提交 · 115424a6d17edd649040cfe87e2dafd39cc55bae · 社会瑞弟呀 / brakeman

05 4月, 2012 2 次提交
- J
  
  Add Util#request_value? · 115424a6
  由 Justin Collins 提交于 4月 04, 2012
  
  115424a6
- J
  
  Add test for param sanitized in controller · 3d7b013f
  由 Justin Collins 提交于 4月 04, 2012
  
  3d7b013f
03 4月, 2012 3 次提交
- J
  
  Fix "def self.meth" in modules in app/controllers · cbf8c938
  由 Justin Collins 提交于 4月 02, 2012
  
  cbf8c938
- J
  
  Scan subdirectories for models · 65871451
  由 Justin Collins 提交于 4月 02, 2012
  
  65871451
- J
  Merge pull request #63 from oreoshake/rescanning_unknown_templates · 500e3f8f
  由 Justin 提交于 4月 02, 2012
```
Rescanning of templates doesn't pass through the same "filter" as the in...
```
  500e3f8f
31 3月, 2012 2 次提交

Rescanning of templates doesn't pass through the same "filter" as the initial scan · 577b1597

由 Neil Matatall 提交于 3月 30, 2012

/Users/neilm/workspace/brakeman/lib/brakeman/scanner.rb:302:in `process_template': undefined method `[]' for nil:NilClass (NoMethodError)

Debated between filtering this in the process_template method, decided to filter BEFORE calling process_template, decided to leave it here to bypass the other login in rescan_template

577b1597

J
Merge remote-tracking branch 'oreoshake/check_send' · d55f4fd8
由 Justin Collins 提交于 3月 30, 2012
```
Add check for Object#send with user input.
```
d55f4fd8

30 3月, 2012 3 次提交
- J
  
  Handle nested modules in ProcessorHelper · efc5071b
  由 Justin Collins 提交于 3月 29, 2012
  
  efc5071b
- J
  
  Add Util.hash_access to simplify accessing hashes · fca9eb42
  由 Justin Collins 提交于 3月 29, 2012
  
  fca9eb42
- J
  
  Merge branch 'fix_bug_with_controllers_inside_modules' · 5cba274f
  由 Justin Collins 提交于 3月 29, 2012
  
  5cba274f
29 3月, 2012 2 次提交
- J
  Don't double the number of controllers reported · f6810850
  由 Justin Collins 提交于 3月 28, 2012
```
during progress. I don't really know why this was there...
```
  f6810850
- J
  Track module names for controllers · 7efa9856
  由 Justin Collins 提交于 3月 28, 2012
```
because when the get re-processed the module information
is lost (just class code is stored)
```
  7efa9856
28 3月, 2012 1 次提交
- J
  
  A little more whitespace when showing progress · 6ea35519
  由 Justin Collins 提交于 3月 27, 2012
  
  6ea35519
27 3月, 2012 1 次提交
- J
  
  Move parsers out of scanner.rb into lib/parsers/ · deb091f4
  由 Justin Collins 提交于 3月 26, 2012
  
  deb091f4
24 3月, 2012 1 次提交
- N
  Only warn if the target or the first arg contains user input · ee457796
  由 Neil Matatall 提交于 3月 23, 2012
```
Add moar test cases
```
  ee457796
23 3月, 2012 6 次提交
- N
  
  Adding a debug statement · ed35375d
  由 Neil Matatall 提交于 3月 22, 2012
  
  ed35375d
- N
  Warn when user input is supplied to send · 19f4c4f9
  由 Neil Matatall 提交于 3月 22, 2012
```
Model.send(params[:method]) == bad
```
  19f4c4f9
- J
  Bump to 1.5.2 · 184be2c4
  由 Justin Collins 提交于 3月 22, 2012
```
[ci skip]
```
  184be2c4
- J
  
  Fix some Ruby warnings · 203df0fb
  由 Justin Collins 提交于 3月 22, 2012
  
  203df0fb
- J
  
  Make sure Sexp patches load for Ruby 1.8 · 8ca61b36
  由 Justin Collins 提交于 3月 22, 2012
  
  8ca61b36
- J
  Merge pull request #60 from presidentbeef/use_old_ruby_parser_for_18 · 3c8cf3cd
  由 Justin 提交于 3月 22, 2012
```
Use old ruby_parser (2.3.1) for Ruby 1.8 parsing
```
  3c8cf3cd
22 3月, 2012 6 次提交
- J
  
  Use old ruby_parser (2.3.1) for Ruby 1.8 parsing · b9bcc150
  由 Justin Collins 提交于 3月 21, 2012
  
  b9bcc150
- J
  
  Oops, need the rails_xss plugin directory for tests · 5bcfa954
  由 Justin Collins 提交于 3月 21, 2012
  
  5bcfa954
- J
  
  Add utility script for generating tests · 6afbf21b
  由 Justin Collins 提交于 3月 21, 2012
  
  6afbf21b
- J
  
  Fix tests after merge · b367c855
  由 Justin Collins 提交于 3月 21, 2012
  
  b367c855
- J
  Merge pull request #59 from presidentbeef/fix_rails_xss_views · 1ee831a8
  由 Justin 提交于 3月 21, 2012
```
Fix handling of Erubis templates with xss escaping via rails_xss or Rails 3 (but Rails 3 should not really be affected)
```
  1ee831a8
- J
  Merge pull request #58 from presidentbeef/improved_dynamic_render_check · 9e96ad67
  由 Justin 提交于 3月 21, 2012
```
Improved dynamic render check, ignore condition in if statements when looking for user input.
```
  9e96ad67
21 3月, 2012 8 次提交
- J
  Fix handling of Erubis templates with xss escaping · f85779d2
  由 Justin Collins 提交于 3月 20, 2012
```
either with rails_xss or Rails 3.
This was broken when Brakeman's Erubis output was
changed to match what rails_xss does. Unfortunately, that
broke the ErubisTemplateProcessor such that NO output
was detected. This should fix that.

Note that this code detects auto-escaping by the output variable.
@output_buffer is used in Brakeman's Erubis classes. _buf will
only show up if someone is using Erubis with auto-escaping turned
off.
```
  f85779d2
- J
  
  Add tests for application using rails_xss · 099f6263
  由 Justin Collins 提交于 3月 20, 2012
  
  099f6263
- J
  
  Fix/add dynamic render path tests · 22759068
  由 Justin Collins 提交于 3月 20, 2012
  
  22759068
- J
  
  Medium confidence for user input in render strings · b64fbda8
  由 Justin Collins 提交于 3月 20, 2012
  
  b64fbda8
- J
  
  Render path check should only warn on user input · 38e5c917
  由 Justin Collins 提交于 3月 20, 2012
  
  38e5c917
- J
  
  Merge branch 'master' of github.com:presidentbeef/brakeman · 0afd2777
  由 Justin Collins 提交于 3月 20, 2012
  
  0afd2777
- J
  
  Don't make file names symbols for --skip-files · 4276e0a0
  由 Justin Collins 提交于 3月 20, 2012
  
  4276e0a0
- J
  
  Ignore user input in condition of if statements · dd2ce579
  由 Justin Collins 提交于 3月 20, 2012
  
  dd2ce579
17 3月, 2012 3 次提交
- J
  Merge pull request #56 from presidentbeef/output_stack_trace_in_187 · 4ffff0fc
  由 Justin 提交于 3月 16, 2012
```
Standardize output of stack trace in 1.8 and 1.9
but only when using debug option
```
  4ffff0fc
- J
  Only output stack trace on debug, use caller · bd05d2d6
  由 Justin Collins 提交于 3月 16, 2012
```
Thanks @PragTob
```
  bd05d2d6
- J
  
  Output stack trace in debug on interrupt in 1.8.7 · cf66d790
  由 Justin Collins 提交于 3月 16, 2012
  
  cf66d790
14 3月, 2012 2 次提交

J
Merge pull request #54 from oreoshake/process_lib_fix · dc076cce
由 Justin 提交于 3月 13, 2012
```
 I was getting a NoMethodError when rescanning a file in the lib directo...
```
dc076cce

I was getting a NoMethodError when rescanning a file in the lib directory. · 77a35aed

由 Neil Matatall 提交于 3月 13, 2012

    NoMethodError: undefined method `process_library' for #<Brakeman::Rescanner:0x10a8f5380>
    /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:77:in `rescan_file'
    /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:50:in `rescan'
    /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:47:in `each'
    /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:47:in `rescan'
    /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:46:in `each'
    /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:46:in `rescan'
    /Users/neilm/workspace/brakeman/lib/brakeman/rescanner.rb:22:in `recheck'
    /Users/neilm/workspace/brakeman/lib/brakeman.rb:291:in `rescan'
    /usr/local/rvm/gems/ree-1.8.7-2011.12/gems/guard-brakeman-0.3.1/lib/guard/brakeman.rb:73:in `run_on_change'

77a35aed