Sha256: c27d9e7befaf78b9e547e15dff18c3cbee8a36c84845cb280d3f4654928f8839
Contents?: true
Size: 1.72 KB
Versions: 4
Compression:
Stored size: 1.72 KB
Contents
require 'brakeman/processors/base_processor'
#Processes Gemfile and Gemfile.lock
class Brakeman::GemProcessor < Brakeman::BaseProcessor
def initialize *args
super
@tracker.config[:gems] ||= {}
end
def process_gems src, gem_lock = nil
process src
if gem_lock
get_rails_version gem_lock
get_json_version gem_lock
get_i18n_version gem_lock
elsif @tracker.config[:gems][:rails] =~ /(\d+.\d+.\d+)/
@tracker.config[:rails_version] = $1
end
if @tracker.config[:rails_version] =~ /^(3|4)\./ and not @tracker.options[:rails3]
@tracker.options[:rails3] = true
Brakeman.notify "[Notice] Detected Rails #$1 application"
end
if @tracker.config[:gems][:rails_xss]
@tracker.config[:escape_html] = true
Brakeman.notify "[Notice] Escaping HTML by default"
end
end
def process_call exp
if exp.target == nil and exp.method == :gem
gem_name = exp.first_arg
gem_version = exp.second_arg
if string? gem_version
@tracker.config[:gems][gem_name.value.to_sym] = gem_version.value
else
@tracker.config[:gems][gem_name.value.to_sym] = ">=0.0.0"
end
end
exp
end
# Supports .rc2 but not ~>, >=, or <=
def get_version name, gem_lock
if gem_lock =~ /\s#{name} \((\w(\.\w+)*)\)(?:\n|\r\n)/
$1
end
end
def get_rails_version gem_lock
@tracker.config[:rails_version] = get_version("rails", gem_lock)
end
def get_json_version gem_lock
@tracker.config[:gems][:json] = get_version("json", gem_lock)
@tracker.config[:gems][:json_pure] = get_version("json_pure", gem_lock)
end
def get_i18n_version gem_lock
@tracker.config[:gems][:i18n] = get_version("i18n", gem_lock)
end
end
Version data entries
4 entries across 4 versions & 2 rubygems