Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
e626fdc3
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
e626fdc3
编写于
4月 29, 2015
作者:
J
Justin
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #651 from presidentbeef/only_run_scan_when_test_runs
Only run scans when test runs
上级
d44c26f2
6ec9d8b2
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
18 addition
and
46 deletion
+18
-46
test/test.rb
test/test.rb
+0
-10
test/tests/only_files_option.rb
test/tests/only_files_option.rb
+1
-3
test/tests/rails2.rb
test/tests/rails2.rb
+2
-6
test/tests/rails3.rb
test/tests/rails3.rb
+2
-4
test/tests/rails31.rb
test/tests/rails31.rb
+1
-3
test/tests/rails32.rb
test/tests/rails32.rb
+2
-4
test/tests/rails4.rb
test/tests/rails4.rb
+2
-4
test/tests/rails4_with_engines.rb
test/tests/rails4_with_engines.rb
+1
-3
test/tests/rails_with_xss_plugin.rb
test/tests/rails_with_xss_plugin.rb
+7
-9
未找到文件。
test/test.rb
浏览文件 @
e626fdc3
...
...
@@ -25,20 +25,10 @@ module BrakemanTester
#Run scan on app at the given path
def
run_scan
path
,
name
=
nil
,
opts
=
{}
opts
.
merge!
:app_path
=>
"
#{
TEST_PATH
}
/apps/
#{
path
}
"
,
:quiet
=>
false
,
:url_safe_methods
=>
[
:ensure_valid_proto!
]
announce
"Processing
#{
name
}
application..."
Brakeman
.
run
(
opts
).
report
.
to_hash
end
#Make an announcement
def
announce
msg
$stderr
.
puts
"-"
*
40
$stderr
.
puts
msg
$stderr
.
puts
"-"
*
40
end
end
end
...
...
test/tests/only_files_option.rb
浏览文件 @
e626fdc3
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
Rails32OnlyFiles
=
BrakemanTester
.
run_scan
"rails3.2"
,
"Rails 3.2"
,
{
:only_files
=>
[
"app/views/users/"
],
:skip_files
=>
[
"app/views/users/sanitized.html.erb"
]
}
class
OnlyFilesOptionTests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
...
...
@@ -21,7 +19,7 @@ class OnlyFilesOptionTests < Test::Unit::TestCase
end
def
report
Rails32OnlyFiles
@@report
||=
BrakemanTester
.
run_scan
"rails3.2"
,
"Rails 3.2"
,
{
:only_files
=>
[
"app/views/users/"
],
:skip_files
=>
[
"app/views/users/sanitized.html.erb"
]
}
end
def
test_escaped_params_to_json
...
...
test/tests/rails2.rb
浏览文件 @
e626fdc3
...
...
@@ -5,8 +5,6 @@
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
Rails2
=
BrakemanTester
.
run_scan
"rails2"
,
"Rails 2"
,
:run_all_checks
=>
true
,
:collapse_mass_assignment
=>
true
class
Rails2Tests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
...
...
@@ -28,7 +26,7 @@ class Rails2Tests < Test::Unit::TestCase
end
def
report
Rails2
@@report
||=
BrakemanTester
.
run_scan
"rails2"
,
"Rails 2"
,
:run_all_checks
=>
true
,
:collapse_mass_assignment
=>
true
end
def
test_no_errors
...
...
@@ -1399,8 +1397,6 @@ class Rails2Tests < Test::Unit::TestCase
end
end
Rails2WithOptions
=
BrakemanTester
.
run_scan
"rails2"
,
"Rails 2"
,
:run_all_checks
=>
true
class
Rails2WithOptionsTests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
...
...
@@ -1422,7 +1418,7 @@ class Rails2WithOptionsTests < Test::Unit::TestCase
end
def
report
Rails2WithOptions
@@report
||=
BrakemanTester
.
run_scan
"rails2"
,
"Rails 2"
,
:run_all_checks
=>
true
end
def
test_no_errors
...
...
test/tests/rails3.rb
浏览文件 @
e626fdc3
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
Rails3
=
BrakemanTester
.
run_scan
"rails3"
,
"Rails 3"
,
:rails3
=>
true
,
:config_file
=>
File
.
join
(
TEST_PATH
,
"apps"
,
"rails3"
,
"config"
,
"brakeman.yml"
)
class
Rails3Tests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
def
report
Rails3
@@report
||=
BrakemanTester
.
run_scan
"rails3"
,
"Rails 3"
,
:rails3
=>
true
,
:config_file
=>
File
.
join
(
TEST_PATH
,
"apps"
,
"rails3"
,
"config"
,
"brakeman.yml"
)
end
def
expected
...
...
test/tests/rails31.rb
浏览文件 @
e626fdc3
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
Rails31
=
BrakemanTester
.
run_scan
"rails3.1"
,
"Rails 3.1"
,
:rails3
=>
true
,
:parallel_checks
=>
false
,
:interprocedural
=>
true
class
Rails31Tests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
def
report
Rails31
@@report
||=
BrakemanTester
.
run_scan
"rails3.1"
,
"Rails 3.1"
,
:rails3
=>
true
,
:parallel_checks
=>
false
,
:interprocedural
=>
true
end
def
expected
...
...
test/tests/rails32.rb
浏览文件 @
e626fdc3
...
...
@@ -5,8 +5,6 @@
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
Rails32
=
BrakemanTester
.
run_scan
"rails3.2"
,
"Rails 3.2"
class
Rails32Tests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
...
...
@@ -26,11 +24,11 @@ class Rails32Tests < Test::Unit::TestCase
end
def
report
Rails32
@@report
||=
BrakemanTester
.
run_scan
"rails3.2"
,
"Rails 3.2"
end
def
test_rc_version_number
assert_equal
"3.2.9.rc2"
,
Rails32
[
:config
][
:rails_version
]
assert_equal
"3.2.9.rc2"
,
report
[
:config
][
:rails_version
]
end
def
test_sql_injection_CVE_2012_5664
...
...
test/tests/rails4.rb
浏览文件 @
e626fdc3
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
EXTERNAL_CHECKS_PATH
=
File
.
expand_path
(
File
.
join
(
File
.
dirname
(
__FILE__
),
".."
,
"/apps/rails4/external_checks"
))
Rails4
=
BrakemanTester
.
run_scan
"rails4"
,
"Rails 4"
,
{
:additional_checks_path
=>
[
EXTERNAL_CHECKS_PATH
],
:run_all_checks
=>
true
,
:additional_libs_path
=>
[
"app/api"
]}
class
Rails4Tests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
def
report
Rails4
external_checks_path
=
File
.
expand_path
(
File
.
join
(
File
.
dirname
(
__FILE__
),
".."
,
"/apps/rails4/external_checks"
))
@@report
||=
BrakemanTester
.
run_scan
"rails4"
,
"Rails 4"
,
{
:additional_checks_path
=>
[
external_checks_path
],
:run_all_checks
=>
true
,
:additional_libs_path
=>
[
"app/api"
]}
end
def
expected
...
...
test/tests/rails4_with_engines.rb
浏览文件 @
e626fdc3
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
Rails4WithEngines
=
BrakemanTester
.
run_scan
"rails4_with_engines"
,
"Rails4WithEngines"
class
Rails4WithEnginesTests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
...
...
@@ -15,7 +13,7 @@ class Rails4WithEnginesTests < Test::Unit::TestCase
end
def
report
Rails4WithEngines
@@report
||=
BrakemanTester
.
run_scan
"rails4_with_engines"
,
"Rails4WithEngines"
end
def
test_i18n_xss_CVE_2013_4491
...
...
test/tests/rails_with_xss_plugin.rb
浏览文件 @
e626fdc3
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
RailsWithXssPlugin
=
BrakemanTester
.
run_scan
(
"rails_with_xss_plugin"
,
"RailsWithXssPlugin"
,
:absolute_paths
=>
true
,
:run_all_checks
=>
true
,
:collapse_mass_assignment
=>
true
)
class
RailsWithXssPluginTests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
include
BrakemanTester
::
CheckExpected
...
...
@@ -21,7 +13,13 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
end
def
report
RailsWithXssPlugin
@@report
||=
BrakemanTester
.
run_scan
(
"rails_with_xss_plugin"
,
"RailsWithXssPlugin"
,
:absolute_paths
=>
true
,
:run_all_checks
=>
true
,
:collapse_mass_assignment
=>
true
)
end
def
test_default_routes_1
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录