Sha256: 7869787efc0adb20c6868c7e4d5fa47f0a58d49cfe7d8763c2ca0f9494c02063
Contents?: true
Size: 1.55 KB
Versions: 14
Compression:
Stored size: 1.55 KB
Contents
require 'brakeman/processors/base_processor'
#Processes Gemfile and Gemfile.lock
class Brakeman::GemProcessor < Brakeman::BaseProcessor
def initialize *args
super
@gem_name_version = /^\s*([-_+.A-Za-z0-9]+) \((\w(\.\w+)*)\)/
@tracker.config[:gems] ||= {}
end
def process_gems src, gem_lock = nil
process src
if gem_lock
process_gem_lock gem_lock
@tracker.config[:rails_version] = @tracker.config[:gems][:rails]
elsif @tracker.config[:gems][:rails] =~ /(\d+.\d+.\d+)/
@tracker.config[:rails_version] = $1
end
if @tracker.config[:rails_version] =~ /^(3|4)\./ and not @tracker.options[:rails3]
@tracker.options[:rails3] = true
Brakeman.notify "[Notice] Detected Rails #$1 application"
end
if @tracker.config[:gems][:rails_xss]
@tracker.config[:escape_html] = true
Brakeman.notify "[Notice] Escaping HTML by default"
end
end
def process_call exp
if exp.target == nil and exp.method == :gem
gem_name = exp.first_arg
return exp unless string? gem_name
gem_version = exp.second_arg
if string? gem_version
@tracker.config[:gems][gem_name.value.to_sym] = gem_version.value
else
@tracker.config[:gems][gem_name.value.to_sym] = ">=0.0.0"
end
end
exp
end
def process_gem_lock gem_lock
gem_lock.each_line do |line|
set_gem_version line
end
end
# Supports .rc2 but not ~>, >=, or <=
def set_gem_version line
if line =~ @gem_name_version
@tracker.config[:gems][$1.to_sym] = $2
end
end
end
Version data entries
14 entries across 14 versions & 2 rubygems