-
Notifications
You must be signed in to change notification settings - Fork 726
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Annotations #72
Annotations #72
Commits on Apr 7, 2012
-
- Annotation file creation and loading
- Annotation filtering on demand - Denotes the number of ignored warnings in reports
Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 977749e - Browse repository at this point
Copy the full SHA 977749eView commit details -
Dave Worth committed
Apr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for fafdac2 - Browse repository at this point
Copy the full SHA fafdac2View commit details -
Justin Collins authored and Dave Worth committed
Apr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for de5a9e1 - Browse repository at this point
Copy the full SHA de5a9e1View commit details -
Use Set[] instead of Set.new([])
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 84a719a - Browse repository at this point
Copy the full SHA 84a719aView commit details -
Justin Collins authored and Dave Worth committed
Apr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 882b11e - Browse repository at this point
Copy the full SHA 882b11eView commit details -
Standardize SQL methods to check
because before they were kind of all over the place
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for c1cf6b6 - Browse repository at this point
Copy the full SHA c1cf6b6View commit details -
Justin Collins authored and Dave Worth committed
Apr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for c208eb0 - Browse repository at this point
Copy the full SHA c208eb0View commit details -
Fix check for nested targets in Rails 2 routes
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 6cbbfc1 - Browse repository at this point
Copy the full SHA 6cbbfc1View commit details -
Ignore resource routes if default routes already
fixes bug where resource routes attempted to merge into :allow_all_actions
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for a49d60e - Browse repository at this point
Copy the full SHA a49d60eView commit details -
since most development is done with 1.9.3 now
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 64a8b95 - Browse repository at this point
Copy the full SHA 64a8b95View commit details -
Add test for select vulnerability in Rails 3
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 43ba8dd - Browse repository at this point
Copy the full SHA 43ba8ddView commit details -
Add check for select vulnerability in Rails 3
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for fab6a9b - Browse repository at this point
Copy the full SHA fab6a9bView commit details -
Remove select() as an XSS safe method in Rails 2
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for e4d661e - Browse repository at this point
Copy the full SHA e4d661eView commit details -
Oops, update expected warnings for Rails 2 tests
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 8525b2c - Browse repository at this point
Copy the full SHA 8525b2cView commit details -
Tests for SafeBuffer vulnerability
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for b58dee6 - Browse repository at this point
Copy the full SHA b58dee6View commit details -
Add version check for SafeBuffer vulnerability
upgrading is recommended, no workarounds https://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 087592a - Browse repository at this point
Copy the full SHA 087592aView commit details -
Add test for skipping CSRF with :except
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 150a67f - Browse repository at this point
Copy the full SHA 150a67fView commit details -
Add check for skipping CSRF with :except
instead of using :only. This is essentially a blacklist vs. whitelist issue.
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 29d98e7 - Browse repository at this point
Copy the full SHA 29d98e7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 592b1d3 - Browse repository at this point
Copy the full SHA 592b1d3View commit details -
Justin Collins authored and Dave Worth committed
Apr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 2ddbc6d - Browse repository at this point
Copy the full SHA 2ddbc6dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 39322bd - Browse repository at this point
Copy the full SHA 39322bdView commit details -
Configuration menu - View commit details
-
Copy full SHA for e3fe89b - Browse repository at this point
Copy the full SHA e3fe89bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 08440cb - Browse repository at this point
Copy the full SHA 08440cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6cb527c - Browse repository at this point
Copy the full SHA 6cb527cView commit details -
Configuration menu - View commit details
-
Copy full SHA for c943903 - Browse repository at this point
Copy the full SHA c943903View commit details -
Report module in Brakeman::FindCall results
but please don't ever use Brakeman::FindCall if it can be avoided
Configuration menu - View commit details
-
Copy full SHA for 24712b1 - Browse repository at this point
Copy the full SHA 24712b1View commit details -
Add additional check for global mass assign disable
that looks like this: module ActiveRecord class Base attr_accessible end end Also, could be wrong, but I think old check was broken?
Configuration menu - View commit details
-
Copy full SHA for 82d0e24 - Browse repository at this point
Copy the full SHA 82d0e24View commit details -
Configuration menu - View commit details
-
Copy full SHA for cad0c5a - Browse repository at this point
Copy the full SHA cad0c5aView commit details -
Configuration menu - View commit details
-
Copy full SHA for efd00fc - Browse repository at this point
Copy the full SHA efd00fcView commit details -
Support Rails 3 partial render (no :partial => ...)
`render 'blah'` apparently noew renders the partial '_blah'
Configuration menu - View commit details
-
Copy full SHA for e194040 - Browse repository at this point
Copy the full SHA e194040View commit details -
Configuration menu - View commit details
-
Copy full SHA for 70b8b48 - Browse repository at this point
Copy the full SHA 70b8b48View commit details -
Configuration menu - View commit details
-
Copy full SHA for ce41f07 - Browse repository at this point
Copy the full SHA ce41f07View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3bb3331 - Browse repository at this point
Copy the full SHA 3bb3331View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8b54267 - Browse repository at this point
Copy the full SHA 8b54267View commit details -
Fixes to CheckLinkTo for Rails 2.0 and 2.3
and link_to with a block
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for d41f480 - Browse repository at this point
Copy the full SHA d41f480View commit details -
Justin Collins authored and Dave Worth committed
Apr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 3d997b9 - Browse repository at this point
Copy the full SHA 3d997b9View commit details -
I was getting a NoMethodError when rescanning a file in the lib dire…
…ctory. NoMethodError: undefined method `process_library' for #<Brakeman::Rescanner:0x10a8f5380> /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:77:in `rescan_file' /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:50:in `rescan' /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:47:in `each' /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:47:in `rescan' /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:46:in `each' /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:46:in `rescan' /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:22:in `recheck' /Users/neilm/workspace/brakeman/lib/brakeman.rb:291:in `rescan' /usr/local/rvm/gems/ree-1.8.7-2011.12/gems/guard-brakeman-0.3.1/lib/guard/brakeman.rb:73:in `run_on_change'
Configuration menu - View commit details
-
Copy full SHA for 83d2d80 - Browse repository at this point
Copy the full SHA 83d2d80View commit details -
Output stack trace in debug on interrupt in 1.8.7
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for ccf4fe9 - Browse repository at this point
Copy the full SHA ccf4fe9View commit details -
Only output stack trace on debug, use caller
Thanks @PragTob
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for f267043 - Browse repository at this point
Copy the full SHA f267043View commit details -
Ignore user input in condition of if statements
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for b605bd7 - Browse repository at this point
Copy the full SHA b605bd7View commit details -
Don't make file names symbols for --skip-files
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for ad06e39 - Browse repository at this point
Copy the full SHA ad06e39View commit details -
Render path check should only warn on user input
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 0cf8c95 - Browse repository at this point
Copy the full SHA 0cf8c95View commit details -
Medium confidence for user input in render strings
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for f4df29c - Browse repository at this point
Copy the full SHA f4df29cView commit details -
Fix/add dynamic render path tests
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 70a2824 - Browse repository at this point
Copy the full SHA 70a2824View commit details -
Add tests for application using rails_xss
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 23be7ca - Browse repository at this point
Copy the full SHA 23be7caView commit details -
Fix handling of Erubis templates with xss escaping
either with rails_xss or Rails 3. This was broken when Brakeman's Erubis output was changed to match what rails_xss does. Unfortunately, that broke the ErubisTemplateProcessor such that NO output was detected. This should fix that. Note that this code detects auto-escaping by the output variable. @output_buffer is used in Brakeman's Erubis classes. _buf will only show up if someone is using Erubis with auto-escaping turned off.
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 108b722 - Browse repository at this point
Copy the full SHA 108b722View commit details -
Justin Collins authored and Dave Worth committed
Apr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 3177af7 - Browse repository at this point
Copy the full SHA 3177af7View commit details -
Add utility script for generating tests
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 27dc2b8 - Browse repository at this point
Copy the full SHA 27dc2b8View commit details -
Oops, need the rails_xss plugin directory for tests
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for fe35bbb - Browse repository at this point
Copy the full SHA fe35bbbView commit details -
Use old ruby_parser (2.3.1) for Ruby 1.8 parsing
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 697be03 - Browse repository at this point
Copy the full SHA 697be03View commit details -
Make sure Sexp patches load for Ruby 1.8
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for e727cb7 - Browse repository at this point
Copy the full SHA e727cb7View commit details -
Justin Collins authored and Dave Worth committed
Apr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 8cde2ee - Browse repository at this point
Copy the full SHA 8cde2eeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 180ca45 - Browse repository at this point
Copy the full SHA 180ca45View commit details -
Warn when user input is supplied to send
Model.send(params[:method]) == bad
Configuration menu - View commit details
-
Copy full SHA for 95c2046 - Browse repository at this point
Copy the full SHA 95c2046View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5be94a3 - Browse repository at this point
Copy the full SHA 5be94a3View commit details -
Only warn if the target or the first arg contains user input
Add moar test cases
Configuration menu - View commit details
-
Copy full SHA for a938139 - Browse repository at this point
Copy the full SHA a938139View commit details -
Move parsers out of scanner.rb into lib/parsers/
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 487221b - Browse repository at this point
Copy the full SHA 487221bView commit details -
A little more whitespace when showing progress
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 5a8fc01 - Browse repository at this point
Copy the full SHA 5a8fc01View commit details -
Track module names for controllers
because when the get re-processed the module information is lost (just class code is stored)
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 8078779 - Browse repository at this point
Copy the full SHA 8078779View commit details -
Don't double the number of controllers reported
during progress. I don't really know why this was there...
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 067b9c5 - Browse repository at this point
Copy the full SHA 067b9c5View commit details -
Add Util.hash_access to simplify accessing hashes
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 44ca23b - Browse repository at this point
Copy the full SHA 44ca23bView commit details -
Handle nested modules in ProcessorHelper
Justin Collins authored and Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 6f65ac7 - Browse repository at this point
Copy the full SHA 6f65ac7View commit details -
- Annotation file creation and loading
- Annotation filtering on demand - Denotes the number of ignored warnings in reports
Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 38e8d27 - Browse repository at this point
Copy the full SHA 38e8d27View commit details -
Merge branch 'annotations' of github.com:daveworth/brakeman into anno…
…tations Conflicts: lib/brakeman/checks/check_send.rb test/tests/test_rails2.rb
Dave Worth committedApr 7, 2012 Configuration menu - View commit details
-
Copy full SHA for 0774b53 - Browse repository at this point
Copy the full SHA 0774b53View commit details