Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
b3eb0845
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b3eb0845
编写于
7月 12, 2013
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add tests for ignored warnings
上级
36670f57
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
65 addition
and
0 deletion
+65
-0
test/apps/rails2/app/views/other/ignore_me.html.erb
test/apps/rails2/app/views/other/ignore_me.html.erb
+2
-0
test/apps/rails2/config/brakeman.ignore
test/apps/rails2/config/brakeman.ignore
+42
-0
test/tests/rails2.rb
test/tests/rails2.rb
+21
-0
未找到文件。
test/apps/rails2/app/views/other/ignore_me.html.erb
0 → 100644
浏览文件 @
b3eb0845
Going to ignore the warning below
<%=
User
.
first
(
:conditions
=>
"x =
#{
params
[
:x
]
}
"
).
bio
%>
test/apps/rails2/config/brakeman.ignore
0 → 100644
浏览文件 @
b3eb0845
{
"ignored_warnings": [
{
"warning_type": "Cross Site Scripting",
"warning_code": 2,
"fingerprint": "6300805e44167e6c3446efbd06b97206928855a2bfc6e1f3e61c097795956b13",
"message": "Unescaped model attribute",
"file": "app/views/other/ignore_me.html.erb",
"line": 2,
"link": "http://brakemanscanner.org/docs/warning_types/cross_site_scripting",
"code": "User.first(:conditions => (\"x = #{params[:x]}\")).bio",
"render_path": null,
"location": {
"type": "template",
"template": "other/ignore_me"
},
"user_input": null,
"confidence": "High",
"note": ""
},
{
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "f2fa1da45eea252150f6920454822bda3ed5c83a2c376c1296a98037969dd45f",
"message": "Possible SQL injection",
"file": "app/views/other/ignore_me.html.erb",
"line": 2,
"link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "User.first(:conditions => (\"x = #{params[:x]}\"))",
"render_path": null,
"location": {
"type": "template",
"template": "other/ignore_me"
},
"user_input": "params[:x]",
"confidence": "High",
"note": "Ignoring for testing"
}
],
"updated": "2013-07-12 16:58:59 -0700",
"brakeman_version": "2.0.0"
}
test/tests/rails2.rb
浏览文件 @
b3eb0845
...
...
@@ -1195,6 +1195,27 @@ class Rails2Tests < Test::Unit::TestCase
:relative_path
=>
"app/controllers/other_controller.rb"
end
def
test_ignored_sql_warning
assert_no_warning
:type
=>
:template
,
:warning_code
=>
0
,
:fingerprint
=>
"f2fa1da45eea252150f6920454822bda3ed5c83a2c376c1296a98037969dd45f"
,
:warning_type
=>
"SQL Injection"
,
:line
=>
2
,
:message
=>
/^Possible\ SQL\ injection/
,
:confidence
=>
0
,
:relative_path
=>
"app/views/other/ignore_me.html.erb"
end
def
test_ignored_xss_warning
assert_no_warning
:type
=>
:template
,
:warning_code
=>
2
,
:fingerprint
=>
"6300805e44167e6c3446efbd06b97206928855a2bfc6e1f3e61c097795956b13"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
2
,
:message
=>
/^Unescaped\ model\ attribute/
,
:confidence
=>
0
,
:relative_path
=>
"app/views/other/ignore_me.html.erb"
end
end
Rails2WithOptions
=
BrakemanTester
.
run_scan
"rails2"
,
"Rails 2"
,
:collapse_mass_assignment
=>
false
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录