Permalink
Commits on Jan 14, 2013
Commits on Jan 13, 2013
  1. Merge pull request #233 from oreoshake/poly_arrays_for_href

    Fixes #232 treat arrays as models -> polymorphic_url/path
    presidentbeef committed Jan 13, 2013
Commits on Jan 12, 2013
  1. Merge pull request #231 from dwbutler/rubies

    Test more rubies
    presidentbeef committed Jan 12, 2013
  2. Test more rubies

    dwbutler committed Jan 12, 2013
Commits on Jan 3, 2013
  1. Merge pull request #228 from presidentbeef/CVE-2012-5664

    Version check for CVE-2012-5664
    presidentbeef committed Jan 3, 2013
Commits on Jan 2, 2013
  1. a/an consistency

    presidentbeef committed Jan 2, 2013
  2. Add version check for CVE-2012-5664

    Dynamic finders SQL injection vulnerability
    presidentbeef committed Jan 2, 2013
  3. Tests for CVE-2012-5664

    presidentbeef committed Jan 2, 2013
  4. Merge pull request #227 from presidentbeef/check_for_secret_token

    Check for secret_token
    presidentbeef committed Jan 2, 2013
  5. Add warning for secret_token

    as suggested in #200
    presidentbeef committed Jan 2, 2013
Commits on Dec 25, 2012
  1. Bump to 1.9.0

    presidentbeef committed Dec 25, 2012
  2. Merge pull request #224 from presidentbeef/only_do_one_pass_of_alias_…

    …processing
    
    Only do one pass of alias processing + Pass instance variables through before_filters
    presidentbeef committed Dec 25, 2012
Commits on Dec 24, 2012
  1. Merge branch 'pass_ivars_between_before_filters' into only_do_one_pas…

    …s_of_alias_processing
    
    Should really be one branch
    
    Conflicts:
    	test/tests/test_rails3.rb
    presidentbeef committed Dec 24, 2012
  2. Only do single pass in AliasProcessor instead of 2

    Doing two passes was kind of a brute-force way to propagate some
    variables in some cases, but it seems wasteful. It also makes
    `--interprocedural` take even longer.
    presidentbeef committed Dec 24, 2012
  3. Merge pull request #220 from presidentbeef/fix_session_settings_check…

    …_for_rails3
    
    Fix CheckSessionSettings for Rails 3
    presidentbeef committed Dec 24, 2012
  4. Merge pull request #218 from presidentbeef/simple_helper_scanning

    Add optional simple helper method scanning for controllers
    presidentbeef committed Dec 24, 2012
  5. Add test for before_filter ivar usage

    when one before_filter depends on ivars from another
    presidentbeef committed Dec 24, 2012
Commits on Dec 22, 2012
  1. Merge branch 'fix_session_settings_check_for_rails3' of github.com:pr…

    …esidentbeef/brakeman into fix_session_settings_check_for_rails3
    
    Conflicts:
    	lib/brakeman/checks/check_session_settings.rb
    presidentbeef committed Dec 22, 2012
  2. Fix CheckSessionSettings for Rails 3

    because I was dumb and hard-coded the name
    of the app (i.e., MyApp::Application.config)
    presidentbeef committed Dec 21, 2012
  3. Merge pull request #222 from presidentbeef/fix_execute_check_logic_error

    Fix CheckExecute treating all string interps same
    presidentbeef committed Dec 22, 2012
Commits on Dec 21, 2012
  1. Fix CheckExecute treating all string interps same

    and making user input medium confidence. Oops.
    presidentbeef committed Dec 21, 2012
  2. Merge pull request #219 from presidentbeef/ignore_route_information_b…

    …y_default
    
    Ignore route information by default
    presidentbeef committed Dec 21, 2012
  3. Merge branch 'master' into simple_helper_scanning

    Conflicts:
    	test/tests/test_rails31.rb
    presidentbeef committed Dec 21, 2012
  4. Add test for modifying existing ivar

    in FindReturnValue
    presidentbeef committed Dec 21, 2012
  5. Fix rescan test for route removal

    because it only matters if we care about routes
    presidentbeef committed Dec 21, 2012
  6. Forget checking for public methods

    it messes up mixed-in methods and such
    presidentbeef committed Dec 21, 2012
  7. Fix CheckSessionSettings for Rails 3

    because I was dumb and hard-coded the name
    of the app (i.e., MyApp::Application.config)
    presidentbeef committed Dec 21, 2012