spektr 0.3.4 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/lib/spektr/checks/base.rb +2 -2
- data/lib/spektr/checks/content_tag_xss.rb +1 -0
- data/lib/spektr/cli.rb +1 -0
- data/lib/spektr/processors/base.rb +21 -14
- data/lib/spektr/targets/base.rb +2 -2
- data/lib/spektr/version.rb +1 -1
- data/lib/spektr.rb +2 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5efc76d3f9085d5aa78df1f4f0573e8b57bf6a19a80fe80366ffb9dc5f5b0ffe
|
4
|
+
data.tar.gz: 285b537f82854ec9a0dd24291478386c89118895ecb14151826078289d97e071
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 34d8eaf274fb3ebe686357bee5db03de636c12ae870426c9f1804ef26a1038122b3ef9746c66c2f7121d7af74631d12186e63cb5b8007aade6450252fceacaca
|
7
|
+
data.tar.gz: 0c51dfaf5a328e3f60b14c21296d684308b073b222101fb5294fc9189a5c699f00e7b417c7246d5a4fd1d2dfa7e36b152fbaacbe4271c7d6c318948e7a844d72
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,16 @@
|
|
2
2
|
|
3
3
|
## Unreleased
|
4
4
|
|
5
|
+
## 0.4.1
|
6
|
+
|
7
|
+
* fix core extension eager loading
|
8
|
+
|
9
|
+
## 0.4.0
|
10
|
+
|
11
|
+
* make XSS check work without a Rails version
|
12
|
+
* change parent class extraction to support Structs
|
13
|
+
* fix parsing errors
|
14
|
+
|
5
15
|
## 0.3.4
|
6
16
|
|
7
17
|
* Relax dependencies, to help with using spektr as a gem
|
data/lib/spektr/checks/base.rb
CHANGED
@@ -88,7 +88,7 @@ module Spektr
|
|
88
88
|
next unless child.is_a?(Parser::AST::Node)
|
89
89
|
return true if user_input?(child.type, child.children.last, child)
|
90
90
|
end
|
91
|
-
when :block, :pair, :hash, :if
|
91
|
+
when :block, :pair, :hash, :array, :if, :or
|
92
92
|
ast.children.each do |child|
|
93
93
|
next unless child.is_a?(Parser::AST::Node)
|
94
94
|
return true if user_input?(child.type, child.children.last, child)
|
@@ -125,7 +125,7 @@ module Spektr
|
|
125
125
|
return true if _send.receiver && model_names.include?(_send.receiver.name)
|
126
126
|
when :const
|
127
127
|
return true if model_names.include? item.name
|
128
|
-
when :block, :pair, :hash, :if
|
128
|
+
when :block, :pair, :hash, :array, :if, :or
|
129
129
|
item.children.each do |child|
|
130
130
|
next unless child.is_a?(Parser::AST::Node)
|
131
131
|
return true if model_attribute?(child)
|
data/lib/spektr/cli.rb
CHANGED
@@ -16,13 +16,25 @@ module Spektr::Processors
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def parent_name
|
19
|
-
|
20
|
-
|
19
|
+
parent_parts.join('::')
|
20
|
+
end
|
21
|
+
|
22
|
+
def parent_parts
|
23
|
+
result = @parent_parts.dup
|
24
|
+
result.pop if part_matches_self?(result.last.to_s)
|
25
|
+
result
|
26
|
+
end
|
27
|
+
|
28
|
+
def part_matches_self?(part)
|
29
|
+
(part == name || part_with_module(part) == name)
|
30
|
+
end
|
31
|
+
|
32
|
+
def part_with_module(part)
|
33
|
+
(@parent_modules | [part]).join('::')
|
21
34
|
end
|
22
35
|
|
23
36
|
def parent_name_with_modules
|
24
|
-
parts = @parent_modules |
|
25
|
-
parts.shift if parts.first.to_s == name
|
37
|
+
parts = @parent_modules | parent_parts
|
26
38
|
parts.join('::')
|
27
39
|
end
|
28
40
|
|
@@ -39,17 +51,12 @@ module Spektr::Processors
|
|
39
51
|
end
|
40
52
|
|
41
53
|
def extract_parent_parts(node)
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
elsif child.is_a? Symbol
|
48
|
-
@parent_parts << child.to_s
|
49
|
-
end
|
54
|
+
return unless node.is_a?(Parser::AST::Node) && %i[ module class const send].include?(node.type)
|
55
|
+
@parent_parts.prepend(node.children.last) if node.type == :const
|
56
|
+
if node.children.any?
|
57
|
+
node.children.each do |child|
|
58
|
+
extract_parent_parts(child)
|
50
59
|
end
|
51
|
-
elsif node&.children&.first&.children&.last
|
52
|
-
@parent_parts << node.children.first.children.last
|
53
60
|
end
|
54
61
|
end
|
55
62
|
|
data/lib/spektr/targets/base.rb
CHANGED
@@ -100,9 +100,9 @@ module Spektr
|
|
100
100
|
Exp::Send.new(ast)
|
101
101
|
when :def
|
102
102
|
Exp::Definition.new(ast)
|
103
|
-
when :ivasgn
|
103
|
+
when :ivasgn, :ivar
|
104
104
|
Exp::Ivasgin.new(ast)
|
105
|
-
when :lvasign
|
105
|
+
when :lvasign, :lvar
|
106
106
|
Exp::Lvasign.new(ast)
|
107
107
|
when :const
|
108
108
|
Exp::Const.new(ast)
|
data/lib/spektr/version.rb
CHANGED
data/lib/spektr.rb
CHANGED
@@ -12,6 +12,7 @@ require 'spektr/core_ext/string'
|
|
12
12
|
require 'zeitwerk'
|
13
13
|
loader = Zeitwerk::Loader.for_gem
|
14
14
|
loader.collapse("#{__dir__}/processors")
|
15
|
+
loader.do_not_eager_load("#{__dir__}/spektr/core_ext")
|
15
16
|
loader.setup
|
16
17
|
|
17
18
|
module Spektr
|
@@ -21,7 +22,7 @@ module Spektr
|
|
21
22
|
pastel = Pastel.new
|
22
23
|
@output_format = output_format
|
23
24
|
start_spinner('Initializing')
|
24
|
-
if debug
|
25
|
+
@log_level = if debug
|
25
26
|
Logger::DEBUG
|
26
27
|
elsif terminal?
|
27
28
|
Logger::ERROR
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spektr
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Greg Molnar
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-03-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: erubi
|
@@ -344,7 +344,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
344
344
|
- !ruby/object:Gem::Version
|
345
345
|
version: '0'
|
346
346
|
requirements: []
|
347
|
-
rubygems_version: 3.
|
347
|
+
rubygems_version: 3.4.6
|
348
348
|
signing_key:
|
349
349
|
specification_version: 4
|
350
350
|
summary: Rails static code analyzer for security issues
|