brakeman (#556)
* update rails to 4.2.5.1 * fix brakeman gem warning * make brakeman happier and add it to travis * install brakeman gem for static security analysis * fix brakeman call in travis
This commit is contained in:
Devin Howard
GitHub
parent
97e9f999d9
commit
6e1797183e
4 changed files with 71 additions and 68 deletions
|
|
@ -18,4 +18,4 @@ before_script:
|
||||||
- nvm use stable
|
- nvm use stable
|
||||||
- (cd app/assets/javascripts && npm install)
|
- (cd app/assets/javascripts && npm install)
|
||||||
script:
|
script:
|
||||||
- bundle exec rspec && (cd app/assets/javascripts && npm test)
|
- bundle exec rspec && (cd app/assets/javascripts && npm test) && bundle exec brakeman -q -z
|
||||||
|
|
|
||||||
3
Gemfile
3
Gemfile
|
|
@ -1,7 +1,7 @@
|
||||||
source 'https://rubygems.org'
|
source 'https://rubygems.org'
|
||||||
ruby '2.1.3'
|
ruby '2.1.3'
|
||||||
|
|
||||||
gem 'rails', '4.2.4'
|
gem 'rails'
|
||||||
|
|
||||||
gem 'active_model_serializers', '~> 0.8.1'
|
gem 'active_model_serializers', '~> 0.8.1'
|
||||||
gem 'aws-sdk', '< 2.0'
|
gem 'aws-sdk', '< 2.0'
|
||||||
|
|
@ -49,6 +49,7 @@ group :test do
|
||||||
gem 'rspec-rails'
|
gem 'rspec-rails'
|
||||||
gem 'shoulda-matchers'
|
gem 'shoulda-matchers'
|
||||||
gem 'simplecov', require: false
|
gem 'simplecov', require: false
|
||||||
|
gem 'brakeman', require: false
|
||||||
end
|
end
|
||||||
|
|
||||||
group :development, :test do
|
group :development, :test do
|
||||||
|
|
|
||||||
132
Gemfile.lock
132
Gemfile.lock
|
|
@ -1,38 +1,38 @@
|
||||||
GEM
|
GEM
|
||||||
remote: https://rubygems.org/
|
remote: https://rubygems.org/
|
||||||
specs:
|
specs:
|
||||||
actionmailer (4.2.4)
|
actionmailer (4.2.6)
|
||||||
actionpack (= 4.2.4)
|
actionpack (= 4.2.6)
|
||||||
actionview (= 4.2.4)
|
actionview (= 4.2.6)
|
||||||
activejob (= 4.2.4)
|
activejob (= 4.2.6)
|
||||||
mail (~> 2.5, >= 2.5.4)
|
mail (~> 2.5, >= 2.5.4)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
actionpack (4.2.4)
|
actionpack (4.2.6)
|
||||||
actionview (= 4.2.4)
|
actionview (= 4.2.6)
|
||||||
activesupport (= 4.2.4)
|
activesupport (= 4.2.6)
|
||||||
rack (~> 1.6)
|
rack (~> 1.6)
|
||||||
rack-test (~> 0.6.2)
|
rack-test (~> 0.6.2)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
||||||
actionview (4.2.4)
|
actionview (4.2.6)
|
||||||
activesupport (= 4.2.4)
|
activesupport (= 4.2.6)
|
||||||
builder (~> 3.1)
|
builder (~> 3.1)
|
||||||
erubis (~> 2.7.0)
|
erubis (~> 2.7.0)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
||||||
active_model_serializers (0.8.3)
|
active_model_serializers (0.8.3)
|
||||||
activemodel (>= 3.0)
|
activemodel (>= 3.0)
|
||||||
activejob (4.2.4)
|
activejob (4.2.6)
|
||||||
activesupport (= 4.2.4)
|
activesupport (= 4.2.6)
|
||||||
globalid (>= 0.3.0)
|
globalid (>= 0.3.0)
|
||||||
activemodel (4.2.4)
|
activemodel (4.2.6)
|
||||||
activesupport (= 4.2.4)
|
activesupport (= 4.2.6)
|
||||||
builder (~> 3.1)
|
builder (~> 3.1)
|
||||||
activerecord (4.2.4)
|
activerecord (4.2.6)
|
||||||
activemodel (= 4.2.4)
|
activemodel (= 4.2.6)
|
||||||
activesupport (= 4.2.4)
|
activesupport (= 4.2.6)
|
||||||
arel (~> 6.0)
|
arel (~> 6.0)
|
||||||
activesupport (4.2.4)
|
activesupport (4.2.6)
|
||||||
i18n (~> 0.7)
|
i18n (~> 0.7)
|
||||||
json (~> 1.7, >= 1.7.7)
|
json (~> 1.7, >= 1.7.7)
|
||||||
minitest (~> 5.1)
|
minitest (~> 5.1)
|
||||||
|
|
@ -55,8 +55,9 @@ GEM
|
||||||
rack (>= 0.9.0)
|
rack (>= 0.9.0)
|
||||||
binding_of_caller (0.7.2)
|
binding_of_caller (0.7.2)
|
||||||
debug_inspector (>= 0.0.1)
|
debug_inspector (>= 0.0.1)
|
||||||
|
brakeman (3.3.2)
|
||||||
builder (3.2.2)
|
builder (3.2.2)
|
||||||
byebug (8.2.2)
|
byebug (9.0.5)
|
||||||
climate_control (0.0.3)
|
climate_control (0.0.3)
|
||||||
activesupport (>= 3.0)
|
activesupport (>= 3.0)
|
||||||
cocaine (0.5.8)
|
cocaine (0.5.8)
|
||||||
|
|
@ -69,19 +70,18 @@ GEM
|
||||||
coffee-script-source
|
coffee-script-source
|
||||||
execjs
|
execjs
|
||||||
coffee-script-source (1.10.0)
|
coffee-script-source (1.10.0)
|
||||||
concurrent-ruby (1.0.1)
|
concurrent-ruby (1.0.2)
|
||||||
debug_inspector (0.0.2)
|
debug_inspector (0.0.2)
|
||||||
delayed_job (4.0.6)
|
delayed_job (4.0.6)
|
||||||
activesupport (>= 3.0, < 5.0)
|
activesupport (>= 3.0, < 5.0)
|
||||||
delayed_job_active_record (4.0.3)
|
delayed_job_active_record (4.0.3)
|
||||||
activerecord (>= 3.0, < 5.0)
|
activerecord (>= 3.0, < 5.0)
|
||||||
delayed_job (>= 3.0, < 4.1)
|
delayed_job (>= 3.0, < 4.1)
|
||||||
devise (3.5.6)
|
devise (4.1.1)
|
||||||
bcrypt (~> 3.0)
|
bcrypt (~> 3.0)
|
||||||
orm_adapter (~> 0.1)
|
orm_adapter (~> 0.1)
|
||||||
railties (>= 3.2.6, < 5)
|
railties (>= 4.1.0, < 5.1)
|
||||||
responders
|
responders
|
||||||
thread_safe (~> 0.1)
|
|
||||||
warden (~> 1.2.3)
|
warden (~> 1.2.3)
|
||||||
diff-lcs (1.2.5)
|
diff-lcs (1.2.5)
|
||||||
docile (1.1.5)
|
docile (1.1.5)
|
||||||
|
|
@ -95,14 +95,14 @@ GEM
|
||||||
exception_notification (4.1.4)
|
exception_notification (4.1.4)
|
||||||
actionmailer (~> 4.0)
|
actionmailer (~> 4.0)
|
||||||
activesupport (~> 4.0)
|
activesupport (~> 4.0)
|
||||||
execjs (2.6.0)
|
execjs (2.7.0)
|
||||||
ezcrypto (0.7.2)
|
ezcrypto (0.7.2)
|
||||||
factory_girl (4.5.0)
|
factory_girl (4.7.0)
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
factory_girl_rails (4.6.0)
|
factory_girl_rails (4.7.0)
|
||||||
factory_girl (~> 4.5.0)
|
factory_girl (~> 4.7.0)
|
||||||
railties (>= 3.0.0)
|
railties (>= 3.0.0)
|
||||||
formtastic (3.1.3)
|
formtastic (3.1.4)
|
||||||
actionpack (>= 3.2.13)
|
actionpack (>= 3.2.13)
|
||||||
formula (1.1.1)
|
formula (1.1.1)
|
||||||
rails (> 3.0.0)
|
rails (> 3.0.0)
|
||||||
|
|
@ -112,7 +112,7 @@ GEM
|
||||||
json (~> 1.8)
|
json (~> 1.8)
|
||||||
multi_xml (>= 0.5.2)
|
multi_xml (>= 0.5.2)
|
||||||
i18n (0.7.0)
|
i18n (0.7.0)
|
||||||
jbuilder (2.4.1)
|
jbuilder (2.5.0)
|
||||||
activesupport (>= 3.0.0, < 5.1)
|
activesupport (>= 3.0.0, < 5.1)
|
||||||
multi_json (~> 1.2)
|
multi_json (~> 1.2)
|
||||||
jquery-rails (4.1.1)
|
jquery-rails (4.1.1)
|
||||||
|
|
@ -122,9 +122,9 @@ GEM
|
||||||
jquery-ui-rails (5.0.5)
|
jquery-ui-rails (5.0.5)
|
||||||
railties (>= 3.2.16)
|
railties (>= 3.2.16)
|
||||||
json (1.8.3)
|
json (1.8.3)
|
||||||
json-schema (2.6.1)
|
json-schema (2.6.2)
|
||||||
addressable (~> 2.3.8)
|
addressable (~> 2.3.8)
|
||||||
kaminari (0.16.3)
|
kaminari (0.17.0)
|
||||||
actionpack (>= 3.0.0)
|
actionpack (>= 3.0.0)
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
loofah (2.0.3)
|
loofah (2.0.3)
|
||||||
|
|
@ -132,53 +132,55 @@ GEM
|
||||||
mail (2.6.4)
|
mail (2.6.4)
|
||||||
mime-types (>= 1.16, < 4)
|
mime-types (>= 1.16, < 4)
|
||||||
method_source (0.8.2)
|
method_source (0.8.2)
|
||||||
mime-types (3.0)
|
mime-types (3.1)
|
||||||
mime-types-data (~> 3.2015)
|
mime-types-data (~> 3.2015)
|
||||||
mime-types-data (3.2016.0221)
|
mime-types-data (3.2016.0521)
|
||||||
mimemagic (0.3.0)
|
mimemagic (0.3.0)
|
||||||
mini_portile2 (2.0.0)
|
mini_portile2 (2.1.0)
|
||||||
minitest (5.8.4)
|
minitest (5.9.0)
|
||||||
multi_json (1.11.2)
|
multi_json (1.12.1)
|
||||||
multi_xml (0.5.5)
|
multi_xml (0.5.5)
|
||||||
nokogiri (1.6.7.2)
|
nokogiri (1.6.8)
|
||||||
mini_portile2 (~> 2.0.0.rc2)
|
mini_portile2 (~> 2.1.0)
|
||||||
|
pkg-config (~> 1.1.7)
|
||||||
oauth (0.5.1)
|
oauth (0.5.1)
|
||||||
orm_adapter (0.5.0)
|
orm_adapter (0.5.0)
|
||||||
paperclip (4.3.5)
|
paperclip (4.3.6)
|
||||||
activemodel (>= 3.2.0)
|
activemodel (>= 3.2.0)
|
||||||
activesupport (>= 3.2.0)
|
activesupport (>= 3.2.0)
|
||||||
cocaine (~> 0.5.5)
|
cocaine (~> 0.5.5)
|
||||||
mime-types
|
mime-types
|
||||||
mimemagic (= 0.3.0)
|
mimemagic (= 0.3.0)
|
||||||
pg (0.18.4)
|
pg (0.18.4)
|
||||||
|
pkg-config (1.1.7)
|
||||||
pry (0.10.3)
|
pry (0.10.3)
|
||||||
coderay (~> 1.1.0)
|
coderay (~> 1.1.0)
|
||||||
method_source (~> 0.8.1)
|
method_source (~> 0.8.1)
|
||||||
slop (~> 3.4)
|
slop (~> 3.4)
|
||||||
pry-byebug (3.3.0)
|
pry-byebug (3.4.0)
|
||||||
byebug (~> 8.0)
|
byebug (~> 9.0)
|
||||||
pry (~> 0.10)
|
pry (~> 0.10)
|
||||||
pry-rails (0.3.4)
|
pry-rails (0.3.4)
|
||||||
pry (>= 0.9.10)
|
pry (>= 0.9.10)
|
||||||
pundit (1.1.0)
|
pundit (1.1.0)
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
pundit_extra (0.1.1)
|
pundit_extra (0.2.0)
|
||||||
quiet_assets (1.1.0)
|
quiet_assets (1.1.0)
|
||||||
railties (>= 3.1, < 5.0)
|
railties (>= 3.1, < 5.0)
|
||||||
rack (1.6.4)
|
rack (1.6.4)
|
||||||
rack-cors (0.4.0)
|
rack-cors (0.4.0)
|
||||||
rack-test (0.6.3)
|
rack-test (0.6.3)
|
||||||
rack (>= 1.0)
|
rack (>= 1.0)
|
||||||
rails (4.2.4)
|
rails (4.2.6)
|
||||||
actionmailer (= 4.2.4)
|
actionmailer (= 4.2.6)
|
||||||
actionpack (= 4.2.4)
|
actionpack (= 4.2.6)
|
||||||
actionview (= 4.2.4)
|
actionview (= 4.2.6)
|
||||||
activejob (= 4.2.4)
|
activejob (= 4.2.6)
|
||||||
activemodel (= 4.2.4)
|
activemodel (= 4.2.6)
|
||||||
activerecord (= 4.2.4)
|
activerecord (= 4.2.6)
|
||||||
activesupport (= 4.2.4)
|
activesupport (= 4.2.6)
|
||||||
bundler (>= 1.3.0, < 2.0)
|
bundler (>= 1.3.0, < 2.0)
|
||||||
railties (= 4.2.4)
|
railties (= 4.2.6)
|
||||||
sprockets-rails
|
sprockets-rails
|
||||||
rails-deprecated_sanitizer (1.0.3)
|
rails-deprecated_sanitizer (1.0.3)
|
||||||
activesupport (>= 4.2.0.alpha)
|
activesupport (>= 4.2.0.alpha)
|
||||||
|
|
@ -194,15 +196,15 @@ GEM
|
||||||
rails_serve_static_assets
|
rails_serve_static_assets
|
||||||
rails_stdout_logging
|
rails_stdout_logging
|
||||||
rails_serve_static_assets (0.0.5)
|
rails_serve_static_assets (0.0.5)
|
||||||
rails_stdout_logging (0.0.4)
|
rails_stdout_logging (0.0.5)
|
||||||
railties (4.2.4)
|
railties (4.2.6)
|
||||||
actionpack (= 4.2.4)
|
actionpack (= 4.2.6)
|
||||||
activesupport (= 4.2.4)
|
activesupport (= 4.2.6)
|
||||||
rake (>= 0.8.7)
|
rake (>= 0.8.7)
|
||||||
thor (>= 0.18.1, < 2.0)
|
thor (>= 0.18.1, < 2.0)
|
||||||
rake (11.1.1)
|
rake (11.2.2)
|
||||||
redis (3.2.2)
|
redis (3.3.0)
|
||||||
responders (2.1.1)
|
responders (2.2.0)
|
||||||
railties (>= 4.2.0, < 5.1)
|
railties (>= 4.2.0, < 5.1)
|
||||||
rspec-core (3.4.4)
|
rspec-core (3.4.4)
|
||||||
rspec-support (~> 3.4.0)
|
rspec-support (~> 3.4.0)
|
||||||
|
|
@ -221,7 +223,7 @@ GEM
|
||||||
rspec-mocks (~> 3.4.0)
|
rspec-mocks (~> 3.4.0)
|
||||||
rspec-support (~> 3.4.0)
|
rspec-support (~> 3.4.0)
|
||||||
rspec-support (3.4.1)
|
rspec-support (3.4.1)
|
||||||
sass (3.4.21)
|
sass (3.4.22)
|
||||||
sass-rails (5.0.4)
|
sass-rails (5.0.4)
|
||||||
railties (>= 4.0.0, < 5.0)
|
railties (>= 4.0.0, < 5.0)
|
||||||
sass (~> 3.1)
|
sass (~> 3.1)
|
||||||
|
|
@ -237,9 +239,9 @@ GEM
|
||||||
simplecov-html (0.10.0)
|
simplecov-html (0.10.0)
|
||||||
slack-notifier (1.5.1)
|
slack-notifier (1.5.1)
|
||||||
slop (3.6.0)
|
slop (3.6.0)
|
||||||
snorlax (0.1.5)
|
snorlax (0.1.6)
|
||||||
rails (> 4.1)
|
rails (> 4.1)
|
||||||
sprockets (3.5.2)
|
sprockets (3.6.0)
|
||||||
concurrent-ruby (~> 1.0)
|
concurrent-ruby (~> 1.0)
|
||||||
rack (> 1, < 3)
|
rack (> 1, < 3)
|
||||||
sprockets-rails (3.0.4)
|
sprockets-rails (3.0.4)
|
||||||
|
|
@ -248,13 +250,12 @@ GEM
|
||||||
sprockets (>= 3.0.0)
|
sprockets (>= 3.0.0)
|
||||||
thor (0.19.1)
|
thor (0.19.1)
|
||||||
thread_safe (0.3.5)
|
thread_safe (0.3.5)
|
||||||
tilt (2.0.2)
|
tilt (2.0.5)
|
||||||
tunemygc (1.0.65)
|
tunemygc (1.0.65)
|
||||||
tzinfo (1.2.2)
|
tzinfo (1.2.2)
|
||||||
thread_safe (~> 0.1)
|
thread_safe (~> 0.1)
|
||||||
uglifier (2.7.2)
|
uglifier (3.0.0)
|
||||||
execjs (>= 0.3.0)
|
execjs (>= 0.3.0, < 3)
|
||||||
json (>= 1.8.0)
|
|
||||||
uservoice-ruby (0.0.11)
|
uservoice-ruby (0.0.11)
|
||||||
ezcrypto (>= 0.7.2)
|
ezcrypto (>= 0.7.2)
|
||||||
json (>= 1.7.5)
|
json (>= 1.7.5)
|
||||||
|
|
@ -271,6 +272,7 @@ DEPENDENCIES
|
||||||
best_in_place
|
best_in_place
|
||||||
better_errors
|
better_errors
|
||||||
binding_of_caller
|
binding_of_caller
|
||||||
|
brakeman
|
||||||
coffee-rails
|
coffee-rails
|
||||||
delayed_job (~> 4.0.2)
|
delayed_job (~> 4.0.2)
|
||||||
delayed_job_active_record (~> 4.0.1)
|
delayed_job_active_record (~> 4.0.1)
|
||||||
|
|
@ -296,7 +298,7 @@ DEPENDENCIES
|
||||||
pundit_extra
|
pundit_extra
|
||||||
quiet_assets
|
quiet_assets
|
||||||
rack-cors
|
rack-cors
|
||||||
rails (= 4.2.4)
|
rails
|
||||||
rails3-jquery-autocomplete
|
rails3-jquery-autocomplete
|
||||||
rails_12factor
|
rails_12factor
|
||||||
redis
|
redis
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
|
||||||
include Pundit
|
include Pundit
|
||||||
include PunditExtra
|
include PunditExtra
|
||||||
rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
|
rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
|
||||||
protect_from_forgery
|
protect_from_forgery(with: :exception)
|
||||||
|
|
||||||
before_action :get_invite_link
|
before_action :get_invite_link
|
||||||
after_action :allow_embedding
|
after_action :allow_embedding
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue