RubyGems - spektr - Versions diffs - 0.1.0 - Mend

spektr 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

checksums.yaml +7 -0
data/.github/workflows/ci.yaml +32 -0
data/.gitignore +9 -0
data/.travis.yml +6 -0
data/CHANGELOG.md +3 -0
data/CODE_OF_CONDUCT.md +74 -0
data/Gemfile +4 -0
data/Gemfile.lock +134 -0
data/Guardfile +45 -0
data/LICENSE.txt +27 -0
data/README.md +70 -0
data/Rakefile +10 -0
data/bin/console +14 -0
data/bin/setup +8 -0
data/bin/spektr +7 -0
data/lib/spektr/app.rb +209 -0
data/lib/spektr/checks/base.rb +151 -0
data/lib/spektr/checks/basic_auth.rb +27 -0
data/lib/spektr/checks/basic_auth_timing.rb +24 -0
data/lib/spektr/checks/command_injection.rb +48 -0
data/lib/spektr/checks/content_tag_xss.rb +54 -0
data/lib/spektr/checks/cookie_serialization.rb +21 -0
data/lib/spektr/checks/create_with.rb +27 -0
data/lib/spektr/checks/csrf.rb +25 -0
data/lib/spektr/checks/csrf_setting.rb +39 -0
data/lib/spektr/checks/default_routes.rb +43 -0
data/lib/spektr/checks/deserialize.rb +62 -0
data/lib/spektr/checks/detailed_exceptions.rb +29 -0
data/lib/spektr/checks/digest_dos.rb +28 -0
data/lib/spektr/checks/dynamic_finders.rb +26 -0
data/lib/spektr/checks/evaluation.rb +25 -0
data/lib/spektr/checks/file_access.rb +38 -0
data/lib/spektr/checks/file_disclosure.rb +25 -0
data/lib/spektr/checks/filter_skipping.rb +29 -0
data/lib/spektr/checks/header_dos.rb +20 -0
data/lib/spektr/checks/i18n_xss.rb +20 -0
data/lib/spektr/checks/json_encoding.rb +23 -0
data/lib/spektr/checks/json_entity_escape.rb +30 -0
data/lib/spektr/checks/json_parsing.rb +47 -0
data/lib/spektr/checks/link_to_href.rb +35 -0
data/lib/spektr/checks/mass_assignment.rb +42 -0
data/lib/spektr/checks/send.rb +24 -0
data/lib/spektr/checks/sqli.rb +52 -0
data/lib/spektr/checks/xss.rb +49 -0
data/lib/spektr/checks.rb +9 -0
data/lib/spektr/cli.rb +53 -0
data/lib/spektr/erubi.rb +78 -0
data/lib/spektr/exp/assignment.rb +20 -0
data/lib/spektr/exp/base.rb +32 -0
data/lib/spektr/exp/const.rb +7 -0
data/lib/spektr/exp/definition.rb +32 -0
data/lib/spektr/exp/ivasign.rb +7 -0
data/lib/spektr/exp/lvasign.rb +7 -0
data/lib/spektr/exp/send.rb +135 -0
data/lib/spektr/exp/xstr.rb +12 -0
data/lib/spektr/processors/base.rb +80 -0
data/lib/spektr/processors/class_processor.rb +25 -0
data/lib/spektr/targets/base.rb +119 -0
data/lib/spektr/targets/config.rb +6 -0
data/lib/spektr/targets/controller.rb +74 -0
data/lib/spektr/targets/model.rb +6 -0
data/lib/spektr/targets/routes.rb +38 -0
data/lib/spektr/targets/view.rb +34 -0
data/lib/spektr/version.rb +3 -0
data/lib/spektr/warning.rb +23 -0
data/lib/spektr.rb +120 -0
data/spektr.gemspec +49 -0
metadata +362 -0

data/spektr.gemspec ADDED Viewed

@@ -0,0 +1,49 @@
+require_relative 'lib/spektr/version'
+Gem::Specification.new do |spec|
+  spec.name = 'spektr'
+  spec.version = Spektr::VERSION
+  spec.authors = ['Greg Molnar']
+  spec.email = ['molnargerg@gmail.com']
+  spec.summary = 'Rails static code analyzer for security issues'
+  spec.description = 'Rails static code analyzer for security issues'
+  spec.homepage = 'https://railscop.com'
+  spec.license = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+  # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+  spec.metadata['homepage_uri'] = spec.homepage
+  # spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
+  # spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir = 'exe'
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+  spec.add_dependency 'activesupport', '~> 6.1.0'
+  spec.add_dependency 'erubi'
+  spec.add_dependency 'haml', '~>5.1'
+  spec.add_dependency 'parser', '~> 3.0.0'
+  spec.add_dependency 'pastel'
+  spec.add_dependency 'ruby_parser', '~>3.13'
+  spec.add_dependency 'tty-color'
+  spec.add_dependency 'tty-option'
+  spec.add_dependency 'tty-spinner'
+  spec.add_dependency 'tty-table'
+  spec.add_dependency 'unparser', '~> 0.6.0'
+  spec.add_dependency 'zeitwerk'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'guard'
+  spec.add_development_dependency 'guard-minitest'
+  spec.add_development_dependency 'minitest', '~> 5.0'
+  spec.add_development_dependency 'rake', '~> 12.0'
+  spec.add_development_dependency 'rubocop'
+end

metadata ADDED Viewed

@@ -0,0 +1,362 @@
+--- !ruby/object:Gem::Specification
+name: spektr
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Greg Molnar
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2022-06-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.0
+- !ruby/object:Gem::Dependency
+  name: erubi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: haml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+- !ruby/object:Gem::Dependency
+  name: parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: pastel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby_parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
+- !ruby/object:Gem::Dependency
+  name: tty-color
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: tty-option
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: tty-spinner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: tty-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: unparser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+- !ruby/object:Gem::Dependency
+  name: zeitwerk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rails static code analyzer for security issues
+email:
+- molnargerg@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/ci.yaml"
+- ".gitignore"
+- ".travis.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- bin/spektr
+- lib/spektr.rb
+- lib/spektr/app.rb
+- lib/spektr/checks.rb
+- lib/spektr/checks/base.rb
+- lib/spektr/checks/basic_auth.rb
+- lib/spektr/checks/basic_auth_timing.rb
+- lib/spektr/checks/command_injection.rb
+- lib/spektr/checks/content_tag_xss.rb
+- lib/spektr/checks/cookie_serialization.rb
+- lib/spektr/checks/create_with.rb
+- lib/spektr/checks/csrf.rb
+- lib/spektr/checks/csrf_setting.rb
+- lib/spektr/checks/default_routes.rb
+- lib/spektr/checks/deserialize.rb
+- lib/spektr/checks/detailed_exceptions.rb
+- lib/spektr/checks/digest_dos.rb
+- lib/spektr/checks/dynamic_finders.rb
+- lib/spektr/checks/evaluation.rb
+- lib/spektr/checks/file_access.rb
+- lib/spektr/checks/file_disclosure.rb
+- lib/spektr/checks/filter_skipping.rb
+- lib/spektr/checks/header_dos.rb
+- lib/spektr/checks/i18n_xss.rb
+- lib/spektr/checks/json_encoding.rb
+- lib/spektr/checks/json_entity_escape.rb
+- lib/spektr/checks/json_parsing.rb
+- lib/spektr/checks/link_to_href.rb
+- lib/spektr/checks/mass_assignment.rb
+- lib/spektr/checks/send.rb
+- lib/spektr/checks/sqli.rb
+- lib/spektr/checks/xss.rb
+- lib/spektr/cli.rb
+- lib/spektr/erubi.rb
+- lib/spektr/exp/assignment.rb
+- lib/spektr/exp/base.rb
+- lib/spektr/exp/const.rb
+- lib/spektr/exp/definition.rb
+- lib/spektr/exp/ivasign.rb
+- lib/spektr/exp/lvasign.rb
+- lib/spektr/exp/send.rb
+- lib/spektr/exp/xstr.rb
+- lib/spektr/processors/base.rb
+- lib/spektr/processors/class_processor.rb
+- lib/spektr/targets/base.rb
+- lib/spektr/targets/config.rb
+- lib/spektr/targets/controller.rb
+- lib/spektr/targets/model.rb
+- lib/spektr/targets/routes.rb
+- lib/spektr/targets/view.rb
+- lib/spektr/version.rb
+- lib/spektr/warning.rb
+- spektr.gemspec
+homepage: https://railscop.com
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://railscop.com
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key:
+specification_version: 4
+summary: Rails static code analyzer for security issues
+test_files: []