提交 · bd05d2d67393ae00de45be17df54a0ab2cb8cbb6 · 社会瑞弟呀 / brakeman

17 3月, 2012 2 次提交
- J
  Only output stack trace on debug, use caller · bd05d2d6
  由 Justin Collins 提交于 3月 16, 2012
```
Thanks @PragTob
```
  bd05d2d6
- J
  
  Output stack trace in debug on interrupt in 1.8.7 · cf66d790
  由 Justin Collins 提交于 3月 16, 2012
  
  cf66d790
08 3月, 2012 3 次提交
- J
  
  Merge branch 'master' of github.com:presidentbeef/brakeman · d1332357
  由 Justin Collins 提交于 3月 07, 2012
  
  d1332357
- J
  
  Add more tests for link_to · cf9c7fdd
  由 Justin Collins 提交于 3月 07, 2012
  
  cf9c7fdd
- J
  Fixes to CheckLinkTo for Rails 2.0 and 2.3 · 7edfbf25
  由 Justin Collins 提交于 3月 07, 2012
```
and link_to with a block
```
  7edfbf25
06 3月, 2012 12 次提交
- J
  Bump to 1.5.1 · 31bb46b6
  由 Justin 提交于 3月 05, 2012
```
[ci skip]
```
  31bb46b6
- J
  
  Update CHANGES · 0f40fcfc
  由 Justin 提交于 3月 05, 2012
  
  0f40fcfc
- J
  
  Remove duplicate method on Rails2XSSErubis · bdc3ad73
  由 Justin 提交于 3月 05, 2012
  
  bdc3ad73
- J
  
  Add test for Rails 3 partial rendoring · ccecea3f
  由 Justin 提交于 3月 05, 2012
  
  ccecea3f
- J
  Support Rails 3 partial render (no :partial => ...) · e96ababb
  由 Justin 提交于 3月 05, 2012
```
`render 'blah'` apparently noew renders the partial '_blah'
```
  e96ababb
- J
  
  tracker.config[:rails3] => tracker.options[:rails3] · 759856c6
  由 Justin 提交于 3月 05, 2012
  
  759856c6
- J
  
  Fix concatentation of module name · 4908056f
  由 Justin 提交于 3月 05, 2012
  
  4908056f
- J
  Add additional check for global mass assign disable · 87a8b193
  由 Justin 提交于 3月 05, 2012
```
that looks like this:

module ActiveRecord
  class Base
    attr_accessible
  end
end

Also, could be wrong, but I think old check was broken?
```
  87a8b193
- J
  Report module in Brakeman::FindCall results · adcd3d1b
  由 Justin 提交于 3月 05, 2012
```
but please don't ever use Brakeman::FindCall if it can
be avoided
```
  adcd3d1b
- J
  
  Track class and module in BaseProcessor · b701fea1
  由 Justin 提交于 3月 05, 2012
  
  b701fea1
- J
  
  Cache check result for disabled mass assignment · e5f68c51
  由 Justin 提交于 3月 05, 2012
  
  e5f68c51
- J
  
  Debug output of which template is being rendered · 94f06552
  由 Justin 提交于 3月 05, 2012
  
  94f06552
05 3月, 2012 2 次提交
- J
  
  Print out stack trace when interrupted (only Ruby 1.9) · ac0df989
  由 Justin 提交于 3月 05, 2012
  
  ac0df989
- J
  
  More debug output for current item being processed · 09904b6d
  由 Justin 提交于 3月 05, 2012
  
  09904b6d
03 3月, 2012 1 次提交
- J
  
  README updates · f5acf923
  由 Justin Collins 提交于 3月 02, 2012
  
  f5acf923
02 3月, 2012 9 次提交
- J
  Bump to 1.5.0 · f9977fa4
  由 Justin 提交于 3月 01, 2012
```
[ci skip]
```
  f9977fa4
- J
  Add check for skipping CSRF with :except · ff2e149b
  由 Justin Collins 提交于 3月 01, 2012
```
instead of using :only.
This is essentially a blacklist vs. whitelist issue.
```
  ff2e149b
- J
  
  Add test for skipping CSRF with :except · 4c3a35a0
  由 Justin Collins 提交于 3月 01, 2012
  
  4c3a35a0
- J
  Add version check for SafeBuffer vulnerability · 94872c3e
  由 Justin Collins 提交于 3月 01, 2012
```
upgrading is recommended, no workarounds
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1
```
  94872c3e
- J
  
  Tests for SafeBuffer vulnerability · 0aca60fc
  由 Justin Collins 提交于 3月 01, 2012
  
  0aca60fc
- J
  
  Oops, update expected warnings for Rails 2 tests · f6dfcce6
  由 Justin Collins 提交于 3月 01, 2012
  
  f6dfcce6
- J
  
  Remove select() as an XSS safe method in Rails 2 · 99a9930a
  由 Justin Collins 提交于 3月 01, 2012
  
  99a9930a
- J
  Add check for select vulnerability in Rails 3 · 71222ecd
  由 Justin Collins 提交于 3月 01, 2012
```
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
```
  71222ecd
- J
  
  Add test for select vulnerability in Rails 3 · 2f6fb06d
  由 Justin Collins 提交于 3月 01, 2012
  
  2f6fb06d
29 2月, 2012 7 次提交
- J
  Switch to 1.9.2 on Travis CI · 05a6ff6b
  由 Justin Collins 提交于 2月 28, 2012
```
since most development is done with 1.9.3 now
```
  05a6ff6b
- J
  Ignore resource routes if default routes already · 64432461
  由 Justin Collins 提交于 2月 28, 2012
```
fixes bug where resource routes attempted to merge into
:allow_all_actions
```
  64432461
- J
  
  Fix check for nested targets in Rails 2 routes · a059fed8
  由 Justin Collins 提交于 2月 28, 2012
  
  a059fed8
- J
  
  Update copyright · 00111918
  由 Justin Collins 提交于 2月 28, 2012
  
  00111918
- J
  Standardize SQL methods to check · db05dab5
  由 Justin Collins 提交于 2月 28, 2012
```
because before they were kind of all over the place
```
  db05dab5
- J
  
  Ignore Model#id for XSS check · 317b7b98
  由 Justin Collins 提交于 2月 28, 2012
  
  317b7b98
- J
  
  Use Set[] instead of Set.new([]) · ea04b1ad
  由 Justin Collins 提交于 2月 28, 2012
  
  ea04b1ad
28 2月, 2012 1 次提交
- J
  
  Add json as a report format · 7f51cc6b
  由 Justin Collins 提交于 2月 27, 2012
  
  7f51cc6b
25 2月, 2012 3 次提交
- J
  
  Bump to 1.4.0 · 84c5c218
  由 Justin Collins 提交于 2月 24, 2012
  
  84c5c218
- J
  Use Util.node_type? wherever possible · 820ba362
  由 Justin Collins 提交于 2月 24, 2012
```
instead of "sexp? exp and exp.node_type == :blah"
or "sexp? exp and exp[0] == :blah"
```
  820ba362
- J
  
  Add Util.node_type? · e69ace89
  由 Justin Collins 提交于 2月 24, 2012
  
  e69ace89