Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
f79762ee
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
f79762ee
编写于
4月 25, 2013
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add more explicit file info to checks
上级
44283ebc
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
13 addition
and
6 deletion
+13
-6
lib/brakeman/checks/check_basic_auth.rb
lib/brakeman/checks/check_basic_auth.rb
+2
-1
lib/brakeman/checks/check_forgery_setting.rb
lib/brakeman/checks/check_forgery_setting.rb
+4
-2
lib/brakeman/checks/check_model_serialize.rb
lib/brakeman/checks/check_model_serialize.rb
+2
-1
lib/brakeman/checks/check_skip_before_filter.rb
lib/brakeman/checks/check_skip_before_filter.rb
+5
-2
未找到文件。
lib/brakeman/checks/check_basic_auth.rb
浏览文件 @
f79762ee
...
...
@@ -25,7 +25,8 @@ class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
:warning_code
=>
:basic_auth_password
,
:message
=>
"Basic authentication password stored in source code"
,
:code
=>
call
,
:confidence
=>
0
:confidence
=>
0
,
:file
=>
controller
[
:file
]
break
end
...
...
lib/brakeman/checks/check_forgery_setting.rb
浏览文件 @
f79762ee
...
...
@@ -19,7 +19,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
:warning_type
=>
"Cross-Site Request Forgery"
,
:warning_code
=>
:csrf_protection_disabled
,
:message
=>
"Forgery protection is disabled"
,
:confidence
=>
CONFIDENCE
[
:high
]
:confidence
=>
CONFIDENCE
[
:high
],
:file
=>
app_controller
[
:file
]
elsif
app_controller
and
not
app_controller
[
:options
][
:protect_from_forgery
]
...
...
@@ -27,7 +28,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
:warning_type
=>
"Cross-Site Request Forgery"
,
:warning_code
=>
:csrf_protection_missing
,
:message
=>
"'protect_from_forgery' should be called in ApplicationController"
,
:confidence
=>
CONFIDENCE
[
:high
]
:confidence
=>
CONFIDENCE
[
:high
],
:file
=>
app_controller
[
:file
]
elsif
version_between?
"2.1.0"
,
"2.3.10"
...
...
lib/brakeman/checks/check_model_serialize.rb
浏览文件 @
f79762ee
...
...
@@ -59,7 +59,8 @@ class Brakeman::CheckModelSerialize < Brakeman::BaseCheck
:warning_code
=>
:CVE_2013_0277
,
:message
=>
"Serialized attributes are vulnerable in Rails
#{
tracker
.
config
[
:rails_version
]
}
, upgrade to
#{
@upgrade_version
}
or patch."
,
:confidence
=>
confidence
,
:link
=>
"https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion"
:link
=>
"https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion"
,
:file
=>
model
[
:file
]
end
end
end
lib/brakeman/checks/check_skip_before_filter.rb
浏览文件 @
f79762ee
...
...
@@ -30,7 +30,9 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
:warning_code
=>
:csrf_blacklist
,
:message
=>
"Use whitelist (:only => [..]) when skipping CSRF check"
,
:code
=>
filter
,
:confidence
=>
CONFIDENCE
[
:med
]
:confidence
=>
CONFIDENCE
[
:med
],
:file
=>
controller
[
:file
]
when
:login_required
,
:authenticate_user!
,
:require_user
warn
:controller
=>
controller
[
:name
],
:warning_code
=>
:auth_blacklist
,
...
...
@@ -38,7 +40,8 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
:message
=>
"Use whitelist (:only => [..]) when skipping authentication"
,
:code
=>
filter
,
:confidence
=>
CONFIDENCE
[
:med
],
:link
=>
"authentication_whitelist"
:link
=>
"authentication_whitelist"
,
:file
=>
controller
[
:file
]
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录