Skip to content

Loading…

Fix brakeman issues #246

Merged
merged 4 commits into from

3 participants

@jasnow
  • Installed brakeman gem[1], ran tool, found one issue, fixed it, and created this pull request.
    • The issue was the use of "^" and "$" is github_url validation string (vs. "\A" and "\Z").
  • Brakeman output after the fix:
    • Scanned/Reported, then Total
    • Controllers, 11
    • Models, 9
    • Templates, 32
    • Errors, 0
    • Security Warnings, 0 (0)

[1] For more info: http://brakemanscanner.org/

@andrew andrew merged commit 2f11fe4 into 24pullrequests:master

1 check passed

Details default The Travis build passed
@andrew
24 Pull Requests member

Thanks, I've merged all three pull requests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 17, 2013
  1. @sqctest02

    Rebuilt Gemfile.lock file ; used https instead of http in Gemfile; ad…

    sqctest02 committed
    …d minitest(3.5.0) to get green test run; see 5 dep warnings
  2. @sqctest02

    1. Upgraded capybara to current version.

    sqctest02 committed
     2. Added capybara-webkit to get headless test run.
     3. Test run is all green.
  3. @sqctest02

    upgraded 6 gems

    sqctest02 committed
  4. @sqctest02

    fixed brakeman issues

    sqctest02 committed
Showing with 90 additions and 48 deletions.
  1. +16 −10 Gemfile
  2. +67 −34 Gemfile.lock
  3. +1 −1 app/models/project.rb
  4. +2 −2 spec/requests/projects_spec.rb
  5. +4 −1 spec/spec_helper.rb
View
26 Gemfile
@@ -1,7 +1,10 @@
-source 'http://rubygems.org'
+source 'https://rubygems.org'
ruby "2.0.0"
gem 'rails', '3.2.12'
+
+gem 'jquery-rails', '2.1.4'
+
gem 'pg'
gem 'unicorn'
gem 'foreman'
@@ -16,17 +19,16 @@ gem 'newrelic_rpm'
gem 'simplecov'
gem 'kaminari'
gem 'twitter'
-gem 'jquery-rails', '2.1.4'
gem "less-rails"
-gem "twitter-bootstrap-rails", '2.2.4'
+gem "twitter-bootstrap-rails"
gem 'simple_form'
gem 'rack-google-analytics'
group :assets do
- gem 'sass-rails', '~> 3.2.3'
- gem 'coffee-rails', '~> 3.2.1'
- gem 'therubyracer', '0.10.2', :platforms => :ruby
- gem 'uglifier', '>= 1.0.3'
+ gem 'sass-rails'
+ gem 'coffee-rails'
+ gem 'therubyracer', :platforms => :ruby
+ gem 'uglifier'
end
group :development do
@@ -36,15 +38,15 @@ end
group :development, :test do
gem 'rspec-rails'
- gem 'rb-fsevent', '~> 0.9.1'
gem 'factory_girl_rails'
gem 'faker'
+ gem 'brakeman'
# Auto testing
gem 'guard-rspec'
gem 'guard-spork'
gem 'ruby_gntp'
- gem 'rb-fsevent', '~> 0.9.1'
+ gem 'rb-fsevent'
# Javascript
gem 'konacha'
@@ -55,12 +57,16 @@ group :development, :test do
end
group :test do
- gem "capybara", '1.1.4'
+ gem "capybara"
+ gem 'capybara-webkit'
+ gem 'launchy'
+
gem 'database_cleaner'
gem 'shoulda-matchers'
gem 'webmock', :require => false
gem 'poltergeist'
gem 'timecop'
+ gem 'minitest', '3.5.0'
end
group :production do
View
101 Gemfile.lock
@@ -1,5 +1,5 @@
GEM
- remote: http://rubygems.org/
+ remote: https://rubygems.org/
specs:
actionmailer (3.2.12)
actionpack (= 3.2.12)
@@ -30,19 +30,33 @@ GEM
multi_json (~> 1.0)
addressable (2.3.3)
arel (3.0.2)
- bourne (1.1.2)
- mocha (= 0.10.5)
+ bourne (1.2.1)
+ mocha (= 0.12.7)
+ brakeman (1.9.3)
+ erubis (~> 2.6)
+ fastercsv (~> 1.5)
+ haml (>= 3.0, < 5.0)
+ highline (~> 1.6)
+ multi_json (~> 1.2)
+ ruby2ruby (~> 2.0)
+ ruby_parser (~> 3.1.1)
+ sass (~> 3.0)
+ slim (~> 1.3.6)
+ terminal-table (~> 1.4)
bugsnag (1.2.18)
httparty (>= 0.6, < 1.0)
multi_json (~> 1.0)
builder (3.0.4)
- capybara (1.1.4)
+ capybara (2.0.2)
mime-types (>= 1.16)
nokogiri (>= 1.3.3)
rack (>= 1.0.0)
rack-test (>= 0.5.4)
selenium-webdriver (~> 2.0)
- xpath (~> 0.1.4)
+ xpath (~> 1.0.0)
+ capybara-webkit (0.14.2)
+ capybara (~> 2.0, >= 2.0.2)
+ json
chai-jquery-rails (1.1.1)
railties (~> 3.1)
sprockets
@@ -79,6 +93,7 @@ GEM
multipart-post (~> 1.1)
faraday_middleware (0.9.0)
faraday (>= 0.7.4, < 0.9)
+ fastercsv (1.5.5)
faye-websocket (0.4.7)
eventmachine (>= 0.12.0)
ffi (1.4.0)
@@ -90,7 +105,7 @@ GEM
pry (>= 0.9.10)
terminal-table (>= 1.4.3)
thor (>= 0.14.6)
- guard-rspec (2.5.0)
+ guard-rspec (2.5.1)
guard (>= 1.1)
rspec (~> 2.11)
guard-spork (1.5.0)
@@ -105,6 +120,7 @@ GEM
haml (>= 3.1, < 4.1)
railties (>= 3.1, < 4.1)
hashie (1.2.0)
+ highline (1.6.16)
hike (1.2.1)
http_parser.rb (0.5.3)
httparty (0.10.2)
@@ -117,24 +133,26 @@ GEM
railties (>= 3.0, < 5.0)
thor (>= 0.14, < 2.0)
json (1.7.7)
- jwt (0.1.7)
+ jwt (0.1.8)
multi_json (>= 1.5)
kaminari (0.14.1)
actionpack (>= 3.0.0)
activesupport (>= 3.0.0)
kgio (2.8.0)
- konacha (2.5.0)
+ konacha (2.5.1)
actionpack (>= 3.1, < 5)
capybara
colorize
railties (>= 3.1, < 5)
sprockets
+ launchy (2.2.0)
+ addressable (~> 2.3)
less (2.3.1)
commonjs (~> 0.2.6)
less-rails (2.3.2)
actionpack (>= 3.1)
less (~> 2.3.1)
- libv8 (3.3.10.4)
+ libv8 (3.11.8.13)
listen (0.7.3)
lumberjack (1.0.2)
mail (2.4.4)
@@ -145,9 +163,10 @@ GEM
metaclass (0.0.1)
method_source (0.8.1)
mime-types (1.21)
- mocha (0.10.5)
+ minitest (3.5.0)
+ mocha (0.12.7)
metaclass (~> 0.0.1)
- multi_json (1.6.1)
+ multi_json (1.7.0)
multi_xml (0.5.3)
multipart-post (1.2.0)
netrc (0.7.7)
@@ -183,12 +202,10 @@ GEM
multi_json (~> 1.3)
omniauth-oauth (~> 1.0)
pg (0.14.1)
- poltergeist (1.0.2)
- capybara (~> 1.1)
- childprocess (~> 0.3)
+ poltergeist (1.1.0)
+ capybara (~> 2.0, >= 2.0.1)
faye-websocket (~> 0.4, >= 0.4.4)
http_parser.rb (~> 0.5.3)
- multi_json (~> 1.0)
polyglot (0.3.3)
pry (0.9.12)
coderay (~> 1.0.5)
@@ -226,11 +243,12 @@ GEM
rb-fsevent (0.9.3)
rdoc (3.12.2)
json (~> 1.4)
+ ref (1.0.2)
rspec (2.13.0)
rspec-core (~> 2.13.0)
rspec-expectations (~> 2.13.0)
rspec-mocks (~> 2.13.0)
- rspec-core (2.13.0)
+ rspec-core (2.13.1)
rspec-expectations (2.13.0)
diff-lcs (>= 1.1.3, < 2.0)
rspec-mocks (2.13.0)
@@ -241,7 +259,12 @@ GEM
rspec-core (~> 2.13.0)
rspec-expectations (~> 2.13.0)
rspec-mocks (~> 2.13.0)
+ ruby2ruby (2.0.3)
+ ruby_parser (~> 3.1)
+ sexp_processor (~> 4.0)
ruby_gntp (0.3.4)
+ ruby_parser (3.1.1)
+ sexp_processor (~> 4.1)
rubyzip (0.9.9)
sass (3.2.7)
sass-rails (3.2.6)
@@ -253,9 +276,10 @@ GEM
multi_json (~> 1.0)
rubyzip
websocket (~> 1.0.4)
- shoulda-matchers (1.4.2)
+ sexp_processor (4.1.5)
+ shoulda-matchers (1.5.0)
activesupport (>= 3.0.0)
- bourne (~> 1.1.2)
+ bourne (~> 1.2.0)
simple_form (2.1.0)
actionpack (~> 3.0)
activemodel (~> 3.0)
@@ -268,35 +292,40 @@ GEM
railties (>= 3.1)
sinon-rails (1.4.2.1)
railties (>= 3.1)
- slop (3.4.3)
+ slim (1.3.6)
+ temple (~> 0.5.5)
+ tilt (~> 1.3.3)
+ slop (3.4.4)
spork (0.9.2)
sprockets (2.2.2)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
+ temple (0.5.5)
terminal-table (1.4.5)
- therubyracer (0.10.2)
- libv8 (~> 3.3.10)
+ therubyracer (0.11.4)
+ libv8 (~> 3.11.8.12)
+ ref
thin (1.5.0)
daemons (>= 1.0.9)
eventmachine (>= 0.12.6)
rack (>= 1.0.0)
thor (0.17.0)
- tilt (1.3.4)
- timecop (0.6.0)
+ tilt (1.3.6)
+ timecop (0.6.1)
treetop (1.4.12)
polyglot
polyglot (>= 0.3.1)
- twitter (4.6.0)
+ twitter (4.6.1)
faraday (~> 0.8, < 0.10)
multi_json (~> 1.0)
simple_oauth (~> 0.2)
- twitter-bootstrap-rails (2.2.4)
+ twitter-bootstrap-rails (2.2.6)
actionpack (>= 3.1)
execjs
railties (>= 3.1)
- tzinfo (0.3.36)
+ tzinfo (0.3.37)
uglifier (1.3.0)
execjs (>= 0.3.0)
multi_json (~> 1.0, >= 1.0.2)
@@ -308,17 +337,19 @@ GEM
addressable (>= 2.2.7)
crack (>= 0.3.2)
websocket (1.0.7)
- xpath (0.1.4)
+ xpath (1.0.0)
nokogiri (~> 1.3)
PLATFORMS
ruby
DEPENDENCIES
+ brakeman
bugsnag
- capybara (= 1.1.4)
+ capybara
+ capybara-webkit
chai-jquery-rails
- coffee-rails (~> 3.2.1)
+ coffee-rails
dalli
database_cleaner
ejs
@@ -331,8 +362,10 @@ DEPENDENCIES
jquery-rails (= 2.1.4)
kaminari
konacha
+ launchy
less-rails
memcachier
+ minitest (= 3.5.0)
newrelic_rpm
octokit
omniauth
@@ -344,20 +377,20 @@ DEPENDENCIES
rabl
rack-google-analytics
rails (= 3.2.12)
- rb-fsevent (~> 0.9.1)
+ rb-fsevent
rspec-rails
ruby_gntp
- sass-rails (~> 3.2.3)
+ sass-rails
shoulda-matchers
simple_form
simplecov
sinon-chai-rails
sinon-rails
- therubyracer (= 0.10.2)
+ therubyracer
thin
timecop
twitter
- twitter-bootstrap-rails (= 2.2.4)
- uglifier (>= 1.0.3)
+ twitter-bootstrap-rails
+ uglifier
unicorn
webmock
View
2 app/models/project.rb
@@ -7,7 +7,7 @@ class Project < ActiveRecord::Base
"Scala", "Scheme", "Shell", "VimL"]
validates_presence_of :description, :github_url, :name, :main_language
- validates_format_of :github_url, :with => /^https?:\/\/(www\.)?github.com\/[\w-]*\/[\w\.-]*(\/)?$/i, :message => 'Enter the full HTTP URL.'
+ validates_format_of :github_url, :with => /\Ahttps?:\/\/(www\.)?github.com\/[\w-]*\/[\w\.-]*(\/)?\Z/i, :message => 'Enter the full HTTP URL.'
validates_uniqueness_of :github_url, :message => "Project has already been suggested."
validates_length_of :description, :within => 20..200
validates_inclusion_of :main_language, :in => LANGUAGES, :message => 'must be a programming language'
View
4 spec/requests/projects_spec.rb
@@ -58,8 +58,8 @@
it 'should show both projects by default' do
within '#projects' do
- page.should have_content 'Ruby project'
- page.should have_content 'Java project'
+ page.should have_selector('h4', text: /Java project/i)
+ page.should have_selector('h4', text: /Ruby project/i)
end
end
View
5 spec/spec_helper.rb
@@ -20,6 +20,8 @@
WebMock.disable_net_connect! :allow_localhost => true
+ # To run specs headless, use :webkit driver:
+ Capybara.javascript_driver = :webkit
if ENV['POLTERGEIST']
require 'capybara/poltergeist'
Capybara.javascript_driver = :poltergeist
@@ -75,6 +77,7 @@
config.infer_base_class_for_anonymous_controllers = false
config.include FactoryGirl::Syntax::Methods
+ config.include Capybara::DSL
end
end
@@ -85,7 +88,7 @@
config.before do
User.any_instance.stub(:estimate_skills).and_return(nil)
Twitter::Client.any_instance.stub(:update)
- Timecop.freeze(Date.parse('12/12/2012'))
+ Timecop.travel(Date.parse('12/12/2012'))
end
config.after do
Something went wrong with that request. Please try again.