Sha256: c27d9e7befaf78b9e547e15dff18c3cbee8a36c84845cb280d3f4654928f8839
Contents?: true
Size: 1.72 KB
Versions: 4
Compression:
Stored size: 1.72 KB
Contents
require 'brakeman/processors/base_processor' #Processes Gemfile and Gemfile.lock class Brakeman::GemProcessor < Brakeman::BaseProcessor def initialize *args super @tracker.config[:gems] ||= {} end def process_gems src, gem_lock = nil process src if gem_lock get_rails_version gem_lock get_json_version gem_lock get_i18n_version gem_lock elsif @tracker.config[:gems][:rails] =~ /(\d+.\d+.\d+)/ @tracker.config[:rails_version] = $1 end if @tracker.config[:rails_version] =~ /^(3|4)\./ and not @tracker.options[:rails3] @tracker.options[:rails3] = true Brakeman.notify "[Notice] Detected Rails #$1 application" end if @tracker.config[:gems][:rails_xss] @tracker.config[:escape_html] = true Brakeman.notify "[Notice] Escaping HTML by default" end end def process_call exp if exp.target == nil and exp.method == :gem gem_name = exp.first_arg gem_version = exp.second_arg if string? gem_version @tracker.config[:gems][gem_name.value.to_sym] = gem_version.value else @tracker.config[:gems][gem_name.value.to_sym] = ">=0.0.0" end end exp end # Supports .rc2 but not ~>, >=, or <= def get_version name, gem_lock if gem_lock =~ /\s#{name} \((\w(\.\w+)*)\)(?:\n|\r\n)/ $1 end end def get_rails_version gem_lock @tracker.config[:rails_version] = get_version("rails", gem_lock) end def get_json_version gem_lock @tracker.config[:gems][:json] = get_version("json", gem_lock) @tracker.config[:gems][:json_pure] = get_version("json_pure", gem_lock) end def get_i18n_version gem_lock @tracker.config[:gems][:i18n] = get_version("i18n", gem_lock) end end
Version data entries
4 entries across 4 versions & 2 rubygems