Fix error when there is no Rails config

64af32d9 · Justin Collins · d7245019 · 64af32d9 · 64af32d9
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

lib/brakeman/checks/base_check.rb lib/brakeman/checks/base_check.rb +1 -0

lib/brakeman/checks/check_forgery_setting.rb lib/brakeman/checks/check_forgery_setting.rb +2 -1

未找到文件。
--- a/lib/brakeman/checks/base_check.rb
+++ b/lib/brakeman/checks/base_check.rb
@@ -148,6 +148,7 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
    @mass_assign_disabled = false

    if version_between?("3.1.0", "4.0.0") and 
+      tracker.config[:rails] and
      tracker.config[:rails][:active_record] and 
      tracker.config[:rails][:active_record][:whitelist_attributes] == Sexp.new(:true)


--- a/lib/brakeman/checks/check_forgery_setting.rb
+++ b/lib/brakeman/checks/check_forgery_setting.rb
@@ -11,7 +11,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck

  def run_check
    app_controller = tracker.controllers[:ApplicationController]
-    if tracker.config[:rails][:action_controller] and
+    if tracker.config[:rails] and
+      tracker.config[:rails][:action_controller] and
      tracker.config[:rails][:action_controller][:allow_forgery_protection] == Sexp.new(:false)

      warn :controller => :ApplicationController,