Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Index calls in initializers #1363

Merged
merged 6 commits into from Jun 11, 2019

Conversation

@presidentbeef
Copy link
Owner

commented Jun 11, 2019

In the past, initializers were one code location where Brakeman did not index the calls. This made it annoying to write checks involving initializers, because you had to use Tracker#check_initializers which traversed the AST looking for matching calls. Not only was this a separate (but similar) interface, it was also slower.

There is still some ugliness in how Brakeman indexes calls, but at least now the call index can be used for initializers. Yay! 馃帀

Almost all uses of Tracker#check_initializers have been removed.

Edit: OH YEAH also we can find regular vulnerabilities in initializers now, too.

presidentbeef added some commits Jun 11, 2019

Tracker#check_initializers -> Tracker#find_call
Where possible, use call index for initializers too.
Remove old mass assignment disablement code
Was checking for a call to `send`, but we collapse those when possible.

@presidentbeef presidentbeef merged commit 721e9dd into master Jun 11, 2019

9 of 10 checks passed

codeclimate/diff-coverage 95% (98% threshold)
Details
ci/circleci: default Your tests passed on CircleCI!
Details
ci/circleci: test-2-3 Your tests passed on CircleCI!
Details
ci/circleci: test-2-4 Your tests passed on CircleCI!
Details
ci/circleci: test-2-5 Your tests passed on CircleCI!
Details
ci/circleci: test-2-6 Your tests passed on CircleCI!
Details
ci/circleci: test-jruby Your tests passed on CircleCI!
Details
ci/circleci: upload-coverage Your tests passed on CircleCI!
Details
codeclimate 4 fixed issues
Details
codeclimate/total-coverage 95% (0.1% change)
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can鈥檛 perform that action at this time.