glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

brakeman (#556)

Browse source 
* update rails to 4.2.5.1

* fix brakeman gem warning

* make brakeman happier and add it to travis

* install brakeman gem for static security analysis

* fix brakeman call in travis
This commit is contained in:
Devin Howard 2016-06-16 15:44:08 +08:00 committed by GitHub
parent 97e9f999d9
commit 6e1797183e
4 changed files with 71 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.travis.yml
View file

@ -18,4 +18,4 @@ before_script:
- nvm use stable
- (cd app/assets/javascripts && npm install)
script:
- bundle exec rspec && (cd app/assets/javascripts && npm test)
- bundle exec rspec && (cd app/assets/javascripts && npm test) && bundle exec brakeman -q -z

3
Gemfile
View file

@ -1,7 +1,7 @@
source 'https://rubygems.org'
ruby '2.1.3'
gem 'rails', '4.2.4'
gem 'rails'
gem 'active_model_serializers', '~> 0.8.1'
gem 'aws-sdk', '< 2.0'
@ -49,6 +49,7 @@ group :test do
gem 'rspec-rails'
gem 'shoulda-matchers'
gem 'simplecov', require: false
gem 'brakeman', require: false
end
group :development, :test do

132
Gemfile.lock
View file

@ -1,38 +1,38 @@
GEM
remote: https://rubygems.org/
specs:
actionmailer (4.2.4)
actionpack (= 4.2.4)
actionview (= 4.2.4)
activejob (= 4.2.4)
actionmailer (4.2.6)
actionpack (= 4.2.6)
actionview (= 4.2.6)
activejob (= 4.2.6)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.4)
actionview (= 4.2.4)
activesupport (= 4.2.4)
actionpack (4.2.6)
actionview (= 4.2.6)
activesupport (= 4.2.6)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.4)
activesupport (= 4.2.4)
actionview (4.2.6)
activesupport (= 4.2.6)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
active_model_serializers (0.8.3)
activemodel (>= 3.0)
activejob (4.2.4)
activesupport (= 4.2.4)
activejob (4.2.6)
activesupport (= 4.2.6)
globalid (>= 0.3.0)
activemodel (4.2.4)
activesupport (= 4.2.4)
activemodel (4.2.6)
activesupport (= 4.2.6)
builder (~> 3.1)
activerecord (4.2.4)
activemodel (= 4.2.4)
activesupport (= 4.2.4)
activerecord (4.2.6)
activemodel (= 4.2.6)
activesupport (= 4.2.6)
arel (~> 6.0)
activesupport (4.2.4)
activesupport (4.2.6)
i18n (~> 0.7)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
@ -55,8 +55,9 @@ GEM
rack (>= 0.9.0)
binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1)
brakeman (3.3.2)
builder (3.2.2)
byebug (8.2.2)
byebug (9.0.5)
climate_control (0.0.3)
activesupport (>= 3.0)
cocaine (0.5.8)
@ -69,19 +70,18 @@ GEM
coffee-script-source
execjs
coffee-script-source (1.10.0)
concurrent-ruby (1.0.1)
concurrent-ruby (1.0.2)
debug_inspector (0.0.2)
delayed_job (4.0.6)
activesupport (>= 3.0, < 5.0)
delayed_job_active_record (4.0.3)
activerecord (>= 3.0, < 5.0)
delayed_job (>= 3.0, < 4.1)
devise (3.5.6)
devise (4.1.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
railties (>= 4.1.0, < 5.1)
responders
thread_safe (~> 0.1)
warden (~> 1.2.3)
diff-lcs (1.2.5)
docile (1.1.5)
@ -95,14 +95,14 @@ GEM
exception_notification (4.1.4)
actionmailer (~> 4.0)
activesupport (~> 4.0)
execjs (2.6.0)
execjs (2.7.0)
ezcrypto (0.7.2)
factory_girl (4.5.0)
factory_girl (4.7.0)
activesupport (>= 3.0.0)
factory_girl_rails (4.6.0)
factory_girl (~> 4.5.0)
factory_girl_rails (4.7.0)
factory_girl (~> 4.7.0)
railties (>= 3.0.0)
formtastic (3.1.3)
formtastic (3.1.4)
actionpack (>= 3.2.13)
formula (1.1.1)
rails (> 3.0.0)
@ -112,7 +112,7 @@ GEM
json (~> 1.8)
multi_xml (>= 0.5.2)
i18n (0.7.0)
jbuilder (2.4.1)
jbuilder (2.5.0)
activesupport (>= 3.0.0, < 5.1)
multi_json (~> 1.2)
jquery-rails (4.1.1)
@ -122,9 +122,9 @@ GEM
jquery-ui-rails (5.0.5)
railties (>= 3.2.16)
json (1.8.3)
json-schema (2.6.1)
json-schema (2.6.2)
addressable (~> 2.3.8)
kaminari (0.16.3)
kaminari (0.17.0)
actionpack (>= 3.0.0)
activesupport (>= 3.0.0)
loofah (2.0.3)
@ -132,53 +132,55 @@ GEM
mail (2.6.4)
mime-types (>= 1.16, < 4)
method_source (0.8.2)
mime-types (3.0)
mime-types (3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2016.0221)
mime-types-data (3.2016.0521)
mimemagic (0.3.0)
mini_portile2 (2.0.0)
minitest (5.8.4)
multi_json (1.11.2)
mini_portile2 (2.1.0)
minitest (5.9.0)
multi_json (1.12.1)
multi_xml (0.5.5)
nokogiri (1.6.7.2)
mini_portile2 (~> 2.0.0.rc2)
nokogiri (1.6.8)
mini_portile2 (~> 2.1.0)
pkg-config (~> 1.1.7)
oauth (0.5.1)
orm_adapter (0.5.0)
paperclip (4.3.5)
paperclip (4.3.6)
activemodel (>= 3.2.0)
activesupport (>= 3.2.0)
cocaine (~> 0.5.5)
mime-types
mimemagic (= 0.3.0)
pg (0.18.4)
pkg-config (1.1.7)
pry (0.10.3)
coderay (~> 1.1.0)
method_source (~> 0.8.1)
slop (~> 3.4)
pry-byebug (3.3.0)
byebug (~> 8.0)
pry-byebug (3.4.0)
byebug (~> 9.0)
pry (~> 0.10)
pry-rails (0.3.4)
pry (>= 0.9.10)
pundit (1.1.0)
activesupport (>= 3.0.0)
pundit_extra (0.1.1)
pundit_extra (0.2.0)
quiet_assets (1.1.0)
railties (>= 3.1, < 5.0)
rack (1.6.4)
rack-cors (0.4.0)
rack-test (0.6.3)
rack (>= 1.0)
rails (4.2.4)
actionmailer (= 4.2.4)
actionpack (= 4.2.4)
actionview (= 4.2.4)
activejob (= 4.2.4)
activemodel (= 4.2.4)
activerecord (= 4.2.4)
activesupport (= 4.2.4)
rails (4.2.6)
actionmailer (= 4.2.6)
actionpack (= 4.2.6)
actionview (= 4.2.6)
activejob (= 4.2.6)
activemodel (= 4.2.6)
activerecord (= 4.2.6)
activesupport (= 4.2.6)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.4)
railties (= 4.2.6)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
@ -194,15 +196,15 @@ GEM
rails_serve_static_assets
rails_stdout_logging
rails_serve_static_assets (0.0.5)
rails_stdout_logging (0.0.4)
railties (4.2.4)
actionpack (= 4.2.4)
activesupport (= 4.2.4)
rails_stdout_logging (0.0.5)
railties (4.2.6)
actionpack (= 4.2.6)
activesupport (= 4.2.6)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (11.1.1)
redis (3.2.2)
responders (2.1.1)
rake (11.2.2)
redis (3.3.0)
responders (2.2.0)
railties (>= 4.2.0, < 5.1)
rspec-core (3.4.4)
rspec-support (~> 3.4.0)
@ -221,7 +223,7 @@ GEM
rspec-mocks (~> 3.4.0)
rspec-support (~> 3.4.0)
rspec-support (3.4.1)
sass (3.4.21)
sass (3.4.22)
sass-rails (5.0.4)
railties (>= 4.0.0, < 5.0)
sass (~> 3.1)
@ -237,9 +239,9 @@ GEM
simplecov-html (0.10.0)
slack-notifier (1.5.1)
slop (3.6.0)
snorlax (0.1.5)
snorlax (0.1.6)
rails (> 4.1)
sprockets (3.5.2)
sprockets (3.6.0)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.0.4)
@ -248,13 +250,12 @@ GEM
sprockets (>= 3.0.0)
thor (0.19.1)
thread_safe (0.3.5)
tilt (2.0.2)
tilt (2.0.5)
tunemygc (1.0.65)
tzinfo (1.2.2)
thread_safe (~> 0.1)
uglifier (2.7.2)
execjs (>= 0.3.0)
json (>= 1.8.0)
uglifier (3.0.0)
execjs (>= 0.3.0, < 3)
uservoice-ruby (0.0.11)
ezcrypto (>= 0.7.2)
json (>= 1.7.5)
@ -271,6 +272,7 @@ DEPENDENCIES
best_in_place
better_errors
binding_of_caller
brakeman
coffee-rails
delayed_job (~> 4.0.2)
delayed_job_active_record (~> 4.0.1)
@ -296,7 +298,7 @@ DEPENDENCIES
pundit_extra
quiet_assets
rack-cors
rails (= 4.2.4)
rails
rails3-jquery-autocomplete
rails_12factor
redis

2
app/controllers/application_controller.rb
View file

@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
include Pundit
include PunditExtra
rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
protect_from_forgery
protect_from_forgery(with: :exception)
before_action :get_invite_link
after_action :allow_embedding