spektr 0.3.1 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/lib/spektr/app.rb +6 -2
- data/lib/spektr/core_ext/string.rb +16 -0
- data/lib/spektr/processors/class_processor.rb +0 -1
- data/lib/spektr/version.rb +1 -1
- data/lib/spektr.rb +1 -3
- data/spektr.gemspec +5 -6
- metadata +12 -25
- data/Gemfile.lock +0 -138
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1afb80e4a1c5d9cc60a44031a5f3e0b467728f0d5edc75c5ba96dc905afcad6b
|
4
|
+
data.tar.gz: a92f43e5cc7865642641df39ba697609c926e67bdbc3cf14130ee2aed186c106
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e3369c1e335efd31cd527bd81b6848f50fe718dce399feef67ec3e5afe669629b09fce1acd0e09e5fc45b4fefaed6f5ac592918619306a750381b6aae9843e21
|
7
|
+
data.tar.gz: 6750ac48db9693f2b02448b13127456d0a8384f94e84d7d1c7d06ecc5f5320246d8c9bb6471a18d5c75bc7adf421b48d4f3145ba3e14a483cf0079e995734744
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,18 @@
|
|
2
2
|
|
3
3
|
## Unreleased
|
4
4
|
|
5
|
+
## 0.3.3
|
6
|
+
|
7
|
+
* Remove hard dependency of haml 5
|
8
|
+
|
9
|
+
## 0.3.2
|
10
|
+
|
11
|
+
* Rescue from lib file parsing errors
|
12
|
+
|
13
|
+
* Drop Active Support from dependencies
|
14
|
+
|
15
|
+
* Improve Gemspec
|
16
|
+
|
5
17
|
## 0.3.0
|
6
18
|
|
7
19
|
* Add support to ignore findings
|
data/lib/spektr/app.rb
CHANGED
@@ -94,8 +94,12 @@ module Spektr
|
|
94
94
|
# TODO: load non-app lib too
|
95
95
|
@lib_files = find_files('lib').map do |path|
|
96
96
|
next if loaded_files.include?(path)
|
97
|
-
|
98
|
-
|
97
|
+
begin
|
98
|
+
Targets::Base.new(path, File.read(path, encoding: 'utf-8'))
|
99
|
+
rescue Parser::SyntaxError => e
|
100
|
+
::Spektr.logger.debug "Couldn't parse #{path}: #{e.message}"
|
101
|
+
nil
|
102
|
+
end
|
99
103
|
end.reject(&:nil?)
|
100
104
|
self
|
101
105
|
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class String
|
2
|
+
def blank?
|
3
|
+
nil? || self == ""
|
4
|
+
end
|
5
|
+
|
6
|
+
def underscore
|
7
|
+
camel_cased_word = self
|
8
|
+
return camel_cased_word.to_s unless /[A-Z-]|::/.match?(camel_cased_word)
|
9
|
+
word = camel_cased_word.to_s.gsub("::", "/")
|
10
|
+
word.gsub!(/(?:(?<=([A-Za-z\d]))|\b)((?=a))(?=\b|[^a-z])/) { "#{$1 && '_' }#{$2.downcase}" }
|
11
|
+
word.gsub!(/([A-Z]+)(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
|
12
|
+
word.tr!("-", "_")
|
13
|
+
word.downcase!
|
14
|
+
word
|
15
|
+
end
|
16
|
+
end
|
data/lib/spektr/version.rb
CHANGED
data/lib/spektr.rb
CHANGED
@@ -5,13 +5,11 @@ require 'parser'
|
|
5
5
|
require 'parser/current'
|
6
6
|
require 'unparser'
|
7
7
|
require 'erb'
|
8
|
-
require 'slim/erb_converter'
|
9
8
|
require 'haml'
|
10
|
-
require 'active_support/core_ext/string/inflections'
|
11
9
|
require 'logger'
|
12
10
|
require 'tty/spinner'
|
13
11
|
require 'tty/table'
|
14
|
-
|
12
|
+
require 'spektr/core_ext/string'
|
15
13
|
require 'zeitwerk'
|
16
14
|
loader = Zeitwerk::Loader.for_gem
|
17
15
|
loader.collapse("#{__dir__}/processors")
|
data/spektr.gemspec
CHANGED
@@ -8,14 +8,14 @@ Gem::Specification.new do |spec|
|
|
8
8
|
|
9
9
|
spec.summary = 'Rails static code analyzer for security issues'
|
10
10
|
spec.description = 'Rails static code analyzer for security issues'
|
11
|
-
spec.homepage = 'https://
|
12
|
-
spec.license = '
|
11
|
+
spec.homepage = 'https://spektrhq.com'
|
12
|
+
spec.license = 'Spektr Custom Licence'
|
13
13
|
spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
|
14
14
|
|
15
15
|
# spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
|
16
16
|
|
17
17
|
spec.metadata['homepage_uri'] = spec.homepage
|
18
|
-
|
18
|
+
spec.metadata["source_code_uri"] = "https://github.com/gregmolnar/spektr"
|
19
19
|
# spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
|
20
20
|
|
21
21
|
# Specify which files should be added to the gem when it is released.
|
@@ -23,13 +23,12 @@ Gem::Specification.new do |spec|
|
|
23
23
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
24
24
|
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
25
25
|
end
|
26
|
-
spec.bindir = '
|
26
|
+
spec.bindir = 'bin'
|
27
27
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
28
28
|
spec.require_paths = ['lib']
|
29
29
|
|
30
|
-
spec.add_dependency 'activesupport', '~> 6.1.0'
|
31
30
|
spec.add_dependency 'erubi'
|
32
|
-
spec.add_dependency 'haml'
|
31
|
+
spec.add_dependency 'haml'
|
33
32
|
spec.add_dependency 'parser', '~> 3.0.0'
|
34
33
|
spec.add_dependency 'pastel'
|
35
34
|
spec.add_dependency 'ruby_parser', '~>3.13'
|
metadata
CHANGED
@@ -1,29 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spektr
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Greg Molnar
|
8
8
|
autorequire:
|
9
|
-
bindir:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-10
|
11
|
+
date: 2022-11-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: activesupport
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: 6.1.0
|
20
|
-
type: :runtime
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: 6.1.0
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: erubi
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -42,16 +28,16 @@ dependencies:
|
|
42
28
|
name: haml
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|
44
30
|
requirements:
|
45
|
-
- - "
|
31
|
+
- - ">="
|
46
32
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
33
|
+
version: '0'
|
48
34
|
type: :runtime
|
49
35
|
prerelease: false
|
50
36
|
version_requirements: !ruby/object:Gem::Requirement
|
51
37
|
requirements:
|
52
|
-
- - "
|
38
|
+
- - ">="
|
53
39
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
40
|
+
version: '0'
|
55
41
|
- !ruby/object:Gem::Dependency
|
56
42
|
name: parser
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -289,7 +275,6 @@ files:
|
|
289
275
|
- CHANGELOG.md
|
290
276
|
- CODE_OF_CONDUCT.md
|
291
277
|
- Gemfile
|
292
|
-
- Gemfile.lock
|
293
278
|
- Guardfile
|
294
279
|
- LICENSE.txt
|
295
280
|
- README.md
|
@@ -329,6 +314,7 @@ files:
|
|
329
314
|
- lib/spektr/checks/sqli.rb
|
330
315
|
- lib/spektr/checks/xss.rb
|
331
316
|
- lib/spektr/cli.rb
|
317
|
+
- lib/spektr/core_ext/string.rb
|
332
318
|
- lib/spektr/erubi.rb
|
333
319
|
- lib/spektr/exp/assignment.rb
|
334
320
|
- lib/spektr/exp/base.rb
|
@@ -350,11 +336,12 @@ files:
|
|
350
336
|
- lib/spektr/warning.rb
|
351
337
|
- railsgoat-example.png
|
352
338
|
- spektr.gemspec
|
353
|
-
homepage: https://
|
339
|
+
homepage: https://spektrhq.com
|
354
340
|
licenses:
|
355
|
-
-
|
341
|
+
- Spektr Custom Licence
|
356
342
|
metadata:
|
357
|
-
homepage_uri: https://
|
343
|
+
homepage_uri: https://spektrhq.com
|
344
|
+
source_code_uri: https://github.com/gregmolnar/spektr
|
358
345
|
post_install_message:
|
359
346
|
rdoc_options: []
|
360
347
|
require_paths:
|
data/Gemfile.lock
DELETED
@@ -1,138 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
spektr (0.3.1)
|
5
|
-
activesupport (~> 6.1.0)
|
6
|
-
erubi
|
7
|
-
haml (~> 5.1)
|
8
|
-
parser (~> 3.0.0)
|
9
|
-
pastel
|
10
|
-
ruby_parser (~> 3.13)
|
11
|
-
slim
|
12
|
-
tty-color
|
13
|
-
tty-option
|
14
|
-
tty-spinner
|
15
|
-
tty-table
|
16
|
-
unparser (~> 0.6.0)
|
17
|
-
zeitwerk
|
18
|
-
|
19
|
-
GEM
|
20
|
-
remote: https://rubygems.org/
|
21
|
-
specs:
|
22
|
-
activesupport (6.1.7)
|
23
|
-
concurrent-ruby (~> 1.0, >= 1.0.2)
|
24
|
-
i18n (>= 1.6, < 2)
|
25
|
-
minitest (>= 5.1)
|
26
|
-
tzinfo (~> 2.0)
|
27
|
-
zeitwerk (~> 2.3)
|
28
|
-
ast (2.4.2)
|
29
|
-
byebug (11.1.3)
|
30
|
-
coderay (1.1.3)
|
31
|
-
concurrent-ruby (1.1.10)
|
32
|
-
diff-lcs (1.5.0)
|
33
|
-
erubi (1.11.0)
|
34
|
-
ffi (1.15.5)
|
35
|
-
formatador (0.3.0)
|
36
|
-
guard (2.18.0)
|
37
|
-
formatador (>= 0.2.4)
|
38
|
-
listen (>= 2.7, < 4.0)
|
39
|
-
lumberjack (>= 1.0.12, < 2.0)
|
40
|
-
nenv (~> 0.1)
|
41
|
-
notiffany (~> 0.0)
|
42
|
-
pry (>= 0.13.0)
|
43
|
-
shellany (~> 0.0)
|
44
|
-
thor (>= 0.18.1)
|
45
|
-
guard-compat (1.2.1)
|
46
|
-
guard-minitest (2.4.6)
|
47
|
-
guard-compat (~> 1.2)
|
48
|
-
minitest (>= 3.0)
|
49
|
-
haml (5.2.2)
|
50
|
-
temple (>= 0.8.0)
|
51
|
-
tilt
|
52
|
-
i18n (1.12.0)
|
53
|
-
concurrent-ruby (~> 1.0)
|
54
|
-
listen (3.7.1)
|
55
|
-
rb-fsevent (~> 0.10, >= 0.10.3)
|
56
|
-
rb-inotify (~> 0.9, >= 0.9.10)
|
57
|
-
lumberjack (1.2.8)
|
58
|
-
method_source (1.0.0)
|
59
|
-
minitest (5.15.0)
|
60
|
-
nenv (0.3.0)
|
61
|
-
notiffany (0.1.3)
|
62
|
-
nenv (~> 0.1)
|
63
|
-
shellany (~> 0.0)
|
64
|
-
parallel (1.21.0)
|
65
|
-
parser (3.0.3.2)
|
66
|
-
ast (~> 2.4.1)
|
67
|
-
pastel (0.8.0)
|
68
|
-
tty-color (~> 0.5)
|
69
|
-
pry (0.14.1)
|
70
|
-
coderay (~> 1.1)
|
71
|
-
method_source (~> 1.0)
|
72
|
-
rainbow (3.0.0)
|
73
|
-
rake (12.3.3)
|
74
|
-
rb-fsevent (0.11.0)
|
75
|
-
rb-inotify (0.10.1)
|
76
|
-
ffi (~> 1.0)
|
77
|
-
regexp_parser (2.2.0)
|
78
|
-
rexml (3.2.5)
|
79
|
-
rubocop (1.24.0)
|
80
|
-
parallel (~> 1.10)
|
81
|
-
parser (>= 3.0.0.0)
|
82
|
-
rainbow (>= 2.2.2, < 4.0)
|
83
|
-
regexp_parser (>= 1.8, < 3.0)
|
84
|
-
rexml
|
85
|
-
rubocop-ast (>= 1.15.0, < 2.0)
|
86
|
-
ruby-progressbar (~> 1.7)
|
87
|
-
unicode-display_width (>= 1.4.0, < 3.0)
|
88
|
-
rubocop-ast (1.15.0)
|
89
|
-
parser (>= 3.0.1.1)
|
90
|
-
ruby-progressbar (1.11.0)
|
91
|
-
ruby_parser (3.19.1)
|
92
|
-
sexp_processor (~> 4.16)
|
93
|
-
sexp_processor (4.16.1)
|
94
|
-
shellany (0.0.1)
|
95
|
-
slim (4.1.0)
|
96
|
-
temple (>= 0.7.6, < 0.9)
|
97
|
-
tilt (>= 2.0.6, < 2.1)
|
98
|
-
strings (0.2.1)
|
99
|
-
strings-ansi (~> 0.2)
|
100
|
-
unicode-display_width (>= 1.5, < 3.0)
|
101
|
-
unicode_utils (~> 1.4)
|
102
|
-
strings-ansi (0.2.0)
|
103
|
-
temple (0.8.2)
|
104
|
-
thor (1.2.1)
|
105
|
-
tilt (2.0.11)
|
106
|
-
tty-color (0.6.0)
|
107
|
-
tty-cursor (0.7.1)
|
108
|
-
tty-option (0.2.0)
|
109
|
-
tty-screen (0.8.1)
|
110
|
-
tty-spinner (0.9.3)
|
111
|
-
tty-cursor (~> 0.7)
|
112
|
-
tty-table (0.12.0)
|
113
|
-
pastel (~> 0.8)
|
114
|
-
strings (~> 0.2.0)
|
115
|
-
tty-screen (~> 0.8)
|
116
|
-
tzinfo (2.0.5)
|
117
|
-
concurrent-ruby (~> 1.0)
|
118
|
-
unicode-display_width (2.1.0)
|
119
|
-
unicode_utils (1.4.0)
|
120
|
-
unparser (0.6.2)
|
121
|
-
diff-lcs (~> 1.3)
|
122
|
-
parser (>= 3.0.0)
|
123
|
-
zeitwerk (2.6.1)
|
124
|
-
|
125
|
-
PLATFORMS
|
126
|
-
ruby
|
127
|
-
|
128
|
-
DEPENDENCIES
|
129
|
-
byebug
|
130
|
-
guard
|
131
|
-
guard-minitest
|
132
|
-
minitest (~> 5.0)
|
133
|
-
rake (~> 12.0)
|
134
|
-
rubocop
|
135
|
-
spektr!
|
136
|
-
|
137
|
-
BUNDLED WITH
|
138
|
-
2.1.4
|