Brakeman is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
Blame Brakeman: "git blame" added JSON warnings.
{
"user_input": null,
"confidence": "Medium",
"blame": "xxxxxxxxxxxxx (developer_name 2019-07-17 20:59:12 +0530 4226) params.require(:users).permit!\r\n"
}
Using RubyGems:
gem install blame_brakeman
Using Bundler:
group :development do
gem 'blame_brakeman'
end
-
First install brakeman gem in project
gem install brakeman -
Then install
gem install blame_brakeman(OR)gem 'blame_brakeman' -
require 'blame_brakeman'
-
Class Details are below
blame = BlameBrakeman::BrakemanSecurity.new('git'); blame.brakeman_security -
After, You will get a security_warning file under
root_directory/brakeman. -
OutputFolder Structure
-
If Yesterday, security_file is not there. It will generate today's security_file
security_MMDDYYYY.json -
If Yesterday, security_file is there. It will compare Yesterdays file and Todays file. It will give a output like
security_comparison_YESTERDAY(MMDDYYYY)_to_TODAY(MMDDYYYY).json -
Sample Output:
{ "warning_type": "Mass Assignment", "warning_code": 70, "fingerprint": "", "check_name": "MassAssignment", "message": "Parameters should be whitelisted for mass assignment", "file": "app/controllers/user_controller.rb", "line": 4226, "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", "code": "params.require(:users).permit!", "render_path": null, "location": { "type": "method", "class": "UsersController", "method": "users_params" }, "user_input": null, "confidence": "Medium", "blame": "xxxxxxxxxxxxx (developer_name 2019-07-17 20:59:12 +0530 4226) params.require(:users).permit!\r\n" }
It will work all the ruby versions and rails versions.
git clone git://github.com/honestveera/blame_brakeman.git
cd blame_brakeman
gem build blame_brakeman.gemspec
gem install blame_brakeman*.gem
Website: http://brakemanscanner.org/
Twitter: https://twitter.com/brakeman