Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
f72cf6ce
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
f72cf6ce
编写于
7月 08, 2013
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Load dependencies on demand instead of at start
to make it easier to create a minimal gem
上级
5c67671c
变更
11
隐藏空白更改
内联
并排
Showing
11 changed file
with
40 addition
and
13 deletion
+40
-13
lib/brakeman.rb
lib/brakeman.rb
+14
-0
lib/brakeman/parsers/rails2_erubis.rb
lib/brakeman/parsers/rails2_erubis.rb
+2
-0
lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
+2
-0
lib/brakeman/parsers/rails3_erubis.rb
lib/brakeman/parsers/rails3_erubis.rb
+2
-0
lib/brakeman/report/renderer.rb
lib/brakeman/report/renderer.rb
+2
-0
lib/brakeman/report/report_base.rb
lib/brakeman/report/report_base.rb
+0
-1
lib/brakeman/report/report_csv.rb
lib/brakeman/report/report_csv.rb
+1
-1
lib/brakeman/report/report_json.rb
lib/brakeman/report/report_json.rb
+1
-1
lib/brakeman/report/report_table.rb
lib/brakeman/report/report_table.rb
+1
-1
lib/brakeman/scanner.rb
lib/brakeman/scanner.rb
+13
-9
lib/brakeman/util.rb
lib/brakeman/util.rb
+2
-0
未找到文件。
lib/brakeman.rb
浏览文件 @
f72cf6ce
...
...
@@ -10,6 +10,7 @@ module Brakeman
@debug
=
false
@quiet
=
false
@loaded_dependencies
=
[]
#Run Brakeman scan. Returns Tracker object.
#
...
...
@@ -366,6 +367,19 @@ module Brakeman
Brakeman
::
Differ
.
new
(
new_results
,
previous_results
).
diff
end
def
self
.
load_dependency
name
return
if
@loaded_dependencies
.
include?
name
begin
require
name
rescue
LoadError
=>
e
$stderr
.
puts
e
.
message
$stderr
.
puts
"Please install the appropriate dependency."
exit!
-
1
end
end
class
DependencyError
<
RuntimeError
;
end
class
RakeInstallError
<
RuntimeError
;
end
class
NoBrakemanError
<
RuntimeError
;
end
end
lib/brakeman/parsers/rails2_erubis.rb
浏览文件 @
f72cf6ce
Brakeman
.
load_dependency
'erubis'
#Erubis processor which ignores any output which is plain text.
class
Brakeman::ScannerErubis
<
Erubis
::
Eruby
include
Erubis
::
NoTextEnhancer
...
...
lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
浏览文件 @
f72cf6ce
Brakeman
.
load_dependency
'erubis'
#This is from the rails_xss plugin for Rails 2
class
Brakeman::Rails2XSSPluginErubis
<
::
Erubis
::
Eruby
def
add_preamble
(
src
)
...
...
lib/brakeman/parsers/rails3_erubis.rb
浏览文件 @
f72cf6ce
Brakeman
.
load_dependency
'erubis'
#This is from Rails 3 version of the Erubis handler
class
Brakeman::Rails3Erubis
<
::
Erubis
::
Eruby
...
...
lib/brakeman/report/renderer.rb
浏览文件 @
f72cf6ce
require
'erb'
class
Brakeman::Report
class
Renderer
def
initialize
(
template_file
,
hash
=
{})
...
...
lib/brakeman/report/report_base.rb
浏览文件 @
f72cf6ce
require
'set'
require
'highline'
require
'brakeman/util'
require
'brakeman/version'
require
'brakeman/report/renderer'
...
...
lib/brakeman/report/report_csv.rb
浏览文件 @
f72cf6ce
require
"csv"
Brakeman
.
load_dependency
'csv'
require
"brakeman/report/initializers/faster_csv"
require
"brakeman/report/report_table"
...
...
lib/brakeman/report/report_json.rb
浏览文件 @
f72cf6ce
require
'multi_json'
Brakeman
.
load_dependency
'multi_json'
require
'brakeman/report/initializers/multi_json'
class
Brakeman::Report::JSON
<
Brakeman
::
Report
::
Base
...
...
lib/brakeman/report/report_table.rb
浏览文件 @
f72cf6ce
require
'terminal-table'
Brakeman
.
load_dependency
'terminal-table'
class
Brakeman::Report::Table
<
Brakeman
::
Report
::
Base
def
generate_report
...
...
lib/brakeman/scanner.rb
浏览文件 @
f72cf6ce
require
'rubygems'
begin
require
'ruby_parser'
require
'ruby_parser/bm_sexp.rb'
require
'ruby_parser/bm_sexp_processor.rb'
require
'haml'
require
'sass'
require
'erb'
require
'erubis'
require
'slim'
require
'brakeman/processor'
require
'brakeman/app_tree'
require
'brakeman/parsers/rails2_erubis'
require
'brakeman/parsers/rails2_xss_plugin_erubis'
require
'brakeman/parsers/rails3_erubis'
rescue
LoadError
=>
e
$stderr
.
puts
e
.
message
$stderr
.
puts
"Please install the appropriate dependency."
...
...
@@ -272,24 +264,33 @@ class Brakeman::Scanner
if
tracker
.
config
[
:escape_html
]
type
=
:erubis
if
options
[
:rails3
]
require
'brakeman/parsers/rails3_erubis'
src
=
Brakeman
::
Rails3Erubis
.
new
(
text
).
src
else
require
'brakeman/parsers/rails2_xss_plugin_erubis'
src
=
Brakeman
::
Rails2XSSPluginErubis
.
new
(
text
).
src
end
elsif
tracker
.
config
[
:erubis
]
require
'brakeman/parsers/rails2_erubis'
type
=
:erubis
src
=
Brakeman
::
ScannerErubis
.
new
(
text
).
src
else
require
'erb'
src
=
ERB
.
new
(
text
,
nil
,
"-"
).
src
src
.
sub!
(
/^#.*\n/
,
''
)
if
RUBY_1_9
end
parsed
=
parse_ruby
src
elsif
type
==
:haml
Brakeman
.
load_dependency
'haml'
Brakeman
.
load_dependency
'sass'
src
=
Haml
::
Engine
.
new
(
text
,
:escape_html
=>
!!
tracker
.
config
[
:escape_html
]).
precompiled
parsed
=
parse_ruby
src
elsif
type
==
:slim
Brakeman
.
load_dependency
'slim'
src
=
Slim
::
Template
.
new
(
:disable_capture
=>
true
,
:generator
=>
Temple
::
Generators
::
RailsOutputBuffer
)
{
text
}.
precompiled_template
...
...
@@ -358,3 +359,6 @@ class Brakeman::Scanner
class
NoApplication
<
RuntimeError
;
end
end
# This is to allow operation without loading the Haml library
module
Haml
;
class
Error
<
StandardError
;
end
;
end
lib/brakeman/util.rb
浏览文件 @
f72cf6ce
...
...
@@ -385,6 +385,7 @@ module Brakeman::Util
def
truncate_table
str
@terminal_width
||=
if
$stdin
&&
$stdin
.
tty?
Brakeman
.
load_dependency
'highline'
::
HighLine
.
new
.
terminal_size
[
0
]
else
80
...
...
@@ -402,6 +403,7 @@ module Brakeman::Util
# rely on Terminal::Table to build the structure, extract the data out in CSV format
def
table_to_csv
table
Brakeman
.
load_dependency
'terminal-table'
output
=
CSV
.
generate_line
(
table
.
headings
.
cells
.
map
{
|
cell
|
cell
.
to_s
.
strip
})
table
.
rows
.
each
do
|
row
|
output
<<
CSV
.
generate_line
(
row
.
cells
.
map
{
|
cell
|
cell
.
to_s
.
strip
})
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录