glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

brakeman (#556)

Browse source 
* update rails to 4.2.5.1

* fix brakeman gem warning

* make brakeman happier and add it to travis

* install brakeman gem for static security analysis

* fix brakeman call in travis
This commit is contained in:
Devin Howard 2016-06-16 15:44:08 +08:00 committed by GitHub
parent 97e9f999d9
commit 6e1797183e
4 changed files with 71 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.travis.yml
View file

@ -18,4 +18,4 @@ before_script:
- nvm use stable - nvm use stable
- (cd app/assets/javascripts && npm install) - (cd app/assets/javascripts && npm install)
script: script:
- bundle exec rspec && (cd app/assets/javascripts && npm test) - bundle exec rspec && (cd app/assets/javascripts && npm test) && bundle exec brakeman -q -z

3
Gemfile
View file

@ -1,7 +1,7 @@
source 'https://rubygems.org' source 'https://rubygems.org'
ruby '2.1.3' ruby '2.1.3'
gem 'rails', '4.2.4' gem 'rails'
gem 'active_model_serializers', '~> 0.8.1' gem 'active_model_serializers', '~> 0.8.1'
gem 'aws-sdk', '< 2.0' gem 'aws-sdk', '< 2.0'
@ -49,6 +49,7 @@ group :test do
gem 'rspec-rails' gem 'rspec-rails'
gem 'shoulda-matchers' gem 'shoulda-matchers'
gem 'simplecov', require: false gem 'simplecov', require: false
gem 'brakeman', require: false
end end
group :development, :test do group :development, :test do

132
Gemfile.lock
View file

@ -1,38 +1,38 @@
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
actionmailer (4.2.4) actionmailer (4.2.6)
actionpack (= 4.2.4) actionpack (= 4.2.6)
actionview (= 4.2.4) actionview (= 4.2.6)
activejob (= 4.2.4) activejob (= 4.2.6)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.4) actionpack (4.2.6)
actionview (= 4.2.4) actionview (= 4.2.6)
activesupport (= 4.2.4) activesupport (= 4.2.6)
rack (~> 1.6) rack (~> 1.6)
rack-test (~> 0.6.2) rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.4) actionview (4.2.6)
activesupport (= 4.2.4) activesupport (= 4.2.6)
builder (~> 3.1) builder (~> 3.1)
erubis (~> 2.7.0) erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
active_model_serializers (0.8.3) active_model_serializers (0.8.3)
activemodel (>= 3.0) activemodel (>= 3.0)
activejob (4.2.4) activejob (4.2.6)
activesupport (= 4.2.4) activesupport (= 4.2.6)
globalid (>= 0.3.0) globalid (>= 0.3.0)
activemodel (4.2.4) activemodel (4.2.6)
activesupport (= 4.2.4) activesupport (= 4.2.6)
builder (~> 3.1) builder (~> 3.1)
activerecord (4.2.4) activerecord (4.2.6)
activemodel (= 4.2.4) activemodel (= 4.2.6)
activesupport (= 4.2.4) activesupport (= 4.2.6)
arel (~> 6.0) arel (~> 6.0)
activesupport (4.2.4) activesupport (4.2.6)
i18n (~> 0.7) i18n (~> 0.7)
json (~> 1.7, >= 1.7.7) json (~> 1.7, >= 1.7.7)
minitest (~> 5.1) minitest (~> 5.1)
@ -55,8 +55,9 @@ GEM
rack (>= 0.9.0) rack (>= 0.9.0)
binding_of_caller (0.7.2) binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1) debug_inspector (>= 0.0.1)
brakeman (3.3.2)
builder (3.2.2) builder (3.2.2)
byebug (8.2.2) byebug (9.0.5)
climate_control (0.0.3) climate_control (0.0.3)
activesupport (>= 3.0) activesupport (>= 3.0)
cocaine (0.5.8) cocaine (0.5.8)
@ -69,19 +70,18 @@ GEM
coffee-script-source coffee-script-source
execjs execjs
coffee-script-source (1.10.0) coffee-script-source (1.10.0)
concurrent-ruby (1.0.1) concurrent-ruby (1.0.2)
debug_inspector (0.0.2) debug_inspector (0.0.2)
delayed_job (4.0.6) delayed_job (4.0.6)
activesupport (>= 3.0, < 5.0) activesupport (>= 3.0, < 5.0)
delayed_job_active_record (4.0.3) delayed_job_active_record (4.0.3)
activerecord (>= 3.0, < 5.0) activerecord (>= 3.0, < 5.0)
delayed_job (>= 3.0, < 4.1) delayed_job (>= 3.0, < 4.1)
devise (3.5.6) devise (4.1.1)
bcrypt (~> 3.0) bcrypt (~> 3.0)
orm_adapter (~> 0.1) orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5) railties (>= 4.1.0, < 5.1)
responders responders
thread_safe (~> 0.1)
warden (~> 1.2.3) warden (~> 1.2.3)
diff-lcs (1.2.5) diff-lcs (1.2.5)
docile (1.1.5) docile (1.1.5)
@ -95,14 +95,14 @@ GEM
exception_notification (4.1.4) exception_notification (4.1.4)
actionmailer (~> 4.0) actionmailer (~> 4.0)
activesupport (~> 4.0) activesupport (~> 4.0)
execjs (2.6.0) execjs (2.7.0)
ezcrypto (0.7.2) ezcrypto (0.7.2)
factory_girl (4.5.0) factory_girl (4.7.0)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
factory_girl_rails (4.6.0) factory_girl_rails (4.7.0)
factory_girl (~> 4.5.0) factory_girl (~> 4.7.0)
railties (>= 3.0.0) railties (>= 3.0.0)
formtastic (3.1.3) formtastic (3.1.4)
actionpack (>= 3.2.13) actionpack (>= 3.2.13)
formula (1.1.1) formula (1.1.1)
rails (> 3.0.0) rails (> 3.0.0)
@ -112,7 +112,7 @@ GEM
json (~> 1.8) json (~> 1.8)
multi_xml (>= 0.5.2) multi_xml (>= 0.5.2)
i18n (0.7.0) i18n (0.7.0)
jbuilder (2.4.1) jbuilder (2.5.0)
activesupport (>= 3.0.0, < 5.1) activesupport (>= 3.0.0, < 5.1)
multi_json (~> 1.2) multi_json (~> 1.2)
jquery-rails (4.1.1) jquery-rails (4.1.1)
@ -122,9 +122,9 @@ GEM
jquery-ui-rails (5.0.5) jquery-ui-rails (5.0.5)
railties (>= 3.2.16) railties (>= 3.2.16)
json (1.8.3) json (1.8.3)
json-schema (2.6.1) json-schema (2.6.2)
addressable (~> 2.3.8) addressable (~> 2.3.8)
kaminari (0.16.3) kaminari (0.17.0)
actionpack (>= 3.0.0) actionpack (>= 3.0.0)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
loofah (2.0.3) loofah (2.0.3)
@ -132,53 +132,55 @@ GEM
mail (2.6.4) mail (2.6.4)
mime-types (>= 1.16, < 4) mime-types (>= 1.16, < 4)
method_source (0.8.2) method_source (0.8.2)
mime-types (3.0) mime-types (3.1)
mime-types-data (~> 3.2015) mime-types-data (~> 3.2015)
mime-types-data (3.2016.0221) mime-types-data (3.2016.0521)
mimemagic (0.3.0) mimemagic (0.3.0)
mini_portile2 (2.0.0) mini_portile2 (2.1.0)
minitest (5.8.4) minitest (5.9.0)
multi_json (1.11.2) multi_json (1.12.1)
multi_xml (0.5.5) multi_xml (0.5.5)
nokogiri (1.6.7.2) nokogiri (1.6.8)
mini_portile2 (~> 2.0.0.rc2) mini_portile2 (~> 2.1.0)
pkg-config (~> 1.1.7)
oauth (0.5.1) oauth (0.5.1)
orm_adapter (0.5.0) orm_adapter (0.5.0)
paperclip (4.3.5) paperclip (4.3.6)
activemodel (>= 3.2.0) activemodel (>= 3.2.0)
activesupport (>= 3.2.0) activesupport (>= 3.2.0)
cocaine (~> 0.5.5) cocaine (~> 0.5.5)
mime-types mime-types
mimemagic (= 0.3.0) mimemagic (= 0.3.0)
pg (0.18.4) pg (0.18.4)
pkg-config (1.1.7)
pry (0.10.3) pry (0.10.3)
coderay (~> 1.1.0) coderay (~> 1.1.0)
method_source (~> 0.8.1) method_source (~> 0.8.1)
slop (~> 3.4) slop (~> 3.4)
pry-byebug (3.3.0) pry-byebug (3.4.0)
byebug (~> 8.0) byebug (~> 9.0)
pry (~> 0.10) pry (~> 0.10)
pry-rails (0.3.4) pry-rails (0.3.4)
pry (>= 0.9.10) pry (>= 0.9.10)
pundit (1.1.0) pundit (1.1.0)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
pundit_extra (0.1.1) pundit_extra (0.2.0)
quiet_assets (1.1.0) quiet_assets (1.1.0)
railties (>= 3.1, < 5.0) railties (>= 3.1, < 5.0)
rack (1.6.4) rack (1.6.4)
rack-cors (0.4.0) rack-cors (0.4.0)
rack-test (0.6.3) rack-test (0.6.3)
rack (>= 1.0) rack (>= 1.0)
rails (4.2.4) rails (4.2.6)
actionmailer (= 4.2.4) actionmailer (= 4.2.6)
actionpack (= 4.2.4) actionpack (= 4.2.6)
actionview (= 4.2.4) actionview (= 4.2.6)
activejob (= 4.2.4) activejob (= 4.2.6)
activemodel (= 4.2.4) activemodel (= 4.2.6)
activerecord (= 4.2.4) activerecord (= 4.2.6)
activesupport (= 4.2.4) activesupport (= 4.2.6)
bundler (>= 1.3.0, < 2.0) bundler (>= 1.3.0, < 2.0)
railties (= 4.2.4) railties (= 4.2.6)
sprockets-rails sprockets-rails
rails-deprecated_sanitizer (1.0.3) rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha) activesupport (>= 4.2.0.alpha)
@ -194,15 +196,15 @@ GEM
rails_serve_static_assets rails_serve_static_assets
rails_stdout_logging rails_stdout_logging
rails_serve_static_assets (0.0.5) rails_serve_static_assets (0.0.5)
rails_stdout_logging (0.0.4) rails_stdout_logging (0.0.5)
railties (4.2.4) railties (4.2.6)
actionpack (= 4.2.4) actionpack (= 4.2.6)
activesupport (= 4.2.4) activesupport (= 4.2.6)
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0) thor (>= 0.18.1, < 2.0)
rake (11.1.1) rake (11.2.2)
redis (3.2.2) redis (3.3.0)
responders (2.1.1) responders (2.2.0)
railties (>= 4.2.0, < 5.1) railties (>= 4.2.0, < 5.1)
rspec-core (3.4.4) rspec-core (3.4.4)
rspec-support (~> 3.4.0) rspec-support (~> 3.4.0)
@ -221,7 +223,7 @@ GEM
rspec-mocks (~> 3.4.0) rspec-mocks (~> 3.4.0)
rspec-support (~> 3.4.0) rspec-support (~> 3.4.0)
rspec-support (3.4.1) rspec-support (3.4.1)
sass (3.4.21) sass (3.4.22)
sass-rails (5.0.4) sass-rails (5.0.4)
railties (>= 4.0.0, < 5.0) railties (>= 4.0.0, < 5.0)
sass (~> 3.1) sass (~> 3.1)
@ -237,9 +239,9 @@ GEM
simplecov-html (0.10.0) simplecov-html (0.10.0)
slack-notifier (1.5.1) slack-notifier (1.5.1)
slop (3.6.0) slop (3.6.0)
snorlax (0.1.5) snorlax (0.1.6)
rails (> 4.1) rails (> 4.1)
sprockets (3.5.2) sprockets (3.6.0)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
rack (> 1, < 3) rack (> 1, < 3)
sprockets-rails (3.0.4) sprockets-rails (3.0.4)
@ -248,13 +250,12 @@ GEM
sprockets (>= 3.0.0) sprockets (>= 3.0.0)
thor (0.19.1) thor (0.19.1)
thread_safe (0.3.5) thread_safe (0.3.5)
tilt (2.0.2) tilt (2.0.5)
tunemygc (1.0.65) tunemygc (1.0.65)
tzinfo (1.2.2) tzinfo (1.2.2)
thread_safe (~> 0.1) thread_safe (~> 0.1)
uglifier (2.7.2) uglifier (3.0.0)
execjs (>= 0.3.0) execjs (>= 0.3.0, < 3)
json (>= 1.8.0)
uservoice-ruby (0.0.11) uservoice-ruby (0.0.11)
ezcrypto (>= 0.7.2) ezcrypto (>= 0.7.2)
json (>= 1.7.5) json (>= 1.7.5)
@ -271,6 +272,7 @@ DEPENDENCIES
best_in_place best_in_place
better_errors better_errors
binding_of_caller binding_of_caller
brakeman
coffee-rails coffee-rails
delayed_job (~> 4.0.2) delayed_job (~> 4.0.2)
delayed_job_active_record (~> 4.0.1) delayed_job_active_record (~> 4.0.1)
@ -296,7 +298,7 @@ DEPENDENCIES
pundit_extra pundit_extra
quiet_assets quiet_assets
rack-cors rack-cors
rails (= 4.2.4) rails
rails3-jquery-autocomplete rails3-jquery-autocomplete
rails_12factor rails_12factor
redis redis

2
app/controllers/application_controller.rb
View file

@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
include Pundit include Pundit
include PunditExtra include PunditExtra
rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
protect_from_forgery protect_from_forgery(with: :exception)
before_action :get_invite_link before_action :get_invite_link
after_action :allow_embedding after_action :allow_embedding