提交 · e92bf6d50341df1c926b1538c1dcc401bb7c46ad · 李少辉-开发者 / Brakeman

30 6月, 2015 1 次提交
- J
  
  Treat String#html_safe the same as raw() · 17245112
  由 Justin Collins 提交于 6月 29, 2015
  
  17245112
29 6月, 2015 3 次提交
- J
  
  Fix warning code on low confidence XSS warnings · 9fec336e
  由 Justin Collins 提交于 6月 27, 2015
  
  9fec336e
- J
  
  More LinkToHref fixes · 870b815c
  由 Justin Collins 提交于 6月 28, 2015
  
  870b815c
- J
  
  Better ignore safe methods in XSS checks · 6770bb95
  由 Justin Collins 提交于 6月 27, 2015
  
  6770bb95
28 6月, 2015 1 次提交
- J
  
  Allow 'safe_methods' to match methods with target · dd32dbd1
  由 Justin Collins 提交于 6月 27, 2015
  
  dd32dbd1
12 2月, 2015 1 次提交
- J
  Ignore case value for XSS purposes · be3e3de8
  由 Justin Collins 提交于 2月 11, 2015
```
e.g.

case params[:x]
when ...

should not warn about params[:x]
```
  be3e3de8
03 1月, 2015 1 次提交
- J
  Move CheckCrossSiteScripting init to setup() · c3787434
  由 Justin Collins 提交于 1月 02, 2015
```
for ease of subclassing
```
  c3787434
09 9月, 2013 1 次提交
- J
  
  Assume `to_json` to be safe in Rails 4 · 752f195d
  由 Justin Collins 提交于 9月 08, 2013
  
  752f195d
21 8月, 2013 1 次提交
- J
  Fix how immediate model attributes are detected · d4c6cda8
  由 Justin Collins 提交于 8月 20, 2013
```
in particular, don't try to retroactively build call chain.
Fixes #385
```
  d4c6cda8
25 6月, 2013 2 次提交
- J
  
  Don't report immediate XSS dupes as weak warnings · cbb5b06a
  由 Justin Collins 提交于 6月 25, 2013
  
  cbb5b06a
- J
  
  Add right value to results in XSS check · a1ecebc9
  由 Justin Collins 提交于 6月 24, 2013
  
  a1ecebc9
19 6月, 2013 1 次提交
- J
  
  Re-ignore HAML escape method · ca109fc7
  由 Justin Collins 提交于 6月 18, 2013
  
  ca109fc7
15 6月, 2013 1 次提交
- J
  
  Refactor ignored output in XSS check · 77f12cf3
  由 Justin Collins 提交于 6月 14, 2013
  
  77f12cf3
17 5月, 2013 1 次提交
- J
  
  Slightly less debug output in XSS check · d4e60b6d
  由 Justin Collins 提交于 5月 17, 2013
  
  d4e60b6d
08 5月, 2013 1 次提交
- J
  
  Factor out input type in messages and normalize · a9ae876d
  由 Justin Collins 提交于 5月 07, 2013
  
  a9ae876d
11 4月, 2013 2 次提交
- J
  
  Detect Rails 3 json escape config option · cbef5621
  由 Justin Collins 提交于 4月 10, 2013
  
  cbef5621
- J
  
  Fix warning on `params.to_json` · 3165ca4b
  由 Justin Collins 提交于 4月 10, 2013
  
  3165ca4b
27 2月, 2013 1 次提交
- J
  
  Warning codes for everyone · 71e06919
  由 Justin Collins 提交于 2月 26, 2013
  
  71e06919
19 12月, 2012 1 次提交
- J
  
  Use helper methods for results from FindCall · 1d34049b
  由 Justin Collins 提交于 12月 15, 2012
  
  1d34049b
08 12月, 2012 1 次提交
- J
  
  Use process_call_args and Sexp#each_arg · eb08c600
  由 Justin Collins 提交于 12月 07, 2012
  
  eb08c600
06 12月, 2012 1 次提交
- J
  
  Get rid of many of Sexp#args and Sexp#arglist calls · 9a4e8da2
  由 Justin Collins 提交于 12月 04, 2012
  
  9a4e8da2
05 12月, 2012 1 次提交
- J
  
  Move more Sexp#[] calls to regular method calls · 89b67145
  由 Justin Collins 提交于 12月 04, 2012
  
  89b67145
09 11月, 2012 1 次提交
- J
  
  Do not report XSS for `to_i` calls on user input · b8f9a415
  由 Justin Collins 提交于 11月 08, 2012
  
  b8f9a415
07 11月, 2012 1 次提交
- J
  
  Convert more Sexp#[] to method calls · 02aefc3b
  由 Justin Collins 提交于 11月 06, 2012
  
  02aefc3b
06 11月, 2012 1 次提交
- J
  
  Deal with RP3 removing arglist nodes · 33f4b173
  由 Justin Collins 提交于 11月 05, 2012
  
  33f4b173
18 10月, 2012 1 次提交
- J
  
  Fix parentheses spacing warning · 96425d57
  由 Justin Collins 提交于 10月 17, 2012
  
  96425d57
28 9月, 2012 1 次提交
- O
  
  Check for overridden initializer values · 9845e74a
  由 oreoshake 提交于 9月 27, 2012
  
  9845e74a
30 8月, 2012 1 次提交
- O
  
  Code quality cleanup · 3259ef1b
  由 oreoshake 提交于 8月 29, 2012
  
  3259ef1b
29 8月, 2012 4 次提交
- O
  
  Forgot a paren · fcc40b1a
  由 oreoshake 提交于 8月 28, 2012
  
  fcc40b1a
- O
  
  More debugging statements, fix link_path issue · f911d9cb
  由 oreoshake 提交于 8月 28, 2012
  
  f911d9cb
- O
  
  Update links to the description of findings related to to_json · 2eecd7cd
  由 oreoshake 提交于 8月 28, 2012
  
  2eecd7cd
- O
  Add warnings to unescaped use of to_json · 8bcd1240
  由 oreoshake 提交于 8月 28, 2012
```
Set ActiveSupport.escape_html_entities_in_json=true in versions >= 2.1.0 for autoescaping on a to_json call.
```
  8bcd1240
25 8月, 2012 1 次提交

Fix duplicate warnings with `raw` calls · 5da772f8

由 Justin Collins 提交于 8月 24, 2012

There was a bit of a logic error here, because a
warning might be detected as a duplicate in
`check_for_immediate_xss`, causing it to return 'false'
and then the check would go ahead and process the `raw` call.
This would result in 'weak' confidence warnings that were
duplicates of 'high' confidence warnings.

5da772f8

10 8月, 2012 1 次提交
- J
  
  Mark strip_tags as known dangerous in Rails 2.x · 92f2febf
  由 Justin Collins 提交于 8月 09, 2012
  
  92f2febf
08 8月, 2012 1 次提交

Check for XSS in select() for Rails 2 · b9bc807f

由 Justin Collins 提交于 8月 07, 2012

previously, this would be a weak confidence warning. Change to be the
same as Rails 3 versions which had a vulnerability that caused select
to not escape arguments:
https://groups.google.com/d/topic/rubyonrails-security/CdoMUVpsRmQ/discussion

b9bc807f

28 7月, 2012 2 次提交
- J
  Use Sexp#first_arg and Sexp#second_arg · 4f3859a0
  由 Justin Collins 提交于 7月 27, 2012
```
instead of Sexp#args.first and Sexp#args.second
because Sexp#args creates a new Sexp
```
  4f3859a0
- J
  
  [CSC] CheckCrossSiteScripting · 1881eddb
  由 Justin Collins 提交于 7月 27, 2012
  
  1881eddb
27 7月, 2012 1 次提交
- J
  
  [CSC] CheckCrossSiteScripting · 220b3e2c
  由 Justin Collins 提交于 7月 26, 2012
  
  220b3e2c
17 5月, 2012 1 次提交
- J
  Let Warning set line number where possible · 89bcd139
  由 Justin Collins 提交于 5月 16, 2012
```
same effect, less code
```
  89bcd139
20 4月, 2012 1 次提交
- J
  Add Warning#user_input · 7a2105bf
  由 Justin Collins 提交于 4月 18, 2012
```
to report the actual piece of code detected as user input for some
warnings
```
  7a2105bf