提交 · ee8c597139c705e724223e00914d72d90b6ad049 · CoCo_Code_Op2 / brakeman

07 1月, 2014 2 次提交
- A
  Adds a check for OpenSSL::SSL::VERIFY_NONE. · ee8c5971
  由 Aaron Bedra 提交于 1月 06, 2014
```
This commit introduces a new check that creates a warning when it
detects a call to verify_mode= when the right hand of the assignment is
OpenSSL::SSL::VERIFY_NONE.
```
  ee8c5971
- J
  Merge pull request #417 from presidentbeef/stop_raising_exceptions_in_class_name · caa2a309
  由 Justin 提交于 1月 06, 2014
```
Stop raising exception in ProcessorHelper#class_name
```
  caa2a309
06 1月, 2014 2 次提交
- J
  Merge pull request #418 from abedra/gitignore · 046f5afb
  由 Justin 提交于 1月 06, 2014
```
add .bundle to .gitignore
```
  046f5afb
- A
  
  add .bundle to .gitignore · 40f39636
  由 Aaron Bedra 提交于 1月 06, 2014
  
  40f39636
03 1月, 2014 1 次提交
- J
  
  Stop raising exception in ProcessorHelper#class_name · 7310982d
  由 Justin Collins 提交于 1月 02, 2014
  
  7310982d
01 1月, 2014 1 次提交
- J
  
  Make ignored attr_accessible test more general · 25e4a4fe
  由 Justin Collins 提交于 12月 31, 2013
  
  25e4a4fe
31 12月, 2013 3 次提交
- J
  Merge branch 'ctaintor/improve_fingerprint' · 5a8aab75
  由 Justin Collins 提交于 12月 30, 2013
```
Make the attr_accessible check warning fingerprint include the method name
```
  5a8aab75
- J
  
  Update CHANGES · 1e7fba35
  由 Justin Collins 提交于 12月 30, 2013
  
  1e7fba35
- J
  
  Update attr_accessible ignore test with 1.8 syntax · deec1b6b
  由 Justin Collins 提交于 12月 30, 2013
  
  deec1b6b
21 12月, 2013 1 次提交
- C
  
  adds tests that ignoring one attribute won't ignore another · e0904bf6
  由 Case Taintor 提交于 12月 20, 2013
  
  e0904bf6
20 12月, 2013 2 次提交
- C
  
  changes attr_accessible warnings to set @code to the attribute & updates tests · e146efba
  由 Case Taintor 提交于 12月 20, 2013
  
  e146efba
- C
  makes attr_accessible model warnings have a fingerprint which will include the... · 47110f55
  由 Case Taintor 提交于 12月 20, 2013
```
makes attr_accessible model warnings have a fingerprint which will include the attribute in the uniqueness calculation
```
  47110f55
13 12月, 2013 5 次提交
- J
  
  Bump to 2.3.1 · f03a143d
  由 Justin Collins 提交于 12月 12, 2013
  
  f03a143d
- J
  Merge pull request #415 from presidentbeef/fix_CVEs_ugh · a562c1f8
  由 Justin 提交于 12月 12, 2013
```
Fix issues with CVE-2013-4491 and CVE-2013-6415 checks
```
  a562c1f8
- J
  
  Fix links for number_to_currency CVE · 9bb9f6b5
  由 Justin Collins 提交于 12月 12, 2013
  
  9bb9f6b5
- J
  
  Detect workaround for i18n XSS · 7821c8cc
  由 Justin Collins 提交于 12月 12, 2013
  
  7821c8cc
- J
  
  Only sign gem if private key is available · 469f9f9d
  由 Justin Collins 提交于 12月 12, 2013
  
  469f9f9d
12 12月, 2013 15 次提交
- J
  
  Sign gem because security · 63c3c85f
  由 Justin Collins 提交于 12月 11, 2013
  
  63c3c85f
- J
  
  Bump to 2.3.0 · adb634a0
  由 Justin Collins 提交于 12月 11, 2013
  
  adb634a0
- J
  Merge pull request #414 from presidentbeef/check_for_permit_bang · cecd5877
  由 Justin 提交于 12月 11, 2013
```
Check for uses of Parameters#permit!
```
  cecd5877
- J
  
  Warn on all uses of permit! · 7dabe237
  由 Justin Collins 提交于 12月 11, 2013
  
  7dabe237
- J
  Add check for Parameters#permit! · eabbc9dd
  由 Justin Collins 提交于 12月 11, 2013
```
fixes #281
```
  eabbc9dd
- J
  Merge pull request #413 from presidentbeef/december_CVEs · 1c90ad0e
  由 Justin 提交于 12月 11, 2013
```
Add checks for five latest CVEs

CVE-2013-4491
CVE-2013-6414
CVE-2013-6415
CVE-2013-6416
CVE-2013-6417
```
  1c90ad0e
- J
  
  Fix typo in CheckTranslate warning · cce71d34
  由 Justin Collins 提交于 10月 29, 2013
  
  cce71d34
- J
  
  Fix line and user_input output in to_test.rb · 8abad661
  由 Justin Collins 提交于 12月 11, 2013
  
  8abad661
- J
  
  version_between? in tests had arg names swapped · ed98853e
  由 Justin Collins 提交于 12月 11, 2013
  
  ed98853e
- J
  
  Adjust expected warnings for CVEs · 468418ec
  由 Justin Collins 提交于 12月 11, 2013
  
  468418ec
- J
  
  Add check for CVE-2013-6417 (query generation) · 566cb53c
  由 Justin Collins 提交于 12月 11, 2013
  
  566cb53c
- J
  
  Add check for CVE-2013-6416 (simple_format XSS) · c69e419f
  由 Justin Collins 提交于 12月 11, 2013
  
  c69e419f
- J
  
  Add check for CVE-2013-6415 (number_to_currency) · f93112e6
  由 Justin Collins 提交于 12月 11, 2013
  
  f93112e6
- J
  
  Add check for CVE-2013-6414 (header DoS) · 630ff40d
  由 Justin Collins 提交于 12月 11, 2013
  
  630ff40d
- J
  
  Add check for CVE-2013-4491 (i18n XSS) · af316fd9
  由 Justin Collins 提交于 12月 11, 2013
  
  af316fd9
10 12月, 2013 1 次提交
- J
  Merge pull request #412 from presidentbeef/collapse_send_and_try_calls · 599e1055
  由 Justin 提交于 12月 09, 2013
```
Collapse send/try calls
```
  599e1055
08 12月, 2013 1 次提交
- J
  
  Collapse send/try calls · 69fa7329
  由 Justin Collins 提交于 12月 08, 2013
  
  69fa7329
05 12月, 2013 1 次提交
- J
  Merge pull request #411 from presidentbeef/reflection_capitalization · ba2b0661
  由 Justin 提交于 12月 05, 2013
```
Lowercase "reflection" in unsafe reflection warning
```
  ba2b0661
03 12月, 2013 1 次提交
- J
  Merge pull request #410 from noahd1/reduce_slim_false_positives · 71f5d18d
  由 Justin 提交于 12月 02, 2013
```
Reduce Slim-template XSS false positives
```
  71f5d18d
02 12月, 2013 2 次提交

J

Lowercase "reflection" in unsafe reflection warning · 172468fb
由 Justin Collins 提交于 12月 01, 2013

172468fb

Recognize how slim sometimes outputs safe html (with `escape_html_safe`) · 988f908a

由 Noah Davis 提交于 12月 01, 2013

Reduces slim XSS false positives in cases where brakeman is run in the context
of an app that includes active support.

Templates compile down to Template::Utils.escape_html_utils if
Active Support's `html_safe?` method is defined.

See:

https://github.com/judofyr/temple/blob/master/lib/temple/filters/escapable.rb#L12

988f908a

27 11月, 2013 2 次提交
- J
  
  Update CHANGES · 7ebe5266
  由 Justin Collins 提交于 11月 26, 2013
  
  7ebe5266
- J
  
  Add Brakeman users to README · 478c3f52
  由 Justin Collins 提交于 11月 26, 2013
  
  478c3f52