Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
ee558334
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
ee558334
编写于
9月 11, 2013
作者:
J
Justin
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #392 from presidentbeef/to_json_escaped_in_rails4
Do not warn about XSS with `to_json` in Rails 4
上级
773a7b82
5ffafd80
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
42 addition
and
0 deletion
+42
-0
lib/brakeman/checks/check_cross_site_scripting.rb
lib/brakeman/checks/check_cross_site_scripting.rb
+2
-0
test/apps/rails4/app/models/user.rb
test/apps/rails4/app/models/user.rb
+2
-0
test/tests/rails4.rb
test/tests/rails4.rb
+38
-0
未找到文件。
lib/brakeman/checks/check_cross_site_scripting.rb
浏览文件 @
ee558334
...
...
@@ -66,6 +66,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
true
?
tracker
.
config
[
:rails
][
:active_support
][:
escape_html_entities_in_json
]
json_escape_on
=
true
elsif
version_between?
"4.0.0"
,
"5.0.0"
json_escape_on
=
true
end
if
!
json_escape_on
or
version_between?
"0.0.0"
,
"2.0.99"
...
...
test/apps/rails4/app/models/user.rb
0 → 100644
浏览文件 @
ee558334
class
User
<
ActiveRecord
::
Base
end
test/tests/rails4.rb
浏览文件 @
ee558334
...
...
@@ -29,4 +29,42 @@ class Rails4Tests < Test::Unit::TestCase
:file
=>
/secret_token\.rb/
,
:relative_path
=>
"config/initializers/secret_token.rb"
end
def
test_json_escaped_by_default_in_rails_4
assert_no_warning
:type
=>
:template
,
:warning_code
=>
5
,
:fingerprint
=>
"3eedfa40819ce95d1d999ad19464023688a0e8bb881fc3e7683b6c3fffb7e51f"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
1
,
:message
=>
/^Unescaped\ model\ attribute\ in\ JSON\ hash/
,
:confidence
=>
0
,
:relative_path
=>
"app/views/users/index.html.erb"
assert_no_warning
:type
=>
:template
,
:warning_code
=>
5
,
:fingerprint
=>
"fb0cb7e94e9a4bebd81ef44b336e02f68bf24f2c40e28d4bb5c21641276ea6cf"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
3
,
:message
=>
/^Unescaped\ model\ attribute/
,
:confidence
=>
2
,
:relative_path
=>
"app/views/users/index.html.erb"
assert_no_warning
:type
=>
:template
,
:warning_code
=>
5
,
:fingerprint
=>
"8ce0a9eacf25be1f862b9074e6ba477d2f0e2ac86955b8510052984570b92d14"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
5
,
:message
=>
/^Unescaped\ parameter\ value\ in\ JSON\ hash/
,
:confidence
=>
0
,
:relative_path
=>
"app/views/users/index.html.erb"
assert_no_warning
:type
=>
:template
,
:warning_code
=>
2
,
:fingerprint
=>
"b107fcc7742084a766a31332ba5c126f1c1a1cc062884f879dc3204c5f7620c5"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
7
,
:message
=>
/^Unescaped\ parameter\ value/
,
:confidence
=>
0
,
:relative_path
=>
"app/views/users/index.html.erb"
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录