
|
43
|
+
end
|
44
|
+
|
45
|
+
# Other template command examples
|
46
|
+
# prepare_environment
|
47
|
+
# bundle_install
|
48
|
+
# css_install('tailwind')
|
49
|
+
# rails_command('db:migrate')
|
50
|
+
# rails_command('db:migrate')
|
51
|
+
# bundle_add('hotwire-rails')
|
52
|
+
# rails_command('hotwire:install')
|
53
|
+
# run('bin/importmap pin sortablejs')
|
54
|
+
# run('npm install daisyui')
|
55
|
+
# rubocop
|
56
|
+
#
|
57
|
+
# directory 'app/assets/images'
|
58
|
+
# create_file 'app/assets/stylesheets/custom-bootstrap-import.scss' , read_template('custom-bootstrap-import.scss')
|
59
|
+
# append_to_file 'app/assets/config/manifest.js' , read_template('manifest.js')
|
60
|
+
# insert_into_file 'app/views/layouts/application.html.erb', read_template('application.html.erb'),
|
61
|
+
# before: %( <%= javascript_include_tag "application", "data-turbo-track": "reload", defer: true %>)
|
62
|
+
# gsub_file 'app/views/layouts/application.html.erb', %(container mx-auto mt-28 px-5 flex), 'container mx-auto px-5'
|
63
|
+
# template 'home.css', 'app/assets/stylesheets/home.css'
|
64
|
+
#
|
65
|
+
# add_controller('page', 'benefits', 'faq', 'terms', 'privacy', '--skip-routes')
|
66
|
+
# route(<<-'RUBY')
|
67
|
+
# PageController.action_methods.each do |action|
|
68
|
+
# get "/#{action}", to: "page##{action}", as: "page_#{action}"
|
69
|
+
# end
|
70
|
+
# RUBY
|
@@ -0,0 +1 @@
|
|
1
|
+
<hr />
|
@@ -0,0 +1,29 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title><%= camelized %></title>
|
5
|
+
<meta name="viewport" content="width=device-width,initial-scale=1">
|
6
|
+
<%%= csrf_meta_tags %>
|
7
|
+
<%%= csp_meta_tag %>
|
8
|
+
|
9
|
+
<%- if options[:skip_hotwire] || options[:skip_javascript] -%>
|
10
|
+
<%%= stylesheet_link_tag "application" %>
|
11
|
+
<%- else -%>
|
12
|
+
<%%= stylesheet_link_tag "application", "data-turbo-track": "reload" %>
|
13
|
+
<%- end -%>
|
14
|
+
</head>
|
15
|
+
|
16
|
+
<body>
|
17
|
+
<header>
|
18
|
+
<%%= render 'layouts/navbar' %>
|
19
|
+
<hr />
|
20
|
+
</header>
|
21
|
+
<main>
|
22
|
+
<%%= yield %>
|
23
|
+
</main>
|
24
|
+
<footer>
|
25
|
+
<%%= render 'layouts/footer' %>
|
26
|
+
</footer>
|
27
|
+
</body>
|
28
|
+
</html>
|
29
|
+
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# david = User.create(email: 'david@site.com', name: 'david', password: 'password')
|
2
|
+
# james = User.create(email: 'james@site.com', name: 'james', password: 'password')
|
3
|
+
# sally = User.create(email: 'sally@site.com', name: 'sally', password: 'password')
|
4
|
+
|
5
|
+
# 10.times do |i|
|
6
|
+
# Post.create(title: "Post #{i}", body: "This is the body of post #{i}", user: User.all.sample)
|
7
|
+
# end
|
@@ -45,7 +45,9 @@
|
|
45
45
|
"add_annotate",
|
46
46
|
"add_avo",
|
47
47
|
"add_bcrypt",
|
48
|
+
"add_brakeman",
|
48
49
|
"add_browser",
|
50
|
+
"add_bundler_audit",
|
49
51
|
"add_chartkick",
|
50
52
|
"add_devise",
|
51
53
|
"add_devise_masquerade",
|
@@ -55,6 +57,7 @@
|
|
55
57
|
"add_hexapdf",
|
56
58
|
"add_httparty",
|
57
59
|
"add_honeybadger",
|
60
|
+
"add_kaminari",
|
58
61
|
"add_lograge",
|
59
62
|
"add_minimal_css",
|
60
63
|
"minimal_css_library",
|
@@ -385,6 +388,13 @@
|
|
385
388
|
"default": false,
|
386
389
|
"required": false
|
387
390
|
},
|
391
|
+
{
|
392
|
+
"name": "add_brakeman",
|
393
|
+
"description": "Indicates when to generate add brakeman",
|
394
|
+
"type": "boolean",
|
395
|
+
"default": false,
|
396
|
+
"required": false
|
397
|
+
},
|
388
398
|
{
|
389
399
|
"name": "add_browser",
|
390
400
|
"description": "Indicates when to generate add browser",
|
@@ -392,6 +402,13 @@
|
|
392
402
|
"default": false,
|
393
403
|
"required": false
|
394
404
|
},
|
405
|
+
{
|
406
|
+
"name": "add_bundler_audit",
|
407
|
+
"description": "Indicates when to generate add bundler audit",
|
408
|
+
"type": "boolean",
|
409
|
+
"default": false,
|
410
|
+
"required": false
|
411
|
+
},
|
395
412
|
{
|
396
413
|
"name": "add_chartkick",
|
397
414
|
"description": "Indicates when to generate add chartkick",
|
@@ -455,6 +472,13 @@
|
|
455
472
|
"default": false,
|
456
473
|
"required": false
|
457
474
|
},
|
475
|
+
{
|
476
|
+
"name": "add_kaminari",
|
477
|
+
"description": "Indicates when to generate add kaminari",
|
478
|
+
"type": "boolean",
|
479
|
+
"default": false,
|
480
|
+
"required": false
|
481
|
+
},
|
458
482
|
{
|
459
483
|
"name": "add_lograge",
|
460
484
|
"description": "Indicates when to generate add lograge",
|
@@ -26,21 +26,23 @@
|
|
26
26
|
"main": false,
|
27
27
|
"no_rc": false,
|
28
28
|
"api": false,
|
29
|
-
"javascript": "
|
29
|
+
"javascript": "importmap",
|
30
30
|
"skip_bundle": false,
|
31
31
|
"note": "",
|
32
32
|
"test": "rspec",
|
33
33
|
"add_acts_as_list": false,
|
34
34
|
"add_administrate": false,
|
35
|
-
"add_annotate":
|
35
|
+
"add_annotate": false,
|
36
36
|
"add_avo": false,
|
37
37
|
"add_bcrypt": false,
|
38
|
+
"add_brakeman": false,
|
38
39
|
"add_browser": false,
|
40
|
+
"add_bundler_audit": true,
|
39
41
|
"add_chartkick": false,
|
40
|
-
"add_devise":
|
42
|
+
"add_devise": false,
|
41
43
|
"add_devise_masquerade": false,
|
42
44
|
"add_dotenv": false,
|
43
|
-
"add_faker":
|
45
|
+
"add_faker": false,
|
44
46
|
"add_groupdate": false,
|
45
47
|
"add_hexapdf": false,
|
46
48
|
"add_httparty": false,
|
@@ -55,9 +57,9 @@
|
|
55
57
|
"add_public_suffix": false,
|
56
58
|
"add_rails_html_sanitizer": false,
|
57
59
|
"add_redcarpet": false,
|
58
|
-
"add_rolify":
|
60
|
+
"add_rolify": false,
|
59
61
|
"add_rubocop": false,
|
60
62
|
"add_twilio_ruby": false,
|
61
|
-
"template": "/Users/davidcruwys/dev/kgems/rails_app_generator/after_templates/addons/
|
63
|
+
"template": "/Users/davidcruwys/dev/kgems/rails_app_generator/after_templates/addons/bundler_audit/_.rb"
|
62
64
|
}
|
63
65
|
}
|
@@ -45,7 +45,9 @@
|
|
45
45
|
"add_annotate",
|
46
46
|
"add_avo",
|
47
47
|
"add_bcrypt",
|
48
|
+
"add_brakeman",
|
48
49
|
"add_browser",
|
50
|
+
"add_bundler_audit",
|
49
51
|
"add_chartkick",
|
50
52
|
"add_devise",
|
51
53
|
"add_devise_masquerade",
|
@@ -55,6 +57,7 @@
|
|
55
57
|
"add_hexapdf",
|
56
58
|
"add_httparty",
|
57
59
|
"add_honeybadger",
|
60
|
+
"add_kaminari",
|
58
61
|
"add_lograge",
|
59
62
|
"add_minimal_css",
|
60
63
|
"minimal_css_library",
|
@@ -385,6 +388,13 @@
|
|
385
388
|
"default": false,
|
386
389
|
"required": false
|
387
390
|
},
|
391
|
+
{
|
392
|
+
"name": "add_brakeman",
|
393
|
+
"description": "",
|
394
|
+
"type": "boolean",
|
395
|
+
"default": false,
|
396
|
+
"required": false
|
397
|
+
},
|
388
398
|
{
|
389
399
|
"name": "add_browser",
|
390
400
|
"description": "",
|
@@ -392,6 +402,13 @@
|
|
392
402
|
"default": false,
|
393
403
|
"required": false
|
394
404
|
},
|
405
|
+
{
|
406
|
+
"name": "add_bundler_audit",
|
407
|
+
"description": "",
|
408
|
+
"type": "boolean",
|
409
|
+
"default": false,
|
410
|
+
"required": false
|
411
|
+
},
|
395
412
|
{
|
396
413
|
"name": "add_chartkick",
|
397
414
|
"description": "",
|
@@ -455,6 +472,13 @@
|
|
455
472
|
"default": false,
|
456
473
|
"required": false
|
457
474
|
},
|
475
|
+
{
|
476
|
+
"name": "add_kaminari",
|
477
|
+
"description": "",
|
478
|
+
"type": "boolean",
|
479
|
+
"default": false,
|
480
|
+
"required": false
|
481
|
+
},
|
458
482
|
{
|
459
483
|
"name": "add_lograge",
|
460
484
|
"description": "",
|
@@ -7,7 +7,7 @@
|
|
7
7
|
"quiet": false,
|
8
8
|
"skip": false,
|
9
9
|
"ruby": "/Users/davidcruwys/.asdf/installs/ruby/2.7.6/bin/ruby",
|
10
|
-
"template": "/Users/davidcruwys/dev/kgems/rails_app_generator/after_templates/addons/
|
10
|
+
"template": "/Users/davidcruwys/dev/kgems/rails_app_generator/after_templates/addons/bundler_audit/_.rb",
|
11
11
|
"database": "sqlite3",
|
12
12
|
"skip_git": true,
|
13
13
|
"skip_keeps": false,
|
@@ -35,22 +35,24 @@
|
|
35
35
|
"version": false,
|
36
36
|
"api": false,
|
37
37
|
"minimal": false,
|
38
|
-
"javascript": "
|
38
|
+
"javascript": "importmap",
|
39
39
|
"css": "",
|
40
40
|
"skip_bundle": false,
|
41
41
|
"note": "",
|
42
42
|
"test": "rspec",
|
43
43
|
"add_acts_as_list": false,
|
44
44
|
"add_administrate": false,
|
45
|
-
"add_annotate":
|
45
|
+
"add_annotate": false,
|
46
46
|
"add_avo": false,
|
47
47
|
"add_bcrypt": false,
|
48
|
+
"add_brakeman": false,
|
48
49
|
"add_browser": false,
|
50
|
+
"add_bundler_audit": true,
|
49
51
|
"add_chartkick": false,
|
50
|
-
"add_devise":
|
52
|
+
"add_devise": false,
|
51
53
|
"add_devise_masquerade": false,
|
52
54
|
"add_dotenv": false,
|
53
|
-
"add_faker":
|
55
|
+
"add_faker": false,
|
54
56
|
"add_groupdate": false,
|
55
57
|
"add_hexapdf": false,
|
56
58
|
"add_httparty": false,
|
@@ -65,7 +67,7 @@
|
|
65
67
|
"add_public_suffix": false,
|
66
68
|
"add_rails_html_sanitizer": false,
|
67
69
|
"add_redcarpet": false,
|
68
|
-
"add_rolify":
|
70
|
+
"add_rolify": false,
|
69
71
|
"add_rubocop": false,
|
70
72
|
"add_twilio_ruby": false
|
71
73
|
}
|
@@ -5,7 +5,8 @@ module RailsAppGenerator
|
|
5
5
|
module AddOns
|
6
6
|
# Add Brakeman to rails application
|
7
7
|
class Brakeman < RailsAppGenerator::Addon
|
8
|
-
|
8
|
+
# TODO: This needs to go into the development group
|
9
|
+
required_gem gem.version('brakeman', '5.3.1', 'Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications')
|
9
10
|
|
10
11
|
def apply; end
|
11
12
|
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module RailsAppGenerator
|
4
|
+
# Custom add-ons for RailsAppGenerator
|
5
|
+
module AddOns
|
6
|
+
# Add BundlerAudit to rails application
|
7
|
+
class BundlerAudit < RailsAppGenerator::Addon
|
8
|
+
required_gem gem.version('bundler-audit', '0.9.1', 'Patch-level verification for Bundler')
|
9
|
+
|
10
|
+
def apply; end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module RailsAppGenerator
|
4
|
+
# Custom add-ons for RailsAppGenerator
|
5
|
+
module AddOns
|
6
|
+
# Add Kaminari to rails application
|
7
|
+
class Kaminari < RailsAppGenerator::Addon
|
8
|
+
required_gem gem.version('kaminari', '1.2.2', 'Easily add pagination to your Ruby web apps')
|
9
|
+
|
10
|
+
def apply
|
11
|
+
say 'Setting up Kaminari'
|
12
|
+
end
|
13
|
+
|
14
|
+
def before_template; end
|
15
|
+
|
16
|
+
def before_bundle; end
|
17
|
+
|
18
|
+
def after_bundle; end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -174,6 +174,7 @@ module RailsAppGenerator
|
|
174
174
|
add_if(:bcrypt) # tested
|
175
175
|
add_if(:brakeman) # tested
|
176
176
|
add_if(:browser) # tested
|
177
|
+
add_if(:bundler_audit) # tested
|
177
178
|
add_if(:chartkick) # tested
|
178
179
|
add_if(:continuous_integration) # TODO: needs work
|
179
180
|
add_if(:devise) # tested
|
@@ -189,6 +190,7 @@ module RailsAppGenerator
|
|
189
190
|
add_if(:httparty) # tested
|
190
191
|
add_if(:high_voltage) # TODO: needs testing
|
191
192
|
add_if(:honeybadger) # tested
|
193
|
+
add_if(:kaminari) # tested
|
192
194
|
add_if(:lograge) # tested
|
193
195
|
add_if(:minimal_css) # tested (this is NOT a GEM)
|
194
196
|
add_if(:mini_magick) # tested
|
@@ -109,6 +109,7 @@ KConfig.configure do |config|
|
|
109
109
|
rag.add_option :add_bcrypt , type: :boolean, default: false
|
110
110
|
rag.add_option :add_brakeman , type: :boolean, default: false
|
111
111
|
rag.add_option :add_browser , type: :boolean, default: false
|
112
|
+
rag.add_option :add_bundler_audit , type: :boolean, default: false
|
112
113
|
rag.add_option :add_chartkick , type: :boolean, default: false
|
113
114
|
# continuous_integration
|
114
115
|
rag.add_option :add_devise , type: :boolean, default: false
|
@@ -124,6 +125,7 @@ KConfig.configure do |config|
|
|
124
125
|
rag.add_option :add_httparty , type: :boolean, default: false
|
125
126
|
# high_voltage
|
126
127
|
rag.add_option :add_honeybadger , type: :boolean, default: false
|
128
|
+
rag.add_option :add_kaminari , type: :boolean, default: false
|
127
129
|
rag.add_option :add_lograge , type: :boolean, default: false
|
128
130
|
rag.add_option :add_minimal_css , type: :boolean, default: false
|
129
131
|
rag.add_option :minimal_css_library , type: :string, default: 'water.css', description: "Minimal CSS library to get you started. [options: water.css (default)]"
|
data/package-lock.json
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
{
|
2
2
|
"name": "rails_app_generator",
|
3
|
-
"version": "0.2.
|
3
|
+
"version": "0.2.33",
|
4
4
|
"lockfileVersion": 2,
|
5
5
|
"requires": true,
|
6
6
|
"packages": {
|
7
7
|
"": {
|
8
8
|
"name": "rails_app_generator",
|
9
|
-
"version": "0.2.
|
9
|
+
"version": "0.2.33",
|
10
10
|
"dependencies": {
|
11
11
|
"daisyui": "^2.20.0"
|
12
12
|
},
|
data/package.json
CHANGED
@@ -0,0 +1,13 @@
|
|
1
|
+
{
|
2
|
+
"args": {
|
3
|
+
"app_path": "r7_brakeman",
|
4
|
+
"destination_root": "/Users/davidcruwys/dev/kgems/rails_app_generator/a/addons"
|
5
|
+
},
|
6
|
+
"opts": {
|
7
|
+
"skip_git": true,
|
8
|
+
"skip_test": true,
|
9
|
+
"add_minimal_css": true,
|
10
|
+
"template": "/Users/davidcruwys/dev/kgems/rails_app_generator/after_templates/addons/brakeman/_.rb",
|
11
|
+
"add_brakeman": true
|
12
|
+
}
|
13
|
+
}
|
@@ -0,0 +1,13 @@
|
|
1
|
+
{
|
2
|
+
"args": {
|
3
|
+
"app_path": "r7_bundler_audit",
|
4
|
+
"destination_root": "/Users/davidcruwys/dev/kgems/rails_app_generator/a/addons"
|
5
|
+
},
|
6
|
+
"opts": {
|
7
|
+
"skip_git": true,
|
8
|
+
"skip_test": true,
|
9
|
+
"add_minimal_css": true,
|
10
|
+
"template": "/Users/davidcruwys/dev/kgems/rails_app_generator/after_templates/addons/bundler_audit/_.rb",
|
11
|
+
"add_bundler_audit": true
|
12
|
+
}
|
13
|
+
}
|
@@ -0,0 +1,13 @@
|
|
1
|
+
{
|
2
|
+
"args": {
|
3
|
+
"app_path": "r7_kaminari",
|
4
|
+
"destination_root": "/Users/davidcruwys/dev/kgems/rails_app_generator/a/addons"
|
5
|
+
},
|
6
|
+
"opts": {
|
7
|
+
"skip_git": true,
|
8
|
+
"skip_test": true,
|
9
|
+
"add_minimal_css": true,
|
10
|
+
"template": "/Users/davidcruwys/dev/kgems/rails_app_generator/after_templates/addons/kaminari/_.rb",
|
11
|
+
"add_kaminari": true
|
12
|
+
}
|
13
|
+
}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails_app_generator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.33
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Cruwys
|
@@ -166,7 +166,6 @@ files:
|
|
166
166
|
- ".rspec"
|
167
167
|
- ".rubocop.yml"
|
168
168
|
- ".vscode/settings.json"
|
169
|
-
- '28:'
|
170
169
|
- CHANGELOG.md
|
171
170
|
- CODE_OF_CONDUCT.md
|
172
171
|
- Gemfile
|
@@ -224,9 +223,28 @@ files:
|
|
224
223
|
- after_templates/addons/bcrypt/app/views/users/_form.html.erb
|
225
224
|
- after_templates/addons/bcrypt/app/views/users/_user.html.erb
|
226
225
|
- after_templates/addons/bcrypt/db/seeds.rb
|
226
|
+
- after_templates/addons/brakeman/_.rb
|
227
|
+
- after_templates/addons/brakeman/app/controllers/home_controller.rb
|
228
|
+
- after_templates/addons/brakeman/app/controllers/posts_controller.rb
|
229
|
+
- after_templates/addons/brakeman/app/views/home/examples.html.erb
|
230
|
+
- after_templates/addons/brakeman/app/views/home/index.html.erb
|
231
|
+
- after_templates/addons/brakeman/app/views/home/output.html.erb
|
232
|
+
- after_templates/addons/brakeman/app/views/layouts/_footer.html.erb
|
233
|
+
- after_templates/addons/brakeman/app/views/layouts/_navbar.html.erb
|
234
|
+
- after_templates/addons/brakeman/app/views/layouts/application.html.erb
|
227
235
|
- after_templates/addons/browser/_.rb
|
228
236
|
- after_templates/addons/browser/app/controllers/home_controller.rb
|
229
237
|
- after_templates/addons/browser/app/views/home/index.html.erb
|
238
|
+
- after_templates/addons/bundler_audit/_.rb
|
239
|
+
- after_templates/addons/bundler_audit/app/assets/images/brakeman.png
|
240
|
+
- after_templates/addons/bundler_audit/app/assets/images/curl.png
|
241
|
+
- after_templates/addons/bundler_audit/app/assets/images/output.png
|
242
|
+
- after_templates/addons/bundler_audit/app/controllers/home_controller.rb
|
243
|
+
- after_templates/addons/bundler_audit/app/views/home/advisories.html.erb
|
244
|
+
- after_templates/addons/bundler_audit/app/views/home/index.html.erb
|
245
|
+
- after_templates/addons/bundler_audit/app/views/layouts/_footer.html.erb
|
246
|
+
- after_templates/addons/bundler_audit/app/views/layouts/_navbar.html.erb
|
247
|
+
- after_templates/addons/bundler_audit/app/views/layouts/application.html.erb
|
230
248
|
- after_templates/addons/chartkick/_.rb
|
231
249
|
- after_templates/addons/chartkick/app/controllers/home_controller.rb
|
232
250
|
- after_templates/addons/chartkick/app/views/home/index.html.erb
|
@@ -295,6 +313,13 @@ files:
|
|
295
313
|
- after_templates/addons/httparty/app/views/layouts/_footer.html.erb
|
296
314
|
- after_templates/addons/httparty/app/views/layouts/_navbar.html.erb
|
297
315
|
- after_templates/addons/httparty/app/views/layouts/application.html.erb
|
316
|
+
- after_templates/addons/kaminari/_.rb
|
317
|
+
- after_templates/addons/kaminari/app/controllers/home_controller.rb
|
318
|
+
- after_templates/addons/kaminari/app/views/home/index.html.erb
|
319
|
+
- after_templates/addons/kaminari/app/views/layouts/_footer.html.erb
|
320
|
+
- after_templates/addons/kaminari/app/views/layouts/_navbar.html.erb
|
321
|
+
- after_templates/addons/kaminari/app/views/layouts/application.html.erb
|
322
|
+
- after_templates/addons/kaminari/db/seeds.rb
|
298
323
|
- after_templates/addons/lograge/_.rb
|
299
324
|
- after_templates/addons/lograge/app/controllers/home_controller.rb
|
300
325
|
- after_templates/addons/lograge/app/views/home/index.html.erb
|
@@ -568,7 +593,6 @@ files:
|
|
568
593
|
- after_templates/rag/testy/app/views/layouts/_navbar.html.erb
|
569
594
|
- after_templates/rag/testy/app/views/layouts/application.html.erb
|
570
595
|
- after_templates/rag/testy/db/seeds.rb
|
571
|
-
- app:template
|
572
596
|
- bin/console
|
573
597
|
- bin/setup
|
574
598
|
- docs/images/tailwind.png
|
@@ -598,6 +622,7 @@ files:
|
|
598
622
|
- lib/rails_app_generator/addons/bcrypt.rb
|
599
623
|
- lib/rails_app_generator/addons/brakeman.rb
|
600
624
|
- lib/rails_app_generator/addons/browser.rb
|
625
|
+
- lib/rails_app_generator/addons/bundler_audit.rb
|
601
626
|
- lib/rails_app_generator/addons/chartkick.rb
|
602
627
|
- lib/rails_app_generator/addons/continuous_integration.rb
|
603
628
|
- lib/rails_app_generator/addons/devise.rb
|
@@ -616,6 +641,7 @@ files:
|
|
616
641
|
- lib/rails_app_generator/addons/httparty.rb
|
617
642
|
- lib/rails_app_generator/addons/inline_svg.rb
|
618
643
|
- lib/rails_app_generator/addons/irbrc.rb
|
644
|
+
- lib/rails_app_generator/addons/kaminari.rb
|
619
645
|
- lib/rails_app_generator/addons/lograge.rb
|
620
646
|
- lib/rails_app_generator/addons/mini_magick.rb
|
621
647
|
- lib/rails_app_generator/addons/minimal_css.rb
|
@@ -677,7 +703,9 @@ files:
|
|
677
703
|
- profiles/addons/annotate.json
|
678
704
|
- profiles/addons/avo.json
|
679
705
|
- profiles/addons/bcrypt.json
|
706
|
+
- profiles/addons/brakeman.json
|
680
707
|
- profiles/addons/browser.json
|
708
|
+
- profiles/addons/bundler_audit.json
|
681
709
|
- profiles/addons/chartkick.json
|
682
710
|
- profiles/addons/devise.json
|
683
711
|
- profiles/addons/devise_masquerade.json
|
@@ -686,6 +714,7 @@ files:
|
|
686
714
|
- profiles/addons/hexapdf.json
|
687
715
|
- profiles/addons/honeybadger.json
|
688
716
|
- profiles/addons/httparty.json
|
717
|
+
- profiles/addons/kaminari.json
|
689
718
|
- profiles/addons/lograge.json
|
690
719
|
- profiles/addons/mini_magick.json
|
691
720
|
- profiles/addons/minimal_css.json
|
data/app:template
DELETED
File without changes
|