- 24 2月, 2012 3 次提交
-
-
由 Justin Collins 提交于
because sometimes that row gets modified and subsequent calls to Warning#to_row will return the modified version thereby breaking things.
-
由 Justin Collins 提交于
instead of when reporting, which lead to confusion and filtering all over the place instead of in one place.
-
由 Justin Collins 提交于
fixes #47
-
- 23 2月, 2012 2 次提交
- 16 2月, 2012 4 次提交
-
-
由 Neil Matatall 提交于
-
由 Neil Matatall 提交于
-
由 Neil Matatall 提交于
Add concept of a safe-ening method to mark hrefs as safe Feature: Warn when using unsafe hrefs. This is a very specific case that as of now produces a ton of noise. This came out of an xss vuln where the value was escaped but still vulnerable. link_to 'asdf', h(@scary) where @scary = 'javascript:alert(1)' or @scary = 'data: # http://palpapers.plynt.com/issues/2010Oct/bypass-xss-filters/ This branch accomplishes slightly intelligent warnings by adding a new command line option to declare methods that make a string URL safe (unless there is already a standard one out there). e.g.: $ brakeman . --url-safe-methods ensure_valid_protocol! link_to 'asdf', ensure_valid_protocol!(@scary, :javascript)
-
由 Neil Matatall 提交于
-
- 11 2月, 2012 1 次提交
-
-
由 Justin Collins 提交于
-
- 10 2月, 2012 4 次提交
-
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
- 09 2月, 2012 9 次提交
-
-
由 Justin Collins 提交于
[ci skip]
-
由 Justin Collins 提交于
this is the real cutoff for 1.3.0 [ci skip]
-
由 Justin Collins 提交于
closes #44
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
- 08 2月, 2012 1 次提交
-
-
由 Justin Collins 提交于
to attempt to avoid stuff blowing up ridiculously which should help #36
-
- 07 2月, 2012 2 次提交
-
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
in partial completion of #39
-
- 05 2月, 2012 6 次提交
-
-
由 Justin Collins 提交于
which appears to fix #36
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
- 04 2月, 2012 2 次提交
-
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
-
- 03 2月, 2012 6 次提交
-
-
由 Justin Collins 提交于
so we get less "1 or 2 or 1 or 1 or 2" kind of stuff
-
由 Justin Collins 提交于
so we don't get "1 or 2 or 1 or 1 or1" kind of stuff
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
closes #41
-
由 Justin Collins 提交于
-
由 Justin Collins 提交于
fixes #42
-