Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
1fe36bc4
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
1fe36bc4
编写于
4月 24, 2013
作者:
J
Justin
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #315 from presidentbeef/deal_with_controller_inside_class
Only treat controllers like controllers
上级
e1166569
e1d31134
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
27 addition
and
1 deletion
+27
-1
lib/brakeman/processors/controller_processor.rb
lib/brakeman/processors/controller_processor.rb
+6
-0
test/apps/rails3/app/controllers/nested_controller.rb
test/apps/rails3/app/controllers/nested_controller.rb
+9
-0
test/apps/rails3/app/views/whatever/wherever/nested/so_nested.html.erb
...ls3/app/views/whatever/wherever/nested/so_nested.html.erb
+1
-0
test/tests/test_rails3.rb
test/tests/test_rails3.rb
+11
-1
未找到文件。
lib/brakeman/processors/controller_processor.rb
浏览文件 @
1fe36bc4
...
...
@@ -24,6 +24,12 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
def
process_class
exp
name
=
class_name
(
exp
.
class_name
)
if
not
name
.
to_s
.
match
(
/Controller$/
)
#Skip classes that are not controllers, but treat as a module because
#a class that is not a controller might contain a controller
return
process_module
exp
end
if
@controller
Brakeman
.
debug
"[Notice] Skipping inner class:
#{
name
}
"
return
ignore
...
...
test/apps/rails3/app/controllers/nested_controller.rb
0 → 100644
浏览文件 @
1fe36bc4
class
Whatever
module
Wherever
class
NestedController
<
ApplicationController
def
so_nested
@bad_thing
=
params
[
:x
]
end
end
end
end
test/apps/rails3/app/views/whatever/wherever/nested/so_nested.html.erb
0 → 100644
浏览文件 @
1fe36bc4
<%=
raw
@bad_thing
%>
test/tests/test_rails3.rb
浏览文件 @
1fe36bc4
...
...
@@ -14,7 +14,7 @@ class Rails3Tests < Test::Unit::TestCase
@expected
||=
{
:controller
=>
1
,
:model
=>
8
,
:template
=>
3
6
,
:template
=>
3
7
,
:warning
=>
53
}
...
...
@@ -824,6 +824,16 @@ class Rails3Tests < Test::Unit::TestCase
:file
=>
/test_params\.html\.erb/
end
def
test_cross_site_scripting_in_nested_controller
assert_warning
:type
=>
:template
,
:warning_code
=>
2
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
1
,
:message
=>
/^Unescaped\ parameter\ value/
,
:confidence
=>
0
,
:file
=>
/so_nested\.html\.erb/
end
def
test_cross_site_scripting_select_tag_CVE_2012_3463
assert_warning
:type
=>
:template
,
:warning_type
=>
"Cross Site Scripting"
,
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录