提交 · 37047a8b9ffe07ab3d0fbd79deed107733664216 · 李少辉-开发者 / Brakeman

11 7月, 2012 1 次提交
- J
  Add links to warning type descriptions on website · 37047a8b
  由 Justin Collins 提交于 7月 10, 2012
```
Thanks to @daveworth
```
  37047a8b
03 7月, 2012 2 次提交
- J
  Fix how "params[:x] ||=" is handled · 10751a9c
  由 Justin Collins 提交于 7月 02, 2012
```
to avoid losing information
```
  10751a9c
- J
  
  Test for mass assign with "params ||=" in filter · 0cd51835
  由 Justin Collins 提交于 7月 02, 2012
  
  0cd51835
29 6月, 2012 1 次提交
- J
  
  Add EOL back to truncated table rows · d4de81cf
  由 Justin Collins 提交于 6月 28, 2012
  
  d4de81cf
26 6月, 2012 2 次提交
- J
  
  Remove JRuby from Travis config · 80045551
  由 Justin Collins 提交于 6月 25, 2012
  
  80045551
- J
  
  Merge branch 'avoid_warning_on_non_activerecord_models' · be83bf83
  由 Justin Collins 提交于 6月 25, 2012
  
  be83bf83
22 6月, 2012 8 次提交
- J
  Replace SexpProcessor with our own version · 0bd49295
  由 Justin Collins 提交于 6月 22, 2012
```
which should give some speed improvements
```
  0bd49295
- J
  
  Merge branch 'master' of github.com:presidentbeef/brakeman · a5ba2816
  由 Justin Collins 提交于 6月 21, 2012
  
  a5ba2816
- J
  
  Make BaseCheck#active_record_models 1.8 compatible · acda79e0
  由 Justin Collins 提交于 6月 21, 2012
  
  acda79e0
- J
  Oops... User -> Noticia in test · 521e63cd
  由 Justin Collins 提交于 6月 21, 2012
```
Run tests before pushing...still learning that lesson, I guess.
```
  521e63cd
- J
  
  Oops, add model for non-AR model test · 6065e9a5
  由 Justin Collins 提交于 6月 21, 2012
  
  6065e9a5
- J
  Only warn on subclasses of ActiveRecord::Base · 156555bf
  由 Justin Collins 提交于 6月 21, 2012
```
in SQL injection, format validation, mass assignment,
and CVE-2010-3933 checks.

Should fix #107
```
  156555bf
- J
  Add BaseCheck#active_record_models · 4624cd1c
  由 Justin Collins 提交于 6月 21, 2012
```
to get a hash of just models which inherit from ActiveRecord::Base.
```
  4624cd1c
- J
  
  Add test for SQL in non-activerecord models · 80f87017
  由 Justin Collins 提交于 6月 21, 2012
  
  80f87017
19 6月, 2012 2 次提交
- J
  Merge pull request #104 from grstearns/master · 45ce18c9
  由 Justin 提交于 6月 18, 2012
```
Inconsistent warning type
```
  45ce18c9
- G
  
  Inconsistent warning type for XSRF · c894a672
  由 Greg Stearns 提交于 6月 18, 2012
  
  c894a672
16 6月, 2012 1 次提交
- J
  
  One more addition to CHANGES · a58073d5
  由 Justin Collins 提交于 6月 15, 2012
  
  a58073d5
13 6月, 2012 3 次提交
- J
  
  Bump to 1.6.2 · 6d992016
  由 Justin Collins 提交于 6月 12, 2012
  
  6d992016
- J
  
  Add check for CVE-2012-2694 · 50415e53
  由 Justin Collins 提交于 6月 12, 2012
  
  50415e53
- J
  
  Add check for CVE-2012-2695 · 5dc5db41
  由 Justin Collins 提交于 6月 12, 2012
  
  5dc5db41
12 6月, 2012 4 次提交
- J
  Merge remote-tracking branch 'daveworth/rails_sqli_check' · e807ed13
  由 Justin Collins 提交于 6月 11, 2012
```
Conflicts:
	test/tests/test_rails3.rb
	test/tests/test_rails_with_xss_plugin.rb
```
  e807ed13
- J
  Merge 'do_not_warn_on_redirects_to_model_instances' · 7374d66a
  由 Justin Collins 提交于 6月 11, 2012
```
Conflicts:
	test/tests/test_rails3.rb
```
  7374d66a
- J
  
  Add `request.parameters` to query parameter values · 852bc7b2
  由 Justin Collins 提交于 6月 11, 2012
  
  852bc7b2
- J
  
  Add test for `request.parameters` · 63876137
  由 Justin Collins 提交于 6月 11, 2012
  
  63876137
08 6月, 2012 1 次提交
- J
  
  Turn off quiet mode by default with --compare · e80fbbe1
  由 Justin Collins 提交于 6月 07, 2012
  
  e80fbbe1
07 6月, 2012 2 次提交
- D
  add support for CVE-2012-2660 and CVE-2012-2661 · 91f64f5d
  由 Dave Worth 提交于 6月 06, 2012
```
make the check methods line up with the specific CVE numbers
```
  91f64f5d
- D
  
  Added check to address CVE-2012-2661 · 1f58c539
  由 Dave Worth 提交于 6月 06, 2012
  
  1f58c539
06 6月, 2012 2 次提交
- J
  
  Ignore redirects to Model.find_by_* · 5bbe6c85
  由 Justin Collins 提交于 6月 05, 2012
  
  5bbe6c85
- J
  
  Add test for redirecting to Model.find_by_* · 076c2821
  由 Justin Collins 提交于 6月 05, 2012
  
  076c2821
05 6月, 2012 4 次提交
- J
  Remove ParamsProcessor - never used it · 197d90c9
  由 Justin Collins 提交于 6月 05, 2012
```
I think we can remove a file marked as "unused" since 2010.
```
  197d90c9
- J
  
  Raise confidence on model attributes in redirects · 80769a50
  由 Justin Collins 提交于 6月 05, 2012
  
  80769a50
- J
  
  Update redirect tests for model instances · ebf7b6d8
  由 Justin Collins 提交于 6月 05, 2012
  
  ebf7b6d8
- J
  Better check for model instances in CheckRedirect · b1c1b00b
  由 Justin Collins 提交于 6月 05, 2012
```
to avoid some false positives when redirecting to a model instance.
Should fix #96
```
  b1c1b00b
30 5月, 2012 1 次提交
- J
  
  Non-zero exit code when missing dependencies · 4b042e0c
  由 Justin Collins 提交于 5月 29, 2012
  
  4b042e0c
26 5月, 2012 3 次提交
- J
  
  Fix before_filter :except logic · 8afb2491
  由 Justin Collins 提交于 5月 25, 2012
  
  8afb2491
- J
  
  Cache before_filter hashes · 65168940
  由 Justin Collins 提交于 5月 25, 2012
  
  65168940
- J
  Only accept literals as before_filter method names · f829a8f6
  由 Justin Collins 提交于 5月 25, 2012
```
whitelist, not blacklist!

This fixes an issue where things like local variables
were being interpreted as method names.

Example:

before_filter :blah, filter_options

"filter_options" was being treated as if it were a method name,
which was wrong.
```
  f829a8f6
24 5月, 2012 3 次提交
- J
  Bump to 1.6.1 · cd8890ba
  由 Justin Collins 提交于 5月 23, 2012
```
[ci skip]
```
  cd8890ba
- J
  
  Update CHANGES · 97b0866c
  由 Justin Collins 提交于 5月 23, 2012
  
  97b0866c
- J
  
  Merge remote-tracking branch 'oreoshake/prefer_user_input_line' · e01b6279
  由 Justin Collins 提交于 5月 23, 2012
  
  e01b6279