SYMBOL INDEX (4611 symbols across 488 files) FILE: gem_common.rb type Brakeman (line 1) | module Brakeman type GemDependencies (line 2) | module GemDependencies function dev_dependencies (line 3) | def self.dev_dependencies spec function base_dependencies (line 10) | def self.base_dependencies spec function extended_dependencies (line 18) | def self.extended_dependencies spec FILE: lib/brakeman.rb type Brakeman (line 5) | module Brakeman function run (line 81) | def self.run options function logger (line 110) | def self.logger function logger= (line 114) | def self.logger= log function set_default_logger (line 118) | def self.set_default_logger(options = {}) function cleanup (line 122) | def self.cleanup(newline = true) function set_options (line 127) | def self.set_options options function load_options (line 168) | def self.load_options line_options function config_file (line 218) | def self.config_file custom_location, app_path function default_options (line 225) | def self.default_options function get_output_formats (line 256) | def self.get_output_formats options function get_formats_from_output_format (line 275) | def self.get_formats_from_output_format output_format function get_formats_from_output_files (line 309) | def self.get_formats_from_output_files output_files function get_github_url (line 345) | def self.get_github_url options function list_checks (line 362) | def self.list_checks options function dump_config (line 384) | def self.dump_config options function ensure_latest (line 422) | def self.ensure_latest(days_old: 0) function scan (line 442) | def self.scan options function write_report_to_files (line 482) | def self.write_report_to_files tracker, output_files function write_report_to_formats (line 501) | def self.write_report_to_formats tracker, output_formats function rescan (line 529) | def self.rescan tracker, files, options = {} function announce (line 540) | def self.announce message function alert (line 544) | def self.alert message function debug (line 548) | def self.debug message function compare (line 553) | def self.compare options function load_brakeman_dependency (line 576) | def self.load_brakeman_dependency name, allow_fail = false function ignore_file_entries_with_empty_notes (line 604) | def self.ignore_file_entries_with_empty_notes file function filter_warnings (line 614) | def self.filter_warnings tracker, options function add_external_checks (line 644) | def self.add_external_checks options function check_for_missing_checks (line 650) | def self.check_for_missing_checks included_checks, excluded_checks, en... function debug= (line 660) | def self.debug= val function quiet= (line 664) | def self.quiet= val function process_step (line 668) | def self.process_step(description, &) class DependencyError (line 672) | class DependencyError < RuntimeError; end class NoBrakemanError (line 673) | class NoBrakemanError < RuntimeError; end class NoApplication (line 674) | class NoApplication < RuntimeError; end class MissingChecksError (line 675) | class MissingChecksError < RuntimeError; end FILE: lib/brakeman/app_tree.rb type Brakeman (line 4) | module Brakeman class AppTree (line 5) | class AppTree method from_options (line 10) | def self.from_options(options) method regex_for_paths (line 37) | def self.regex_for_paths(paths) method initialize (line 60) | def initialize(root, init_options = {}) method file_path (line 76) | def file_path(path) method expand_path (line 82) | def expand_path(path) method relative_path (line 88) | def relative_path(path) method exists? (line 97) | def exists?(path) method ruby_file_paths (line 105) | def ruby_file_paths method initializer_paths (line 109) | def initializer_paths method controller_paths (line 113) | def controller_paths method model_paths (line 117) | def model_paths method template_paths (line 121) | def template_paths method layout_exists? (line 126) | def layout_exists?(name) method lib_paths (line 130) | def lib_paths method gemspec (line 137) | def gemspec method marshallable (line 151) | def marshallable method find_helper_paths (line 162) | def find_helper_paths method find_job_paths (line 166) | def find_job_paths method find_additional_lib_paths (line 170) | def find_additional_lib_paths method find_paths (line 174) | def find_paths(directory, extensions = ".rb") method glob_files (line 178) | def glob_files(directory, name, extensions = ".rb") method select_files (line 206) | def select_files(paths) method reject_directories (line 215) | def reject_directories(paths) method select_only_files (line 222) | def select_only_files(paths) method reject_skipped_files (line 231) | def reject_skipped_files(paths) method reject_global_excludes (line 250) | def reject_global_excludes(paths) method in_engine_paths? (line 262) | def in_engine_paths?(path) method in_add_libs_paths? (line 266) | def in_add_libs_paths?(path) method match_path (line 270) | def match_path files, path method top_directories_pattern (line 297) | def top_directories_pattern method root_search_pattern (line 312) | def root_search_pattern method search_pattern (line 317) | def search_pattern(root_dir) method prioritize_concerns (line 326) | def prioritize_concerns paths method convert_to_file_paths (line 330) | def convert_to_file_paths paths FILE: lib/brakeman/call_index.rb class Brakeman::CallIndex (line 4) | class Brakeman::CallIndex method initialize (line 7) | def initialize calls method find_calls (line 22) | def find_calls options method remove_template_indexes (line 74) | def remove_template_indexes template_name = nil method remove_indexes_by_class (line 84) | def remove_indexes_by_class classes method remove_indexes_by_file (line 94) | def remove_indexes_by_file file method index_calls (line 104) | def index_calls calls method find_chain (line 123) | def find_chain options method calls_by_target (line 134) | def calls_by_target target method calls_by_targets (line 145) | def calls_by_targets targets method calls_by_targets_regex (line 155) | def calls_by_targets_regex targets_regex method calls_by_method (line 168) | def calls_by_method method method calls_by_methods (line 179) | def calls_by_methods methods method calls_by_methods_regex (line 190) | def calls_by_methods_regex methods_regex method filter (line 200) | def filter calls, key, value method filter_by_method (line 222) | def filter_by_method calls, method method filter_by_target (line 226) | def filter_by_target calls, target method filter_nested (line 230) | def filter_nested calls method filter_by_chain (line 234) | def filter_by_chain calls, target method from_template (line 256) | def from_template call, template_name FILE: lib/brakeman/checks.rb class Brakeman::Checks (line 9) | class Brakeman::Checks method add (line 16) | def self.add klass method add_optional (line 21) | def self.add_optional klass method checks (line 25) | def self.checks method optional_checks (line 29) | def self.optional_checks method initialize_checks (line 33) | def self.initialize_checks check_directory = "" method missing_checks (line 40) | def self.missing_checks check_args method initialize (line 58) | def initialize options = { } method add_warning (line 77) | def add_warning warning method diff (line 99) | def diff other_checks method all_warnings (line 106) | def all_warnings method run_checks (line 112) | def self.run_checks(tracker) method actually_run_checks (line 118) | def self.actually_run_checks(checks, check_runner, tracker) method get_check_name (line 170) | def self.get_check_name check_class method checks_to_run (line 174) | def self.checks_to_run tracker method filter_checks (line 192) | def self.filter_checks checks, tracker method run_a_check (line 205) | def self.run_a_check klass, mutex, tracker FILE: lib/brakeman/checks/base_check.rb class Brakeman::BaseCheck (line 8) | class Brakeman::BaseCheck < Brakeman::SexpProcessor method inherited (line 24) | def inherited(subclass) method initialize (line 30) | def initialize(tracker) method add_result (line 48) | def add_result result method process_default (line 57) | def process_default exp method process_call (line 66) | def process_call exp method process_if (line 89) | def process_if exp method process_params (line 102) | def process_params exp method process_cookies (line 108) | def process_cookies exp method process_array (line 113) | def process_array exp method process_dstr (line 121) | def process_dstr exp method array_interp? (line 138) | def array_interp? exp method always_safe_method? (line 145) | def always_safe_method? meth method boolean_method? (line 150) | def boolean_method? method method temp_file_path? (line 159) | def temp_file_path? exp method warn (line 164) | def warn options method format_output (line 175) | def format_output exp method mass_assign_disabled? (line 180) | def mass_assign_disabled? method original? (line 250) | def original? result method duplicate? (line 258) | def duplicate? result, location = nil method get_location (line 274) | def get_location result method include_user_input? (line 299) | def include_user_input? exp method has_immediate_user_input? (line 311) | def has_immediate_user_input? exp method has_immediate_model? (line 378) | def has_immediate_model? exp, out = nil method model_name? (line 443) | def model_name? exp method include_target? (line 458) | def include_target? exp, target method lts_version? (line 468) | def lts_version? version method version_between? (line 473) | def version_between? low_version, high_version, current_version = nil method gemfile_or_environment (line 477) | def gemfile_or_environment gem_name = :rails method description (line 489) | def self.description method active_record_models (line 493) | def active_record_models method string_building? (line 510) | def string_building? exp method locale_call? (line 521) | def locale_call? exp FILE: lib/brakeman/checks/check_basic_auth.rb class Brakeman::CheckBasicAuth (line 7) | class Brakeman::CheckBasicAuth < Brakeman::BaseCheck method run_check (line 12) | def run_check method check_basic_auth_filter (line 19) | def check_basic_auth_filter method check_basic_auth_request (line 46) | def check_basic_auth_request method include_password_literal? (line 61) | def include_password_literal? result method process_call (line 71) | def process_call exp method get_password (line 85) | def get_password call FILE: lib/brakeman/checks/check_basic_auth_timing_attack.rb class Brakeman::CheckBasicAuthTimingAttack (line 3) | class Brakeman::CheckBasicAuthTimingAttack < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_basic_auth_call (line 23) | def check_basic_auth_call FILE: lib/brakeman/checks/check_content_tag.rb class Brakeman::CheckContentTag (line 16) | class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting method run_check (line 21) | def run_check method process_result (line 45) | def process_result result method check_argument (line 104) | def check_argument result, exp method process_call (line 164) | def process_call exp method check_cve_2016_6316 (line 176) | def check_cve_2016_6316 method raw? (line 209) | def raw? exp method cve_2016_6316? (line 213) | def cve_2016_6316? FILE: lib/brakeman/checks/check_cookie_serialization.rb class Brakeman::CheckCookieSerialization (line 3) | class Brakeman::CheckCookieSerialization < Brakeman::BaseCheck method run_check (line 8) | def run_check FILE: lib/brakeman/checks/check_create_with.rb class Brakeman::CheckCreateWith (line 3) | class Brakeman::CheckCreateWith < Brakeman::BaseCheck method run_check (line 8) | def run_check method process_result (line 28) | def process_result result method danger_level (line 49) | def danger_level exp method generic_warning (line 67) | def generic_warning FILE: lib/brakeman/checks/check_cross_site_scripting.rb class Brakeman::CheckCrossSiteScripting (line 14) | class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck method initialize (line 36) | def initialize *args method run_check (line 42) | def run_check method check_for_immediate_xss (line 60) | def check_for_immediate_xss exp method likely_model_attribute? (line 130) | def likely_model_attribute? exp method process_output (line 143) | def process_output exp method process_escaped_output (line 149) | def process_escaped_output exp method process_call (line 168) | def process_call exp method actually_process_call (line 216) | def actually_process_call exp method process_params (line 240) | def process_params exp method process_cookies (line 246) | def process_cookies exp method process_render (line 252) | def process_render exp method process_dstr (line 257) | def process_dstr exp method process_format (line 262) | def process_format exp method process_format_escaped (line 267) | def process_format_escaped exp method process_if (line 272) | def process_if exp method process_case (line 278) | def process_case exp method setup (line 291) | def setup method raw_call? (line 340) | def raw_call? exp method html_safe_call? (line 344) | def html_safe_call? exp method ignore_call? (line 348) | def ignore_call? target, method method ignored_model_method? (line 359) | def ignored_model_method? target, method method ignored_method? (line 365) | def ignored_method? target, method method cgi_escaped? (line 369) | def cgi_escaped? target, method method haml_escaped? (line 374) | def haml_escaped? target, method method xml_escaped? (line 378) | def xml_escaped? target, method method form_builder_method? (line 382) | def form_builder_method? target, method method safe_input_attribute? (line 386) | def safe_input_attribute? target, method FILE: lib/brakeman/checks/check_csrf_token_forgery_cve.rb class Brakeman::CheckCSRFTokenForgeryCVE (line 3) | class Brakeman::CheckCSRFTokenForgeryCVE < Brakeman::BaseCheck method run_check (line 8) | def run_check FILE: lib/brakeman/checks/check_default_routes.rb class Brakeman::CheckDefaultRoutes (line 4) | class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck method initialize (line 9) | def initialize *args method run_check (line 16) | def run_check method check_for_default_routes (line 22) | def check_for_default_routes method check_for_action_globs (line 35) | def check_for_action_globs method check_for_cve_2014_0130 (line 59) | def check_for_cve_2014_0130 method allow_all_actions? (line 91) | def allow_all_actions? FILE: lib/brakeman/checks/check_deserialize.rb class Brakeman::CheckDeserialize (line 3) | class Brakeman::CheckDeserialize < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_yaml (line 15) | def check_yaml method check_csv (line 35) | def check_csv method check_marshal (line 39) | def check_marshal method check_oj (line 43) | def check_oj method check_methods (line 63) | def check_methods target, *methods method check_deserialize (line 69) | def check_deserialize result, target, arg = nil method oj_safe_default? (line 100) | def oj_safe_default? method oj_safe_mode? (line 116) | def oj_safe_mode? options method uses_safe_yaml? (line 126) | def uses_safe_yaml? FILE: lib/brakeman/checks/check_detailed_exceptions.rb class Brakeman::CheckDetailedExceptions (line 4) | class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck method run_check (line 11) | def run_check method check_local_request_config (line 16) | def check_local_request_config method check_detailed_exceptions (line 27) | def check_detailed_exceptions method safe? (line 53) | def safe? body FILE: lib/brakeman/checks/check_digest_dos.rb class Brakeman::CheckDigestDoS (line 3) | class Brakeman::CheckDigestDoS < Brakeman::BaseCheck method run_check (line 8) | def run_check method with_http_digest? (line 36) | def with_http_digest? FILE: lib/brakeman/checks/check_divide_by_zero.rb class Brakeman::CheckDivideByZero (line 3) | class Brakeman::CheckDivideByZero < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_division (line 14) | def check_division result FILE: lib/brakeman/checks/check_dynamic_finders.rb class Brakeman::CheckDynamicFinders (line 4) | class Brakeman::CheckDynamicFinders < Brakeman::BaseCheck method run_check (line 9) | def run_check method process_result (line 17) | def process_result result method safe_call? (line 39) | def safe_call? arg method potentially_dangerous? (line 46) | def potentially_dangerous? method_name FILE: lib/brakeman/checks/check_eol_rails.rb class Brakeman::CheckEOLRails (line 3) | class Brakeman::CheckEOLRails < Brakeman::EOLCheck method run_check (line 8) | def run_check FILE: lib/brakeman/checks/check_eol_ruby.rb class Brakeman::CheckEOLRuby (line 3) | class Brakeman::CheckEOLRuby < Brakeman::EOLCheck method run_check (line 8) | def run_check FILE: lib/brakeman/checks/check_escape_function.rb class Brakeman::CheckEscapeFunction (line 5) | class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck method run_check (line 10) | def run_check FILE: lib/brakeman/checks/check_evaluation.rb class Brakeman::CheckEvaluation (line 5) | class Brakeman::CheckEvaluation < Brakeman::BaseCheck method run_check (line 11) | def run_check method process_result (line 22) | def process_result result method string_evaluation? (line 51) | def string_evaluation? exp method safe_value? (line 56) | def safe_value? exp FILE: lib/brakeman/checks/check_execute.rb class Brakeman::CheckExecute (line 11) | class Brakeman::CheckExecute < Brakeman::BaseCheck method run_check (line 31) | def run_check method process_result (line 52) | def process_result result method dash_c_shell_command? (line 155) | def dash_c_shell_command?(first_arg, second_arg) method check_open_calls (line 162) | def check_open_calls method include_user_input? (line 176) | def include_user_input? exp method dangerous_open_arg? (line 194) | def dangerous_open_arg? exp method check_for_backticks (line 208) | def check_for_backticks tracker method process_backticks (line 215) | def process_backticks result method dangerous? (line 239) | def dangerous? exp method dangerous_interp? (line 268) | def dangerous_interp? exp method include_interp? (line 285) | def include_interp? exp method dangerous_string_building? (line 291) | def dangerous_string_building? exp method shell_escape? (line 299) | def shell_escape? exp FILE: lib/brakeman/checks/check_file_access.rb class Brakeman::CheckFileAccess (line 5) | class Brakeman::CheckFileAccess < Brakeman::BaseCheck method run_check (line 10) | def run_check method process_result (line 29) | def process_result result method called_on_tempfile? (line 71) | def called_on_tempfile? file_name method sanitized? (line 75) | def sanitized? file method temp_file_method? (line 81) | def temp_file_method? exp FILE: lib/brakeman/checks/check_file_disclosure.rb class Brakeman::CheckFileDisclosure (line 3) | class Brakeman::CheckFileDisclosure < Brakeman::BaseCheck method run_check (line 8) | def run_check method serves_static_assets? (line 33) | def serves_static_assets? FILE: lib/brakeman/checks/check_filter_skipping.rb class Brakeman::CheckFilterSkipping (line 5) | class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck method run_check (line 10) | def run_check method uses_arbitrary_actions? (line 23) | def uses_arbitrary_actions? FILE: lib/brakeman/checks/check_force_ssl.rb class Brakeman::CheckForceSSL (line 1) | class Brakeman::CheckForceSSL < Brakeman::BaseCheck method run_check (line 6) | def run_check FILE: lib/brakeman/checks/check_forgery_setting.rb class Brakeman::CheckForgerySetting (line 7) | class Brakeman::CheckForgerySetting < Brakeman::BaseCheck method run_check (line 12) | def run_check method csrf_warning (line 51) | def csrf_warning opts method check_cve_2011_0447 (line 62) | def check_cve_2011_0447 FILE: lib/brakeman/checks/check_header_dos.rb class Brakeman::CheckHeaderDoS (line 3) | class Brakeman::CheckHeaderDoS < Brakeman::BaseCheck method run_check (line 8) | def run_check method has_workaround? (line 28) | def has_workaround? FILE: lib/brakeman/checks/check_i18n_xss.rb class Brakeman::CheckI18nXSS (line 3) | class Brakeman::CheckI18nXSS < Brakeman::BaseCheck method run_check (line 8) | def run_check method version_before (line 31) | def version_before gem_version, target method has_workaround? (line 44) | def has_workaround? FILE: lib/brakeman/checks/check_jruby_xml.rb class Brakeman::CheckJRubyXML (line 3) | class Brakeman::CheckJRubyXML < Brakeman::BaseCheck method run_check (line 8) | def run_check FILE: lib/brakeman/checks/check_json_encoding.rb class Brakeman::CheckJSONEncoding (line 3) | class Brakeman::CheckJSONEncoding < Brakeman::BaseCheck method run_check (line 8) | def run_check method has_workaround? (line 34) | def has_workaround? FILE: lib/brakeman/checks/check_json_entity_escape.rb class Brakeman::CheckJSONEntityEscape (line 3) | class Brakeman::CheckJSONEntityEscape < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_config_setting (line 13) | def check_config_setting method check_manual_disable (line 25) | def check_manual_disable FILE: lib/brakeman/checks/check_json_parsing.rb class Brakeman::CheckJSONParsing (line 3) | class Brakeman::CheckJSONParsing < Brakeman::BaseCheck method initialize (line 8) | def initialize *args method run_check (line 13) | def run_check method check_cve_2013_0333 (line 18) | def check_cve_2013_0333 method uses_yajl? (line 42) | def uses_yajl? method uses_gem_backend? (line 47) | def uses_gem_backend? method check_cve_2013_0269 (line 63) | def check_cve_2013_0269 method check_json_version (line 70) | def check_json_version name, version method uses_json_parse? (line 106) | def uses_json_parse? FILE: lib/brakeman/checks/check_link_to.rb class Brakeman::CheckLinkTo (line 7) | class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting method run_check (line 12) | def run_check method process_result (line 32) | def process_result result method check_argument (line 61) | def check_argument result, exp method check_user_input (line 67) | def check_user_input(result, argument) method check_method (line 77) | def check_method(result, argument) method check_matched (line 90) | def check_matched(result, matched = nil) method warn_xss (line 100) | def warn_xss(result, message, user_input, confidence) method process_call (line 114) | def process_call exp method actually_process_call (line 120) | def actually_process_call exp FILE: lib/brakeman/checks/check_link_to_href.rb class Brakeman::CheckLinkToHref (line 9) | class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo method run_check (line 14) | def run_check method process_result (line 32) | def process_result result method check_argument? (line 81) | def check_argument? url_arg method ignore_model_call? (line 91) | def ignore_model_call? url_arg, exp method ignore_interpolation? (line 108) | def ignore_interpolation? arg, suspect method ignore_call? (line 124) | def ignore_call? target, method method decorated_model? (line 128) | def decorated_model? method method ignored_method? (line 133) | def ignored_method? target, method method model_find_call? (line 139) | def model_find_call? exp method call_on_params? (line 146) | def call_on_params? exp FILE: lib/brakeman/checks/check_mail_to.rb class Brakeman::CheckMailTo (line 7) | class Brakeman::CheckMailTo < Brakeman::BaseCheck method run_check (line 12) | def run_check method mail_to_javascript? (line 35) | def mail_to_javascript? FILE: lib/brakeman/checks/check_mass_assignment.rb class Brakeman::CheckMassAssignment (line 7) | class Brakeman::CheckMassAssignment < Brakeman::BaseCheck method initialize (line 12) | def initialize(*) method run_check (line 17) | def run_check method find_mass_assign_calls (line 23) | def find_mass_assign_calls method check_mass_assignment (line 54) | def check_mass_assignment method process_result (line 64) | def process_result res method check_call (line 110) | def check_call call method all_literal_args? (line 132) | def all_literal_args? exp method literal? (line 147) | def literal? exp method check_permit! (line 160) | def check_permit! method inside_safe_method? (line 171) | def inside_safe_method? result method calls_slice? (line 178) | def calls_slice? result method subsequent_mass_assignment? (line 186) | def subsequent_mass_assignment? result method warn_on_permit! (line 196) | def warn_on_permit! result method check_permit_all_parameters (line 213) | def check_permit_all_parameters FILE: lib/brakeman/checks/check_mime_type_dos.rb class Brakeman::CheckMimeTypeDoS (line 3) | class Brakeman::CheckMimeTypeDoS < Brakeman::BaseCheck method run_check (line 8) | def run_check method has_workaround? (line 33) | def has_workaround? FILE: lib/brakeman/checks/check_model_attr_accessible.rb class Brakeman::CheckModelAttrAccessible (line 8) | class Brakeman::CheckModelAttrAccessible < Brakeman::BaseCheck method run_check (line 21) | def run_check method role_limited? (line 44) | def role_limited? model, attribute method check_models (line 50) | def check_models FILE: lib/brakeman/checks/check_model_attributes.rb class Brakeman::CheckModelAttributes (line 5) | class Brakeman::CheckModelAttributes < Brakeman::BaseCheck method run_check (line 10) | def run_check method check_models (line 49) | def check_models method check_for_attr_protected_bypass (line 57) | def check_for_attr_protected_bypass FILE: lib/brakeman/checks/check_model_serialize.rb class Brakeman::CheckModelSerialize (line 3) | class Brakeman::CheckModelSerialize < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_for_serialize (line 27) | def check_for_serialize model FILE: lib/brakeman/checks/check_nested_attributes.rb class Brakeman::CheckNestedAttributes (line 5) | class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck method run_check (line 10) | def run_check method uses_nested_attributes? (line 32) | def uses_nested_attributes? FILE: lib/brakeman/checks/check_nested_attributes_bypass.rb class Brakeman::CheckNestedAttributesBypass (line 4) | class Brakeman::CheckNestedAttributesBypass < Brakeman::BaseCheck method run_check (line 9) | def run_check method check_nested_attributes (line 20) | def check_nested_attributes method warn_about_nested_attributes (line 32) | def warn_about_nested_attributes model, args method allow_destroy? (line 46) | def allow_destroy? arg method reject_if? (line 51) | def reject_if? arg method workaround? (line 56) | def workaround? FILE: lib/brakeman/checks/check_number_to_currency.rb class Brakeman::CheckNumberToCurrency (line 3) | class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck method initialize (line 8) | def initialize(*) method run_check (line 13) | def run_check method generic_warning (line 25) | def generic_warning method check_number_helper_usage (line 43) | def check_number_helper_usage method check_helper_option (line 57) | def check_helper_option result, exp method warn_on_number_helper (line 66) | def warn_on_number_helper result, match FILE: lib/brakeman/checks/check_page_caching_cve.rb class Brakeman::CheckPageCachingCVE (line 3) | class Brakeman::CheckPageCachingCVE < Brakeman::BaseCheck method run_check (line 8) | def run_check method uses_caches_page? (line 33) | def uses_caches_page? FILE: lib/brakeman/checks/check_pathname.rb class Brakeman::CheckPathname (line 3) | class Brakeman::CheckPathname < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_rails_root_join (line 14) | def check_rails_root_join method check_pathname_join (line 20) | def check_pathname_join method check_result (line 33) | def check_result result FILE: lib/brakeman/checks/check_permit_attributes.rb class Brakeman::CheckPermitAttributes (line 3) | class Brakeman::CheckPermitAttributes < Brakeman::BaseCheck method run_check (line 15) | def run_check method check_permit (line 21) | def check_permit result method warn_on_permit_key (line 35) | def warn_on_permit_key result, key, confidence = nil FILE: lib/brakeman/checks/check_quote_table_name.rb class Brakeman::CheckQuoteTableName (line 5) | class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck method run_check (line 10) | def run_check method uses_quote_table_name? (line 36) | def uses_quote_table_name? FILE: lib/brakeman/checks/check_ransack.rb class Brakeman::CheckRansack (line 3) | class Brakeman::CheckRansack < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_ransack_calls (line 13) | def check_ransack_calls method ransackable_allow_list? (line 49) | def ransackable_allow_list? class_name FILE: lib/brakeman/checks/check_redirect.rb class Brakeman::CheckRedirect (line 8) | class Brakeman::CheckRedirect < Brakeman::BaseCheck method run_check (line 13) | def run_check method process_result (line 35) | def process_result result method include_user_input? (line 81) | def include_user_input? opt, immediate = :immediate method only_path? (line 124) | def only_path? call method use_unsafe_hash_method? (line 138) | def use_unsafe_hash_method? arg method call_has_param (line 142) | def call_has_param arg, key method has_only_path? (line 153) | def has_only_path? arg method explicit_host? (line 161) | def explicit_host? arg method check_url_for (line 183) | def check_url_for call method model_instance? (line 196) | def model_instance? exp method model_target? (line 209) | def model_target? exp method friendly_model? (line 218) | def friendly_model? exp method decorated_model? (line 224) | def decorated_model? exp method association? (line 237) | def association? model_name, meth method slice_call? (line 251) | def slice_call? exp method safe_permit? (line 258) | def safe_permit? exp method protected_by_raise? (line 272) | def protected_by_raise? call method raise_on_redirects? (line 277) | def raise_on_redirects? method allow_other_host? (line 281) | def allow_other_host? call method disallow_other_host? (line 287) | def disallow_other_host? call FILE: lib/brakeman/checks/check_regex_dos.rb class Brakeman::CheckRegexDoS (line 4) | class Brakeman::CheckRegexDoS < Brakeman::BaseCheck method run_check (line 17) | def run_check method process_result (line 28) | def process_result result method process_call (line 60) | def process_call(exp) FILE: lib/brakeman/checks/check_render.rb class Brakeman::CheckRender (line 4) | class Brakeman::CheckRender < Brakeman::BaseCheck method run_check (line 9) | def run_check method process_render_result (line 15) | def process_render_result result method check_for_dynamic_path (line 31) | def check_for_dynamic_path result method safe_param? (line 62) | def safe_param? exp method renderable? (line 75) | def renderable? exp method known_renderable_class? (line 87) | def known_renderable_class? class_name FILE: lib/brakeman/checks/check_render_dos.rb class Brakeman::CheckRenderDoS (line 3) | class Brakeman::CheckRenderDoS < Brakeman::BaseCheck method run_check (line 8) | def run_check method text_render? (line 22) | def text_render? result method warn_about_text_render (line 27) | def warn_about_text_render FILE: lib/brakeman/checks/check_render_inline.rb class Brakeman::CheckRenderInline (line 1) | class Brakeman::CheckRenderInline < Brakeman::CheckCrossSiteScripting method run_check (line 6) | def run_check method check_render (line 14) | def check_render result method content_type_set? (line 48) | def content_type_set? opts FILE: lib/brakeman/checks/check_render_rce.rb class Brakeman::CheckRenderRCE (line 3) | class Brakeman::CheckRenderRCE < Brakeman::CheckRender method run_check (line 8) | def run_check method process_render_result (line 14) | def process_render_result result method check_for_rce (line 23) | def check_for_rce result FILE: lib/brakeman/checks/check_response_splitting.rb class Brakeman::CheckResponseSplitting (line 5) | class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck method run_check (line 10) | def run_check FILE: lib/brakeman/checks/check_reverse_tabnabbing.rb class Brakeman::CheckReverseTabnabbing (line 3) | class Brakeman::CheckReverseTabnabbing < Brakeman::BaseCheck method run_check (line 8) | def run_check method process_result (line 15) | def process_result result FILE: lib/brakeman/checks/check_route_dos.rb class Brakeman::CheckRouteDoS (line 3) | class Brakeman::CheckRouteDoS < Brakeman::BaseCheck method run_check (line 8) | def run_check method controller_wildcards? (line 31) | def controller_wildcards? FILE: lib/brakeman/checks/check_safe_buffer_manipulation.rb class Brakeman::CheckSafeBufferManipulation (line 6) | class Brakeman::CheckSafeBufferManipulation < Brakeman::BaseCheck method run_check (line 11) | def run_check FILE: lib/brakeman/checks/check_sanitize_config_cve.rb class Brakeman::CheckSanitizeConfigCve (line 3) | class Brakeman::CheckSanitizeConfigCve < Brakeman::BaseCheck method run_check (line 8) | def run_check method cve_warning (line 24) | def cve_warning confidence: :weak, result: nil method check_config (line 52) | def check_config method check_sanitize_calls (line 65) | def check_sanitize_calls method check_safe_list_allowed_tags (line 77) | def check_safe_list_allowed_tags method check_tags_option (line 85) | def check_tags_option result method check_result (line 93) | def check_result result, arg method include_both_tags? (line 100) | def include_both_tags? exp method has_tag? (line 107) | def has_tag? exp, tag FILE: lib/brakeman/checks/check_sanitize_methods.rb class Brakeman::CheckSanitizeMethods (line 5) | class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck method run_check (line 10) | def run_check method check_cve_2013_1855 (line 34) | def check_cve_2013_1855 method check_cve_2013_1857 (line 38) | def check_cve_2013_1857 method check_for_cve (line 42) | def check_for_cve method, code, link method check_rails_html_sanitizer (line 59) | def check_rails_html_sanitizer method check_cve_2018_8048 (line 72) | def check_cve_2018_8048 method loofah_vulnerable_cve_2018_8048? (line 92) | def loofah_vulnerable_cve_2018_8048? method warn_sanitizer_cve (line 99) | def warn_sanitizer_cve cve, link, upgrade_version FILE: lib/brakeman/checks/check_secrets.rb class Brakeman::CheckSecrets (line 3) | class Brakeman::CheckSecrets < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_constants (line 12) | def check_constants method looks_like_secret? (line 37) | def looks_like_secret? name FILE: lib/brakeman/checks/check_select_tag.rb class Brakeman::CheckSelectTag (line 5) | class Brakeman::CheckSelectTag < Brakeman::BaseCheck method run_check (line 10) | def run_check method process_result (line 36) | def process_result result FILE: lib/brakeman/checks/check_select_vulnerability.rb class Brakeman::CheckSelectVulnerability (line 5) | class Brakeman::CheckSelectVulnerability < Brakeman::BaseCheck method run_check (line 10) | def run_check method process_result (line 37) | def process_result result FILE: lib/brakeman/checks/check_send.rb class Brakeman::CheckSend (line 4) | class Brakeman::CheckSend < Brakeman::BaseCheck method run_check (line 9) | def run_check method process_result (line 19) | def process_result result method get_send (line 38) | def get_send exp FILE: lib/brakeman/checks/check_send_file.rb class Brakeman::CheckSendFile (line 5) | class Brakeman::CheckSendFile < Brakeman::CheckFileAccess method run_check (line 10) | def run_check FILE: lib/brakeman/checks/check_session_manipulation.rb class Brakeman::CheckSessionManipulation (line 3) | class Brakeman::CheckSessionManipulation < Brakeman::BaseCheck method run_check (line 8) | def run_check method process_result (line 14) | def process_result result FILE: lib/brakeman/checks/check_session_settings.rb class Brakeman::CheckSessionSettings (line 4) | class Brakeman::CheckSessionSettings < Brakeman::BaseCheck method initialize (line 9) | def initialize *args method run_check (line 19) | def run_check method process_attrasgn (line 46) | def process_attrasgn exp method process_call (line 62) | def process_call exp method settings_target? (line 72) | def settings_target? exp method check_for_issues (line 79) | def check_for_issues settings, file method check_for_rails3_issues (line 98) | def check_for_rails3_issues settings, file method check_secrets_yaml (line 114) | def check_secrets_yaml method warn_about_http_only (line 138) | def warn_about_http_only line, file method warn_about_secret_token (line 149) | def warn_about_secret_token line, file method warn_about_secure_only (line 159) | def warn_about_secure_only line, file method ignored? (line 169) | def ignored? file FILE: lib/brakeman/checks/check_simple_format.rb class Brakeman::CheckSimpleFormat (line 3) | class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting method initialize (line 8) | def initialize *args method run_check (line 13) | def run_check method generic_warning (line 23) | def generic_warning method check_simple_format_usage (line 35) | def check_simple_format_usage method process_call (line 45) | def process_call exp method warn_on_simple_format (line 51) | def warn_on_simple_format result, match FILE: lib/brakeman/checks/check_single_quotes.rb class Brakeman::CheckSingleQuotes (line 5) | class Brakeman::CheckSingleQuotes < Brakeman::BaseCheck method initialize (line 11) | def initialize *args method run_check (line 16) | def run_check method uses_rack_escape? (line 47) | def uses_rack_escape? method process_class (line 58) | def process_class exp method process_module (line 71) | def process_module exp method process_defn (line 84) | def process_defn exp method process_call (line 97) | def process_call exp FILE: lib/brakeman/checks/check_skip_before_filter.rb class Brakeman::CheckSkipBeforeFilter (line 10) | class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck method run_check (line 15) | def run_check method process_skip_filter (line 23) | def process_skip_filter filter, controller method skip_except_value (line 48) | def skip_except_value filter FILE: lib/brakeman/checks/check_sprockets_path_traversal.rb class Brakeman::CheckSprocketsPathTraversal (line 1) | class Brakeman::CheckSprocketsPathTraversal < Brakeman::BaseCheck method run_check (line 6) | def run_check method has_workaround? (line 37) | def has_workaround? FILE: lib/brakeman/checks/check_sql.rb class Brakeman::CheckSQL (line 11) | class Brakeman::CheckSQL < Brakeman::BaseCheck method run_check (line 16) | def run_check method find_scope_calls (line 83) | def find_scope_calls method ar_scope_calls (line 111) | def ar_scope_calls(symbol_name, &block) method scope_call_hash (line 122) | def scope_call_hash(call, model, method) method process_scope_with_block (line 127) | def process_scope_with_block model, args method process_result (line 173) | def process_result result method check_find_arguments (line 288) | def check_find_arguments arg method check_scope_arguments (line 294) | def check_scope_arguments call method check_query_arguments (line 300) | def check_query_arguments arg method check_order_arguments (line 335) | def check_order_arguments args method check_by_sql_arguments (line 347) | def check_by_sql_arguments arg method check_joins_arguments (line 357) | def check_joins_arguments arg method check_update_all_arguments (line 372) | def check_update_all_arguments args method check_lock_arguments (line 384) | def check_lock_arguments arg method check_hash_keys (line 394) | def check_hash_keys exp method check_string_interp (line 409) | def check_string_interp arg method unsafe_string_interp? (line 423) | def unsafe_string_interp? exp method unsafe_sql? (line 460) | def unsafe_sql? exp, ignore_hash = false method find_dangerous_value (line 468) | def find_dangerous_value exp, ignore_hash method check_hash_values (line 527) | def check_hash_values exp method check_for_string_building (line 552) | def check_for_string_building exp method check_str_target_or_arg (line 569) | def check_str_target_or_arg target, arg method check_interp_target_or_arg (line 577) | def check_interp_target_or_arg target, arg method check_string_arg (line 584) | def check_string_arg exp method ignore_methods_in_sql (line 607) | def ignore_methods_in_sql method safe_value? (line 611) | def safe_value? exp method ignore_call? (line 636) | def ignore_call? exp method quote_call? (line 650) | def quote_call? exp method arel? (line 662) | def arel? exp method check_call (line 667) | def check_call exp method check_exists (line 680) | def check_exists arg method check_for_limit_or_offset_vulnerability (line 692) | def check_for_limit_or_offset_vulnerability options method constantize_call? (line 714) | def constantize_call? result method connect_call? (line 721) | def connect_call? result method number_target? (line 737) | def number_target? exp method date_target? (line 751) | def date_target? exp FILE: lib/brakeman/checks/check_sql_cves.rb class Brakeman::CheckSQLCVEs (line 3) | class Brakeman::CheckSQLCVEs < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_rails_versions_against_cve_issues (line 13) | def check_rails_versions_against_cve_issues method cve_warning_for (line 73) | def cve_warning_for versions, cve, link method upgrade_version? (line 88) | def upgrade_version? versions method check_cve_2014_0080 (line 96) | def check_cve_2014_0080 FILE: lib/brakeman/checks/check_ssl_verify.rb class Brakeman::CheckSSLVerify (line 5) | class Brakeman::CheckSSLVerify < Brakeman::BaseCheck method run_check (line 12) | def run_check method check_open_ssl_verify_none (line 17) | def check_open_ssl_verify_none method process_verify_mode_result (line 21) | def process_verify_mode_result result method check_http_start (line 27) | def check_http_start method process_http_start_result (line 31) | def process_http_start_result result method warn_about_ssl_verification_bypass (line 39) | def warn_about_ssl_verification_bypass result FILE: lib/brakeman/checks/check_strip_tags.rb class Brakeman::CheckStripTags (line 11) | class Brakeman::CheckStripTags < Brakeman::BaseCheck method run_check (line 16) | def run_check method cve_2011_2931 (line 25) | def cve_2011_2931 method cve_2012_3465 (line 43) | def cve_2012_3465 method cve_2015_7579 (line 68) | def cve_2015_7579 method uses_strip_tags? (line 89) | def uses_strip_tags? FILE: lib/brakeman/checks/check_symbol_dos.rb class Brakeman::CheckSymbolDoS (line 3) | class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck method run_check (line 10) | def run_check method check_unsafe_symbol_creation (line 19) | def check_unsafe_symbol_creation result method safe_parameter? (line 53) | def safe_parameter? input method symbolizing_attributes? (line 67) | def symbolizing_attributes? input FILE: lib/brakeman/checks/check_symbol_dos_cve.rb class Brakeman::CheckSymbolDoSCVE (line 3) | class Brakeman::CheckSymbolDoSCVE < Brakeman::BaseCheck method run_check (line 8) | def run_check FILE: lib/brakeman/checks/check_template_injection.rb class Brakeman::CheckTemplateInjection (line 3) | class Brakeman::CheckTemplateInjection < Brakeman::BaseCheck method run_check (line 9) | def run_check method process_result (line 20) | def process_result result FILE: lib/brakeman/checks/check_translate_bug.rb class Brakeman::CheckTranslateBug (line 4) | class Brakeman::CheckTranslateBug < Brakeman::BaseCheck method run_check (line 9) | def run_check method uses_translate? (line 41) | def uses_translate? FILE: lib/brakeman/checks/check_unsafe_reflection.rb class Brakeman::CheckUnsafeReflection (line 7) | class Brakeman::CheckUnsafeReflection < Brakeman::BaseCheck method run_check (line 12) | def run_check method check_unsafe_reflection (line 20) | def check_unsafe_reflection result FILE: lib/brakeman/checks/check_unsafe_reflection_methods.rb class Brakeman::CheckUnsafeReflectionMethods (line 3) | class Brakeman::CheckUnsafeReflectionMethods < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_method (line 14) | def check_method method check_tap (line 24) | def check_tap method check_to_proc (line 39) | def check_to_proc method warn_unsafe_reflection (line 49) | def warn_unsafe_reflection result, input FILE: lib/brakeman/checks/check_unscoped_find.rb class Brakeman::CheckUnscopedFind (line 4) | class Brakeman::CheckUnscopedFind < Brakeman::BaseCheck method run_check (line 9) | def run_check method process_result (line 36) | def process_result result method optional_belongs_to? (line 55) | def optional_belongs_to? exp FILE: lib/brakeman/checks/check_validation_regex.rb class Brakeman::CheckValidationRegex (line 10) | class Brakeman::CheckValidationRegex < Brakeman::BaseCheck method run_check (line 18) | def run_check method process_validates_format_of (line 40) | def process_validates_format_of validator method process_validates (line 47) | def process_validates validator method check_regex (line 84) | def check_regex value, validator method get_name (line 100) | def get_name validator method secure_regex? (line 112) | def secure_regex?(regex) FILE: lib/brakeman/checks/check_verb_confusion.rb class Brakeman::CheckVerbConfusion (line 3) | class Brakeman::CheckVerbConfusion < Brakeman::BaseCheck method run_check (line 9) | def run_check method process_result (line 17) | def process_result result method process_if (line 38) | def process_if exp method warn_about_result (line 53) | def warn_about_result result, code FILE: lib/brakeman/checks/check_weak_hash.rb class Brakeman::CheckWeakHash (line 3) | class Brakeman::CheckWeakHash < Brakeman::BaseCheck method run_check (line 10) | def run_check method process_hash_result (line 24) | def process_hash_result result method process_hmac_result (line 60) | def process_hmac_result result method process_openssl_result (line 82) | def process_openssl_result result method user_input_as_arg? (line 101) | def user_input_as_arg? call method hashing_password? (line 111) | def hashing_password? call method process_call (line 125) | def process_call exp method process_ivar (line 135) | def process_ivar exp method process_lvar (line 143) | def process_lvar exp FILE: lib/brakeman/checks/check_weak_rsa_key.rb class Brakeman::CheckWeakRSAKey (line 3) | class Brakeman::CheckWeakRSAKey < Brakeman::BaseCheck method run_check (line 8) | def run_check method check_rsa_key_creation (line 13) | def check_rsa_key_creation method check_rsa_operations (line 33) | def check_rsa_operations method check_key_size (line 53) | def check_key_size result, key_size_arg method check_padding (line 85) | def check_padding result, padding_arg FILE: lib/brakeman/checks/check_without_protection.rb class Brakeman::CheckWithoutProtection (line 7) | class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck method run_check (line 12) | def run_check method process_result (line 34) | def process_result res method all_literals? (line 66) | def all_literals? call FILE: lib/brakeman/checks/check_xml_dos.rb class Brakeman::CheckXMLDoS (line 3) | class Brakeman::CheckXMLDoS < Brakeman::BaseCheck method run_check (line 8) | def run_check method has_workaround? (line 37) | def has_workaround? FILE: lib/brakeman/checks/check_yaml_parsing.rb class Brakeman::CheckYAMLParsing (line 3) | class Brakeman::CheckYAMLParsing < Brakeman::BaseCheck method run_check (line 8) | def run_check method disabled_xml_parser? (line 50) | def disabled_xml_parser? method enabled_yaml_parser? (line 74) | def enabled_yaml_parser? method disabled_xml_dangerous_types? (line 91) | def disabled_xml_dangerous_types? FILE: lib/brakeman/checks/eol_check.rb class Brakeman::EOLCheck (line 5) | class Brakeman::EOLCheck < Brakeman::BaseCheck method check_eol_version (line 6) | def check_eol_version library, eol_dates method warn_about_soon_unsupported_version (line 32) | def warn_about_soon_unsupported_version library, eol_date, version, co... method warn_about_unsupported_version (line 41) | def warn_about_unsupported_version library, eol_date, version FILE: lib/brakeman/codeclimate/engine_configuration.rb type Brakeman (line 3) | module Brakeman type Codeclimate (line 4) | module Codeclimate class EngineConfiguration (line 5) | class EngineConfiguration method initialize (line 7) | def initialize(engine_config = {}) method options (line 11) | def options method default_options (line 19) | def default_options method configured_options (line 32) | def configured_options method brakeman_configuration (line 52) | def brakeman_configuration method active_include_paths (line 60) | def active_include_paths method stripped_include_paths (line 69) | def stripped_include_paths(prefix) method path_subprefixes (line 77) | def path_subprefixes(path) method stripped_include_path (line 88) | def stripped_include_path(prefix, subprefixes, path) FILE: lib/brakeman/commandline.rb type Brakeman (line 3) | module Brakeman class Commandline (line 6) | class Commandline method start (line 14) | def start options = nil, app_path = "." method run (line 30) | def run options, default_app_path = "." method check_latest (line 44) | def check_latest(days_old = 0) method compare_results (line 55) | def compare_results options method early_exit_options (line 77) | def early_exit_options options method parse_options (line 99) | def parse_options argv method quit (line 127) | def quit exit_code = 0, message = nil method regular_report (line 134) | def regular_report options method run_brakeman (line 171) | def run_brakeman options method run_report (line 176) | def run_report options method set_interrupt_handler (line 191) | def set_interrupt_handler options method set_options (line 207) | def set_options options, default_app_path = "." FILE: lib/brakeman/differ.rb class Brakeman::Differ (line 3) | class Brakeman::Differ method initialize (line 6) | def initialize new_warnings, old_warnings method diff (line 11) | def diff method second_pass (line 22) | def second_pass(warnings) method fingerprint (line 42) | def fingerprint(warning) FILE: lib/brakeman/file_parser.rb type Brakeman (line 3) | module Brakeman class FileParser (line 7) | class FileParser method initialize (line 10) | def initialize app_tree, timeout, parallel = true, use_prism = false method parse_files (line 30) | def parse_files list method read_files (line 67) | def read_files list method parse_ruby (line 84) | def parse_ruby input, path method parse_with_prism (line 106) | def parse_with_prism input, path method parse_with_ruby_parser (line 110) | def parse_with_ruby_parser input, path FILE: lib/brakeman/file_path.rb type Brakeman (line 3) | module Brakeman class FilePath (line 7) | class FilePath method from_app_tree (line 18) | def self.from_app_tree app_tree, path method initialize (line 33) | def initialize absolute_path, relative_path method basename (line 39) | def basename method read (line 44) | def read method exists? (line 49) | def exists? method <=> (line 54) | def <=> rhs method == (line 60) | def == rhs method to_str (line 67) | def to_str method to_s (line 76) | def to_s method hash (line 80) | def hash method eql? (line 84) | def eql? rhs FILE: lib/brakeman/logger.rb type Brakeman (line 1) | module Brakeman type Logger (line 2) | module Logger function get_logger (line 3) | def self.get_logger options, dest = $stderr class Base (line 18) | class Base method initialize (line 19) | def initialize(options, log_destination = $stderr) method log (line 26) | def log(message, newline: true) method announce (line 35) | def announce(message); end method alert (line 38) | def alert(message); end method debug (line 41) | def debug(message); end method context (line 44) | def context(description, &) method single_context (line 49) | def single_context(description, &) method update_progress (line 54) | def update_progress(current, total, type = 'files'); end method spin (line 57) | def spin; end method cleanup (line 60) | def cleanup(newline = true); end method show_timing? (line 62) | def show_timing? = @show_timing method color (line 65) | def color(message, *) method color? (line 73) | def color? method load_highline (line 79) | def load_highline(output_color) class Plain (line 90) | class Plain < Base method initialize (line 91) | def initialize(options, *) method announce (line 97) | def announce(message) method alert (line 101) | def alert(message) method context (line 105) | def context(description, &) method time_step (line 115) | def time_step(description, &) class Quiet (line 124) | class Quiet < Base method initialize (line 125) | def initialize(*) class Debug (line 130) | class Debug < Plain method debug (line 131) | def debug(message) method context (line 135) | def context(description, &) method single_context (line 141) | def single_context(description, &) class Console (line 153) | class Console < Base method initialize (line 156) | def initialize(options, *) method announce (line 175) | def announce message method alert (line 181) | def alert message method context (line 187) | def context(description, &) method time_step (line 195) | def time_step(description, &) method update_progress (line 208) | def update_progress current, total, type = 'files' method write_prefix (line 218) | def write_prefix pref method rewrite_prefix (line 224) | def rewrite_prefix method write_after (line 229) | def write_after message method set_prefix (line 235) | def set_prefix message method clear_prefix (line 240) | def clear_prefix method clear_line (line 246) | def clear_line method spin (line 251) | def spin method cleanup (line 259) | def cleanup(newline = true) FILE: lib/brakeman/messages.rb type Brakeman (line 1) | module Brakeman type Messages (line 2) | module Messages function msg (line 5) | def msg *args function msg_code (line 18) | def msg_code code function msg_cve (line 23) | def msg_cve cve function msg_file (line 28) | def msg_file str function msg_input (line 34) | def msg_input input function msg_lit (line 39) | def msg_lit str function msg_plain (line 44) | def msg_plain str function msg_version (line 49) | def msg_version version, lib = "Rails" class Brakeman::Messages::Message (line 56) | class Brakeman::Messages::Message method initialize (line 57) | def initialize *args method << (line 68) | def << msg method to_s (line 76) | def to_s method to_html (line 88) | def to_html class Brakeman::Messages::Code (line 103) | class Brakeman::Messages::Code method initialize (line 104) | def initialize code method to_s (line 108) | def to_s method to_html (line 112) | def to_html class Brakeman::Messages::CVE (line 117) | class Brakeman::Messages::CVE method initialize (line 118) | def initialize cve method to_s (line 122) | def to_s method to_html (line 126) | def to_html class Brakeman::Messages::FileName (line 131) | class Brakeman::Messages::FileName method initialize (line 132) | def initialize file method to_s (line 136) | def to_s method to_html (line 140) | def to_html class Brakeman::Messages::Input (line 145) | class Brakeman::Messages::Input method initialize (line 146) | def initialize input method friendly_type_of (line 151) | def friendly_type_of input_type method to_s (line 170) | def to_s method to_html (line 174) | def to_html class Brakeman::Messages::Literal (line 179) | class Brakeman::Messages::Literal method initialize (line 180) | def initialize value method to_s (line 184) | def to_s method to_html (line 188) | def to_html class Brakeman::Messages::Plain (line 193) | class Brakeman::Messages::Plain method initialize (line 194) | def initialize string method to_s (line 198) | def to_s method to_html (line 202) | def to_html class Brakeman::Messages::Version (line 207) | class Brakeman::Messages::Version method initialize (line 208) | def initialize version, lib method to_s (line 213) | def to_s method to_html (line 217) | def to_html FILE: lib/brakeman/options.rb type Brakeman::Options (line 5) | module Brakeman::Options function parse (line 10) | def parse args function parse! (line 15) | def parse! args function get_options (line 20) | def get_options args, destructive = false function create_option_parser (line 38) | def create_option_parser options FILE: lib/brakeman/parsers/haml_embedded.rb type Brakeman (line 1) | module Brakeman type FakeHamlFilter (line 2) | module FakeHamlFilter function compile (line 4) | def compile(compiler, text) type Haml::Filters::Coffee (line 29) | module Haml::Filters::Coffee type Haml::Filters::Markdown (line 35) | module Haml::Filters::Markdown type Haml::Filters::Sass (line 41) | module Haml::Filters::Sass FILE: lib/brakeman/parsers/rails_erubi.rb type Brakeman (line 7) | module Brakeman class Erubi (line 8) | class Erubi < ::Erubi::Engine method initialize (line 10) | def initialize(input, properties = {}) method add_text (line 30) | def add_text(text) method add_expression (line 47) | def add_expression(indicator, code) method add_code (line 65) | def add_code(code) method add_postamble (line 70) | def add_postamble(_) method flush_newline_if_pending (line 75) | def flush_newline_if_pending(src) FILE: lib/brakeman/parsers/slim_embedded.rb type Slim (line 2) | module Slim class Embedded (line 3) | class Embedded class TiltEngine (line 4) | class TiltEngine method on_slim_embedded (line 6) | def on_slim_embedded(engine, body, attrs) class SassEngine (line 23) | class SassEngine method tilt_render (line 27) | def tilt_render(tilt_engine, tilt_options, text) class CoffeeEngine (line 33) | class CoffeeEngine < TiltEngine method tilt_render (line 36) | def tilt_render(tilt_engine, tilt_options, text) FILE: lib/brakeman/parsers/template_parser.rb type Brakeman (line 1) | module Brakeman class TemplateParser (line 2) | class TemplateParser method initialize (line 9) | def initialize tracker, file_parser method parse_template (line 15) | def parse_template path, text method parse_erb (line 48) | def parse_erb path, text method erubi? (line 64) | def erubi? method parse_haml (line 69) | def parse_haml path, text method haml6? (line 94) | def haml6? method parse_slim (line 107) | def parse_slim path, text method load_slim_smart? (line 124) | def load_slim_smart? method parse_inline_erb (line 139) | def self.parse_inline_erb tracker, text FILE: lib/brakeman/processor.rb type Brakeman (line 7) | module Brakeman class Processor (line 12) | class Processor method initialize (line 15) | def initialize(app_tree, options) method tracked_events (line 19) | def tracked_events method process_config (line 24) | def process_config src, file_name method process_gems (line 29) | def process_gems gem_files method process_routes (line 34) | def process_routes src method process_controller (line 39) | def process_controller src, file_name method process_controller_alias (line 49) | def process_controller_alias name, src, only_method = nil, file = nil method process_model (line 54) | def process_model src, file_name method process_template (line 60) | def process_template name, src, type, called_from = nil, file_name =... method process_template_alias (line 87) | def process_template_alias template method process_initializer (line 92) | def process_initializer file_name, src method process_lib (line 99) | def process_lib src, file_name FILE: lib/brakeman/processors/alias_processor.rb class Brakeman::AliasProcessor (line 10) | class Brakeman::AliasProcessor < Brakeman::SexpProcessor method initialize (line 23) | def initialize tracker = nil, current_file = nil method process_safely (line 47) | def process_safely src, set_env = nil, current_file = @current_file method process_default (line 57) | def process_default exp method replace (line 83) | def replace exp, int = 0 method process_bracket_call (line 99) | def process_bracket_call exp method process_call (line 173) | def process_call exp method process_array_join (line 356) | def process_array_join array, join_str method join_item (line 421) | def join_item item, join_value method temp_file_open? (line 433) | def temp_file_open? exp method temp_file_create? (line 439) | def temp_file_create? exp method temp_file_new (line 445) | def temp_file_new line method splat_array? (line 449) | def splat_array? exp method process_iter (line 454) | def process_iter exp method process_scope (line 513) | def process_scope exp method process_block (line 521) | def process_block exp method process_defn (line 528) | def process_defn exp method meth_env (line 535) | def meth_env method process_defs (line 548) | def process_defs exp method get_rhs (line 556) | def get_rhs exp method process_lasgn (line 566) | def process_lasgn exp method process_iasgn (line 585) | def process_iasgn exp method process_gasgn (line 605) | def process_gasgn exp method process_cvdecl (line 621) | def process_cvdecl exp method process_attrasgn (line 635) | def process_attrasgn exp method process_masgn (line 673) | def process_masgn exp method process_hash (line 737) | def process_hash exp method process_hash_merge! (line 781) | def process_hash_merge! hash, args method process_hash_merge (line 794) | def process_hash_merge hash, args method process_op_asgn1 (line 804) | def process_op_asgn1 exp method process_op_asgn2 (line 832) | def process_op_asgn2 exp method process_svalue (line 850) | def process_svalue exp method process_cdecl (line 856) | def process_cdecl exp method hash_or_array_include_all_literals? (line 881) | def hash_or_array_include_all_literals? exp method array_include_all_literals? (line 898) | def array_include_all_literals? exp method array_detect_all_literals? (line 904) | def array_detect_all_literals? exp method in_array_all_literals? (line 916) | def in_array_all_literals? exp method hash_include_all_literals? (line 926) | def hash_include_all_literals? exp method process_if (line 933) | def process_if exp method process_branch_with_value (line 1015) | def process_branch_with_value var, value, branch, branch_index method early_return? (line 1023) | def early_return? exp method equality_check? (line 1035) | def equality_check? exp method simple_when? (line 1042) | def simple_when? exp method all_literals_when? (line 1055) | def all_literals_when? exp method process_case (line 1063) | def process_case exp method process_if_branch (line 1135) | def process_if_branch exp method merge_if_branch (line 1145) | def merge_if_branch branch_env method too_deep? (line 1166) | def too_deep? exp method collapse_send_call (line 1174) | def collapse_send_call exp, first_arg method only_ivars (line 1191) | def only_ivars include_request_vars = false, lenv = nil method only_request_vars (line 1214) | def only_request_vars method get_call_value (line 1226) | def get_call_value call method process_helper_method (line 1245) | def process_helper_method method_exp, args method assign_args (line 1311) | def assign_args method_exp, args, meth_env = SexpProcessor::Environmen... method find_push_target (line 1326) | def find_push_target exp method duplicate? (line 1334) | def duplicate? exp method find_method (line 1342) | def find_method *args method same_value? (line 1348) | def same_value? lhs, rhs method self_assign? (line 1358) | def self_assign? var, value method self_assign_var? (line 1363) | def self_assign_var? var, value method self_assign_target? (line 1371) | def self_assign_target? var, value method top_target (line 1382) | def top_target exp, last = nil method value_from_if (line 1392) | def value_from_if exp method value_from_case (line 1414) | def value_from_case exp method raise? (line 1440) | def raise? exp method new_string? (line 1447) | def new_string? exp method set_value (line 1455) | def set_value var, value method process_or_simple_operation (line 1489) | def process_or_simple_operation exp method process_or_target (line 1510) | def process_or_target value, copy FILE: lib/brakeman/processors/base_processor.rb class Brakeman::BaseProcessor (line 6) | class Brakeman::BaseProcessor < Brakeman::SexpProcessor method initialize (line 14) | def initialize tracker method process_file (line 22) | def process_file exp, current_file method ignore (line 27) | def ignore method process_scope (line 32) | def process_scope exp method process_default (line 37) | def process_default exp method process_if (line 48) | def process_if exp method process_iter (line 69) | def process_iter exp method process_dstr (line 86) | def process_dstr exp method process_block (line 106) | def process_block exp method process_evstr (line 120) | def process_evstr exp method process_hash (line 130) | def process_hash exp method process_arglist (line 145) | def process_arglist exp method process_lasgn (line 156) | def process_lasgn exp method process_iasgn (line 165) | def process_iasgn exp method process_attrasgn (line 172) | def process_attrasgn exp method process_ignore (line 180) | def process_ignore exp method process_cdecl (line 184) | def process_cdecl exp method make_render_in_view (line 198) | def make_render_in_view exp method make_render (line 203) | def make_render exp, in_view = false method find_render_type (line 219) | def find_render_type call, in_view = false method make_inline_render (line 281) | def make_inline_render value, options FILE: lib/brakeman/processors/config_processor.rb class Brakeman::ConfigProcessor (line 7) | class Brakeman::ConfigProcessor method new (line 8) | def self.new tracker FILE: lib/brakeman/processors/controller_alias_processor.rb class Brakeman::ControllerAliasProcessor (line 8) | class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor method initialize (line 14) | def initialize tracker, only_method = nil method process_controller (line 23) | def process_controller name, src, current_file method process_mixins (line 38) | def process_mixins method process_class (line 73) | def process_class exp method process_defn (line 79) | def process_defn exp method process_call (line 112) | def process_call exp method process_iter (line 132) | def process_iter exp method process_before_filter (line 145) | def process_before_filter name method process_default_render (line 174) | def process_default_render exp method process_template (line 180) | def process_template name, args, _, line method template_name (line 198) | def template_name name = nil method layout_name (line 211) | def layout_name method route? (line 225) | def route? method method before_filter_list (line 235) | def before_filter_list method, klass FILE: lib/brakeman/processors/controller_processor.rb class Brakeman::ControllerProcessor (line 6) | class Brakeman::ControllerProcessor < Brakeman::BaseProcessor method initialize (line 11) | def initialize tracker, current_file = nil method process_controller (line 19) | def process_controller src, current_file = @current_file method process_class (line 25) | def process_class exp method process_module (line 57) | def process_module exp, parent = nil method process_concern (line 61) | def process_concern concern_name method process_call (line 73) | def process_call exp method process_iter (line 157) | def process_iter exp method set_layout_name (line 172) | def set_layout_name method add_fake_filter (line 187) | def add_fake_filter exp method add_lambda_filter (line 225) | def add_lambda_filter exp FILE: lib/brakeman/processors/erb_template_processor.rb class Brakeman::ErbTemplateProcessor (line 5) | class Brakeman::ErbTemplateProcessor < Brakeman::TemplateProcessor method process_call (line 8) | def process_call exp method process_block (line 49) | def process_block exp FILE: lib/brakeman/processors/erubi_template_procesor.rb class Brakeman::ErubiTemplateProcessor (line 4) | class Brakeman::ErubiTemplateProcessor < Brakeman::TemplateProcessor method process_call (line 7) | def process_call exp method process_block (line 43) | def process_block exp method process_attrasgn (line 63) | def process_attrasgn exp method append_method? (line 85) | def append_method?(method) method safe_append_method? (line 89) | def safe_append_method?(method) FILE: lib/brakeman/processors/gem_processor.rb class Brakeman::GemProcessor (line 4) | class Brakeman::GemProcessor < Brakeman::BasicProcessor method initialize (line 6) | def initialize *args method process_gems (line 12) | def process_gems gem_files method process_call (line 41) | def process_call exp method process_iter (line 73) | def process_iter exp method process_gem_lock (line 86) | def process_gem_lock method set_gem_version_and_file (line 96) | def set_gem_version_and_file line, file, line_num FILE: lib/brakeman/processors/haml6_template_processor.rb class Brakeman::Haml6TemplateProcessor (line 3) | class Brakeman::Haml6TemplateProcessor < Brakeman::HamlTemplateProcessor method initialize (line 12) | def initialize(*) method buffer_append? (line 31) | def buffer_append? exp method process_lasgn (line 37) | def process_lasgn exp method process_lvar (line 46) | def process_lvar exp method is_escaped? (line 54) | def is_escaped? exp method javascript_escaped? (line 61) | def javascript_escaped? call method html_escaped? (line 68) | def html_escaped? call method output_buffer? (line 73) | def output_buffer? exp method normalize_output (line 78) | def normalize_output arg method embedded_filter? (line 89) | def embedded_filter? arg FILE: lib/brakeman/processors/haml_template_processor.rb class Brakeman::HamlTemplateProcessor (line 4) | class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor method initialize (line 13) | def initialize *args method process_call (line 19) | def process_call exp method buffer_append? (line 31) | def buffer_append? exp method find_and_preserve? (line 39) | def find_and_preserve? exp method process_block (line 46) | def process_block exp method build_output_from_push_text (line 64) | def build_output_from_push_text exp, default = :output method is_escaped? (line 87) | def is_escaped? exp method get_pushed_value (line 93) | def get_pushed_value exp, default = :output method haml_helpers? (line 153) | def haml_helpers? exp method hamlout_attributes? (line 160) | def hamlout_attributes? exp method haml_attribute_builder? (line 166) | def haml_attribute_builder? exp method escaped_builder_method? (line 172) | def escaped_builder_method? exp method fix_textareas? (line 181) | def fix_textareas? exp method raw? (line 187) | def raw? exp FILE: lib/brakeman/processors/lib/basic_processor.rb class Brakeman::BasicProcessor (line 5) | class Brakeman::BasicProcessor < Brakeman::SexpProcessor method initialize (line 10) | def initialize tracker method process_default (line 16) | def process_default exp method process_if (line 20) | def process_if exp FILE: lib/brakeman/processors/lib/call_conversion_helper.rb type Brakeman (line 1) | module Brakeman type CallConversionHelper (line 2) | module CallConversionHelper function join_arrays (line 4) | def join_arrays lhs, rhs, original_exp = nil function join_strings (line 19) | def join_strings lhs, rhs, original_exp = nil function math_op (line 44) | def math_op op, lhs, rhs, original_exp = nil function process_array_access (line 67) | def process_array_access array, args, original_exp = nil function process_hash_access (line 82) | def process_hash_access hash, index, original_exp = nil function hash_values_at (line 94) | def hash_values_at hash, keys FILE: lib/brakeman/processors/lib/file_type_detector.rb type Brakeman (line 1) | module Brakeman class FileTypeDetector (line 2) | class FileTypeDetector < BaseProcessor method initialize (line 3) | def initialize method detect_type (line 8) | def detect_type(file) method process_class (line 24) | def process_class exp method guess_from_path (line 39) | def guess_from_path path method reset (line 62) | def reset FILE: lib/brakeman/processors/lib/find_all_calls.rb class Brakeman::FindAllCalls (line 3) | class Brakeman::FindAllCalls < Brakeman::BasicProcessor method initialize (line 6) | def initialize tracker method process_source (line 17) | def process_source exp, opts method process_all_source (line 31) | def process_all_source exp, opts method process_defn (line 39) | def process_defn exp method process_rlist (line 59) | def process_rlist exp method process_call (line 63) | def process_call exp method process_iter (line 68) | def process_iter exp method process_render (line 92) | def process_render exp method process_dxstr (line 102) | def process_dxstr exp method process_dsym (line 111) | def process_dsym exp method process_dregx (line 120) | def process_dregx exp method process_attrasgn (line 129) | def process_attrasgn exp method add_simple_call (line 135) | def add_simple_call method_name, exp method get_target (line 147) | def get_target exp, include_calls = false method get_chain (line 185) | def get_chain call method make_location (line 195) | def make_location method create_call_hash (line 217) | def create_call_hash exp FILE: lib/brakeman/processors/lib/find_call.rb class Brakeman::FindCall (line 34) | class Brakeman::FindCall < Brakeman::BasicProcessor method initialize (line 36) | def initialize targets, methods, tracker method matches (line 50) | def matches method process_source (line 58) | def process_source exp method process_defn (line 63) | def process_defn exp method process_call (line 70) | def process_call exp method process_attrasgn (line 84) | def process_attrasgn exp method get_target (line 92) | def get_target exp method match (line 108) | def match search_terms, item FILE: lib/brakeman/processors/lib/find_return_value.rb class Brakeman::FindReturnValue (line 8) | class Brakeman::FindReturnValue method return_value (line 14) | def self.return_value exp, env = nil method initialize (line 18) | def initialize method uses_ivars? (line 23) | def uses_ivars? method get_return_value (line 28) | def get_return_value exp, env = nil method process_method (line 36) | def process_method exp, env = nil method find_explicit_return_values (line 59) | def find_explicit_return_values exp method last_value (line 76) | def last_value exp method make_or (line 142) | def make_or lhs, rhs method make_return_value (line 152) | def make_return_value FILE: lib/brakeman/processors/lib/module_helper.rb type Brakeman::ModuleHelper (line 1) | module Brakeman::ModuleHelper function handle_module (line 2) | def handle_module exp, tracker_class, parent = nil function handle_class (line 33) | def handle_class exp, collection, tracker_class function process_defs (line 67) | def process_defs exp function process_defn (line 98) | def process_defn exp function process_sclass (line 122) | def process_sclass exp function make_defs (line 132) | def make_defs exp FILE: lib/brakeman/processors/lib/processor_helper.rb type Brakeman::ProcessorHelper (line 2) | module Brakeman::ProcessorHelper function process_all (line 3) | def process_all exp function process_all! (line 10) | def process_all! exp function process_call_args (line 25) | def process_call_args exp function process_class (line 33) | def process_class exp function process_module (line 42) | def process_module exp function process_call_defn? (line 64) | def process_call_defn? exp function current_file (line 76) | def current_file FILE: lib/brakeman/processors/lib/rails2_config_processor.rb class Brakeman::Rails2ConfigProcessor (line 17) | class Brakeman::Rails2ConfigProcessor < Brakeman::BasicProcessor method initialize (line 25) | def initialize *args method process_config (line 30) | def process_config src, current_file method process_call (line 38) | def process_call exp method process_attrasgn (line 51) | def process_attrasgn exp method process_cdecl (line 76) | def process_cdecl exp method include_rails_config? (line 86) | def include_rails_config? exp method get_rails_config (line 108) | def get_rails_config exp class Brakeman::ConfigAliasProcessor (line 125) | class Brakeman::ConfigAliasProcessor < Brakeman::AliasProcessor method process_iter (line 136) | def process_iter exp FILE: lib/brakeman/processors/lib/rails2_route_processor.rb class Brakeman::Rails2RoutesProcessor (line 7) | class Brakeman::Rails2RoutesProcessor < Brakeman::BasicProcessor method initialize (line 12) | def initialize tracker method process_routes (line 26) | def process_routes exp method process_call (line 31) | def process_call exp method process_map (line 45) | def process_map exp method process_iter (line 64) | def process_iter exp method process_resources (line 87) | def process_resources exp method process_resource_options (line 105) | def process_resource_options exp method process_option_only (line 140) | def process_option_only exp method process_option_except (line 154) | def process_option_except exp method process_resource (line 164) | def process_resource exp method process_connect (line 182) | def process_connect exp method process_with_options (line 218) | def process_with_options exp method process_namespace (line 234) | def process_namespace exp method process_named_route (line 251) | def process_named_route exp method process_collection (line 257) | def process_collection exp method check_for_controller_name (line 272) | def check_for_controller_name args class Brakeman::RouteAliasProcessor (line 285) | class Brakeman::RouteAliasProcessor < Brakeman::AliasProcessor method process_call (line 291) | def process_call exp method get_keys (line 305) | def get_keys hash FILE: lib/brakeman/processors/lib/rails3_config_processor.rb class Brakeman::Rails3ConfigProcessor (line 18) | class Brakeman::Rails3ConfigProcessor < Brakeman::BasicProcessor method initialize (line 22) | def initialize *args method process_config (line 28) | def process_config src, current_file method process_iter (line 35) | def process_iter exp method process_class (line 51) | def process_class exp method application_class? (line 61) | def application_class? exp method process_call (line 73) | def process_call exp method process_attrasgn (line 84) | def process_attrasgn exp method include_rails_config? (line 105) | def include_rails_config? exp method get_rails_config (line 127) | def get_rails_config exp FILE: lib/brakeman/processors/lib/rails3_route_processor.rb class Brakeman::Rails3RoutesProcessor (line 7) | class Brakeman::Rails3RoutesProcessor < Brakeman::BasicProcessor method initialize (line 12) | def initialize tracker method process_routes (line 23) | def process_routes exp method process_call (line 27) | def process_call exp method process_iter (line 46) | def process_iter exp method process_namespace (line 63) | def process_namespace exp method process_root (line 80) | def process_root exp method process_match (line 92) | def process_match exp method add_route_from_string (line 145) | def add_route_from_string value method process_verb (line 157) | def process_verb exp method process_resources (line 204) | def process_resources exp method process_resource (line 225) | def process_resource exp method process_resources_block (line 241) | def process_resources_block exp method process_resource_block (line 251) | def process_resource_block exp method process_scope_block (line 261) | def process_scope_block exp method process_controller_block (line 267) | def process_controller_block exp method extract_action (line 281) | def extract_action str method in_controller_block? (line 285) | def in_controller_block? method in_controller_block (line 289) | def in_controller_block method action_route? (line 296) | def action_route? arg method loose_action (line 304) | def loose_action controller_name, verb = "any" FILE: lib/brakeman/processors/lib/rails4_config_processor.rb class Brakeman::Rails4ConfigProcessor (line 3) | class Brakeman::Rails4ConfigProcessor < Brakeman::Rails3ConfigProcessor method process_iter (line 8) | def process_iter exp FILE: lib/brakeman/processors/lib/render_helper.rb type Brakeman::RenderHelper (line 4) | module Brakeman::RenderHelper function process_render (line 7) | def process_render exp function process_layout (line 34) | def process_layout name = nil function process_partial (line 45) | def process_partial name, args, line function process_action (line 56) | def process_action name, args, line function process_model_action (line 67) | def process_model_action action, args function process_template (line 94) | def process_template name, args, called_from = nil, *_ function template_name (line 195) | def template_name name function get_options (line 200) | def get_options args function get_class_target (line 213) | def get_class_target sexp FILE: lib/brakeman/processors/lib/render_path.rb type Brakeman (line 1) | module Brakeman class RenderPath (line 2) | class RenderPath method initialize (line 5) | def initialize method add_controller_render (line 9) | def add_controller_render controller_name, method_name, line, file method add_template_render (line 22) | def add_template_render template_name, line, file method last_template= (line 32) | def last_template= template method include_template? (line 43) | def include_template? name method include_controller? (line 51) | def include_controller? klass method include_any_method? (line 59) | def include_any_method? method_names method rendered_from_controller? (line 67) | def rendered_from_controller? method each (line 73) | def each &block method join (line 77) | def join *args method length (line 81) | def length method map (line 85) | def map &block method to_a (line 89) | def to_a method last (line 100) | def last method to_s (line 104) | def to_s method to_sym (line 108) | def to_sym method to_json (line 112) | def to_json *args method with_relative_paths (line 117) | def with_relative_paths method initialize_copy (line 134) | def initialize_copy original FILE: lib/brakeman/processors/lib/route_helper.rb type Brakeman::RouteHelper (line 1) | module Brakeman::RouteHelper function prefix (line 5) | def prefix function current_controller= (line 19) | def current_controller= name function add_route (line 27) | def add_route route, controller = nil function add_resources_routes (line 52) | def add_resources_routes function add_resource_routes (line 61) | def add_resource_routes FILE: lib/brakeman/processors/lib/safe_call_helper.rb type Brakeman (line 1) | module Brakeman type SafeCallHelper (line 2) | module SafeCallHelper FILE: lib/brakeman/processors/library_processor.rb class Brakeman::LibraryProcessor (line 7) | class Brakeman::LibraryProcessor < Brakeman::BaseProcessor method initialize (line 10) | def initialize tracker method process_library (line 19) | def process_library src, current_file = @current_file method process_class (line 24) | def process_class exp method process_module (line 28) | def process_module exp method process_defn (line 32) | def process_defn exp method process_call (line 61) | def process_call exp method process_iter (line 78) | def process_iter exp FILE: lib/brakeman/processors/model_processor.rb class Brakeman::ModelProcessor (line 6) | class Brakeman::ModelProcessor < Brakeman::BaseProcessor method initialize (line 9) | def initialize tracker method process_model (line 19) | def process_model src, current_file = @current_file method process_class (line 25) | def process_class exp method process_module (line 38) | def process_module exp method process_call (line 44) | def process_call exp method add_enum_method (line 93) | def add_enum_method call FILE: lib/brakeman/processors/output_processor.rb class Brakeman::OutputProcessor (line 8) | class Brakeman::OutputProcessor < Ruby2Ruby method initialize (line 11) | def initialize *args method format (line 17) | def format exp, user_input = nil, &block method process (line 25) | def process exp method process_ignore (line 37) | def process_ignore exp method process_params (line 41) | def process_params exp method process_session (line 45) | def process_session exp method process_cookies (line 49) | def process_cookies exp method process_rlist (line 53) | def process_rlist exp method process_defn (line 66) | def process_defn exp method process_iter (line 89) | def process_iter exp method process_output (line 97) | def process_output exp method process_escaped_output (line 101) | def process_escaped_output exp method process_format (line 106) | def process_format exp method process_format_escaped (line 110) | def process_format_escaped exp method output_format (line 114) | def output_format exp, tag method process_const (line 130) | def process_const exp method process_render (line 139) | def process_render exp FILE: lib/brakeman/processors/route_processor.rb class Brakeman::RoutesProcessor (line 9) | class Brakeman::RoutesProcessor method new (line 10) | def self.new tracker FILE: lib/brakeman/processors/slim_template_processor.rb class Brakeman::SlimTemplateProcessor (line 4) | class Brakeman::SlimTemplateProcessor < Brakeman::TemplateProcessor method process_call (line 13) | def process_call exp method normalize_output (line 48) | def normalize_output arg method embedded_filter? (line 59) | def embedded_filter? arg method process_inside_interp (line 65) | def process_inside_interp exp method process_interp_output (line 78) | def process_interp_output exp method add_escaped_output (line 97) | def add_escaped_output exp method is_escaped? (line 105) | def is_escaped? exp method internal_variable? (line 111) | def internal_variable? exp method render? (line 116) | def render? exp method process_render (line 122) | def process_render exp FILE: lib/brakeman/processors/template_alias_processor.rb class Brakeman::TemplateAliasProcessor (line 9) | class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor method initialize (line 14) | def initialize tracker, template, called_from = nil method process_template (line 22) | def process_template name, args, _, line = nil method process_lasgn (line 40) | def process_lasgn exp method haml_capture? (line 62) | def haml_capture? exp method template_name (line 69) | def template_name name method process_iter (line 80) | def process_iter exp method get_model_target (line 117) | def get_model_target exp method find_push_target (line 135) | def find_push_target exp FILE: lib/brakeman/processors/template_processor.rb class Brakeman::TemplateProcessor (line 5) | class Brakeman::TemplateProcessor < Brakeman::BaseProcessor method initialize (line 8) | def initialize tracker, template_name, called_from = nil, current_file... method process (line 23) | def process exp method process_lasgn (line 34) | def process_lasgn exp method process_output (line 46) | def process_output exp method process_escaped_output (line 52) | def process_escaped_output exp method normalize_output (line 57) | def normalize_output arg method add_escaped_output (line 75) | def add_escaped_output output method add_output (line 79) | def add_output output, type = :output FILE: lib/brakeman/report.rb class Brakeman::Report (line 6) | class Brakeman::Report method initialize (line 11) | def initialize tracker method format (line 16) | def format format method method_missing (line 61) | def method_missing method, *args method require_report (line 69) | def require_report type method to_json (line 73) | def to_json method to_sonar (line 78) | def to_sonar method to_table (line 83) | def to_table method to_markdown (line 88) | def to_markdown method to_text (line 93) | def to_text method to_sarif (line 101) | def to_sarif method generate (line 106) | def generate reporter FILE: lib/brakeman/report/ignore/config.rb type Brakeman (line 4) | module Brakeman class IgnoreConfig (line 5) | class IgnoreConfig method initialize (line 9) | def initialize file, new_warnings method filter_ignored (line 22) | def filter_ignored method unignore (line 39) | def unignore warning method ignored? (line 47) | def ignored? warning method ignore (line 52) | def ignore warning method add_note (line 58) | def add_note warning, note method note_for (line 65) | def note_for warning method obsolete_fingerprints (line 82) | def obsolete_fingerprints method prune_obsolete (line 86) | def prune_obsolete method already_ignored_entries_with_empty_notes (line 97) | def already_ignored_entries_with_empty_notes method read_from_file (line 102) | def read_from_file file = @file method save_to_file (line 121) | def save_to_file warnings, file = @file method save_with_old (line 142) | def save_with_old FILE: lib/brakeman/report/ignore/interactive.rb type Brakeman (line 3) | module Brakeman class InteractiveIgnorer (line 4) | class InteractiveIgnorer method initialize (line 5) | def initialize file, warnings method start (line 15) | def start method file_menu (line 36) | def file_menu method initial_menu (line 57) | def initial_menu method warning_menu (line 82) | def warning_menu method pre_show_help (line 103) | def pre_show_help method show_help (line 109) | def show_help method penultimate_menu (line 122) | def penultimate_menu method prune_obsolete (line 144) | def prune_obsolete method final_menu (line 152) | def final_menu method save (line 170) | def save method start_over (line 182) | def start_over method reset_config (line 187) | def reset_config method process_warnings (line 191) | def process_warnings method ask_about (line 209) | def ask_about warning method warning_action (line 214) | def warning_action action, warning method ignore (line 237) | def ignore warning method ignore_and_note (line 241) | def ignore_and_note warning method unignore (line 247) | def unignore warning method skip_rest (line 251) | def skip_rest warning method ignore_rest (line 255) | def ignore_rest warning method quit (line 260) | def quit method pretty_display (line 267) | def pretty_display warning method already_ignored? (line 301) | def already_ignored? warning method skip_ignored? (line 305) | def skip_ignored? warning method summarize_changes (line 309) | def summarize_changes method label (line 316) | def label name method show_confidence (line 320) | def show_confidence warning method show_note (line 335) | def show_note warning method say (line 344) | def say text, color = nil method yes_or_no (line 354) | def yes_or_no message FILE: lib/brakeman/report/pager.rb type Brakeman (line 1) | module Brakeman class Pager (line 2) | class Pager method initialize (line 3) | def initialize tracker, pager = :less, output = $stdout method page_report (line 10) | def page_report report, format method page_output (line 24) | def page_output text method no_pager (line 41) | def no_pager text method page_via_highline (line 45) | def page_via_highline text method page_via_less (line 52) | def page_via_less text method in_ci? (line 71) | def in_ci? method less_available? (line 77) | def less_available? method less_options (line 83) | def less_options method set_color (line 105) | def set_color FILE: lib/brakeman/report/renderer.rb class Brakeman::Report (line 3) | class Brakeman::Report class Renderer (line 4) | class Renderer method initialize (line 5) | def initialize(template_file, hash = {}) method render (line 20) | def render FILE: lib/brakeman/report/report_base.rb class Brakeman::Report::Base (line 9) | class Brakeman::Report::Base method initialize (line 14) | def initialize tracker method warnings_summary (line 24) | def warnings_summary method controller_information (line 41) | def controller_information method all_warnings (line 78) | def all_warnings method filter_warnings (line 86) | def filter_warnings warnings method generic_warnings (line 96) | def generic_warnings method template_warnings (line 100) | def template_warnings method model_warnings (line 104) | def model_warnings method controller_warnings (line 108) | def controller_warnings method ignored_warnings (line 112) | def ignored_warnings method number_of_templates (line 120) | def number_of_templates tracker method absolute_paths? (line 124) | def absolute_paths? method warning_file (line 128) | def warning_file warning method context_for (line 140) | def context_for warning method rails_version (line 170) | def rails_version method github_url (line 183) | def github_url file, line=nil FILE: lib/brakeman/report/report_codeclimate.rb class Brakeman::Report::CodeClimate (line 5) | class Brakeman::Report::CodeClimate < Brakeman::Report::Base method generate_report (line 10) | def generate_report method issue_json (line 16) | def issue_json(warning) method severity_level_for (line 40) | def severity_level_for(confidence) method remediation_points_for (line 48) | def remediation_points_for(warning_code) method name_for (line 53) | def name_for(warning_code) method content_for (line 58) | def content_for(warning_code, link) method local_content_for (line 65) | def local_content_for(link) method file_path (line 72) | def file_path(warning) FILE: lib/brakeman/report/report_csv.rb class Brakeman::Report::CSV (line 3) | class Brakeman::Report::CSV < Brakeman::Report::Base method generate_report (line 4) | def generate_report method generate_row (line 31) | def generate_row headers, warning method warning_row (line 35) | def warning_row warning FILE: lib/brakeman/report/report_github.rb class Brakeman::Report::Github (line 3) | class Brakeman::Report::Github < Brakeman::Report::Base method generate_report (line 4) | def generate_report method warnings (line 9) | def warnings method errors (line 14) | def errors method clean_message (line 28) | def clean_message(msg) FILE: lib/brakeman/report/report_hash.rb class Brakeman::Report::Hash (line 2) | class Brakeman::Report::Hash < Brakeman::Report::Base method generate_report (line 3) | def generate_report FILE: lib/brakeman/report/report_html.rb class Brakeman::Report::HTML (line 4) | class Brakeman::Report::HTML < Brakeman::Report::Table method initialize (line 9) | def initialize *args method generate_report (line 15) | def generate_report method generate_overview (line 34) | def generate_overview method generate_templates (line 47) | def generate_templates method render_array (line 63) | def render_array template, headings, value_array, locals method convert_warning (line 69) | def convert_warning warning, original method with_link (line 76) | def with_link warning, message method convert_template_warning (line 80) | def convert_template_warning warning, original method convert_ignored_warning (line 87) | def convert_ignored_warning warning, original method html_header (line 95) | def html_header method with_context (line 114) | def with_context warning, message method html_message (line 187) | def html_message warning, message FILE: lib/brakeman/report/report_json.rb class Brakeman::Report::JSON (line 1) | class Brakeman::Report::JSON < Brakeman::Report::Base method generate_report (line 2) | def generate_report method convert_to_hashes (line 38) | def convert_to_hashes warnings FILE: lib/brakeman/report/report_junit.rb class Brakeman::Report::JUnit (line 5) | class Brakeman::Report::JUnit < Brakeman::Report::Base method generate_report (line 6) | def generate_report FILE: lib/brakeman/report/report_markdown.rb class Brakeman::Report::Markdown (line 3) | class Brakeman::Report::Markdown < Brakeman::Report::Table class MarkdownTable (line 5) | class MarkdownTable < Terminal::Table method initialize (line 7) | def initialize options = {}, &block method render (line 17) | def render method initialize (line 24) | def initialize *args method generate_report (line 29) | def generate_report method output_table (line 59) | def output_table title, result, output method generate_metadata (line 65) | def generate_metadata method generate_checks (line 80) | def generate_checks method convert_warning (line 86) | def convert_warning warning, original method markdown_message (line 93) | def markdown_message warning, message FILE: lib/brakeman/report/report_sarif.rb class Brakeman::Report::SARIF (line 3) | class Brakeman::Report::SARIF < Brakeman::Report::Base method generate_report (line 4) | def generate_report method runs (line 13) | def runs method original_uri_base_ids (line 32) | def original_uri_base_ids method rules (line 141) | def rules method results (line 164) | def results method check_descriptions (line 211) | def check_descriptions method unique_warnings_by_warning_code (line 218) | def unique_warnings_by_warning_code method render_id (line 222) | def render_id warning method render_message (line 227) | def render_message message method infer_level (line 238) | def infer_level warning method file_uri (line 250) | def file_uri(path) FILE: lib/brakeman/report/report_sonar.rb class Brakeman::Report::Sonar (line 1) | class Brakeman::Report::Sonar < Brakeman::Report::Base method generate_report (line 2) | def generate_report method issue_json (line 11) | def issue_json(warning) method severity_level_for (line 29) | def severity_level_for(confidence) FILE: lib/brakeman/report/report_table.rb class Brakeman::Report::Table (line 3) | class Brakeman::Report::Table < Brakeman::Report::Base method initialize (line 4) | def initialize *args method generate_report (line 9) | def generate_report method output_table (line 46) | def output_table title, result, output method generate_overview (line 52) | def generate_overview method generate_warning_overview (line 66) | def generate_warning_overview method generate_controllers (line 76) | def generate_controllers method generate_errors (line 87) | def generate_errors method generate_obsolete (line 92) | def generate_obsolete method generate_warnings (line 97) | def generate_warnings method generate_template_warnings (line 106) | def generate_template_warnings method generate_model_warnings (line 116) | def generate_model_warnings method generate_controller_warnings (line 125) | def generate_controller_warnings method generate_ignored_warnings (line 133) | def generate_ignored_warnings method render_warnings (line 141) | def render_warnings warnings, type, template, cols, sort_col method generate_templates (line 156) | def generate_templates method convert_to_rows (line 185) | def convert_to_rows warnings, type = :warning method convert_ignored_warning (line 202) | def convert_ignored_warning warning, original method convert_template_warning (line 206) | def convert_template_warning warning, original method sort (line 210) | def sort rows, sort_col method render_array (line 219) | def render_array template, headings, value_array, locals method convert_warning (line 227) | def convert_warning warning, original method text_message (line 234) | def text_message warning, message method text_header (line 257) | def text_header method truncate_table (line 271) | def truncate_table str FILE: lib/brakeman/report/report_tabs.rb class Brakeman::Report::Tabs (line 5) | class Brakeman::Report::Tabs < Brakeman::Report::Table method generate_report (line 6) | def generate_report FILE: lib/brakeman/report/report_text.rb class Brakeman::Report::Text (line 3) | class Brakeman::Report::Text < Brakeman::Report::Base method generate_report (line 4) | def generate_report method add_chunk (line 29) | def add_chunk chunk, out = @output_string method generate_controllers (line 39) | def generate_controllers method generate_header (line 55) | def generate_header method generate_overview (line 67) | def generate_overview method generate_warning_overview (line 84) | def generate_warning_overview method generate_warnings (line 93) | def generate_warnings method generate_show_ignored_overview (line 107) | def generate_show_ignored_overview method generate_errors (line 111) | def generate_errors method generate_obsolete (line 131) | def generate_obsolete method generate_templates (line 137) | def generate_templates method output_warning (line 154) | def output_warning w method format_line (line 163) | def format_line w, option method double_space (line 198) | def double_space title, values method format_code (line 203) | def format_code w method confidence (line 213) | def confidence c method label (line 224) | def label l, value, color = :green method header (line 228) | def header text method render_array (line 233) | def render_array name, cols, values, locals FILE: lib/brakeman/rescanner.rb class Brakeman::Rescanner (line 6) | class Brakeman::Rescanner < Brakeman::Scanner method initialize (line 11) | def initialize options, processor, changed_files method recheck (line 24) | def recheck method rescan (line 38) | def rescan method ignorable? (line 74) | def ignorable? path class Brakeman::RescanReport (line 80) | class Brakeman::RescanReport method initialize (line 84) | def initialize old_results, tracker method any_warnings? (line 92) | def any_warnings? method all_warnings (line 97) | def all_warnings method fixed_warnings (line 103) | def fixed_warnings method new_warnings (line 109) | def new_warnings method warnings_changed? (line 114) | def warnings_changed? method diff (line 119) | def diff method existing_warnings (line 124) | def existing_warnings method to_s (line 131) | def to_s FILE: lib/brakeman/scanner.rb class Brakeman::Scanner (line 18) | class Brakeman::Scanner method initialize (line 22) | def initialize options, processor = nil method tracker (line 37) | def tracker method file_cache (line 41) | def file_cache method process_step (line 45) | def process_step(description, &) method process_step_file (line 49) | def process_step_file(description, &) method process (line 54) | def process(ruby_paths: nil, template_paths: nil) method parse_files (line 127) | def parse_files(ruby_paths:, template_paths:) method detect_file_types (line 145) | def detect_file_types(astfiles) method process_config (line 170) | def process_config method process_config_file (line 198) | def process_config_file file method process_gems (line 213) | def process_gems method guess_rails_version (line 253) | def guess_rails_version method process_initializers (line 274) | def process_initializers method process_initializer (line 283) | def process_initializer init method process_libs (line 290) | def process_libs method process_lib (line 301) | def process_lib lib method process_routes (line 308) | def process_routes method process_controllers (line 325) | def process_controllers method process_controller_data_flows (line 335) | def process_controller_data_flows method process_controller (line 350) | def process_controller astfile method process_templates (line 361) | def process_templates method process_template (line 371) | def process_template template method process_template_data_flows (line 375) | def process_template_data_flows method process_models (line 388) | def process_models method process_model (line 398) | def process_model astfile method track_progress (line 402) | def track_progress list, type = "files" method report_progress (line 412) | def report_progress(current, total) method index_call_sites (line 417) | def index_call_sites method parse_ruby_file (line 421) | def parse_ruby_file file method support_rescanning? (line 429) | def support_rescanning? type Haml (line 435) | module Haml; class Error < StandardError; end; end class Error (line 435) | class Error < StandardError; end FILE: lib/brakeman/tracker.rb class Brakeman::Tracker (line 11) | class Brakeman::Tracker method initialize (line 25) | def initialize(app_tree, processor = nil, options = {}) method reset_all (line 35) | def reset_all method save_file_cache! (line 62) | def save_file_cache! method error (line 68) | def error exception, backtrace = nil method add_errors (line 84) | def add_errors exceptions method run_checks (line 92) | def run_checks method app_path (line 100) | def app_path method each_method (line 105) | def each_method method each_template (line 118) | def each_template method each_class (line 133) | def each_class method find_call (line 164) | def find_call options method check_initializers (line 170) | def check_initializers target, method method report (line 181) | def report method warnings (line 185) | def warnings method filtered_warnings (line 189) | def filtered_warnings method unused_fingerprints (line 199) | def unused_fingerprints method add_constant (line 204) | def add_constant name, value, context = nil method constant_lookup (line 210) | def constant_lookup name method find_class (line 214) | def find_class name method find_method (line 224) | def find_method method_name, class_name, method_type = :instance method index_call_sites (line 252) | def index_call_sites method reindex_call_sites (line 280) | def reindex_call_sites locations method reset_templates (line 350) | def reset_templates options = { :only_rendered => false } method reset_template (line 364) | def reset_template name method reset_model (line 373) | def reset_model path method reset_lib (line 387) | def reset_lib path method reset_controller (line 400) | def reset_controller path method reset_routes (line 425) | def reset_routes method reset_initializer (line 429) | def reset_initializer path method marshallable (line 438) | def marshallable FILE: lib/brakeman/tracker/collection.rb type Brakeman (line 4) | module Brakeman class Collection (line 5) | class Collection method initialize (line 10) | def initialize name, parent, file_name, src, tracker method ancestor? (line 25) | def ancestor? parent, seen={} method add_file (line 37) | def add_file file_name, src method add_include (line 42) | def add_include class_name method add_option (line 46) | def add_option name, exp method add_method (line 51) | def add_method visibility, name, src, file_name method method_definition_receiver (line 64) | def method_definition_receiver(receiver) method each_method (line 75) | def each_method method get_method (line 83) | def get_method name, type = :instance method get_instance_method (line 94) | def get_instance_method name method get_class_method (line 104) | def get_class_method name method file (line 108) | def file method top_line (line 112) | def top_line method methods_public (line 124) | def methods_public method get_simple_method_return_value (line 128) | def get_simple_method_return_value type, name method add_simple_method_maybe (line 134) | def add_simple_method_maybe meth_info method add_simple_method (line 140) | def add_simple_method meth_info FILE: lib/brakeman/tracker/config.rb type Brakeman (line 3) | module Brakeman class Config (line 4) | class Config method initialize (line 10) | def initialize tracker method default_protect_from_forgery? (line 21) | def default_protect_from_forgery? method erubi? (line 31) | def erubi? method escape_html? (line 35) | def escape_html? method escape_html_entities_in_json? (line 39) | def escape_html_entities_in_json? method escape_filter_interpolations? (line 44) | def escape_filter_interpolations? method whitelist_attributes? (line 50) | def whitelist_attributes? method gem_version (line 54) | def gem_version name method add_gem (line 58) | def add_gem name, version, file, line method has_gem? (line 67) | def has_gem? name method get_gem (line 71) | def get_gem name method set_rails_version (line 75) | def set_rails_version version = nil method rails_version (line 132) | def rails_version method set_ruby_version (line 138) | def set_ruby_version version, file, line method extract_version (line 143) | def extract_version version method version_between? (line 152) | def version_between? low_version, high_version, current_version = nil method session_settings (line 163) | def session_settings method set_rails_config (line 176) | def set_rails_config value:, path:, overwrite: false method load_rails_defaults (line 199) | def load_rails_defaults method notify_version (line 288) | def notify_version version FILE: lib/brakeman/tracker/constants.rb type Brakeman (line 4) | module Brakeman class Constant (line 5) | class Constant method initialize (line 10) | def initialize name, value, context = {} method line (line 24) | def line method set_name (line 30) | def set_name name, context method match? (line 35) | def match? name class Constants (line 51) | class Constants method initialize (line 54) | def initialize method size (line 58) | def size method [] (line 62) | def [] exp method find_constant (line 73) | def find_constant exp method find_all (line 98) | def find_all exp method add (line 103) | def add name, value, context = nil method get_simple_value (line 116) | def get_simple_value name method each (line 124) | def each method constant_as_array (line 132) | def self.constant_as_array exp, context = nil method get_constant_base_name (line 175) | def self.get_constant_base_name exp FILE: lib/brakeman/tracker/controller.rb type Brakeman (line 3) | module Brakeman type ControllerMethods (line 4) | module ControllerMethods function initialize_controller (line 7) | def initialize_controller function protect_from_forgery? (line 15) | def protect_from_forgery? function add_before_filter (line 19) | def add_before_filter exp function prepend_before_filter (line 23) | def prepend_before_filter exp function before_filters (line 27) | def before_filters function skip_filter (line 31) | def skip_filter exp function skip_filters (line 35) | def skip_filters function before_filter_list (line 39) | def before_filter_list processor, method function get_skipped_filters (line 53) | def get_skipped_filters processor, method function remove_skipped_filters (line 73) | def remove_skipped_filters processor, filters, method function get_before_filters (line 86) | def get_before_filters processor, method function before_filter_to_hash (line 106) | def before_filter_to_hash processor, args function filter_includes_method? (line 147) | def filter_includes_method? filter_rule, method_name class Controller (line 156) | class Controller < Brakeman::Collection method initialize (line 159) | def initialize name, parent, file_name, src, tracker FILE: lib/brakeman/tracker/file_cache.rb type Brakeman (line 1) | module Brakeman class FileCache (line 2) | class FileCache method initialize (line 3) | def initialize(file_list = nil) method controllers (line 13) | def controllers method initializers (line 17) | def initializers method libs (line 21) | def libs method models (line 25) | def models method templates (line 29) | def templates method add_file (line 33) | def add_file(astfile, type) method valid_type? (line 38) | def valid_type?(type) method cached? (line 42) | def cached? path method delete (line 48) | def delete path method diff (line 54) | def diff other method dup (line 68) | def dup FILE: lib/brakeman/tracker/library.rb type Brakeman (line 5) | module Brakeman class Library (line 6) | class Library < Brakeman::Collection method initialize (line 10) | def initialize name, parent, file_name, src, tracker FILE: lib/brakeman/tracker/method_info.rb type Brakeman (line 3) | module Brakeman class MethodInfo (line 4) | class MethodInfo method initialize (line 9) | def initialize name, src, owner, file method [] (line 27) | def [] attr method very_simple_method? (line 31) | def very_simple_method? method return_value (line 53) | def return_value env = nil method first_body (line 61) | def first_body FILE: lib/brakeman/tracker/model.rb type Brakeman (line 3) | module Brakeman type ModelMethods (line 4) | module ModelMethods function initialize_model (line 7) | def initialize_model function association? (line 13) | def association? method_name function unprotected_model? (line 25) | def unprotected_model? function parent_classes_protected? (line 30) | def parent_classes_protected? seen={} function set_attr_accessible (line 42) | def set_attr_accessible exp = nil function set_attr_protected (line 61) | def set_attr_protected exp function attr_protected (line 65) | def attr_protected class Model (line 70) | class Model < Brakeman::Collection method initialize (line 75) | def initialize name, parent, file_name, src, tracker method add_option (line 81) | def add_option name, exp FILE: lib/brakeman/tracker/template.rb type Brakeman (line 3) | module Brakeman class Template (line 4) | class Template < Brakeman::Collection method initialize (line 9) | def initialize name, called_from, file_name, tracker method add_output (line 15) | def add_output exp method each_output (line 19) | def each_output method rendered_from_controller? (line 25) | def rendered_from_controller? FILE: lib/brakeman/util.rb type Brakeman::Util (line 5) | module Brakeman::Util function camelize (line 36) | def camelize lower_case_and_underscored_word function underscore (line 43) | def underscore camel_cased_word function pluralize (line 52) | def pluralize word function class_name (line 62) | def class_name exp function hash_iterate (line 100) | def hash_iterate hash function remove_kwsplat (line 108) | def remove_kwsplat exp function hash_insert (line 117) | def hash_insert hash, key, value function hash_access (line 135) | def hash_access hash, key function hash_values (line 147) | def hash_values hash function set_env_defaults (line 162) | def set_env_defaults function hash? (line 170) | def hash? exp function array? (line 178) | def array? exp function string? (line 183) | def string? exp function string_interp? (line 187) | def string_interp? exp function symbol? (line 192) | def symbol? exp function call? (line 197) | def call? exp function regexp? (line 203) | def regexp? exp function integer? (line 208) | def integer? exp function number? (line 213) | def number? exp function result? (line 218) | def result? exp function true? (line 223) | def true? exp function false? (line 230) | def false? exp function block? (line 236) | def block? exp function params? (line 242) | def params? exp function cookies? (line 246) | def cookies? exp function recurse_check? (line 250) | def recurse_check? exp, &check function request_headers? (line 267) | def request_headers? exp function request_value? (line 287) | def request_value? exp function constant? (line 293) | def constant? exp function kwsplat? (line 297) | def kwsplat? exp function sexp? (line 305) | def sexp? exp function node_type? (line 310) | def node_type? exp, *types function simple_literal? (line 316) | def simple_literal? exp function literal? (line 322) | def literal? exp function all_literals? (line 326) | def all_literals? exp, expected_type = :array function dir_glob? (line 335) | def dir_glob? exp function contains_class? (line 345) | def contains_class? exp function make_call (line 361) | def make_call target, method, *args function safe_literal (line 377) | def safe_literal line = nil function safe_literal? (line 381) | def safe_literal? exp function safe_literal_target? (line 385) | def safe_literal_target? exp function rails_version (line 393) | def rails_version function template_path_to_name (line 400) | def template_path_to_name path FILE: lib/brakeman/version.rb type Brakeman (line 1) | module Brakeman FILE: lib/brakeman/warning.rb class Brakeman::Warning (line 7) | class Brakeman::Warning method initialize (line 50) | def initialize options = {} method hash (line 132) | def hash method eql? (line 136) | def eql? other_warning method confidence= (line 140) | def confidence= conf method view_name (line 155) | def view_name(include_renderer = true) method format_code (line 165) | def format_code strip = true method format_user_input (line 171) | def format_user_input strip = true method format_with_user_input (line 175) | def format_with_user_input strip = true, &block method format_message (line 186) | def format_message method link (line 202) | def link method to_row (line 220) | def to_row type = :warning method to_s (line 241) | def to_s method fingerprint (line 250) | def fingerprint method location (line 259) | def location include_renderer = true method relative_path (line 276) | def relative_path method check_name (line 280) | def check_name method confidence_name (line 284) | def confidence_name method to_hash (line 288) | def to_hash absolute_paths: true method to_json (line 312) | def to_json method format_ruby (line 318) | def format_ruby code, strip FILE: lib/brakeman/warning_codes.rb type Brakeman::WarningCodes (line 1) | module Brakeman::WarningCodes function code (line 138) | def self.code name FILE: lib/ruby_parser/bm_sexp.rb class Sexp (line 4) | class Sexp method method_missing (line 10) | def method_missing name, *args method deep_clone (line 28) | def deep_clone line = nil method paren (line 51) | def paren method value (line 56) | def value method value= (line 61) | def value= exp method second (line 67) | def second method to_sym (line 71) | def to_sym method node_type= (line 75) | def node_type= type method combine (line 83) | def combine exp, line = nil method << (line 99) | def << arg method hash (line 105) | def hash method compact (line 113) | def compact method find_and_replace_all (line 118) | def find_and_replace_all *args method find_node (line 123) | def find_node *args method expect (line 130) | def expect *types method target (line 140) | def target method target= (line 146) | def target= exp method method (line 156) | def method method method= (line 169) | def method= name method num_args (line 176) | def num_args method arglist= (line 190) | def arglist= exp method set_args (line 204) | def set_args *exp method arglist (line 214) | def arglist method args (line 233) | def args method each_arg (line 252) | def each_arg replace = false method each_arg! (line 277) | def each_arg! &block method first_arg (line 283) | def first_arg method first_arg= (line 289) | def first_arg= exp method second_arg (line 296) | def second_arg method second_arg= (line 302) | def second_arg= exp method third_arg (line 308) | def third_arg method third_arg= (line 313) | def third_arg= exp method last_arg (line 319) | def last_arg method call_chain (line 329) | def call_chain method condition (line 350) | def condition method condition= (line 355) | def condition= exp method then_clause (line 367) | def then_clause method else_clause (line 379) | def else_clause method block_call (line 390) | def block_call method block (line 408) | def block delete = nil method block_args (line 432) | def block_args method first_param (line 441) | def first_param method lhs (line 450) | def lhs method lhs= (line 456) | def lhs= exp method rhs (line 466) | def rhs method rhs= (line 481) | def rhs= exp method method_name (line 493) | def method_name method formal_args (line 504) | def formal_args method body= (line 517) | def body= exp method body (line 545) | def body method body_list (line 560) | def body_list method method_length (line 567) | def method_length method render_type (line 578) | def render_type method class_name (line 583) | def class_name method parent_name (line 590) | def parent_name method call (line 596) | def call method module (line 603) | def module method result_class (line 610) | def result_class method inspect (line 617) | def inspect seen = Set.new class String (line 663) | class String class WrongSexpError (line 673) | class WrongSexpError < RuntimeError; end FILE: lib/ruby_parser/bm_sexp_processor.rb class Brakeman::SexpProcessor (line 13) | class Brakeman::SexpProcessor method processors (line 34) | def self.processors method initialize (line 44) | def initialize method process (line 64) | def process(exp) method scope (line 106) | def scope &block method in_context (line 110) | def in_context type FILE: test/apps/active_record_only/app/models/book.rb class Book (line 5) | class Book < ActiveRecord::Base FILE: test/apps/rails2/app/controllers/application_controller.rb class ApplicationController (line 4) | class ApplicationController < ActionController::Base method funky_panda (line 12) | def funky_panda method awesome (line 15) | def awesome method decent (line 39) | def decent FILE: test/apps/rails2/app/controllers/emails_controller.rb class EmailsController (line 1) | class EmailsController < ApplicationController method show (line 2) | def show method show_email_1 (line 6) | def show_email_1 FILE: test/apps/rails2/app/controllers/home_controller.rb class HomeController (line 1) | class HomeController < ApplicationController method index (line 5) | def index; end method test_params (line 7) | def test_params method test_model (line 12) | def test_model method test_cookie (line 16) | def test_cookie method test_filter (line 20) | def test_filter method test_file_access (line 23) | def test_file_access method test_sql (line 27) | def test_sql some_var = "hello" method test_command (line 33) | def test_command method test_eval (line 39) | def test_eval method test_redirect (line 43) | def test_redirect method test_render (line 48) | def test_render method test_mass_assignment (line 53) | def test_mass_assignment method test_dynamic_render (line 57) | def test_dynamic_render method test_load_params (line 62) | def test_load_params method test_redirect_with_url_for (line 67) | def test_redirect_with_url_for method test_sql_nested (line 72) | def test_sql_nested method test_another_dynamic_render (line 76) | def test_another_dynamic_render method test_send_first_param (line 81) | def test_send_first_param method test_send_target (line 87) | def test_send_target # not that safe method test_send_second_param (line 94) | def test_send_second_param method test_send_second_param (line 100) | def test_send_second_param method test_send_second_param (line 106) | def test_send_second_param method test_sanitized_param (line 111) | def test_sanitized_param method test_safe_find_by (line 115) | def test_safe_find_by method test_user_input_on_multiline (line 119) | def test_user_input_on_multiline method test_mass_assign_with_or_equals (line 126) | def test_mass_assign_with_or_equals method test_xss_with_or (line 130) | def test_xss_with_or method test_to_json (line 144) | def test_to_json method test_content_tag (line 150) | def test_content_tag method test_more_send_methods (line 154) | def test_more_send_methods method filter_it (line 165) | def filter_it method or_equals (line 169) | def or_equals method test_safe_model_redirect (line 173) | def test_safe_model_redirect method test_safe_mode_array_redirect (line 177) | def test_safe_mode_array_redirect method test_model_attributes_badness (line 181) | def test_model_attributes_badness FILE: test/apps/rails2/app/controllers/other_controller.rb class OtherController (line 1) | class OtherController < ApplicationController method test_locals (line 2) | def test_locals method test_object (line 6) | def test_object method test_collection (line 10) | def test_collection method test_iteration (line 16) | def test_iteration method test_send_file (line 20) | def test_send_file method test_update_attribute (line 24) | def test_update_attribute method test_render_template (line 29) | def test_render_template method test_render_update (line 35) | def test_render_update method test_to_i (line 41) | def test_to_i method test_to_sym (line 46) | def test_to_sym method test_xss_duplicates1 (line 57) | def test_xss_duplicates1 method test_xss_duplicates2 (line 63) | def test_xss_duplicates2 method test_haml_stuff (line 69) | def test_haml_stuff method test_regex_dos (line 73) | def test_regex_dos method test_escaped_regex (line 77) | def test_escaped_regex method test_unescaped_regex (line 81) | def test_unescaped_regex method test_intern (line 85) | def test_intern FILE: test/apps/rails2/app/helpers/application_helper.rb type ApplicationHelper (line 2) | module ApplicationHelper FILE: test/apps/rails2/app/helpers/home_helper.rb type HomeHelper (line 1) | module HomeHelper FILE: test/apps/rails2/app/helpers/other_helper.rb type OtherHelper (line 1) | module OtherHelper FILE: test/apps/rails2/app/models/account.rb class Account (line 1) | class Account < ActiveRecord::Base FILE: test/apps/rails2/app/models/email.rb class Email (line 1) | class Email < ActiveRecord::Base FILE: test/apps/rails2/app/models/protected.rb class Protected (line 1) | class Protected < ActiveRecord::Base FILE: test/apps/rails2/app/models/unprotected.rb class Unprotected (line 1) | class Unprotected < Protected FILE: test/apps/rails2/app/models/user.rb class User (line 1) | class User < ActiveRecord::Base method get_something (line 14) | def get_something x method test_merge_conditions (line 18) | def test_merge_conditions method some_method (line 25) | def self.some_method(value) method test_sanitized_sql (line 34) | def self.test_sanitized_sql input method more_sanitized_sql (line 38) | def more_sanitized_sql FILE: test/apps/rails2/config/boot.rb type Rails (line 6) | module Rails function boot! (line 8) | def boot! function booted? (line 15) | def booted? function pick_boot (line 19) | def pick_boot function vendor_rails? (line 23) | def vendor_rails? function preinitialize (line 27) | def preinitialize function preinitializer_path (line 31) | def preinitializer_path class Boot (line 36) | class Boot method run (line 37) | def run class VendorBoot (line 43) | class VendorBoot < Boot method load_initializer (line 44) | def load_initializer class GemBoot (line 51) | class GemBoot < Boot method load_initializer (line 52) | def load_initializer method load_rails_gem (line 58) | def load_rails_gem method rubygems_version (line 74) | def rubygems_version method gem_version (line 78) | def gem_version method load_rubygems (line 88) | def load_rubygems method parse_gem_version (line 101) | def parse_gem_version(text) method read_environment_rb (line 106) | def read_environment_rb FILE: test/apps/rails2/db/migrate/20110520193611_create_users.rb class CreateUsers (line 1) | class CreateUsers < ActiveRecord::Migration method up (line 2) | def self.up method down (line 9) | def self.down FILE: test/apps/rails2/db/migrate/20110523184125_create_accounts.rb class CreateAccounts (line 1) | class CreateAccounts < ActiveRecord::Migration method up (line 2) | def self.up method down (line 9) | def self.down FILE: test/apps/rails2/lib/generators/test_generator/templates/model.rb class ActiveRecord::Base (line 1) | class <%= file_name.camelize %> < ActiveRecord::Base FILE: test/apps/rails2/public/javascripts/controls.js function addText (line 561) | function addText(mode, condition) { function fallback (line 857) | function fallback(name, expr) { FILE: test/apps/rails2/public/javascripts/effects.js function codeForEvent (line 231) | function codeForEvent(options,eventName){ function dispatch (line 248) | function dispatch(effect, eventName) { function parseColor (line 952) | function parseColor(color){ FILE: test/apps/rails2/public/javascripts/prototype.js function klass (line 50) | function klass() { function $A (line 812) | function $A(iterable) { function $w (line 945) | function $w(string) { function $H (line 993) | function $H(object) { function toQueryPair (line 999) | function toQueryPair(key, value) { function $ (line 1513) | function $(element) { function stripAlpha (line 2289) | function stripAlpha(filter){ function extend (line 2627) | function extend(tagName) { function copy (line 2634) | function copy(methods, destination, onlyIfAbsent) { function findDOMClass (line 2644) | function findDOMClass(tagName) { function $$ (line 3443) | function $$() { function getEventID (line 3935) | function getEventID(element) { function getDOMEventName (line 3941) | function getDOMEventName(eventName) { function getCacheForID (line 3946) | function getCacheForID(id) { function getWrappersForEventName (line 3950) | function getWrappersForEventName(id, eventName) { function createWrapper (line 3955) | function createWrapper(element, eventName, handler) { function findWrapper (line 3974) | function findWrapper(id, eventName, handler) { function destroyWrapper (line 3979) | function destroyWrapper(id, eventName, handler) { function destroyCache (line 3985) | function destroyCache() { function fireContentLoadedEvent (line 4102) | function fireContentLoadedEvent() { function iter (line 4251) | function iter(name) { FILE: test/apps/rails2/test/functional/home_controller_test.rb class HomeControllerTest (line 3) | class HomeControllerTest < ActionController::TestCase FILE: test/apps/rails2/test/functional/other_controller_test.rb class OtherControllerTest (line 3) | class OtherControllerTest < ActionController::TestCase FILE: test/apps/rails2/test/performance/browsing_test.rb class BrowsingTest (line 5) | class BrowsingTest < ActionController::PerformanceTest method test_homepage (line 6) | def test_homepage FILE: test/apps/rails2/test/test_helper.rb class ActiveSupport::TestCase (line 5) | class ActiveSupport::TestCase FILE: test/apps/rails2/test/unit/account_test.rb class AccountTest (line 3) | class AccountTest < ActiveSupport::TestCase FILE: test/apps/rails2/test/unit/helpers/home_helper_test.rb class HomeHelperTest (line 3) | class HomeHelperTest < ActionView::TestCase FILE: test/apps/rails2/test/unit/helpers/other_helper_test.rb class OtherHelperTest (line 3) | class OtherHelperTest < ActionView::TestCase FILE: test/apps/rails2/test/unit/user_test.rb class UserTest (line 3) | class UserTest < ActiveSupport::TestCase FILE: test/apps/rails3.1/app/controllers/admin_controller.rb class AdminController (line 1) | class AdminController < ApplicationController method constantize_some_stuff (line 8) | def constantize_some_stuff method authenticate_user! (line 21) | def authenticate_user! method show_detailed_exceptions? (line 29) | def show_detailed_exceptions? method make_system_calls (line 33) | def make_system_calls method use_lambda_filter (line 52) | def use_lambda_filter method authenticate_token! (line 56) | def authenticate_token! method authenticate_token_or_basic (line 62) | def authenticate_token_or_basic(&block) FILE: test/apps/rails3.1/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base FILE: test/apps/rails3.1/app/controllers/mixins/user_mixin.rb type UserMixin (line 1) | module UserMixin function mixin_action (line 3) | def mixin_action function mixin_default (line 9) | def mixin_default function assign_if (line 13) | def assign_if FILE: test/apps/rails3.1/app/controllers/other_controller.rb class OtherController (line 1) | class OtherController < ApplicationController method a (line 2) | def a method b (line 6) | def b method c (line 10) | def c method d (line 14) | def d method e (line 18) | def e method f (line 22) | def f method g (line 26) | def g method test_partial1 (line 30) | def test_partial1 method test_partial2 (line 35) | def test_partial2 method test_string_interp (line 40) | def test_string_interp method test_arel_table_access (line 45) | def test_arel_table_access method test_draper_redirect (line 49) | def test_draper_redirect method test_model_redirect_in_or (line 53) | def test_model_redirect_in_or method test_sanitized_medium (line 63) | def test_sanitized_medium method test_deserialization (line 68) | def test_deserialization method test_model_in_haml (line 76) | def test_model_in_haml FILE: test/apps/rails3.1/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method index (line 8) | def index method show (line 19) | def show method new (line 30) | def new method edit (line 40) | def edit method create (line 46) | def create method update (line 62) | def update method destroy (line 78) | def destroy method circular_render (line 88) | def circular_render method redirect_to_new_user (line 93) | def redirect_to_new_user method redirect_to_user_url (line 97) | def redirect_to_user_url method redirect_to_user_find_by (line 101) | def redirect_to_user_find_by method test_file_access_params (line 105) | def test_file_access_params method redirect_to_user_as_param (line 112) | def redirect_to_user_as_param method redirect_to_association (line 116) | def redirect_to_association method redirect_to_safe_second_param (line 120) | def redirect_to_safe_second_param method test_simple_helper (line 124) | def test_simple_helper method test_less_simple_helpers (line 128) | def test_less_simple_helpers method test_assign_twice (line 134) | def test_assign_twice method update_all_users (line 138) | def update_all_users method test_assign_if (line 155) | def test_assign_if method simple_helper (line 160) | def simple_helper method less_simple_helper (line 164) | def less_simple_helper method simple_helper_with_args (line 168) | def simple_helper_with_args arg method assign_ivar (line 172) | def assign_ivar method pluck_something (line 176) | def pluck_something method redirect_merge (line 184) | def redirect_merge method drape (line 188) | def drape method mass_again (line 192) | def mass_again method dynamic_finders (line 196) | def dynamic_finders FILE: test/apps/rails3.1/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails3.1/app/helpers/users_helper.rb type UsersHelper (line 1) | module UsersHelper FILE: test/apps/rails3.1/app/models/account.rb class Account (line 1) | class Account < ActiveRecord::Base FILE: test/apps/rails3.1/app/models/product.rb class Product (line 1) | class Product < ActiveRecord::Base method test_find_order (line 2) | def test_find_order method test_find_group (line 8) | def test_find_group method test_find_having (line 14) | def test_find_having method test_find_joins (line 29) | def test_find_joins method test_find_select (line 43) | def test_find_select method test_find_from (line 53) | def test_find_from method test_find_lock (line 62) | def test_find_lock method test_where (line 71) | def test_where method test_constant_interpolation (line 86) | def test_constant_interpolation method test_local_interpolation (line 91) | def test_local_interpolation method test_conditional_args_in_sql (line 96) | def test_conditional_args_in_sql method test_params_in_args (line 104) | def test_params_in_args method test_params_to_i (line 109) | def test_params_to_i method test_more_if_statements (line 114) | def test_more_if_statements method test_calculations (line 137) | def test_calculations method test_select (line 147) | def test_select method test_conditional_in_options (line 155) | def test_conditional_in_options method test_or_interpolation (line 164) | def test_or_interpolation method test_params_to_f (line 169) | def test_params_to_f method test_interpolation_in_first_arg (line 174) | def test_interpolation_in_first_arg method test_to_sql_interpolation (line 178) | def test_to_sql_interpolation FILE: test/apps/rails3.1/app/models/some_model.rb class SomeModel (line 1) | class SomeModel < @some_variable FILE: test/apps/rails3.1/app/models/user.rb class User (line 1) | class User < ActiveRecord::Base method sql_stuff (line 31) | def self.sql_stuff parent_id method safe_sql_using_quoted_table_name (line 46) | def self.safe_sql_using_quoted_table_name method more_safe_stuff (line 50) | def self.more_safe_stuff FILE: test/apps/rails3.1/config/application.rb type Rails31 (line 12) | module Rails31 class Application (line 13) | class Application < Rails::Application FILE: test/apps/rails3.1/db/migrate/20110908172338_create_users.rb class CreateUsers (line 1) | class CreateUsers < ActiveRecord::Migration method change (line 2) | def change FILE: test/apps/rails3.1/lib/alib.rb class Alib (line 1) | class Alib < $SOME_CONSTANT FILE: test/apps/rails3.1/lib/somelib.rb class MyLib (line 1) | class MyLib method test_negative_array_index (line 2) | def test_negative_array_index FILE: test/apps/rails3.1/test/functional/users_controller_test.rb class UsersControllerTest (line 3) | class UsersControllerTest < ActionController::TestCase FILE: test/apps/rails3.1/test/performance/browsing_test.rb class BrowsingTest (line 4) | class BrowsingTest < ActionDispatch::PerformanceTest method test_homepage (line 9) | def test_homepage FILE: test/apps/rails3.1/test/test_helper.rb class ActiveSupport::TestCase (line 5) | class ActiveSupport::TestCase FILE: test/apps/rails3.1/test/unit/helpers/users_helper_test.rb class UsersHelperTest (line 3) | class UsersHelperTest < ActionView::TestCase FILE: test/apps/rails3.1/test/unit/user_test.rb class UserTest (line 3) | class UserTest < ActiveSupport::TestCase FILE: test/apps/rails3.2/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base FILE: test/apps/rails3.2/app/controllers/exec_controller.rb class ExecController (line 1) | class ExecController < ApplicationController method outer_exec (line 4) | def outer_exec FILE: test/apps/rails3.2/app/controllers/exec_controller/command_dependency.rb class ExecController (line 1) | class ExecController method inner_exec (line 2) | def inner_exec FILE: test/apps/rails3.2/app/controllers/removal_controller.rb class RemovalController (line 1) | class RemovalController < ApplicationController method change_lines (line 2) | def change_lines method remove_this (line 13) | def remove_this method remove_this_too (line 17) | def remove_this_too method implicit_render (line 24) | def implicit_render FILE: test/apps/rails3.2/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method index (line 6) | def index method show (line 17) | def show method new (line 29) | def new method edit (line 39) | def edit method create (line 45) | def create method update (line 61) | def update method destroy (line 77) | def destroy method slimming (line 87) | def slimming method show_detailed_exceptions? (line 92) | def show_detailed_exceptions? method render_text (line 96) | def render_text method test_symbol_dos (line 100) | def test_symbol_dos FILE: test/apps/rails3.2/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails3.2/app/helpers/users_helper.rb type UsersHelper (line 1) | module UsersHelper FILE: test/apps/rails3.2/app/models/account.rb class Account (line 1) | class Account < ActiveRecord::Base FILE: test/apps/rails3.2/app/models/multi_model.rb type MultiModel (line 1) | module MultiModel class Model1 (line 2) | class Model1 < ActiveRecord::Base method model_exec (line 4) | def model_exec class Model2 (line 10) | class Model2 < ActiveRecord::Base method model_exec (line 12) | def model_exec FILE: test/apps/rails3.2/app/models/no_protection.rb class NoProtection (line 1) | class NoProtection < ActiveRecord::Base FILE: test/apps/rails3.2/app/models/user.rb class User (line 1) | class User < ActiveRecord::Base FILE: test/apps/rails3.2/app/models/user/command_dependency.rb class User (line 1) | class User method inner_exec (line 2) | def inner_exec FILE: test/apps/rails3.2/config/application.rb type Rails32 (line 12) | module Rails32 class Application (line 13) | class Application < Rails::Application FILE: test/apps/rails3.2/config/initializers/header_dos_protection.rb function get (line 7) | def get(details) FILE: test/apps/rails3.2/lib/user_controller_mixin.rb type UserControllerMixin (line 1) | module UserControllerMixin function mixed_in (line 2) | def mixed_in function [] (line 6) | def [] index FILE: test/apps/rails3/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base FILE: test/apps/rails3/app/controllers/base_thing.rb class BaseThing (line 1) | class BaseThing < ApplicationController method action_in_parent (line 2) | def action_in_parent FILE: test/apps/rails3/app/controllers/before_controller.rb class BeforeController (line 1) | class BeforeController < ApplicationController method use_filters12 (line 8) | def use_filters12 method use_filter123 (line 11) | def use_filter123 method use_filter12345 (line 14) | def use_filter12345 method filter1 (line 19) | def filter1 method filter2 (line 23) | def filter2 method filter3 (line 27) | def filter3 method filter4 (line 31) | def filter4 method filter5 (line 37) | def filter5 FILE: test/apps/rails3/app/controllers/child_controller.rb class ChildController (line 1) | class ChildController < BaseThing method action_in_child (line 2) | def action_in_child FILE: test/apps/rails3/app/controllers/home_controller.rb class HomeController (line 1) | class HomeController < ApplicationController method index (line 4) | def index method test_params (line 7) | def test_params method test_model (line 12) | def test_model method test_cookie (line 16) | def test_cookie method test_filter (line 20) | def test_filter method test_file_access (line 23) | def test_file_access method test_sql (line 27) | def test_sql some_var = "hello" method test_command (line 33) | def test_command method test_eval (line 39) | def test_eval method test_redirect (line 43) | def test_redirect method test_render (line 48) | def test_render method test_mass_assignment (line 53) | def test_mass_assignment method test_mass_assignment_with_hash (line 57) | def test_mass_assignment_with_hash method test_dynamic_render (line 61) | def test_dynamic_render method test_load_params (line 66) | def test_load_params method test_model_build (line 71) | def test_model_build method test_only_path_wrong (line 76) | def test_only_path_wrong method test_url_for_only_path (line 80) | def test_url_for_only_path method test_render_a_method_call (line 86) | def test_render_a_method_call method test_number_alias (line 91) | def test_number_alias method test_only_path_correct (line 95) | def test_only_path_correct method test_content_tag (line 100) | def test_content_tag method test_yaml_file_access (line 104) | def test_yaml_file_access method test_more_mass_assignment_methods (line 112) | def test_more_mass_assignment_methods method test_yaml_load (line 122) | def test_yaml_load method test_more_yaml_methods (line 129) | def test_more_yaml_methods method parse_json (line 136) | def parse_json method mass_assign_slice_only (line 140) | def mass_assign_slice_only method test_more_ways_to_execute (line 145) | def test_more_ways_to_execute method test_only_path_also_correct (line 157) | def test_only_path_also_correct method test_more_uses_of_pipelines (line 161) | def test_more_uses_of_pipelines method filter_it (line 170) | def filter_it FILE: test/apps/rails3/app/controllers/nested_controller.rb class Whatever (line 1) | class Whatever type Wherever (line 2) | module Wherever class NestedController (line 3) | class NestedController < ApplicationController method so_nested (line 4) | def so_nested FILE: test/apps/rails3/app/controllers/other_controller.rb class OtherController (line 1) | class OtherController < ApplicationController method test_locals (line 2) | def test_locals method test_object (line 6) | def test_object method test_collection (line 10) | def test_collection method test_iteration (line 16) | def test_iteration method test_send_file (line 20) | def test_send_file method test_update_attribute (line 24) | def test_update_attribute method test_sql_with_non_active_record_model (line 29) | def test_sql_with_non_active_record_model method test_http_digest (line 33) | def test_http_digest method test_render_with_nonsymbol_key (line 39) | def test_render_with_nonsymbol_key method test_mail_to (line 43) | def test_mail_to method test_command_injection_locals (line 47) | def test_command_injection_locals method test_mass_assign_with_strong_params (line 52) | def test_mass_assign_with_strong_params method test_sql_deletes (line 56) | def test_sql_deletes method test_sql_to_s (line 61) | def test_sql_to_s status FILE: test/apps/rails3/app/controllers/products_controller.rb class ProductsController (line 1) | class ProductsController < ApplicationController method index (line 4) | def index method show (line 15) | def show method new (line 26) | def new method edit (line 36) | def edit method create (line 42) | def create method update (line 58) | def update method destroy (line 74) | def destroy method render_some_text (line 84) | def render_some_text FILE: test/apps/rails3/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails3/app/helpers/home_helper.rb type HomeHelper (line 1) | module HomeHelper FILE: test/apps/rails3/app/helpers/other_helper.rb type OtherHelper (line 1) | module OtherHelper FILE: test/apps/rails3/app/helpers/products_helper.rb type ProductsHelper (line 1) | module ProductsHelper FILE: test/apps/rails3/app/models/account.rb class Account (line 1) | class Account < ActiveRecord::Base method mass_assign_it (line 8) | def mass_assign_it method test_class_eval (line 12) | def test_class_eval FILE: test/apps/rails3/app/models/bill.rb class Bill (line 1) | class Bill < ActiveRecord::Base FILE: test/apps/rails3/app/models/noticia.rb class Noticia (line 1) | class Noticia FILE: test/apps/rails3/app/models/notifier.rb class Notifier (line 1) | class Notifier < ActionMailer::Base method nsfree_deactivation_heroku (line 2) | def nsfree_deactivation_heroku(account, allowed, used) FILE: test/apps/rails3/app/models/product.rb class Product (line 1) | class Product < ActiveRecord::Base FILE: test/apps/rails3/app/models/purchase.rb class Purchase (line 1) | class Purchase < ActiveRecord::Base FILE: test/apps/rails3/app/models/underline_model.rb class Underline_Model (line 1) | class Underline_Model method inject! (line 2) | def inject!(b) FILE: test/apps/rails3/app/models/user.rb class User (line 1) | class User < ActiveRecord::Base method unused_sql (line 3) | def unused_sql method sql_in_if_branches (line 25) | def sql_in_if_branches method safe_sql (line 35) | def safe_sql method sanitized_profile (line 39) | def sanitized_profile FILE: test/apps/rails3/config/application.rb type Rails3 (line 9) | module Rails3 class Application (line 10) | class Application < Rails::Application FILE: test/apps/rails3/lib/controller_filter.rb type ControllerFilter (line 1) | module ControllerFilter function included (line 3) | def self.included somewhere FILE: test/apps/rails3/public/javascripts/controls.js function addText (line 563) | function addText(mode, condition) { function fallback (line 859) | function fallback(name, expr) { FILE: test/apps/rails3/public/javascripts/effects.js function dispatch (line 243) | function dispatch(effect, eventName) { function parseColor (line 947) | function parseColor(color){ FILE: test/apps/rails3/public/javascripts/prototype.js function subclass (line 94) | function subclass() {} function create (line 95) | function create() { function addMethods (line 124) | function addMethods(source) { function Type (line 178) | function Type(o) { function extend (line 192) | function extend(destination, source) { function inspect (line 198) | function inspect(object) { function toJSON (line 209) | function toJSON(value) { function Str (line 213) | function Str(key, holder, stack) { function stringify (line 271) | function stringify(object) { function toQueryString (line 275) | function toQueryString(object) { function toHTML (line 279) | function toHTML(object) { function keys (line 283) | function keys(object) { function values (line 294) | function values(object) { function clone (line 301) | function clone(object) { function isElement (line 305) | function isElement(object) { function isArray (line 309) | function isArray(object) { function isHash (line 320) | function isHash(object) { function isFunction (line 324) | function isFunction(object) { function isString (line 328) | function isString(object) { function isNumber (line 332) | function isNumber(object) { function isUndefined (line 336) | function isUndefined(object) { function update (line 361) | function update(array, args) { function merge (line 367) | function merge(array, args) { function argumentNames (line 372) | function argumentNames() { function bind (line 379) | function bind(context) { function bindAsEventListener (line 388) | function bindAsEventListener(context) { function curry (line 396) | function curry() { function delay (line 405) | function delay(timeout) { function defer (line 413) | function defer() { function wrap (line 418) | function wrap(wrapper) { function methodize (line 426) | function methodize() { function toISOString (line 452) | function toISOString() { function toJSON (line 462) | function toJSON() { function prepareReplacement (line 532) | function prepareReplacement(replacement) { function gsub (line 538) | function gsub(pattern, replacement) { function sub (line 562) | function sub(pattern, replacement, count) { function scan (line 572) | function scan(pattern, iterator) { function truncate (line 577) | function truncate(length, truncation) { function strip (line 584) | function strip() { function stripTags (line 588) | function stripTags() { function stripScripts (line 592) | function stripScripts() { function extractScripts (line 596) | function extractScripts() { function evalScripts (line 604) | function evalScripts() { function escapeHTML (line 608) | function escapeHTML() { function unescapeHTML (line 612) | function unescapeHTML() { function toQueryParams (line 617) | function toQueryParams(separator) { function toArray (line 638) | function toArray() { function succ (line 642) | function succ() { function times (line 647) | function times(count) { function camelize (line 651) | function camelize() { function capitalize (line 657) | function capitalize() { function underscore (line 661) | function underscore() { function dasherize (line 669) | function dasherize() { function inspect (line 673) | function inspect(useDoubleQuotes) { function unfilterJSON (line 684) | function unfilterJSON(filter) { function isJSON (line 688) | function isJSON() { function evalJSON (line 697) | function evalJSON(sanitize) { function parseJSON (line 711) | function parseJSON() { function include (line 716) | function include(pattern) { function startsWith (line 720) | function startsWith(pattern) { function endsWith (line 724) | function endsWith(pattern) { function empty (line 729) | function empty() { function blank (line 733) | function blank() { function interpolate (line 737) | function interpolate(object, pattern) { function each (line 814) | function each(iterator, context) { function eachSlice (line 826) | function eachSlice(number, iterator, context) { function all (line 834) | function all(iterator, context) { function any (line 844) | function any(iterator, context) { function collect (line 854) | function collect(iterator, context) { function detect (line 863) | function detect(iterator, context) { function findAll (line 874) | function findAll(iterator, context) { function grep (line 883) | function grep(filter, iterator, context) { function include (line 897) | function include(object) { function inGroupsOf (line 911) | function inGroupsOf(number, fillWith) { function inject (line 919) | function inject(memo, iterator, context) { function invoke (line 926) | function invoke(method) { function max (line 933) | function max(iterator, context) { function min (line 944) | function min(iterator, context) { function partition (line 955) | function partition(iterator, context) { function pluck (line 965) | function pluck(property) { function reject (line 973) | function reject(iterator, context) { function sortBy (line 982) | function sortBy(iterator, context) { function toArray (line 994) | function toArray() { function zip (line 998) | function zip() { function size (line 1009) | function size() { function inspect (line 1013) | function inspect() { function $A (line 1059) | function $A(iterable) { function $w (line 1068) | function $w(string) { function each (line 1082) | function each(iterator) { function clear (line 1088) | function clear() { function first (line 1093) | function first() { function last (line 1097) | function last() { function compact (line 1101) | function compact() { function flatten (line 1107) | function flatten() { function without (line 1116) | function without() { function reverse (line 1123) | function reverse(inline) { function uniq (line 1127) | function uniq(sorted) { function intersect (line 1135) | function intersect(array) { function clone (line 1142) | function clone() { function size (line 1146) | function size() { function inspect (line 1150) | function inspect() { function indexOf (line 1154) | function indexOf(item, i) { function lastIndexOf (line 1163) | function lastIndexOf(item, i) { function concat (line 1169) | function concat() { function $H (line 1214) | function $H(object) { function initialize (line 1219) | function initialize(object) { function _each (line 1224) | function _each(iterator) { function set (line 1233) | function set(key, value) { function get (line 1237) | function get(key) { function unset (line 1242) | function unset(key) { function toObject (line 1248) | function toObject() { function keys (line 1254) | function keys() { function values (line 1258) | function values() { function index (line 1262) | function index(value) { function merge (line 1269) | function merge(object) { function update (line 1273) | function update(object) { function toQueryPair (line 1280) | function toQueryPair(key, value) { function toQueryString (line 1285) | function toQueryString() { function inspect (line 1297) | function inspect() { function clone (line 1303) | function clone() { function toColorPart (line 1329) | function toColorPart() { function succ (line 1333) | function succ() { function times (line 1337) | function times(iterator, context) { function toPaddedString (line 1342) | function toPaddedString(length, radix) { function abs (line 1347) | function abs() { function round (line 1351) | function round() { function ceil (line 1355) | function ceil() { function floor (line 1359) | function floor() { function $R (line 1375) | function $R(start, end, exclusive) { function initialize (line 1380) | function initialize(start, end, exclusive) { function _each (line 1386) | function _each(iterator) { function include (line 1394) | function include(value) { function $ (line 1806) | function $(element) { function purgeElement (line 1886) | function purgeElement(element) { function update (line 1965) | function update(element, content) { function stripAlpha (line 2658) | function stripAlpha(filter){ function _descendants (line 2820) | function _descendants(element) { function checkDeficiency (line 2989) | function checkDeficiency(tagName) { function extendElementWith (line 3005) | function extendElementWith(element, methods) { function extend (line 3095) | function extend(tagName) { function copy (line 3102) | function copy(methods, destination, onlyIfAbsent) { function findDOMClass (line 3112) | function findDOMClass(tagName) { function getRootElement (line 3179) | function getRootElement() { function define (line 3189) | function define(D) { function toDecimal (line 3280) | function toDecimal(pctString) { function getPixelValue (line 3286) | function getPixelValue(value, property) { function toCSSPixels (line 3327) | function toCSSPixels(number) { function isDisplayed (line 3334) | function isDisplayed(element) { function cssNameFor (line 3356) | function cssNameFor(key) { function getLayout (line 3715) | function getLayout(element, preCompute) { function measure (line 3719) | function measure(element, property) { function getDimensions (line 3723) | function getDimensions(element) { function getOffsetParent (line 3731) | function getOffsetParent(element) { function cumulativeOffset (line 3748) | function cumulativeOffset(element) { function positionedOffset (line 3758) | function positionedOffset(element) { function cumulativeScrollOffset (line 3779) | function cumulativeScrollOffset(element) { function viewportOffset (line 3789) | function viewportOffset(forElement) { function absolutize (line 3810) | function absolutize(element) { function relativize (line 3842) | function relativize(element) { function isBody (line 3868) | function isBody(element) { function isDetached (line 3872) | function isDetached(element) { function select (line 3920) | function select() { function match (line 3924) | function match() { function find (line 3928) | function find(elements, expression, index) { function extendElements (line 3939) | function extendElements(elements) { function dirNodeCheck (line 4823) | function dirNodeCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { function dirCheck (line 4859) | function dirCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { function select (line 4939) | function select(selector, scope) { function match (line 4943) | function match(element, selector) { function isLeftClick (line 5347) | function isLeftClick(event) { return _isButton(event, 0) } function isMiddleClick (line 5349) | function isMiddleClick(event) { return _isButton(event, 1) } function isRightClick (line 5351) | function isRightClick(event) { return _isButton(event, 2) } function element (line 5353) | function element(event) { function findElement (line 5372) | function findElement(event, expression) { function pointer (line 5383) | function pointer(event) { function pointerX (line 5387) | function pointerX(event) { function pointerY (line 5396) | function pointerY(event) { function stop (line 5406) | function stop(event) { function _relatedTarget (line 5436) | function _relatedTarget(event) { function _createResponder (line 5474) | function _createResponder(element, eventName, handler) { function _destroyCache (line 5533) | function _destroyCache() { function observe (line 5558) | function observe(element, eventName, handler) { function stopObserving (line 5584) | function stopObserving(element, eventName, handler) { function fire (line 5631) | function fire(element, eventName, memo, bubble) { function on (line 5685) | function on(element, eventName, selector, callback) { function fireContentLoadedEvent (line 5735) | function fireContentLoadedEvent() { function checkReadyState (line 5742) | function checkReadyState() { function pollDoScroll (line 5749) | function pollDoScroll() { function iter (line 5879) | function iter(name) { FILE: test/apps/rails3/public/javascripts/rails.js function isEventSupported (line 4) | function isEventSupported(eventName) { function isForm (line 16) | function isForm(element) { function isInput (line 20) | function isInput(element) { function handleRemote (line 74) | function handleRemote(element) { function handleMethod (line 103) | function handleMethod(element) { FILE: test/apps/rails3/test/functional/home_controller_test.rb class HomeControllerTest (line 3) | class HomeControllerTest < ActionController::TestCase FILE: test/apps/rails3/test/functional/other_controller_test.rb class OtherControllerTest (line 3) | class OtherControllerTest < ActionController::TestCase FILE: test/apps/rails3/test/performance/browsing_test.rb class BrowsingTest (line 5) | class BrowsingTest < ActionDispatch::PerformanceTest method test_homepage (line 6) | def test_homepage FILE: test/apps/rails3/test/test_helper.rb class ActiveSupport::TestCase (line 5) | class ActiveSupport::TestCase FILE: test/apps/rails3/test/unit/helpers/home_helper_test.rb class HomeHelperTest (line 3) | class HomeHelperTest < ActionView::TestCase FILE: test/apps/rails3/test/unit/helpers/other_helper_test.rb class OtherHelperTest (line 3) | class OtherHelperTest < ActionView::TestCase FILE: test/apps/rails4/app/api/api.rb type API (line 1) | module API function insecure_command_execution (line 3) | def insecure_command_execution FILE: test/apps/rails4/app/controllers/another_controller.rb class AnotherController (line 1) | class AnotherController < ApplicationController method overflow (line 2) | def overflow method use_bad_thing (line 12) | def use_bad_thing method also_use_bad_thing (line 17) | def also_use_bad_thing method render_stuff (line 21) | def render_stuff method use_params_in_regex (line 37) | def use_params_in_regex method building_strings_for_sql (line 41) | def building_strings_for_sql method safe_renders (line 59) | def safe_renders FILE: test/apps/rails4/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::API method show_detailed_exceptions? (line 6) | def show_detailed_exceptions? method redirect_to_created_model (line 10) | def redirect_to_created_model method bypass_ssl_check (line 22) | def bypass_ssl_check method set_bad_thing (line 29) | def set_bad_thing method wrong_redirect_only_path (line 33) | def wrong_redirect_only_path method redirect_only_path_with_unsafe_hash (line 37) | def redirect_only_path_with_unsafe_hash method redirect_only_path_with_unsafe_h (line 41) | def redirect_only_path_with_unsafe_h FILE: test/apps/rails4/app/controllers/friendly_controller.rb class FriendlyController (line 1) | class FriendlyController method find (line 6) | def find method some_user_thing (line 11) | def some_user_thing method try_and_send (line 15) | def try_and_send method mass_assign_user (line 20) | def mass_assign_user method mass_assign_protected_model (line 26) | def mass_assign_protected_model method permit_without_usage (line 32) | def permit_without_usage method permit_after_usage (line 37) | def permit_after_usage method sql_with_exec (line 43) | def sql_with_exec method redirect_to_some_places (line 57) | def redirect_to_some_places method select_some_stuff (line 67) | def select_some_stuff method send_some_stuff (line 71) | def send_some_stuff method private_some_stuff (line 75) | def private_some_stuff method where_hashes (line 79) | def where_hashes method whitelistit (line 84) | def whitelistit FILE: test/apps/rails4/app/controllers/mixed_controller.rb class MixedController (line 1) | class MixedController < ApplicationController FILE: test/apps/rails4/app/controllers/mixed_in_proxy.rb type ProxyThing (line 1) | module ProxyThing class X (line 2) | class X; end type Proxied (line 4) | module Proxied function included (line 5) | def self.included(controller) FILE: test/apps/rails4/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method test_sql_sanitize (line 2) | def test_sql_sanitize method test_before_action (line 13) | def test_before_action method test_prepend_before_action (line 18) | def test_prepend_before_action method test_append_before_action (line 23) | def test_append_before_action method set_page (line 27) | def set_page method safe_set_page (line 31) | def safe_set_page method redirect_to_model (line 35) | def redirect_to_model method find_by_stuff (line 46) | def find_by_stuff method symbolize_safe_parameters (line 51) | def symbolize_safe_parameters method mass_assignment_bypass (line 56) | def mass_assignment_bypass method email_finds (line 65) | def email_finds method case_statement (line 69) | def case_statement method open_stuff (line 80) | def open_stuff method eval_it (line 87) | def eval_it method session_key (line 91) | def session_key method hash_some_things (line 96) | def hash_some_things method redirector (line 107) | def redirector method more_haml (line 111) | def more_haml method without (line 114) | def without method permit_in_sql (line 118) | def permit_in_sql method exists_with_to_s (line 124) | def exists_with_to_s method find_and_create_em (line 128) | def find_and_create_em method email_find_by (line 135) | def email_find_by method haml_test (line 140) | def haml_test; end FILE: test/apps/rails4/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails4/app/models/account.rb class Account (line 1) | class Account < ActiveRecord::Base method sql_it_up_yeah (line 4) | def sql_it_up_yeah method more_sql_connection (line 11) | def self.more_sql_connection method safe_sql_should_not_warn (line 15) | def safe_sql_should_not_warn method lots_of_string_building_sql (line 21) | def lots_of_string_building_sql method get_all_countries (line 37) | def self.get_all_countries(locale) FILE: test/apps/rails4/app/models/email.rb class Email (line 1) | class Email < ActiveRecord::Base FILE: test/apps/rails4/app/models/phone.rb class Phone (line 1) | class Phone < ActiveRecord::Base FILE: test/apps/rails4/app/models/recursive/stack_level.rb class Exception (line 1) | class Exception < Exception class DescendentException (line 4) | class DescendentException < Exception class ExceptionA (line 7) | class ExceptionA < ExceptionB class ExceptionB (line 10) | class ExceptionB < ExceptionA FILE: test/apps/rails4/app/models/user.rb class User (line 1) | class User < ActiveRecord::Base method test_sql_sanitize (line 2) | def test_sql_sanitize(x) method arel_exists (line 8) | def arel_exists method symbol_stuff (line 12) | def symbol_stuff method much_arel (line 27) | def much_arel # None of these should warn method encrypt_pass (line 41) | def self.encrypt_pass password method more_symbol_stuff (line 47) | def more_symbol_stuff stuff FILE: test/apps/rails4/config/application.rb type Rails4 (line 8) | module Rails4 class Application (line 9) | class Application < Rails::Application FILE: test/apps/rails4/config/initializers/i18n.rb class HtmlSafeI18nExceptionHandler (line 4) | class HtmlSafeI18nExceptionHandler method initialize (line 7) | def initialize(original_exception_handler) method call (line 11) | def call(exception, locale, key, options) FILE: test/apps/rails4/external_checks/check_external_check_test.rb class Brakeman::CheckExternalCheckTest (line 4) | class Brakeman::CheckExternalCheckTest < Brakeman::BaseCheck method run_check (line 9) | def run_check FILE: test/apps/rails4/lib/sweet_lib.rb class SweetLib (line 1) | class SweetLib method do_some_cool_stuff (line 2) | def do_some_cool_stuff bad method test_command_injection_in_lib (line 6) | def test_command_injection_in_lib method test_net_http_start_ssl (line 11) | def test_net_http_start_ssl method external_check_test (line 15) | def external_check_test FILE: test/apps/rails4/lib/tasks/some_task.rb class SomeTask (line 1) | class SomeTask method some_task (line 2) | def some_task FILE: test/apps/rails4/test/test_helper.rb class ActiveSupport::TestCase (line 5) | class ActiveSupport::TestCase FILE: test/apps/rails4_non_standard_structure/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base FILE: test/apps/rails4_non_standard_structure/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails4_non_standard_structure/config/application.rb type Rails4NonStandardStructure (line 9) | module Rails4NonStandardStructure class Application (line 10) | class Application < Rails::Application FILE: test/apps/rails4_non_standard_structure/test/test_helper.rb class ActiveSupport::TestCase (line 5) | class ActiveSupport::TestCase FILE: test/apps/rails4_with_engines/alt_engines/admin_stuff/app/controllers/admin_controller.rb class AdminController (line 1) | class AdminController < ApplicationController method debug (line 2) | def debug FILE: test/apps/rails4_with_engines/alt_engines/admin_stuff/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails4_with_engines/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base FILE: test/apps/rails4_with_engines/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails4_with_engines/config/application.rb type Rails4 (line 8) | module Rails4 class Application (line 9) | class Application < Rails::Application FILE: test/apps/rails4_with_engines/config/initializers/nested_attributes_bypass_fix.rb type ActiveRecord (line 1) | module ActiveRecord type NestedAttributes (line 2) | module NestedAttributes function reject_new_record? (line 5) | def reject_new_record?(association_name, attributes) function call_reject_if (line 9) | def call_reject_if(association_name, attributes) function will_be_destroyed? (line 20) | def will_be_destroyed?(association_name, attributes) function allow_destroy? (line 24) | def allow_destroy?(association_name) FILE: test/apps/rails4_with_engines/engines/user_removal/app/controllers/base_controller.rb class BaseController (line 1) | class BaseController < ActionController::Base FILE: test/apps/rails4_with_engines/engines/user_removal/app/controllers/removal_controller.rb class RemovalController (line 1) | class RemovalController < ApplicationController method change_lines (line 2) | def change_lines method remove_this (line 13) | def remove_this method remove_this_too (line 17) | def remove_this_too method implicit_render (line 24) | def implicit_render FILE: test/apps/rails4_with_engines/engines/user_removal/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method index (line 6) | def index method show (line 17) | def show method new (line 29) | def new method edit (line 39) | def edit method create (line 45) | def create method update (line 61) | def update method destroy (line 77) | def destroy method slimming (line 87) | def slimming FILE: test/apps/rails4_with_engines/engines/user_removal/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails4_with_engines/engines/user_removal/app/helpers/users_helper.rb type UsersHelper (line 1) | module UsersHelper FILE: test/apps/rails4_with_engines/engines/user_removal/app/models/account.rb class Account (line 1) | class Account < ActiveRecord::Base FILE: test/apps/rails4_with_engines/engines/user_removal/app/models/no_protection.rb class NoProtection (line 1) | class NoProtection < ActiveRecord::Base FILE: test/apps/rails4_with_engines/engines/user_removal/app/models/user.rb class User (line 1) | class User < ActiveRecord::Base FILE: test/apps/rails4_with_engines/engines/user_removal/lib/user_removal.rb type UserRemoval (line 1) | module UserRemoval class Engine (line 2) | class Engine < Rails::Engine FILE: test/apps/rails4_with_engines/test/test_helper.rb class ActiveSupport::TestCase (line 5) | class ActiveSupport::TestCase FILE: test/apps/rails5.2/app/channels/application_cable/channel.rb type ApplicationCable (line 1) | module ApplicationCable class Channel (line 2) | class Channel < ActionCable::Channel::Base FILE: test/apps/rails5.2/app/channels/application_cable/connection.rb type ApplicationCable (line 1) | module ApplicationCable class Connection (line 2) | class Connection < ActionCable::Connection::Base FILE: test/apps/rails5.2/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base FILE: test/apps/rails5.2/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method index (line 2) | def index method show (line 7) | def show method delete (line 13) | def delete(foo) method safe_one (line 21) | def safe_one(foo) method better_user_input_reporting (line 27) | def better_user_input_reporting method splat_args (line 34) | def splat_args method splat_kwargs (line 38) | def splat_kwargs method one (line 42) | def one method two (line 46) | def two method some_api (line 50) | def some_api method not_not (line 57) | def not_not method test_empty_partial_name (line 62) | def test_empty_partial_name FILE: test/apps/rails5.2/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails5.2/app/helpers/users_helper.rb type UsersHelper (line 1) | module UsersHelper FILE: test/apps/rails5.2/app/jobs/application_job.rb class ApplicationJob (line 1) | class ApplicationJob < ActiveJob::Base FILE: test/apps/rails5.2/app/jobs/delete_stuff_job.rb class DeleteStuffJob (line 1) | class DeleteStuffJob < ApplicationJob method perform (line 2) | def perform file FILE: test/apps/rails5.2/app/mailers/application_mailer.rb class ApplicationMailer (line 1) | class ApplicationMailer < ActionMailer::Base FILE: test/apps/rails5.2/app/models/application_record.rb class ApplicationRecord (line 1) | class ApplicationRecord < ActiveRecord::Base FILE: test/apps/rails5.2/app/models/user.rb class User (line 1) | class User < ActiveRecord::Base method not_something (line 2) | def not_something thing method inner_query (line 8) | def inner_query method singularize_safe_literal (line 14) | def singularize_safe_literal method foreign_key_thing (line 20) | def foreign_key_thing method polymorphic_name_joins (line 27) | def polymorphic_name_joins FILE: test/apps/rails5.2/config/application.rb type Rails52 (line 9) | module Rails52 class Application (line 10) | class Application < Rails::Application FILE: test/apps/rails5.2/config/initializers/cookies_serializer.rb type Custom (line 7) | module Custom type Serializer (line 8) | module Serializer FILE: test/apps/rails5.2/db/migrate/20171208205700_create_active_storage_tables.active_storage.rb class CreateActiveStorageTables (line 2) | class CreateActiveStorageTables < ActiveRecord::Migration[5.2] method change (line 3) | def change FILE: test/apps/rails5.2/lib/initthing.rb class InitThing (line 1) | class InitThing method initialize (line 2) | def initialize method use_it (line 6) | def use_it FILE: test/apps/rails5.2/lib/shell.rb class ShellStuff (line 1) | class ShellStuff method initialize (line 2) | def initialize(one, two) method run (line 7) | def run(ip) method backticks_target (line 17) | def backticks_target(path) method process_pid (line 21) | def process_pid method nested_system_interp (line 26) | def nested_system_interp method system_array_join (line 31) | def system_array_join method system_as_target (line 36) | def system_as_target method interpolated_conditional_safe (line 40) | def interpolated_conditional_safe method interpolated_ternary_safe (line 44) | def interpolated_ternary_safe method interpolated_conditional_dangerous (line 48) | def interpolated_conditional_dangerous method interpolated_ternary_dangerous (line 52) | def interpolated_ternary_dangerous method safe (line 59) | def safe(arg) method perform_commands (line 71) | def perform_commands method scopes (line 75) | def scopes(base_scope) method shell_escape_model (line 79) | def shell_escape_model method file_constant_use (line 88) | def file_constant_use method interpolated_in_percent_W (line 93) | def interpolated_in_percent_W method completely_external (line 98) | def completely_external method string_concatenation (line 102) | def string_concatenation method escaped_string_concatenation (line 106) | def escaped_string_concatenation method safe_string_concatenation (line 110) | def safe_string_concatenation method dash_c_dangerous_concatenation (line 114) | def dash_c_dangerous_concatenation method dash_c_safe_concatenation (line 118) | def dash_c_safe_concatenation method popen_dash_c (line 122) | def popen_dash_c method popen_concatenation (line 126) | def popen_concatenation method open3_capture_stdin_data (line 132) | def open3_capture_stdin_data method tempfile_create (line 140) | def tempfile_create FILE: test/apps/rails5.2/vendor/vendored_thing.rb class Vendored (line 1) | class Vendored method vendor (line 2) | def vendor FILE: test/apps/rails5/app/channels/application_cable/channel.rb type ApplicationCable (line 2) | module ApplicationCable class Channel (line 3) | class Channel < ActionCable::Channel::Base FILE: test/apps/rails5/app/channels/application_cable/connection.rb type ApplicationCable (line 2) | module ApplicationCable class Connection (line 3) | class Connection < ActionCable::Connection::Base FILE: test/apps/rails5/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base FILE: test/apps/rails5/app/controllers/concerns/concerning.rb type Concerning (line 1) | module Concerning FILE: test/apps/rails5/app/controllers/concerns/forgery_protection.rb type ForgeryProtection (line 1) | module ForgeryProtection FILE: test/apps/rails5/app/controllers/file_controller.rb class FileController (line 1) | class FileController < ApplicationController method download_tempfile_with_params (line 2) | def download_tempfile_with_params method download_sanitized_with_params (line 6) | def download_sanitized_with_params FILE: test/apps/rails5/app/controllers/mixed_controller.rb class BaseController (line 1) | class BaseController < ActionController::Base method another_early_return (line 8) | def another_early_return method yet_another_early_return (line 19) | def yet_another_early_return method redirect_to_strong_params (line 25) | def redirect_to_strong_params FILE: test/apps/rails5/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method index (line 6) | def index method show (line 12) | def show method new (line 16) | def new method edit (line 21) | def edit method create (line 26) | def create method update (line 42) | def update method destroy (line 56) | def destroy method set_user (line 66) | def set_user method user_params (line 71) | def user_params method ruby_230 (line 75) | def ruby_230 method symbol (line 82) | def symbol method slice_then_permit (line 86) | def slice_then_permit method nested_sql_interp (line 92) | def nested_sql_interp method arel_sql (line 96) | def arel_sql FILE: test/apps/rails5/app/controllers/widget_controller.rb class WidgetController (line 1) | class WidgetController < ApplicationController method show (line 2) | def show method dynamic_constant (line 5) | def dynamic_constant method render_thing (line 10) | def render_thing method render_inline (line 14) | def render_inline method sql_with_case (line 18) | def sql_with_case method sql_with_another_case (line 35) | def sql_with_another_case method render_with_case (line 63) | def render_with_case method no_html (line 73) | def no_html method guard_with_return (line 77) | def guard_with_return method render_cookies (line 85) | def render_cookies method dangerous_permits (line 89) | def dangerous_permits method redirect_to_path (line 94) | def redirect_to_path method render_safely (line 106) | def render_safely method attributes (line 111) | def attributes method haml_test (line 114) | def haml_test FILE: test/apps/rails5/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails5/app/helpers/users_helper.rb type UsersHelper (line 1) | module UsersHelper function bad_helper (line 2) | def bad_helper FILE: test/apps/rails5/app/jobs/application_job.rb class ApplicationJob (line 1) | class ApplicationJob < ActiveJob::Base FILE: test/apps/rails5/app/mailers/application_mailer.rb class ApplicationMailer (line 1) | class ApplicationMailer < ActionMailer::Base FILE: test/apps/rails5/app/models/application_record.rb class ApplicationRecord (line 1) | class ApplicationRecord < ActiveRecord::Base FILE: test/apps/rails5/app/models/thing.rb class Thing (line 1) | class Thing < ApplicationRecord method self_and_descendants_for (line 2) | def self.self_and_descendants_for(id) FILE: test/apps/rails5/app/models/user.rb class User (line 1) | class User < ApplicationRecord method render_user_input (line 2) | def self.render_user_input method evaluate_user_input (line 6) | def self.evaluate_user_input method evaluate_user_input (line 10) | def evaluate_user_input method test_stuff (line 14) | def test_stuff method all_that_jazz (line 23) | def self.all_that_jazz(user) FILE: test/apps/rails5/config/application.rb type Rails5 (line 9) | module Rails5 class Application (line 10) | class Application < Rails::Application FILE: test/apps/rails5/db/migrate/20160127223106_create_users.rb class CreateUsers (line 1) | class CreateUsers < ActiveRecord::Migration[5.0] method change (line 2) | def change FILE: test/apps/rails5/external_checks/check_external_check_test.rb class Brakeman::CheckExternalCheckConfigTest (line 3) | class Brakeman::CheckExternalCheckConfigTest < Brakeman::BaseCheck method run_check (line 8) | def run_check FILE: test/apps/rails5/lib/a_lib.rb class JustAClass (line 1) | class JustAClass method do_sql_stuff (line 2) | def do_sql_stuff method divide_by_zero (line 7) | def divide_by_zero method tempfile (line 17) | def tempfile FILE: test/apps/rails5/lib/lib.rb class A (line 1) | class A method b (line 2) | def b FILE: test/apps/rails5/test/controllers/users_controller_test.rb class UsersControllerTest (line 3) | class UsersControllerTest < ActionDispatch::IntegrationTest FILE: test/apps/rails5/test/models/user_test.rb class UserTest (line 3) | class UserTest < ActiveSupport::TestCase FILE: test/apps/rails5/test/test_helper.rb class ActiveSupport::TestCase (line 5) | class ActiveSupport::TestCase FILE: test/apps/rails6/another_lib_dir/some_lib.rb class A (line 1) | class A method something (line 2) | def something(thing) FILE: test/apps/rails6/app/channels/application_cable/channel.rb type ApplicationCable (line 1) | module ApplicationCable class Channel (line 2) | class Channel < ActionCable::Channel::Base FILE: test/apps/rails6/app/channels/application_cable/connection.rb type ApplicationCable (line 1) | module ApplicationCable class Connection (line 2) | class Connection < ActionCable::Connection::Base FILE: test/apps/rails6/app/components/base_component.rb class BaseComponent (line 1) | class BaseComponent method render_in (line 2) | def render_in FILE: test/apps/rails6/app/components/test_component.rb class TestComponent (line 1) | class TestComponent < BaseComponent method initialize (line 2) | def initialize(prop) FILE: test/apps/rails6/app/components/test_view_component.rb class TestViewComponent (line 1) | class TestViewComponent < ViewComponent::Base method initialize (line 2) | def initialize(prop) FILE: test/apps/rails6/app/components/test_view_component_contrib.rb class TestViewComponentContrib (line 1) | class TestViewComponentContrib < ViewComponentContrib::Base method initialize (line 2) | def initialize(prop) FILE: test/apps/rails6/app/components/test_view_component_fully_qualified_ancestor.rb class TestViewComponentFullyQualifiedAncestor (line 1) | class TestViewComponentFullyQualifiedAncestor < ::ViewComponent::Base method initialize (line 2) | def initialize(prop) FILE: test/apps/rails6/app/components/text_phlex_component.rb class TestPhlexComponent (line 1) | class TestPhlexComponent < Phlex::HTML method initialize (line 2) | def initialize(prop) FILE: test/apps/rails6/app/controllers/accounts_controller.rb class AccountsController (line 1) | class AccountsController < ApplicationController method login (line 2) | def login method auth_something (line 11) | def auth_something method eval_something (line 26) | def eval_something method index (line 30) | def index method tr_sql (line 34) | def tr_sql FILE: test/apps/rails6/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base FILE: test/apps/rails6/app/controllers/groups_controller.rb class GroupsController (line 1) | class GroupsController < ApplicationController method new_group (line 2) | def new_group method render_commands (line 9) | def render_commands method squish_sql (line 18) | def squish_sql method show (line 23) | def show method permit_bang_path (line 32) | def permit_bang_path method permit_bang_slice (line 36) | def permit_bang_slice method safeish_yaml_load (line 40) | def safeish_yaml_load method dynamic_method_invocations (line 46) | def dynamic_method_invocations method only_for_dev (line 53) | def only_for_dev method scope_with_custom_sanitization (line 59) | def scope_with_custom_sanitization method sanitize_s (line 63) | def sanitize_s(input) method test_rails6_sqli (line 67) | def test_rails6_sqli method enum_include_check (line 76) | def enum_include_check method render_phlex_component (line 86) | def render_phlex_component method render_view_component_contrib (line 90) | def render_view_component_contrib method render_view_component_with_content (line 95) | def render_view_component_with_content FILE: test/apps/rails6/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method index (line 6) | def index method show (line 12) | def show method new (line 16) | def new method edit (line 20) | def edit method create (line 26) | def create method update (line 42) | def update method destroy (line 56) | def destroy method destroy_them_all (line 64) | def destroy_them_all method dangerous_system_call (line 69) | def dangerous_system_call method dangerous_exec_call (line 73) | def dangerous_exec_call method safe_system_call (line 79) | def safe_system_call method safe_system_call_without_shell_dash_c (line 83) | def safe_system_call_without_shell_dash_c method example_redirect_to_request_params (line 87) | def example_redirect_to_request_params method permit_bang (line 91) | def permit_bang method set_user (line 99) | def set_user method user_params (line 104) | def user_params FILE: test/apps/rails6/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails6/app/helpers/users_helper.rb type UsersHelper (line 1) | module UsersHelper FILE: test/apps/rails6/app/jobs/application_job.rb class ApplicationJob (line 1) | class ApplicationJob < ActiveJob::Base FILE: test/apps/rails6/app/mailers/application_mailer.rb class ApplicationMailer (line 1) | class ApplicationMailer < ActionMailer::Base FILE: test/apps/rails6/app/models/application_record.rb class ApplicationRecord (line 1) | class ApplicationRecord < ActiveRecord::Base FILE: test/apps/rails6/app/models/group.rb class Group (line 1) | class Group < ApplicationRecord method uuid_in_sql (line 2) | def uuid_in_sql method date_in_sql (line 6) | def date_in_sql method ar_sanitize_sql_like (line 11) | def ar_sanitize_sql_like(query) method fetch_constant_hash_value (line 16) | def fetch_constant_hash_value(role_name) method use_simple_method (line 22) | def use_simple_method method simple_method (line 27) | def self.simple_method method use_enum (line 33) | def use_enum FILE: test/apps/rails6/app/models/user.rb class User (line 1) | class User < ApplicationRecord method scope_with_strip_heredoc (line 6) | def self.scope_with_strip_heredoc(name) method render_user_input (line 14) | def self.render_user_input method more_heredocs (line 18) | def self.more_heredocs method recent_stuff (line 24) | def recent_stuff method check_enum (line 30) | def check_enum method locale (line 36) | def locale FILE: test/apps/rails6/app/widgets/widget.rb class Widget (line 1) | class Widget < ApplicationRecord method spin (line 2) | def spin(direction) FILE: test/apps/rails6/config/application.rb type Rails6 (line 9) | module Rails6 class Application (line 10) | class Application < Rails::Application FILE: test/apps/rails6/lib/run_stuff.rb class RunStuff (line 1) | class RunStuff method run (line 2) | def run FILE: test/apps/rails6/lib/view_component/base.rb type ViewComponent (line 1) | module ViewComponent class Base (line 2) | class Base FILE: test/apps/rails7/app/channels/application_cable/channel.rb type ApplicationCable (line 1) | module ApplicationCable class Channel (line 2) | class Channel < ActionCable::Channel::Base FILE: test/apps/rails7/app/channels/application_cable/connection.rb type ApplicationCable (line 1) | module ApplicationCable class Connection (line 2) | class Connection < ActionCable::Connection::Base FILE: test/apps/rails7/app/controllers/admin_controller.rb class AdminController (line 1) | class AdminController < ApplicationController method search_users (line 2) | def search_users FILE: test/apps/rails7/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base method anonymouns_arguments (line 2) | def anonymouns_arguments(*, **, &) method hash_value_omission (line 6) | def hash_value_omission method endless_method_definition (line 13) | def endless_method_definition(msg) = puts "#{Time.now}: #{msg}" method pattern_matching_parenthesis_ommission (line 15) | def pattern_matching_parenthesis_ommission method pattern_matching_non_local_variable_pin (line 22) | def pattern_matching_non_local_variable_pin method pathname_stuff (line 26) | def pathname_stuff FILE: test/apps/rails7/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method redirect_to_last! (line 2) | def redirect_to_last! method presence (line 6) | def presence method redirect_param_with_fallback (line 12) | def redirect_param_with_fallback method redirect_url_from_param_with_fallback (line 16) | def redirect_url_from_param_with_fallback method redirect_with_allow_host (line 20) | def redirect_with_allow_host method redirect_with_explicit_not_allow (line 24) | def redirect_with_explicit_not_allow method redirect_back_with_fallback (line 28) | def redirect_back_with_fallback method redirect_back_or_to_with_fallback (line 32) | def redirect_back_or_to_with_fallback method redirect_back_or_to_with_fallback_disallow_host (line 36) | def redirect_back_or_to_with_fallback_disallow_host method search (line 40) | def search method search_books (line 44) | def search_books method just_here_for_test_coverage_thanks (line 53) | def just_here_for_test_coverage_thanks FILE: test/apps/rails7/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails7/app/javascript/controllers/hello_controller.js method connect (line 4) | connect() { FILE: test/apps/rails7/app/jobs/application_job.rb class ApplicationJob (line 1) | class ApplicationJob < ActiveJob::Base FILE: test/apps/rails7/app/mailers/application_mailer.rb class ApplicationMailer (line 1) | class ApplicationMailer < ActionMailer::Base FILE: test/apps/rails7/app/models/application_record.rb class ApplicationRecord (line 1) | class ApplicationRecord < ActiveRecord::Base FILE: test/apps/rails7/app/models/book.rb class Book (line 1) | class Book < Thing method ransackable_attributes (line 2) | def self.ransackable_attributes(auth_object = nil) FILE: test/apps/rails7/app/models/thing.rb class Thing (line 1) | class Thing < ApplicationRecord method ransackable_associations (line 3) | def ransackable_associations(auth_object = nil) FILE: test/apps/rails7/app/models/user.rb class User (line 1) | class User < ApplicationRecord FILE: test/apps/rails7/config/application.rb type Rails7 (line 9) | module Rails7 class Application (line 10) | class Application < Rails::Application FILE: test/apps/rails7/lib/some_lib.rb class SomeLib (line 1) | class SomeLib method some_rsa_encrypting (line 2) | def some_rsa_encrypting method some_more_rsa_padding_modes (line 8) | def some_more_rsa_padding_modes method small_rsa_keys (line 15) | def small_rsa_keys method pky_api (line 21) | def pky_api method x (line 33) | def self.x FILE: test/apps/rails8/app/channels/application_cable/channel.rb type ApplicationCable (line 1) | module ApplicationCable class Channel (line 2) | class Channel < ActionCable::Channel::Base FILE: test/apps/rails8/app/channels/application_cable/connection.rb type ApplicationCable (line 1) | module ApplicationCable class Connection (line 2) | class Connection < ActionCable::Connection::Base FILE: test/apps/rails8/app/controllers/application_controller.rb class ApplicationController (line 1) | class ApplicationController < ActionController::Base method deserialize_it (line 5) | def deserialize_it FILE: test/apps/rails8/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method index (line 5) | def index method show (line 10) | def show method new (line 14) | def new method edit (line 19) | def edit method create (line 23) | def create method update (line 38) | def update method destroy (line 51) | def destroy method things (line 60) | def things method permit_or (line 65) | def permit_or method stats_count (line 77) | def stats_count method set_user (line 84) | def set_user method user_params (line 89) | def user_params FILE: test/apps/rails8/app/helpers/application_helper.rb type ApplicationHelper (line 1) | module ApplicationHelper FILE: test/apps/rails8/app/helpers/users_helper.rb type UsersHelper (line 1) | module UsersHelper FILE: test/apps/rails8/app/javascript/controllers/hello_controller.js method connect (line 4) | connect() { FILE: test/apps/rails8/app/jobs/application_job.rb class ApplicationJob (line 1) | class ApplicationJob < ActiveJob::Base FILE: test/apps/rails8/app/mailers/application_mailer.rb class ApplicationMailer (line 1) | class ApplicationMailer < ActionMailer::Base FILE: test/apps/rails8/app/models/application_record.rb class ApplicationRecord (line 1) | class ApplicationRecord < ActiveRecord::Base FILE: test/apps/rails8/app/models/thing.rb class Thing (line 1) | class Thing < ApplicationRecord FILE: test/apps/rails8/app/models/user.rb class User (line 1) | class User < ApplicationRecord FILE: test/apps/rails8/config/application.rb class MyApp::Application (line 21) | class MyApp::Application < Rails::Application FILE: test/apps/rails8/lib/evals.rb class Evals (line 1) | class Evals method evals (line 2) | def evals(something) method safe_strings (line 20) | def safe_strings method defs_eval (line 31) | def defs_eval(string) method object_defs_eval (line 36) | def Object.object_defs_eval(string) method ivar_def_eval (line 40) | def @ivar.ivar_def_eval(string) method lvar_def_eval (line 45) | def lvar.lvar_def_eval(string) FILE: test/apps/rails8/lib/masgn.rb function test_masgn_recursion (line 1) | def test_masgn_recursion FILE: test/apps/rails_with_xss_plugin/app/controllers/application_controller.rb class ApplicationController (line 4) | class ApplicationController < ActionController::Base method current_user (line 10) | def current_user method require_logged_in (line 20) | def require_logged_in method require_admin (line 26) | def require_admin FILE: test/apps/rails_with_xss_plugin/app/controllers/posts_controller.rb class PostsController (line 1) | class PostsController < ApplicationController method index (line 6) | def index method show (line 17) | def show method new (line 29) | def new method edit (line 40) | def edit method create (line 46) | def create method update (line 63) | def update method destroy (line 79) | def destroy FILE: test/apps/rails_with_xss_plugin/app/controllers/users_controller.rb class UsersController (line 1) | class UsersController < ApplicationController method index (line 6) | def index method show (line 17) | def show method new (line 29) | def new method edit (line 39) | def edit method create (line 46) | def create method update (line 66) | def update method destroy (line 83) | def destroy method login (line 93) | def login method login_user (line 101) | def login_user method logout (line 117) | def logout method search (line 122) | def search method results (line 125) | def results method to_json (line 129) | def to_json method delete_them_all (line 133) | def delete_them_all method test_sanitize (line 139) | def test_sanitize method string_mass (line 143) | def string_mass FILE: test/apps/rails_with_xss_plugin/app/helpers/application_helper.rb type ApplicationHelper (line 2) | module ApplicationHelper function authorized? (line 3) | def authorized? FILE: test/apps/rails_with_xss_plugin/app/helpers/posts_helper.rb type PostsHelper (line 1) | module PostsHelper function author_of? (line 2) | def author_of? post FILE: test/apps/rails_with_xss_plugin/app/helpers/users_helper.rb type UsersHelper (line 1) | module UsersHelper FILE: test/apps/rails_with_xss_plugin/app/models/post.rb class Post (line 1) | class Post < ActiveRecord::Base FILE: test/apps/rails_with_xss_plugin/app/models/user.rb class User (line 1) | class User < ActiveRecord::Base FILE: test/apps/rails_with_xss_plugin/config/boot.rb type Rails (line 6) | module Rails function boot! (line 8) | def boot! function booted? (line 15) | def booted? function pick_boot (line 19) | def pick_boot function vendor_rails? (line 23) | def vendor_rails? function preinitialize (line 27) | def preinitialize function preinitializer_path (line 31) | def preinitializer_path class Boot (line 36) | class Boot method run (line 37) | def run class VendorBoot (line 43) | class VendorBoot < Boot method load_initializer (line 44) | def load_initializer class GemBoot (line 51) | class GemBoot < Boot method load_initializer (line 52) | def load_initializer method load_rails_gem (line 58) | def load_rails_gem method rubygems_version (line 74) | def rubygems_version method gem_version (line 78) | def gem_version method load_rubygems (line 88) | def load_rubygems method parse_gem_version (line 101) | def parse_gem_version(text) method read_environment_rb (line 106) | def read_environment_rb FILE: test/apps/rails_with_xss_plugin/config/initializers/single_quote_workaround.rb class ERB (line 1) | class ERB type Util (line 2) | module Util function html_escape (line 5) | def html_escape(s) function html_escape (line 14) | def html_escape(s) FILE: test/apps/rails_with_xss_plugin/db/migrate/20120312064721_create_users.rb class CreateUsers (line 1) | class CreateUsers < ActiveRecord::Migration method up (line 2) | def self.up method down (line 15) | def self.down FILE: test/apps/rails_with_xss_plugin/db/migrate/20120312065023_create_posts.rb class CreatePosts (line 1) | class CreatePosts < ActiveRecord::Migration method up (line 2) | def self.up method down (line 13) | def self.down FILE: test/apps/rails_with_xss_plugin/public/javascripts/controls.js function addText (line 561) | function addText(mode, condition) { function fallback (line 857) | function fallback(name, expr) { FILE: test/apps/rails_with_xss_plugin/public/javascripts/effects.js function codeForEvent (line 231) | function codeForEvent(options,eventName){ function dispatch (line 248) | function dispatch(effect, eventName) { function parseColor (line 952) | function parseColor(color){ FILE: test/apps/rails_with_xss_plugin/public/javascripts/prototype.js function klass (line 50) | function klass() { function $A (line 812) | function $A(iterable) { function $w (line 945) | function $w(string) { function $H (line 993) | function $H(object) { function toQueryPair (line 999) | function toQueryPair(key, value) { function $ (line 1513) | function $(element) { function stripAlpha (line 2289) | function stripAlpha(filter){ function extend (line 2627) | function extend(tagName) { function copy (line 2634) | function copy(methods, destination, onlyIfAbsent) { function findDOMClass (line 2644) | function findDOMClass(tagName) { function $$ (line 3443) | function $$() { function getEventID (line 3935) | function getEventID(element) { function getDOMEventName (line 3941) | function getDOMEventName(eventName) { function getCacheForID (line 3946) | function getCacheForID(id) { function getWrappersForEventName (line 3950) | function getWrappersForEventName(id, eventName) { function createWrapper (line 3955) | function createWrapper(element, eventName, handler) { function findWrapper (line 3974) | function findWrapper(id, eventName, handler) { function destroyWrapper (line 3979) | function destroyWrapper(id, eventName, handler) { function destroyCache (line 3985) | function destroyCache() { function fireContentLoadedEvent (line 4102) | function fireContentLoadedEvent() { function iter (line 4251) | function iter(name) { FILE: test/apps/rails_with_xss_plugin/test/functional/posts_controller_test.rb class PostsControllerTest (line 3) | class PostsControllerTest < ActionController::TestCase FILE: test/apps/rails_with_xss_plugin/test/functional/users_controller_test.rb class UsersControllerTest (line 3) | class UsersControllerTest < ActionController::TestCase FILE: test/apps/rails_with_xss_plugin/test/performance/browsing_test.rb class BrowsingTest (line 5) | class BrowsingTest < ActionController::PerformanceTest method test_homepage (line 6) | def test_homepage FILE: test/apps/rails_with_xss_plugin/test/test_helper.rb class ActiveSupport::TestCase (line 5) | class ActiveSupport::TestCase FILE: test/apps/rails_with_xss_plugin/test/unit/helpers/posts_helper_test.rb class PostsHelperTest (line 3) | class PostsHelperTest < ActionView::TestCase FILE: test/apps/rails_with_xss_plugin/test/unit/helpers/users_helper_test.rb class UsersHelperTest (line 3) | class UsersHelperTest < ActionView::TestCase FILE: test/apps/rails_with_xss_plugin/test/unit/post_test.rb class PostTest (line 3) | class PostTest < ActiveSupport::TestCase FILE: test/apps/rails_with_xss_plugin/test/unit/user_test.rb class UserTest (line 3) | class UserTest < ActiveSupport::TestCase FILE: test/test.rb class Minitest::Test (line 31) | class Minitest::Test method assert_nothing_raised (line 32) | def assert_nothing_raised *args type BrakemanTester (line 40) | module BrakemanTester function run_scan (line 43) | def run_scan path, name = nil, opts = {} function new_tracker (line 55) | def new_tracker options = {} type BrakemanTester::FindWarning (line 63) | module BrakemanTester::FindWarning function assert_warning (line 64) | def assert_warning opts function assert_no_warning (line 70) | def assert_no_warning opts function warning_table (line 75) | def warning_table type function find (line 90) | def find opts = {} type BrakemanTester::CheckExpected (line 109) | module BrakemanTester::CheckExpected function test_number_of_warnings (line 110) | def test_number_of_warnings function test_zero_errors (line 120) | def test_zero_errors function test_every_warning_has_file (line 124) | def test_every_warning_has_file function test_every_warning_has_cwe_id (line 132) | def test_every_warning_has_cwe_id type BrakemanTester::RescanTestHelper (line 145) | module BrakemanTester::RescanTestHelper function included (line 161) | def self.included _ function before_rescan_of (line 175) | def before_rescan_of changed, app = "rails3.2", options = {} function fixed (line 215) | def fixed function new (line 219) | def new function existing (line 223) | def existing function assert_fixed (line 228) | def assert_fixed expected function assert_new (line 233) | def assert_new expected function assert_existing (line 241) | def assert_existing function full_path (line 247) | def full_path file function remove (line 251) | def remove file function rename (line 259) | def rename from_file, to_file function append (line 269) | def append file, code function replace_with_sexp (line 275) | def replace_with_sexp file function replace (line 286) | def replace file, pattern, replacement function write_file (line 296) | def write_file file, content function remove_method (line 305) | def remove_method file, method_name function add_method (line 321) | def add_method file, code function parse (line 331) | def parse code type BrakemanTester::DiffHelper (line 336) | module BrakemanTester::DiffHelper function assert_fixed (line 337) | def assert_fixed expected, diff = @diff function assert_new (line 341) | def assert_new expected, diff = @diff FILE: test/tests/active_record_only.rb class ActiveRecordOnlyTests (line 3) | class ActiveRecordOnlyTests < Minitest::Test method expected (line 7) | def expected method report (line 15) | def report method test_no_attribute_restriction (line 22) | def test_no_attribute_restriction method test_unmaintained_dependency_1 (line 35) | def test_unmaintained_dependency_1 FILE: test/tests/alias_processor.rb class AliasProcessorTests (line 3) | class AliasProcessorTests < Minitest::Test method assert_alias (line 4) | def assert_alias expected, original, full = false method assert_output (line 16) | def assert_output input, output method test_addition (line 20) | def test_addition method test_simple_math (line 28) | def test_simple_math method test_divide_by_zero (line 38) | def test_divide_by_zero method test_infinity (line 45) | def test_infinity method test_concatentation (line 52) | def test_concatentation method test_string_append (line 61) | def test_string_append method test_string_new_append (line 69) | def test_string_new_append method test_string_append_call (line 77) | def test_string_append_call method test_string_interp_concat (line 85) | def test_string_interp_concat method test_string_concat_interp (line 93) | def test_string_concat_interp method test_array_index (line 102) | def test_array_index method test_array_negative_index (line 114) | def test_array_negative_index method test_array_fetch (line 126) | def test_array_fetch method test_array_fetch_unknown_literal (line 133) | def test_array_fetch_unknown_literal method test_array_index_unknown_literal (line 141) | def test_array_index_unknown_literal method test_array_append (line 148) | def test_array_append method test_array_new_append (line 156) | def test_array_new_append method test_array_new_init_append (line 164) | def test_array_new_init_append method test_array_push (line 172) | def test_array_push method test_array_detect (line 181) | def test_array_detect method test_array_first (line 188) | def test_array_first method test_array_plus_equals (line 196) | def test_array_plus_equals method test_array_plus (line 204) | def test_array_plus method test_array_plus_no_lines (line 212) | def test_array_plus_no_lines method test_hash_index (line 223) | def test_hash_index method test_hash_new_index (line 232) | def test_hash_new_index method test_hash_fetch (line 241) | def test_hash_fetch method test_hash_fetch_unknown_literal (line 248) | def test_hash_fetch_unknown_literal method test_hash_update (line 255) | def test_hash_update method test_hash_values (line 268) | def test_hash_values method test_hash_values_at (line 275) | def test_hash_values_at method test_hash_values_at_missing (line 282) | def test_hash_values_at_missing method test_hash_values_at_missing_safe (line 289) | def test_hash_values_at_missing_safe method test_hash_double_splat (line 296) | def test_hash_double_splat method test_hash_shorthand_syntax (line 304) | def test_hash_shorthand_syntax method test_hash_shorthand_syntax_unknown_value (line 313) | def test_hash_shorthand_syntax_unknown_value method test_hash_shorthand_syntax_mix (line 320) | def test_hash_shorthand_syntax_mix method test_splat_array_args (line 328) | def test_splat_array_args method test_obvious_if (line 336) | def test_obvious_if method test_skip_obvious_if (line 350) | def test_skip_obvious_if method test_skip_rails_env_test (line 369) | def test_skip_rails_env_test method test_if (line 381) | def test_if method test_if_in_when (line 393) | def test_if_in_when method test_or_equal (line 405) | def test_or_equal method test_safe_or_equal (line 413) | def test_safe_or_equal method test_unknown_hash (line 421) | def test_unknown_hash method test_global (line 428) | def test_global method test_class_var (line 435) | def test_class_var method test_constant (line 442) | def test_constant method test_addition_chained (line 449) | def test_addition_chained method test_send_collapse (line 456) | def test_send_collapse method test_send_collapse_with_no_target (line 463) | def test_send_collapse_with_no_target method test_safe_send_collapse (line 470) | def test_safe_send_collapse method test_safe___send__ (line 477) | def test_safe___send__ method test_try_collapse (line 484) | def test_try_collapse method test_try_symbol_to_proc_collapse (line 491) | def test_try_symbol_to_proc_collapse method test_multiple_assignments_in_if (line 498) | def test_multiple_assignments_in_if method test_assignments_both_branches (line 512) | def test_assignments_both_branches method test_assignments_in_forced_branch (line 528) | def test_assignments_in_forced_branch method test_assignments_inside_branch_are_isolated (line 545) | def test_assignments_inside_branch_are_isolated method test_simple_if_branch_replacement (line 561) | def test_simple_if_branch_replacement method test_assignment_in_equality_forced_branch (line 570) | def test_assignment_in_equality_forced_branch method test_simple_or_operation_compaction (line 585) | def test_simple_or_operation_compaction method test_assignment_of_simple_if_expression (line 606) | def test_assignment_of_simple_if_expression method test_assignment_of_forced_if_expression (line 613) | def test_assignment_of_forced_if_expression method test_default_branch_limit_5 (line 620) | def test_default_branch_limit_5 method test_default_branch_limit_not_reached (line 646) | def test_default_branch_limit_not_reached method test_default_branch_limit_before_reset_with_option (line 662) | def test_default_branch_limit_before_reset_with_option method test_simple_block_args (line 699) | def test_simple_block_args method test_block_arg_assignment (line 711) | def test_block_arg_assignment method test_block_arg_destructing (line 724) | def test_block_arg_destructing method test_block_args_trailing_comma (line 736) | def test_block_args_trailing_comma method test_block_with_local (line 746) | def test_block_with_local method test_shadowed_block_arg (line 778) | def test_shadowed_block_arg method test_block_in_class_scope (line 798) | def test_block_in_class_scope method test_instance_method_scope_in_block (line 824) | def test_instance_method_scope_in_block method test_instance_method_scope_in_if_with_blocks (line 850) | def test_instance_method_scope_in_if_with_blocks method test_branch_env_is_closed_after_if_statement (line 888) | def test_branch_env_is_closed_after_if_statement method test_no_branch_for_plus_equals_with_string (line 908) | def test_no_branch_for_plus_equals_with_string method test_no_branch_for_plus_equals_with_string_in_ivar (line 917) | def test_no_branch_for_plus_equals_with_string_in_ivar method test_no_branch_for_plus_equals_with_interpolated_string (line 928) | def test_no_branch_for_plus_equals_with_interpolated_string method test_no_branch_for_plus_equals_with_number (line 940) | def test_no_branch_for_plus_equals_with_number method test_keywords_in_blocks (line 949) | def test_keywords_in_blocks method test_multiple_assignment (line 961) | def test_multiple_assignment method test_chained_assignment (line 973) | def test_chained_assignment method test_branch_with_self_assign_target (line 1011) | def test_branch_with_self_assign_target method test_splat_assign (line 1020) | def test_splat_assign method test_presence_in_all_literals (line 1052) | def test_presence_in_all_literals method test_presence_in_unknown (line 1059) | def test_presence_in_unknown method test_branch_in_array (line 1066) | def test_branch_in_array method test_branch_array_include (line 1108) | def test_branch_array_include method test_branch_array_include_return (line 1150) | def test_branch_array_include_return method test_branch_array_include_return_more (line 1160) | def test_branch_array_include_return_more method test_branch_array_include_fail (line 1180) | def test_branch_array_include_fail method test_branch_array_include_raise (line 1190) | def test_branch_array_include_raise method test_equality_condition_in_branch (line 1200) | def test_equality_condition_in_branch method test_case_basic (line 1222) | def test_case_basic method test_case_assignment (line 1254) | def test_case_assignment method test_case_value (line 1280) | def test_case_value method test_case_value_params (line 1306) | def test_case_value_params method test_case_list (line 1324) | def test_case_list method test_case_splat (line 1338) | def test_case_splat method test_less_copying_of_arrays_and_hashes (line 1356) | def test_less_copying_of_arrays_and_hashes method test_less_copying_of_arrays_and_hashes_and_params (line 1370) | def test_less_copying_of_arrays_and_hashes_and_params method test_array_destructuring_asgn (line 1380) | def test_array_destructuring_asgn method test_array_join_to_interpolation (line 1388) | def test_array_join_to_interpolation method test_array_join_no_separater (line 1395) | def test_array_join_no_separater method test_array_join_lots_of_interp (line 1407) | def test_array_join_lots_of_interp method test_array_star_join (line 1419) | def test_array_star_join method test_array_join_line_numbers (line 1428) | def test_array_join_line_numbers method test_array_join_single_value (line 1440) | def test_array_join_single_value method test_array_join_empty_array (line 1447) | def test_array_join_empty_array method test_ignore_freeze (line 1454) | def test_ignore_freeze method test_ignore_dup (line 1461) | def test_ignore_dup method test_ignore_presence (line 1468) | def test_ignore_presence method test_join_incompatible_strings (line 1475) | def test_join_incompatible_strings method test_join_very_long_string (line 1486) | def test_join_very_long_string method test_bang_bang (line 1495) | def test_bang_bang method test_join_item_works_with_nil_item (line 1502) | def test_join_item_works_with_nil_item method test_alias_processor_failure (line 1508) | def test_alias_processor_failure FILE: test/tests/app_tree.rb class AppTreeTests (line 5) | class AppTreeTests < Minitest::Test method temp_dir_and_file_from_path (line 6) | def temp_dir_and_file_from_path(relative_path) method temp_dir_absolute_symlink_and_file_from_path (line 15) | def temp_dir_absolute_symlink_and_file_from_path(relative_path) method temp_dir_relative_symlink_and_file_from_path (line 33) | def temp_dir_relative_symlink_and_file_from_path(relative_path) method test_directory_absolute_symlink_support (line 51) | def test_directory_absolute_symlink_support method test_directory_relative_symlink_support (line 58) | def test_directory_relative_symlink_support method test_directory_relative_disabled_symlink_support (line 65) | def test_directory_relative_disabled_symlink_support method test_ruby_file_paths (line 72) | def test_ruby_file_paths method test_ruby_file_paths_skip_vendor_false (line 79) | def test_ruby_file_paths_skip_vendor_false method test_ruby_file_paths_skip_vendor_true (line 86) | def test_ruby_file_paths_skip_vendor_true method test_ruby_file_paths_skip_vendor_true_add_libs_path (line 93) | def test_ruby_file_paths_skip_vendor_true_add_libs_path method test_ruby_file_paths_skip_vendor_true_add_engine_path (line 100) | def test_ruby_file_paths_skip_vendor_true_add_engine_path method test_ruby_file_paths_skip_vendor_true_tests_in_engine_path_still_excluded (line 107) | def test_ruby_file_paths_skip_vendor_true_tests_in_engine_path_still_e... method test_ruby_file_paths_add_engine_path (line 114) | def test_ruby_file_paths_add_engine_path method test_ruby_file_paths_add_libs_path (line 121) | def test_ruby_file_paths_add_libs_path method test_ruby_file_paths_directory_with_rb_extension (line 128) | def test_ruby_file_paths_directory_with_rb_extension method test_match_path (line 137) | def test_match_path method app_tree_match? (line 175) | def app_tree_match?(app_tree, paths, path) FILE: test/tests/brakeman.rb class BrakemanTests (line 4) | class BrakemanTests < Minitest::Test method test_exception_on_no_application (line 5) | def test_exception_on_no_application method test_exception_no_on_no_application_if_forced (line 11) | def test_exception_no_on_no_application_if_forced method test_app_tree_root_is_absolute (line 17) | def test_app_tree_root_is_absolute method test_app_tree_flexible_file_paths (line 30) | def test_app_tree_flexible_file_paths method test_engines_path (line 66) | def test_engines_path class UtilTests (line 80) | class UtilTests < Minitest::Test method setup (line 81) | def setup method util (line 85) | def util method test_cookies? (line 89) | def test_cookies? method test_params? (line 93) | def test_params? method test_request_headers? (line 97) | def test_request_headers? method test_template_path_to_name_with_views (line 105) | def test_template_path_to_name_with_views method test_template_path_to_name_without_views (line 111) | def test_template_path_to_name_without_views class BaseCheckTests (line 118) | class BaseCheckTests < Minitest::Test method setup (line 119) | def setup method version_between? (line 124) | def version_between? version, low, high method lts_version? (line 129) | def lts_version? version, low method test_version_between (line 136) | def test_version_between method test_version_not_between (line 142) | def test_version_not_between method test_version_between_longer (line 149) | def test_version_between_longer method test_version_between_pre_release (line 153) | def test_version_between_pre_release method test_lts_version (line 157) | def test_lts_version method test_major_minor_version (line 164) | def test_major_minor_version method test_beta_versions (line 168) | def test_beta_versions class ConfigTests (line 175) | class ConfigTests < Minitest::Test method setup (line 177) | def setup method test_quiet_option_from_file (line 181) | def test_quiet_option_from_file method test_quiet_option_from_commandline (line 205) | def test_quiet_option_from_commandline method test_quiet_option_default (line 226) | def test_quiet_option_default method test_quiet_command_line_default (line 236) | def test_quiet_command_line_default method test_quiet_inconfig_with_command_line (line 247) | def test_quiet_inconfig_with_command_line method test_timing_output (line 270) | def test_timing_output method output_format_tester (line 284) | def output_format_tester options, expected_options method test_output_format (line 290) | def test_output_format method test_output_format_errors_raised (line 328) | def test_output_format_errors_raised method test_github_options_raises_error (line 333) | def test_github_options_raises_error method test_github_options_returns_url (line 340) | def test_github_options_returns_url method test_rails_version_options (line 347) | def test_rails_version_options method test_optional_check_options (line 361) | def test_optional_check_options method test_default_check_options (line 372) | def test_default_check_options method test_dump_config_no_file (line 383) | def test_dump_config_no_file method test_dump_config_with_set (line 391) | def test_dump_config_with_set method test_ensure_latest_is_current (line 401) | def test_ensure_latest_is_current method test_ensure_latest_is_newer (line 411) | def test_ensure_latest_is_newer method test_ensure_latest_too_new (line 421) | def test_ensure_latest_too_new method test_ensure_latest_old_enough (line 433) | def test_ensure_latest_old_enough method test_ignore_file_entries_with_empty_notes (line 445) | def test_ignore_file_entries_with_empty_notes method test_dump_config_with_file (line 466) | def test_dump_config_with_file class GemProcessorTests (line 557) | class GemProcessorTests < Minitest::Test method assert_version (line 558) | def assert_version version, name, msg = nil method setup (line 562) | def setup method test_gem_lock_parsing (line 571) | def test_gem_lock_parsing FILE: test/tests/call_index.rb class CallIndexTests (line 4) | class CallIndexTests < Minitest::Test method setup (line 5) | def setup method assert_found (line 44) | def assert_found num, opts method test_find_by_method_regex (line 48) | def test_find_by_method_regex method test_find_by_method (line 53) | def test_find_by_method method test_find_by_target (line 57) | def test_find_by_target method test_find_by_target_regex (line 61) | def test_find_by_target_regex method test_find_by_methods (line 75) | def test_find_by_methods method test_find_by_targets (line 79) | def test_find_by_targets method test_find_by_target_and_method (line 83) | def test_find_by_target_and_method method test_find_by_target_and_methods (line 87) | def test_find_by_target_and_methods method test_find_by_targets_and_method (line 91) | def test_find_by_targets_and_method method test_find_by_more_targets (line 95) | def test_find_by_more_targets method test_find_by_more_methods (line 99) | def test_find_by_more_methods method test_find_by_no_target_and_method (line 103) | def test_find_by_no_target_and_method method test_find_by_no_target_and_methods (line 108) | def test_find_by_no_target_and_methods method test_find_by_target_and_method_in_chain (line 112) | def test_find_by_target_and_method_in_chain method test_find_params_and_method_in_chain (line 117) | def test_find_params_and_method_in_chain method test_filter_by_chain (line 122) | def test_filter_by_chain method test_find_class_scope_call_by_method (line 127) | def test_find_class_scope_call_by_method method test_parent_call (line 131) | def test_parent_call method test_full_call (line 146) | def test_full_call method test_find_error (line 160) | def test_find_error FILE: test/tests/checks.rb class ChecksTests (line 3) | class ChecksTests < Minitest::Test method setup_tracker (line 4) | def setup_tracker options = {} method test_default_checks (line 11) | def test_default_checks method test_run_all_checks (line 23) | def test_run_all_checks method test_run_single_check (line 29) | def test_run_single_check method test_enable_single_optional_check (line 35) | def test_enable_single_optional_check method test_enable_optional_checks (line 45) | def test_enable_optional_checks method test_enable_optional_checks_duplicate (line 56) | def test_enable_optional_checks_duplicate method test_enable_optional_checks_with_explicit (line 63) | def test_enable_optional_checks_with_explicit method test_missing_checks (line 71) | def test_missing_checks method test_check_for_missing_checks (line 77) | def test_check_for_missing_checks method test_check_for_missing_skipped_checks (line 86) | def test_check_for_missing_skipped_checks method test_check_for_missing_enabled_checks (line 95) | def test_check_for_missing_enabled_checks FILE: test/tests/codeclimate_engine_configuration.rb class EngineConfigurationTests (line 4) | class EngineConfigurationTests < Minitest::Test method test_for_expected_keys (line 5) | def test_for_expected_keys method test_debug_key (line 15) | def test_debug_key method test_include_paths (line 25) | def test_include_paths method test_output_format (line 33) | def test_output_format method test_default_app_path (line 38) | def test_default_app_path method test_custom_app_path (line 43) | def test_custom_app_path method test_custom_app_path_include_paths (line 53) | def test_custom_app_path_include_paths method test_custom_app_path_include_paths_exact_match (line 64) | def test_custom_app_path_include_paths_exact_match method test_custom_nested_app_path_include_paths (line 75) | def test_custom_nested_app_path_include_paths method test_custom_nested_app_path_include_paths_no_trailing_slash (line 86) | def test_custom_nested_app_path_include_paths_no_trailing_slash method test_custom_nested_app_path_include_paths_not_a_parent (line 97) | def test_custom_nested_app_path_include_paths_not_a_parent FILE: test/tests/codeclimate_output.rb class TestCodeClimateOutput (line 3) | class TestCodeClimateOutput < Minitest::Test method setup (line 4) | def setup method test_for_expected_keys (line 9) | def test_for_expected_keys method test_location_key (line 18) | def test_location_key method test_content_key (line 26) | def test_content_key method test_file_path_with_prefix (line 32) | def test_file_path_with_prefix FILE: test/tests/commandline.rb class CLExit (line 5) | class CLExit < StandardError method initialize (line 8) | def initialize exit_code, message class TestCommandline (line 15) | class TestCommandline < Brakeman::Commandline method quit (line 16) | def self.quit exit_code = 0, message = nil class CommandlineTests (line 21) | class CommandlineTests < Minitest::Test method assert_exit (line 25) | def assert_exit exit_code = 0, message = nil method assert_stdout (line 36) | def assert_stdout message, exit_code = 0 method assert_stderr (line 44) | def assert_stderr message, exit_code = 0 method cl_with_options (line 54) | def cl_with_options *opts method scan_app (line 58) | def scan_app *opts method setup (line 65) | def setup method test_nonexistent_scan_path (line 72) | def test_nonexistent_scan_path method test_default_scan_path (line 78) | def test_default_scan_path method test_list_checks (line 86) | def test_list_checks method test_bad_options (line 92) | def test_bad_options method test_version (line 98) | def test_version method test_empty_config (line 104) | def test_empty_config method test_show_help (line 112) | def test_show_help method test_exit_on_warn_default (line 120) | def test_exit_on_warn_default method test_no_exit_on_warn (line 126) | def test_no_exit_on_warn method test_exit_on_warn_no_warnings (line 132) | def test_exit_on_warn_no_warnings method test_show_ignored_warnings (line 139) | def test_show_ignored_warnings method test_compare_deactivates_ensure_ignore_notes (line 145) | def test_compare_deactivates_ensure_ignore_notes method test_ensure_ignore_notes (line 153) | def test_ensure_ignore_notes method test_ensure_no_obsolete_ignore_entries (line 177) | def test_ensure_no_obsolete_ignore_entries FILE: test/tests/config.rb class RailsConfiguration (line 4) | class RailsConfiguration < Minitest::Test method test_rails5_2_configuration_load_defaults (line 7) | def test_rails5_2_configuration_load_defaults method test_rails5_2_configuration_load_defaults_with_config (line 30) | def test_rails5_2_configuration_load_defaults_with_config method test_rails7_configuration_load_defaults (line 47) | def test_rails7_configuration_load_defaults method test_invalid_load_defaults (line 59) | def test_invalid_load_defaults FILE: test/tests/constants.rb class ConstantTests (line 3) | class ConstantTests < Minitest::Test method setup (line 4) | def setup method assert_alias (line 8) | def assert_alias expected, original, full = false method test_constants_yeah (line 21) | def test_constants_yeah method test_constants_issue_453 (line 41) | def test_constants_issue_453 method test_constants_basic_lookup (line 69) | def test_constants_basic_lookup method test_constants_get_simple_value (line 75) | def test_constants_get_simple_value method test_constants_lookup (line 91) | def test_constants_lookup method test_constants_find_all (line 103) | def test_constants_find_all method test_constants_context (line 112) | def test_constants_context method test_constant_in_module_should_not_match_different_qualified_path (line 124) | def test_constant_in_module_should_not_match_different_qualified_path method test_constant_in_module_should_not_match_undefined_qualified_path (line 158) | def test_constant_in_module_should_not_match_undefined_qualified_path method test_nested_constant_in_module_should_not_match_different_qualified_path (line 184) | def test_nested_constant_in_module_should_not_match_different_qualifie... method test_nested_constant_in_module_should_not_match_undefined_qualified_path (line 226) | def test_nested_constant_in_module_should_not_match_undefined_qualifie... method test_qualified_constant_defined_in_module_should_not_prepend_context (line 256) | def test_qualified_constant_defined_in_module_should_not_prepend_context FILE: test/tests/cves.rb class CVETests (line 4) | class CVETests < Minitest::Test method report (line 8) | def report method assert_version (line 12) | def assert_version version, gem = :rails method test_CVE_2015_3226_4_1_1 (line 20) | def test_CVE_2015_3226_4_1_1 method test_CVE_2015_3226_4_2_1 (line 37) | def test_CVE_2015_3226_4_2_1 method test_CVE_2015_3226_workaround (line 54) | def test_CVE_2015_3226_workaround method test_CVE_2015_3227_4_2_1 (line 87) | def test_CVE_2015_3227_4_2_1 method test_CVE_2015_3227_4_1_11 (line 104) | def test_CVE_2015_3227_4_1_11 method test_CVE_2015_3227_workaround (line 119) | def test_CVE_2015_3227_workaround method test_CVE_2015_3227_3_2_22 (line 136) | def test_CVE_2015_3227_3_2_22 method test_railties_version (line 147) | def test_railties_version method test_new_bundler_file_names (line 155) | def test_new_bundler_file_names method test_ignored_secrets_yml (line 168) | def test_ignored_secrets_yml method test_CVE_2015_7576 (line 177) | def test_CVE_2015_7576 method test_CVE_2016_0751 (line 187) | def test_CVE_2016_0751 method test_CVE_2015_7577 (line 197) | def test_CVE_2015_7577 method test_sanitize_cves (line 208) | def test_sanitize_cves method test_CVE_2015_7581 (line 222) | def test_CVE_2015_7581 method test_CVE_2016_6316_rails3 (line 233) | def test_CVE_2016_6316_rails3 method test_CVE_2016_6316_rails5 (line 247) | def test_CVE_2016_6316_rails5 method test_CVE_2018_3760_sprockets (line 256) | def test_CVE_2018_3760_sprockets method test_CVE_2018_8048_exact_fix_version (line 268) | def test_CVE_2018_8048_exact_fix_version method test_CVE_2018_8048_newer_version (line 277) | def test_CVE_2018_8048_newer_version method test_CVE_2013_0276 (line 286) | def test_CVE_2013_0276 method test_CVE_2010_3933_rails3 (line 298) | def test_CVE_2010_3933_rails3 method test_CVE_2020_8159_rails5_upgrade (line 318) | def test_CVE_2020_8159_rails5_upgrade method test_CVE_2020_8159_rails5_caches_page (line 333) | def test_CVE_2020_8159_rails5_caches_page method test_CVE_2020_8166 (line 354) | def test_CVE_2020_8166 method test_CVE_2020_8166_rails6 (line 366) | def test_CVE_2020_8166_rails6 method test_old_sanitize_cves (line 378) | def test_old_sanitize_cves method test_CVE_2022_32209_rails6 (line 391) | def test_CVE_2022_32209_rails6 method test_CVE_2022_32209_fix_version (line 401) | def test_CVE_2022_32209_fix_version FILE: test/tests/differ.rb class DifferTests (line 4) | class DifferTests < Minitest::Test method setup (line 7) | def setup method run_diff (line 12) | def run_diff new, old method assert_fixed (line 16) | def assert_fixed expected, diff = @diff method assert_new (line 20) | def assert_new expected, diff = @diff method test_sanity (line 24) | def test_sanity method test_one_fixed (line 31) | def test_one_fixed method test_one_new (line 42) | def test_one_new method test_new_and_fixed (line 53) | def test_new_and_fixed method test_line_number_change_only (line 66) | def test_line_number_change_only method test_no_new_warnings (line 87) | def test_no_new_warnings method test_no_old_warnings (line 96) | def test_no_old_warnings FILE: test/tests/file_cache.rb class FileCacheTests (line 8) | class FileCacheTests < Minitest::Test method test_basics (line 9) | def test_basics method test_valid_type (line 21) | def test_valid_type method test_delete (line 31) | def test_delete method test_file_path_equivalence (line 41) | def test_file_path_equivalence method random_astfile (line 52) | def random_astfile FILE: test/tests/file_parser.rb class FileParserTests (line 4) | class FileParserTests < Minitest::Test method setup (line 5) | def setup method test_parse_error (line 11) | def test_parse_error method test_parse_error_shows_newer_failure (line 24) | def test_parse_error_shows_newer_failure method test_read_files_reports_error (line 50) | def test_read_files_reports_error method test_parse_ruby_accepts_file_path (line 64) | def test_parse_ruby_accepts_file_path FILE: test/tests/file_path.rb class FilePathTests (line 5) | class FilePathTests < Minitest::Test method test_relative_from_app_tree (line 6) | def test_relative_from_app_tree method test_absolute_from_app_tree (line 14) | def test_absolute_from_app_tree method test_from_app_tree_already_file_path (line 22) | def test_from_app_tree_already_file_path method test_from_tracker_already_file_path (line 30) | def test_from_tracker_already_file_path method test_file_path_to_str (line 38) | def test_file_path_to_str method test_file_path_equality (line 46) | def test_file_path_equality method test_file_path_equality_not_cached (line 66) | def test_file_path_equality_not_cached method test_file_path_cache (line 83) | def test_file_path_cache FILE: test/tests/find_return_value.rb class FindReturnValueTests (line 4) | class FindReturnValueTests < Minitest::Test method assert_returns (line 5) | def assert_returns expected, original, env = nil method test_sanity (line 13) | def test_sanity method test_implicit_return (line 17) | def test_implicit_return method test_explicit_return (line 25) | def test_explicit_return method test_multiple_explicit_returns (line 35) | def test_multiple_explicit_returns method test_multiple_implicit_returns (line 47) | def test_multiple_implicit_returns method test_block_of_code (line 59) | def test_block_of_code method test_parameters (line 70) | def test_parameters method test_assign_as_implicit_return (line 82) | def test_assign_as_implicit_return method test_iassgn_as_implicit_return (line 93) | def test_iassgn_as_implicit_return method test_local_aliasing (line 106) | def test_local_aliasing method test_ivar_aliasing (line 120) | def test_ivar_aliasing method test_or_asgn_value (line 137) | def test_or_asgn_value method test_return_value_value (line 145) | def test_return_value_value method test_return_value_attrasgn (line 153) | def test_return_value_attrasgn method test_return_begin_value (line 161) | def test_return_begin_value method test_empty_if_expression (line 181) | def test_empty_if_expression FILE: test/tests/github_output.rb class TestGithubOutput (line 3) | class TestGithubOutput < Minitest::Test method setup (line 4) | def setup method test_report_format (line 8) | def test_report_format method test_for_errors (line 16) | def test_for_errors method github_report (line 23) | def github_report FILE: test/tests/ignore.rb class IgnoreConfigTests (line 5) | class IgnoreConfigTests < Minitest::Test method setup (line 8) | def setup method make_config (line 18) | def make_config file = @config_file.path method teardown (line 25) | def teardown method report (line 29) | def report method test_sanity (line 33) | def test_sanity method test_ignored_warnings (line 37) | def test_ignored_warnings method test_shown_warnings (line 41) | def test_shown_warnings method test_unignore_warning (line 47) | def test_unignore_warning method test_ignore_warning (line 65) | def test_ignore_warning method test_add_note (line 83) | def test_add_note method test_note_for_warning (line 95) | def test_note_for_warning method test_note_for_hash (line 103) | def test_note_for_hash method test_empty_note (line 111) | def test_empty_note method test_note_missing_for_warning (line 119) | def test_note_missing_for_warning method test_note_missing_for_hash (line 127) | def test_note_missing_for_hash method test_obsolete (line 135) | def test_obsolete method test_prune_obsolete (line 145) | def test_prune_obsolete method test_read_from_nonexistent_file (line 162) | def test_read_from_nonexistent_file method test_save_new_ignored (line 166) | def test_save_new_ignored method test_bad_ignore_json_error_message (line 179) | def test_bad_ignore_json_error_message method test_relative_paths_everywhere (line 194) | def test_relative_paths_everywhere method test_already_ignored_entries_with_empty_notes (line 219) | def test_already_ignored_entries_with_empty_notes method assert_relative (line 232) | def assert_relative path FILE: test/tests/json_compare.rb class JSONCompareTests (line 5) | class JSONCompareTests < Minitest::Test method test_sanity (line 9) | def test_sanity FILE: test/tests/json_output.rb class JSONOutputTests (line 4) | class JSONOutputTests < Minitest::Test method setup (line 5) | def setup method test_for_render_path (line 9) | def test_for_render_path method test_for_render_path_keys (line 16) | def test_for_render_path_keys method test_for_expected_keys (line 41) | def test_for_expected_keys method test_for_scan_info_keys (line 45) | def test_for_scan_info_keys method test_for_expected_warning_keys (line 53) | def test_for_expected_warning_keys method test_for_errors (line 62) | def test_for_errors method test_for_obsolete (line 66) | def test_for_obsolete method test_paths (line 71) | def test_paths method test_template_names_dont_have_renderer (line 75) | def test_template_names_dont_have_renderer method test_json_warnings_have_cwes (line 79) | def test_json_warnings_have_cwes FILE: test/tests/junit_output.rb class JUnitOutputTests (line 4) | class JUnitOutputTests < Minitest::Test method setup (line 10) | def setup method test_document_structure (line 14) | def test_document_structure method test_testsuite_attributes (line 30) | def test_testsuite_attributes method test_testcase_attributes (line 44) | def test_testcase_attributes method test_failure_attributes (line 58) | def test_failure_attributes FILE: test/tests/logger.rb class LoggerTests (line 3) | class LoggerTests < Minitest::Test method test_logger_type (line 4) | def test_logger_type method test_color_options (line 12) | def test_color_options FILE: test/tests/markdown_output.rb class TestMarkdownOutput (line 3) | class TestMarkdownOutput < Minitest::Test method setup (line 4) | def setup method test_reported_warnings (line 12) | def test_reported_warnings FILE: test/tests/mass_assign_disable.rb class MassAssignDisableTest (line 4) | class MassAssignDisableTest < Minitest::Test method mass_assign_disable (line 7) | def mass_assign_disable content method test_disable_mass_assignment_by_send (line 18) | def test_disable_mass_assignment_by_send method test_disable_mass_assignment_by_module (line 22) | def test_disable_mass_assignment_by_module method test_disable_mass_assignment_by_module_and_nil (line 32) | def test_disable_mass_assignment_by_module_and_nil method test_strong_parameters_in_initializer (line 42) | def test_strong_parameters_in_initializer method test_protected_attributes_gem_without_whitelist_attributes (line 66) | def test_protected_attributes_gem_without_whitelist_attributes method test_protected_attributes_gem_with_whitelist_attributes (line 77) | def test_protected_attributes_gem_with_whitelist_attributes method test_strong_parameters_with_send (line 91) | def test_strong_parameters_with_send FILE: test/tests/oj.rb class OjSettingsTests (line 4) | class OjSettingsTests < Minitest::Test method setup (line 7) | def setup method test_oj_mimic_json (line 11) | def test_oj_mimic_json method test_oj_default_setting (line 20) | def test_oj_default_setting method test_oj_default_setting_still_unsafe (line 29) | def test_oj_default_setting_still_unsafe FILE: test/tests/only_files_option.rb class OnlyFilesOptionTests (line 3) | class OnlyFilesOptionTests < Minitest::Test method expected (line 8) | def expected method report (line 22) | def report method test_escaped_params_to_json (line 26) | def test_escaped_params_to_json method test_cross_site_scripting_slim_partial_param (line 35) | def test_cross_site_scripting_slim_partial_param method test_command_injection_in_exec_controller (line 44) | def test_command_injection_in_exec_controller method test_command_injection_in_user_model_dependency (line 54) | def test_command_injection_in_user_model_dependency method test_xss_sanitize_css_CVE_2013_1855 (line 65) | def test_xss_sanitize_css_CVE_2013_1855 method test_i18n_xss_CVE_2013_4491 (line 74) | def test_i18n_xss_CVE_2013_4491 method test_denial_of_service_CVE_2013_6414 (line 85) | def test_denial_of_service_CVE_2013_6414 method test_number_to_currency_CVE_2014_0081 (line 97) | def test_number_to_currency_CVE_2014_0081 method test_sql_injection_CVE_2013_6417 (line 109) | def test_sql_injection_CVE_2013_6417 method test_remote_code_execution_CVE_2014_0130 (line 122) | def test_remote_code_execution_CVE_2014_0130 method test_xml_dos_2015_3227 (line 134) | def test_xml_dos_2015_3227 method test_denial_of_service_CVE_2015_0751 (line 146) | def test_denial_of_service_CVE_2015_0751 method test_cross_site_scripting_CVE_2016_6316 (line 157) | def test_cross_site_scripting_CVE_2016_6316 method test_path_traversal_sprockets_CVE_2018_3760 (line 169) | def test_path_traversal_sprockets_CVE_2018_3760 method test_unmaintained_dependency_rails (line 182) | def test_unmaintained_dependency_rails FILE: test/tests/options.rb class BrakemanOptionsTest (line 4) | class BrakemanOptionsTest < Minitest::Test method test_easy_options (line 54) | def test_easy_options method test_alt_easy_options (line 61) | def test_alt_easy_options method test_assume_routes_option (line 68) | def test_assume_routes_option method test_no_exit_on_warn (line 79) | def test_no_exit_on_warn method test_ensure_latest (line 87) | def test_ensure_latest method test_faster_options (line 107) | def test_faster_options method test_skip_vendor_option (line 112) | def test_skip_vendor_option method test_limit_options (line 120) | def test_limit_options method test_no_threads_option (line 125) | def test_no_threads_option method test_path_option (line 133) | def test_path_option method test_progress_option (line 141) | def test_progress_option method test_parser_timeout_option (line 149) | def test_parser_timeout_option method test_quiet_option (line 154) | def test_quiet_option method test_rails_4_option (line 165) | def test_rails_4_option method test_safe_methods_option (line 173) | def test_safe_methods_option method test__sql_safe_option (line 181) | def test__sql_safe_option method test__url_safe_option (line 186) | def test__url_safe_option method test__skip_file_option (line 191) | def test__skip_file_option method test_only_files_option (line 196) | def test_only_files_option method test_add_lib_paths_option (line 201) | def test_add_lib_paths_option method test_run_checks_option (line 206) | def test_run_checks_option method test_skip_checks_option (line 214) | def test_skip_checks_option method test_add_checks_paths_option (line 222) | def test_add_checks_paths_option method test_format_options (line 228) | def test_format_options method test_CSS_file_option (line 253) | def test_CSS_file_option method test_ignore_file_option (line 259) | def test_ignore_file_option method test_show_ignored_option (line 267) | def test_show_ignored_option method test_combine_warnings_option (line 272) | def test_combine_warnings_option method test_report_direct_option (line 280) | def test_report_direct_option method test_highlight_option (line 288) | def test_highlight_option method test_message_length_limit_option (line 296) | def test_message_length_limit_option method test_table_width_option (line 301) | def test_table_width_option method test_output_file_options (line 306) | def test_output_file_options method test_output_color_option (line 314) | def test_output_color_option method test_sperate_models_option (line 322) | def test_sperate_models_option method test_github_repo_option (line 330) | def test_github_repo_option method test_min_confidence_option (line 335) | def test_min_confidence_option method test_compare_file_options (line 343) | def test_compare_file_options method test_compare_file_and_output_options (line 349) | def test_compare_file_and_output_options method test_config_file_options (line 354) | def test_config_file_options method test_create_config_file_options (line 363) | def test_create_config_file_options method test_summary_options (line 371) | def test_summary_options method test_text_report_fields (line 380) | def test_text_report_fields method test_use_prism (line 386) | def test_use_prism method test_follow_symlinks (line 404) | def test_follow_symlinks method test_set_gemfile (line 412) | def test_set_gemfile method test_gemfile_environment (line 417) | def test_gemfile_environment method test_empty_gemfile_environment (line 428) | def test_empty_gemfile_environment method setup_options_from_input (line 441) | def setup_options_from_input(*args) FILE: test/tests/output_processor.rb class OutputProcessorTests (line 3) | class OutputProcessorTests < Minitest::Test method assert_output (line 4) | def assert_output expected, original method test_output_nil (line 10) | def test_output_nil method test_output_empty_sexp (line 14) | def test_output_empty_sexp method test_output_missing_node_type (line 18) | def test_output_missing_node_type method test_output_bad_node_type (line 22) | def test_output_bad_node_type method test_output_local_variable (line 26) | def test_output_local_variable method test_output_ignore (line 30) | def test_output_ignore method test_output_params (line 34) | def test_output_params method test_output_session (line 38) | def test_output_session method test_output_cookies (line 42) | def test_output_cookies method test_output_output (line 50) | def test_output_output method test_output_output_format (line 55) | def test_output_output_format method test_output_escaped_output (line 60) | def test_output_escaped_output method test_output_string_output (line 65) | def test_output_string_output method test_output_format_string_literal (line 70) | def test_output_format_string_literal method test_output_escaped_format_string_literal (line 76) | def test_output_escaped_format_string_literal method test_output_string_interp (line 83) | def test_output_string_interp method test_output_format (line 96) | def test_output_format method test_output_format_escaped (line 100) | def test_output_format_escaped method test_output_format_escaped_string_literal (line 105) | def test_output_format_escaped_string_literal method test_output_format_escaped_with_escaped_literal (line 109) | def test_output_format_escaped_with_escaped_literal method test_format_string_literal (line 115) | def test_format_string_literal method test_output_format_escaped_literal (line 119) | def test_output_format_escaped_literal method test_output_unknown_model (line 124) | def test_output_unknown_model method test_output_render (line 129) | def test_output_render method test_output_rlist (line 141) | def test_output_rlist method test_output_call_with_block (line 148) | def test_output_call_with_block method test_output_defn_not_attr (line 159) | def test_output_defn_not_attr method test_regexp_output_with_flags (line 173) | def test_regexp_output_with_flags method test_rescue_block (line 181) | def test_rescue_block method test_command_interpolation (line 187) | def test_command_interpolation FILE: test/tests/pager.rb class ReportPagerTests (line 4) | class ReportPagerTests < Minitest::Test method setup (line 5) | def setup method test_no_pager (line 9) | def test_no_pager method test_unknown_pager (line 18) | def test_unknown_pager method test_less_sort_of (line 27) | def test_less_sort_of method test_highline (line 34) | def test_highline method test_in_ci_test (line 48) | def test_in_ci_test method test_set_color_force (line 58) | def test_set_color_force method test_pager_output_report (line 67) | def test_pager_output_report FILE: test/tests/parser_timeout.rb class ParserTimeoutTests (line 4) | class ParserTimeoutTests < Minitest::Test method test_timeout (line 7) | def test_timeout FILE: test/tests/rails2.rb class Rails2Tests (line 8) | class Rails2Tests < Minitest::Test method expected (line 12) | def expected method report (line 20) | def report method test_no_errors (line 24) | def test_no_errors method test_config_sanity (line 28) | def test_config_sanity method test_eval (line 32) | def test_eval method test_default_routes (line 41) | def test_default_routes method test_command_injection_interpolate (line 49) | def test_command_injection_interpolate method test_command_injection_direct (line 59) | def test_command_injection_direct method test_file_access_concatenation (line 70) | def test_file_access_concatenation method test_mass_assignment (line 80) | def test_mass_assignment method test_update_attribute_no_mass_assignment (line 90) | def test_update_attribute_no_mass_assignment method test_mass_assignment_with_or_equals_in_filter (line 100) | def test_mass_assignment_with_or_equals_in_filter method test_redirect (line 110) | def test_redirect method test_dynamic_render_path (line 128) | def test_dynamic_render_path method test_dynamic_render_path_high_confidence (line 138) | def test_dynamic_render_path_high_confidence method test_dynamic_render_path_2 (line 151) | def test_dynamic_render_path_2 method test_dynamic_render_path_3 (line 165) | def test_dynamic_render_path_3 method test_file_access (line 179) | def test_file_access method test_file_access_with_load (line 189) | def test_file_access_with_load method test_file_access_load_false (line 199) | def test_file_access_load_false method test_session_secret (line 211) | def test_session_secret method test_session_cookies (line 221) | def test_session_cookies method test_rails_cve_2012_2660 (line 231) | def test_rails_cve_2012_2660 method test_rails_cve_2012_2695 (line 238) | def test_rails_cve_2012_2695 method test_sql_injection_find_by_sql (line 245) | def test_sql_injection_find_by_sql method test_sql_injection_conditions_local (line 255) | def test_sql_injection_conditions_local method test_sql_injection_params (line 265) | def test_sql_injection_params method test_sql_injection_named_scope (line 275) | def test_sql_injection_named_scope method test_sql_injection_named_scope_lambda (line 285) | def test_sql_injection_named_scope_lambda method test_sql_injection_named_scope_conditional (line 295) | def test_sql_injection_named_scope_conditional method test_sql_injection_in_self_call (line 305) | def test_sql_injection_in_self_call method test_sql_user_input_in_find_by (line 315) | def test_sql_user_input_in_find_by method test_sql_user_input_multiline (line 327) | def test_sql_user_input_multiline method test_sql_injection_false_positive_quote_value (line 337) | def test_sql_injection_false_positive_quote_value method test_sql_injection_sanitize_sql (line 349) | def test_sql_injection_sanitize_sql method test_csrf_protection (line 361) | def test_csrf_protection method test_attribute_restriction_1 (line 370) | def test_attribute_restriction_1 method test_attribute_restriction_2 (line 383) | def test_attribute_restriction_2 method test_format_validation (line 396) | def test_format_validation method test_unescaped_parameter (line 406) | def test_unescaped_parameter method test_unescaped_request_env (line 416) | def test_unescaped_request_env method test_params_from_controller (line 426) | def test_params_from_controller method test_unrendered_sanitized_params_from_controller (line 436) | def test_unrendered_sanitized_params_from_controller method test_sanitized_params_from_controller (line 446) | def test_sanitized_params_from_controller method test_indirect_xss (line 456) | def test_indirect_xss method test_cross_site_scripting_alias_u (line 466) | def test_cross_site_scripting_alias_u method test_model_attribute_from_controller (line 479) | def test_model_attribute_from_controller method test_model_from_controller_indirect_bad (line 489) | def test_model_from_controller_indirect_bad method test_model_in_link_to (line 499) | def test_model_in_link_to method test_indirect_model_in_link_to (line 509) | def test_indirect_model_in_link_to method test_escaped_parameter_in_link_to (line 520) | def test_escaped_parameter_in_link_to method test_cross_site_scripting_alias_u_for_link_to (line 530) | def test_cross_site_scripting_alias_u_for_link_to method test_encoded_href_parameter_in_link_to (line 543) | def test_encoded_href_parameter_in_link_to method test_href_parameter_in_link_to (line 553) | def test_href_parameter_in_link_to method test_polymorphic_url_in_href (line 579) | def test_polymorphic_url_in_href method test_cross_site_scripting_alias_u_for_link_to_href (line 597) | def test_cross_site_scripting_alias_u_for_link_to_href method test_unescaped_body_in_link_to (line 610) | def test_unescaped_body_in_link_to method test_filter (line 620) | def test_filter method test_unescaped_model (line 630) | def test_unescaped_model method test_param_from_filter (line 640) | def test_param_from_filter method test_params_from_locals_hash (line 650) | def test_params_from_locals_hash method test_model_attribute_from_collection (line 660) | def test_model_attribute_from_collection method test_model_attribute_from_iteration (line 670) | def test_model_attribute_from_iteration method test_other_model_attribute_from_iteration (line 680) | def test_other_model_attribute_from_iteration method test_sql_injection_in_template (line 690) | def test_sql_injection_in_template method test_sql_injection_call_chain (line 700) | def test_sql_injection_call_chain method test_sql_injection_merge_conditions (line 710) | def test_sql_injection_merge_conditions method test_sql_injection_active_record_base_connection (line 720) | def test_sql_injection_active_record_base_connection method test_escape_once (line 732) | def test_escape_once method test_indirect_cookie (line 744) | def test_indirect_cookie method test_cookie_from_controller (line 754) | def test_cookie_from_controller method test_params_multidimensional (line 765) | def test_params_multidimensional method test_cookies_multidimensional (line 776) | def test_cookies_multidimensional method test_xss_in_unused_template (line 786) | def test_xss_in_unused_template method test_select_vulnerability (line 796) | def test_select_vulnerability method test_explicit_render_template (line 806) | def test_explicit_render_template method test_xss_with_or_in_view (line 816) | def test_xss_with_or_in_view method test_xss_with_or_from_action (line 826) | def test_xss_with_or_from_action method test_xss_with_or_from_if_branches (line 836) | def test_xss_with_or_from_if_branches method test_xss_with_nested_or (line 846) | def test_xss_with_nested_or method test_xss_with_model_in_or (line 856) | def test_xss_with_model_in_or method test_cross_site_scripting_strip_tags (line 866) | def test_cross_site_scripting_strip_tags method test_xss_content_tag_body (line 876) | def test_xss_content_tag_body method test_xss_content_tag_escaped (line 886) | def test_xss_content_tag_escaped method test_xss_content_tag_attribute_name (line 896) | def test_xss_content_tag_attribute_name method test_xss_content_tag_attribute_name_even_with_escape_set (line 906) | def test_xss_content_tag_attribute_name_even_with_escape_set method test_cross_site_scripting_escaped_by_default (line 916) | def test_cross_site_scripting_escaped_by_default method test_cross_site_scripting_u_alias_for_content_tag (line 926) | def test_cross_site_scripting_u_alias_for_content_tag method test_cross_site_scripting_in_sanitize_method (line 940) | def test_cross_site_scripting_in_sanitize_method method test_xss_content_tag_unescaped_on_purpose (line 950) | def test_xss_content_tag_unescaped_on_purpose method test_xss_content_tag_indirect_body (line 960) | def test_xss_content_tag_indirect_body method test_cross_site_scripting_single_quotes_CVE_2012_3464 (line 970) | def test_cross_site_scripting_single_quotes_CVE_2012_3464 method test_check_send (line 979) | def test_check_send method test_strip_tags_CVE_2011_2931 (line 1005) | def test_strip_tags_CVE_2011_2931 method test_strip_tags_CVE_2012_3465_high (line 1014) | def test_strip_tags_CVE_2012_3465_high method test_sql_injection_CVE_2012_5664 (line 1024) | def test_sql_injection_CVE_2012_5664 method test_sql_injection_CVE_2013_0155 (line 1033) | def test_sql_injection_CVE_2013_0155 method test_remote_code_execution_CVE_2013_0156 (line 1042) | def test_remote_code_execution_CVE_2013_0156 method test_remote_code_execution_CVE_2013_0277 (line 1051) | def test_remote_code_execution_CVE_2013_0277 method test_remote_code_execution_CVE_2013_0333 (line 1060) | def test_remote_code_execution_CVE_2013_0333 method test_xss_sanitize_CVE_2013_1857 (line 1069) | def test_xss_sanitize_CVE_2013_1857 method test_denial_of_service_CVE_2013_1854 (line 1079) | def test_denial_of_service_CVE_2013_1854 method test_number_to_currency_CVE_2014_0081 (line 1088) | def test_number_to_currency_CVE_2014_0081 method test_sql_injection_CVE_2013_6417 (line 1100) | def test_sql_injection_CVE_2013_6417 method test_remote_code_execution_CVE_2014_0130 (line 1112) | def test_remote_code_execution_CVE_2014_0130 method test_xml_dos_CVE_2015_3227 (line 1124) | def test_xml_dos_CVE_2015_3227 method test_mime_type_dos_CVE_2016_0751 (line 1136) | def test_mime_type_dos_CVE_2016_0751 method test_to_json (line 1149) | def test_to_json method test_xss_with_params_to_i (line 1183) | def test_xss_with_params_to_i method test_xss_with_request_env_to_i (line 1193) | def test_xss_with_request_env_to_i method test_xss_with_cookie_to_i (line 1203) | def test_xss_with_cookie_to_i method test_xss_with_model_attribute_to_i (line 1213) | def test_xss_with_model_attribute_to_i method test_cross_site_scripting_unresolved_model_id (line 1223) | def test_cross_site_scripting_unresolved_model_id method test_cross_site_scripting_in_layout_for_dupe (line 1233) | def test_cross_site_scripting_in_layout_for_dupe method test_cross_site_scripting_in_layout_weak_dupe (line 1244) | def test_cross_site_scripting_in_layout_weak_dupe method test_cross_site_scripting_in_haml (line 1255) | def test_cross_site_scripting_in_haml method test_cross_site_scripting_in_haml2 (line 1267) | def test_cross_site_scripting_in_haml2 method test_cross_site_scripting_in_link_to_with_block (line 1279) | def test_cross_site_scripting_in_link_to_with_block method test_cross_site_scripting_html_entities_in_json (line 1292) | def test_cross_site_scripting_html_entities_in_json method test_dangerous_send_try (line 1305) | def test_dangerous_send_try method test_dangerous_send_underscore (line 1315) | def test_dangerous_send_underscore method test_dangerous_public_send (line 1325) | def test_dangerous_public_send method test_dangerous_try_on_user_input (line 1335) | def test_dangerous_try_on_user_input method test_unsafe_reflection_constantize (line 1345) | def test_unsafe_reflection_constantize method test_unsafe_reflection_constantize_2 (line 1364) | def test_unsafe_reflection_constantize_2 method test_unsafe_symbol_creation (line 1374) | def test_unsafe_symbol_creation method test_unsafe_symbol_creation_2 (line 1386) | def test_unsafe_symbol_creation_2 method test_unsafe_symbol_creation_3 (line 1396) | def test_unsafe_symbol_creation_3 method test_unsafe_symbol_creation_4 (line 1406) | def test_unsafe_symbol_creation_4 method test_unsafe_symbol_creation_5 (line 1416) | def test_unsafe_symbol_creation_5 method test_unsafe_symbol_creation_6 (line 1426) | def test_unsafe_symbol_creation_6 method test_regex_dos (line 1436) | def test_regex_dos method test_indirect_regex_dos (line 1448) | def test_indirect_regex_dos method test_unsafe_symbol_creation_from_param (line 1460) | def test_unsafe_symbol_creation_from_param method test_to_sym_duplicate_as_argument (line 1471) | def test_to_sym_duplicate_as_argument method test_to_sym_duplicate_as_target (line 1482) | def test_to_sym_duplicate_as_target method test_ignored_sql_warning (line 1493) | def test_ignored_sql_warning method test_ignored_xss_warning (line 1504) | def test_ignored_xss_warning method test_unscoped_find (line 1515) | def test_unscoped_find method test_unmaintained_dependency_rails (line 1527) | def test_unmaintained_dependency_rails class Rails2WithOptionsTests (line 1540) | class Rails2WithOptionsTests < Minitest::Test method expected (line 1544) | def expected method report (line 1552) | def report method test_no_errors (line 1556) | def test_no_errors method test_attribute_restriction (line 1560) | def test_attribute_restriction FILE: test/tests/rails3.rb class Rails3Tests (line 3) | class Rails3Tests < Minitest::Test method report (line 7) | def report method expected (line 13) | def expected method test_no_errors (line 28) | def test_no_errors method test_config_sanity (line 32) | def test_config_sanity method test_eval_params (line 36) | def test_eval_params method test_class_eval_false_positive (line 47) | def test_class_eval_false_positive method test_command_injection_params_interpolation (line 56) | def test_command_injection_params_interpolation method test_command_injection_system_params (line 67) | def test_command_injection_system_params method test_command_injection_non_user_input_backticks (line 76) | def test_command_injection_non_user_input_backticks method test_command_injection_non_user_input_system (line 85) | def test_command_injection_non_user_input_system method test_command_injection_capture2 (line 94) | def test_command_injection_capture2 method test_command_injection_capture2e (line 105) | def test_command_injection_capture2e method test_command_injection_capture3 (line 116) | def test_command_injection_capture3 method test_command_injection_pipeline (line 127) | def test_command_injection_pipeline method test_command_injection_pipeline_r (line 138) | def test_command_injection_pipeline_r method test_command_injection_pipeline_rw (line 149) | def test_command_injection_pipeline_rw method test_command_injection_pipeline_start (line 160) | def test_command_injection_pipeline_start method test_command_injection_pipeline_safe_ish (line 171) | def test_command_injection_pipeline_safe_ish method test_command_injection_pipeline_array_cmd (line 185) | def test_command_injection_pipeline_array_cmd method test_command_injection_pipeline_two_array_commands (line 199) | def test_command_injection_pipeline_two_array_commands method test_command_injection_pipeline_bash_c (line 213) | def test_command_injection_pipeline_bash_c method test_command_injection_spawn (line 227) | def test_command_injection_spawn method test_command_injection_posix_spawn (line 238) | def test_command_injection_posix_spawn method test_file_access_concatenation (line 249) | def test_file_access_concatenation method test_file_access_load (line 258) | def test_file_access_load method test_file_access_yaml_load (line 267) | def test_file_access_yaml_load method test_file_access_yaml_parse_file (line 276) | def test_file_access_yaml_parse_file method test_mass_assignment (line 285) | def test_mass_assignment method test_protected_mass_assignment (line 294) | def test_protected_mass_assignment method test_protected_mass_assignment_update (line 303) | def test_protected_mass_assignment_update method test_update_attribute_no_mass_assignment (line 312) | def test_update_attribute_no_mass_assignment method test_redirect (line 321) | def test_redirect method test_redirect_to_model_instance (line 330) | def test_redirect_to_model_instance method test_redirect_only_path_in_wrong_argument (line 339) | def test_redirect_only_path_in_wrong_argument method test_redirect_url_for_not_only_path (line 348) | def test_redirect_url_for_not_only_path method test_redirect_url_only_path (line 357) | def test_redirect_url_only_path method test_render_path (line 366) | def test_render_path method test_file_access_send_file (line 375) | def test_file_access_send_file method test_rails_cve_2012_2660 (line 384) | def test_rails_cve_2012_2660 method test_rails_cve_2012_2661 (line 392) | def test_rails_cve_2012_2661 method test_rails_cve_2012_2695 (line 400) | def test_rails_cve_2012_2695 method test_sql_injection_CVE_2012_5664 (line 408) | def test_sql_injection_CVE_2012_5664 method test_sql_injection_find_by_sql (line 416) | def test_sql_injection_find_by_sql method test_sql_injection_unknown_variable (line 425) | def test_sql_injection_unknown_variable method test_sql_injection_params (line 434) | def test_sql_injection_params method test_sql_injection_non_active_record_model (line 443) | def test_sql_injection_non_active_record_model method test_csrf_protection (line 456) | def test_csrf_protection method test_attribute_restriction (line 468) | def test_attribute_restriction method test_attr_protected (line 488) | def test_attr_protected method test_format_validation (line 496) | def test_format_validation method test_format_validation_with_z (line 505) | def test_format_validation_with_z method test_format_validation_with_a (line 514) | def test_format_validation_with_a method test_allowable_validation (line 523) | def test_allowable_validation method test_allowable_validation_with_Z (line 534) | def test_allowable_validation_with_Z method test_xss_parameter_direct (line 545) | def test_xss_parameter_direct method test_xss_parameter_variable (line 554) | def test_xss_parameter_variable method test_xss_parameter_locals (line 563) | def test_xss_parameter_locals method test_xss_model_collection (line 572) | def test_xss_model_collection method test_xss_model (line 581) | def test_xss_model method test_xss_model_known_bad (line 590) | def test_xss_model_known_bad method test_model_in_link_to (line 599) | def test_model_in_link_to method test_encoded_href_parameter_in_link_to (line 608) | def test_encoded_href_parameter_in_link_to method test_href_parameter_in_link_to (line 617) | def test_href_parameter_in_link_to method test_newlines_in_template (line 639) | def test_newlines_in_template method test_polymorphic_url_in_href (line 662) | def test_polymorphic_url_in_href method test_cross_site_scripting_alias_u_for_link_to_href (line 678) | def test_cross_site_scripting_alias_u_for_link_to_href method test_file_access_in_template (line 691) | def test_file_access_in_template method test_xss_cookie_direct (line 700) | def test_xss_cookie_direct method test_xss_filter (line 709) | def test_xss_filter method test_xss_iteration (line 718) | def test_xss_iteration method test_xss_iteration2 (line 727) | def test_xss_iteration2 method test_unescaped_model (line 736) | def test_unescaped_model method test_xss_params (line 745) | def test_xss_params method test_indirect_xss (line 754) | def test_indirect_xss method test_cross_site_scripting_alias_u (line 763) | def test_cross_site_scripting_alias_u method test_sql_injection_in_template (line 776) | def test_sql_injection_in_template method test_sql_injection_via_if (line 786) | def test_sql_injection_via_if method test_sqli_in_unusual_model_name (line 795) | def test_sqli_in_unusual_model_name method test_sql_injection_delete_all (line 805) | def test_sql_injection_delete_all method test_sql_injection_destroy_all (line 817) | def test_sql_injection_destroy_all method test_sql_injection_to_s_value (line 829) | def test_sql_injection_to_s_value method test_escape_once (line 855) | def test_escape_once method test_indirect_cookie (line 866) | def test_indirect_cookie method test_params_multidimensional (line 876) | def test_params_multidimensional method test_cookies_multidimensional (line 886) | def test_cookies_multidimensional method test_default_routes (line 895) | def test_default_routes method test_user_input_in_mass_assignment (line 902) | def test_user_input_in_mass_assignment method test_mass_assignment_in_chained_call (line 910) | def test_mass_assignment_in_chained_call method test_mass_assign_with_strong_params (line 918) | def test_mass_assign_with_strong_params method test_mass_assignment_first_or_create (line 927) | def test_mass_assignment_first_or_create method test_mass_assignment_first_or_create! (line 936) | def test_mass_assignment_first_or_create! method test_mass_assignment_first_or_initialize! (line 945) | def test_mass_assignment_first_or_initialize! method test_mass_assignment_update (line 954) | def test_mass_assignment_update method test_mass_assignment_assign_attributes (line 963) | def test_mass_assignment_assign_attributes method test_mass_assignment_with_slice (line 972) | def test_mass_assignment_with_slice method test_mass_assignment_with_only (line 981) | def test_mass_assignment_with_only method test_translate_bug (line 990) | def test_translate_bug method test_model_build (line 998) | def test_model_build method test_string_buffer_manipulation_bug (line 1006) | def test_string_buffer_manipulation_bug method test_rails3_render_partial (line 1014) | def test_rails3_render_partial method test_xss_content_tag_raw_content (line 1023) | def test_xss_content_tag_raw_content method test_xss_content_tag_attribute_name (line 1032) | def test_xss_content_tag_attribute_name method test_xss_content_tag_attribute_name_even_with_escape (line 1041) | def test_xss_content_tag_attribute_name_even_with_escape method test_xss_content_tag_unescaped_attribute (line 1050) | def test_xss_content_tag_unescaped_attribute method test_xss_content_tag_in_tag_name (line 1059) | def test_xss_content_tag_in_tag_name method test_cross_site_scripting_u_alias_for_content_tag (line 1068) | def test_cross_site_scripting_u_alias_for_content_tag method test_cross_site_scripting_prepend_filter (line 1081) | def test_cross_site_scripting_prepend_filter method test_cross_site_scripting_append_filter (line 1090) | def test_cross_site_scripting_append_filter method test_cross_site_scripting_prepend_filter_overwrite (line 1099) | def test_cross_site_scripting_prepend_filter_overwrite method test_cross_site_scripting_prepend_filter_overwrite_2 (line 1108) | def test_cross_site_scripting_prepend_filter_overwrite_2 method test_cross_site_scripting_CVE_2016_6316 (line 1117) | def test_cross_site_scripting_CVE_2016_6316 method test_cross_site_scripting_model_in_tag_name (line 1130) | def test_cross_site_scripting_model_in_tag_name method test_content_tag_attributes_CVE_2016_6316 (line 1139) | def test_content_tag_attributes_CVE_2016_6316 method test_cross_site_scripting_request_parameters (line 1152) | def test_cross_site_scripting_request_parameters method test_cross_site_scripting_in_nested_controller (line 1161) | def test_cross_site_scripting_in_nested_controller method test_cross_site_scripting_from_parent (line 1171) | def test_cross_site_scripting_from_parent method test_cross_site_scripting_select_tag_CVE_2012_3463 (line 1182) | def test_cross_site_scripting_select_tag_CVE_2012_3463 method test_cross_site_scripting_single_quotes_CVE_2012_3464 (line 1191) | def test_cross_site_scripting_single_quotes_CVE_2012_3464 method test_CVE_2012_3424 (line 1199) | def test_CVE_2012_3424 method test_strip_tags_CVE_2012_3465 (line 1207) | def test_strip_tags_CVE_2012_3465 method test_mail_link_CVE_2011_0446 (line 1215) | def test_mail_link_CVE_2011_0446 method test_sql_injection_CVE_2013_0155 (line 1226) | def test_sql_injection_CVE_2013_0155 method test_remote_code_execution_CVE_2013_0156_fix (line 1234) | def test_remote_code_execution_CVE_2013_0156_fix method test_remote_code_execution_CVE_2013_0277_protected (line 1242) | def test_remote_code_execution_CVE_2013_0277_protected method test_remote_code_execution_CVE_2013_0277_accessible (line 1250) | def test_remote_code_execution_CVE_2013_0277_accessible method test_remote_code_execution_CVE_2013_0277_unprotected (line 1258) | def test_remote_code_execution_CVE_2013_0277_unprotected method test_remote_code_execution_CVE_2013_0333 (line 1267) | def test_remote_code_execution_CVE_2013_0333 method test_denial_of_service_CVE_2013_0269 (line 1275) | def test_denial_of_service_CVE_2013_0269 method test_xss_CVE_2013_1857 (line 1283) | def test_xss_CVE_2013_1857 method test_xml_jruby_parsing_CVE_2013_1856 (line 1292) | def test_xml_jruby_parsing_CVE_2013_1856 method test_denial_of_service_CVE_2013_1854 (line 1302) | def test_denial_of_service_CVE_2013_1854 method test_denial_of_service_CVE_2013_6414 (line 1312) | def test_denial_of_service_CVE_2013_6414 method test_number_to_currency_CVE_2014_0081 (line 1323) | def test_number_to_currency_CVE_2014_0081 method test_sql_injection_CVE_2013_6417 (line 1335) | def test_sql_injection_CVE_2013_6417 method test_denial_of_service_CVE_2014_0082 (line 1348) | def test_denial_of_service_CVE_2014_0082 method test_remote_code_execution_CVE_2014_0130 (line 1360) | def test_remote_code_execution_CVE_2014_0130 method test_http_only_session_setting (line 1372) | def test_http_only_session_setting method test_secure_only_session_setting (line 1381) | def test_secure_only_session_setting method test_session_secret_token (line 1390) | def test_session_secret_token method test_remote_code_execution_yaml_load_params_interpolated (line 1399) | def test_remote_code_execution_yaml_load_params_interpolated method test_remote_code_execution_yaml_load_params (line 1408) | def test_remote_code_execution_yaml_load_params method test_remote_code_execution_yaml_load_indirect_cookies (line 1417) | def test_remote_code_execution_yaml_load_indirect_cookies method test_remote_code_execution_yaml_load_model_attribute (line 1426) | def test_remote_code_execution_yaml_load_model_attribute method test_remote_code_execution_yaml_load_documents (line 1435) | def test_remote_code_execution_yaml_load_documents method test_remote_code_execution_yaml_load_stream (line 1445) | def test_remote_code_execution_yaml_load_stream method test_remote_code_execution_yaml_parse_documents (line 1455) | def test_remote_code_execution_yaml_parse_documents method test_remote_code_execution_yaml_parse_stream (line 1465) | def test_remote_code_execution_yaml_parse_stream method test_CVE_2015_3227 (line 1474) | def test_CVE_2015_3227 method test_denial_of_service_CVE_2015_7576 (line 1486) | def test_denial_of_service_CVE_2015_7576 method test_cross_site_scripting_CVE_2016_6316_Gemfile (line 1498) | def test_cross_site_scripting_CVE_2016_6316_Gemfile method test_unmaintained_dependency_rails (line 1510) | def test_unmaintained_dependency_rails FILE: test/tests/rails31.rb class Rails31Tests (line 3) | class Rails31Tests < Minitest::Test method report (line 7) | def report method expected (line 11) | def expected method test_without_protection (line 19) | def test_without_protection method test_mass_assignment_user_input_is_nil (line 28) | def test_mass_assignment_user_input_is_nil method test_redirect_to_model_attribute (line 41) | def test_redirect_to_model_attribute method test_redirect_with_model_instance (line 50) | def test_redirect_with_model_instance method test_redirect_to_find_by (line 59) | def test_redirect_to_find_by method test_redirect_to_decorated_model (line 68) | def test_redirect_to_decorated_model method test_link_to_decorated_model (line 77) | def test_link_to_decorated_model method test_redirect_multiple_values (line 89) | def test_redirect_multiple_values method test_redirect_to_model_as_arg (line 98) | def test_redirect_to_model_as_arg method test_redirect_to_model_association (line 107) | def test_redirect_to_model_association method test_redirect_to_secong_arg (line 116) | def test_redirect_to_secong_arg method test_redirect_false_positive_chained_call (line 125) | def test_redirect_false_positive_chained_call method test_whitelist_attributes (line 137) | def test_whitelist_attributes method test_basic_auth_with_password (line 146) | def test_basic_auth_with_password method test_basic_auth_in_method_with_password (line 155) | def test_basic_auth_in_method_with_password method test_translate_bug (line 166) | def test_translate_bug method test_rails_cve_2012_2660 (line 174) | def test_rails_cve_2012_2660 method test_rails_cve_2012_2661 (line 182) | def test_rails_cve_2012_2661 method test_rails_cve_2012_2695 (line 190) | def test_rails_cve_2012_2695 method test_sql_injection_CVE_2012_5664 (line 198) | def test_sql_injection_CVE_2012_5664 method test_sql_injection_scope_lambda (line 206) | def test_sql_injection_scope_lambda method test_sql_injection_scope (line 215) | def test_sql_injection_scope method test_sql_injection_scope_where (line 224) | def test_sql_injection_scope_where method test_sql_injection_scope_lambda_hash (line 233) | def test_sql_injection_scope_lambda_hash method test_sql_injection_scope_multiline_lambda_where (line 242) | def test_sql_injection_scope_multiline_lambda_where method test_sql_injection_in_order_param (line 251) | def test_sql_injection_in_order_param method test_sql_injection_in_group_param (line 260) | def test_sql_injection_in_group_param method test_sql_injection_interpolated_group_param (line 269) | def test_sql_injection_interpolated_group_param method test_sql_injection_in_lock_param (line 278) | def test_sql_injection_in_lock_param method test_sql_injection_interpolated_lock_param (line 287) | def test_sql_injection_interpolated_lock_param method test_sql_injection_interpolated_having (line 296) | def test_sql_injection_interpolated_having method test_sql_injection_interpolated_having_array (line 305) | def test_sql_injection_interpolated_having_array method test_sql_injection_interpolated_joins (line 314) | def test_sql_injection_interpolated_joins method test_sql_injection_interpolated_joins_array (line 323) | def test_sql_injection_interpolated_joins_array method test_sql_injection_in_order_param_product (line 332) | def test_sql_injection_in_order_param_product method test_sql_injection_interpolated_order (line 341) | def test_sql_injection_interpolated_order method test_sql_injection_in_select_param (line 350) | def test_sql_injection_in_select_param method test_sql_injection_interpolated_select (line 359) | def test_sql_injection_interpolated_select method test_sql_injection_in_from_param (line 369) | def test_sql_injection_in_from_param method test_sql_injection_interpolated_from (line 378) | def test_sql_injection_interpolated_from method test_sql_injection_local_interpolation (line 387) | def test_sql_injection_local_interpolation method test_sql_injection_interpolated_where (line 396) | def test_sql_injection_interpolated_where method test_sql_injection_interpolated_where_array (line 405) | def test_sql_injection_interpolated_where_array method test_sql_injection_string_concat_select (line 414) | def test_sql_injection_string_concat_select method test_sql_injection_string_concat_having (line 423) | def test_sql_injection_string_concat_having method test_sql_injection_with_conditional (line 432) | def test_sql_injection_with_conditional method test_sql_injection_in_method_args (line 441) | def test_sql_injection_in_method_args method test_sql_injection_with_if_statements (line 450) | def test_sql_injection_with_if_statements method test_sql_injection_in_calculate (line 459) | def test_sql_injection_in_calculate method test_sql_injection_in_calculate_column_name (line 468) | def test_sql_injection_in_calculate_column_name method test_sql_injection_in_minimum (line 477) | def test_sql_injection_in_minimum method test_sql_injection_in_maximum (line 486) | def test_sql_injection_in_maximum method test_sql_injection_in_average (line 495) | def test_sql_injection_in_average method test_sql_injection_in_sum (line 504) | def test_sql_injection_in_sum method test_sql_injection_in_select (line 513) | def test_sql_injection_in_select method test_sql_injection_interpolation_in_first_arg (line 522) | def test_sql_injection_interpolation_in_first_arg method test_select_vulnerability (line 531) | def test_select_vulnerability method test_string_buffer_manipulation_bug (line 540) | def test_string_buffer_manipulation_bug method test_cross_site_request_forgery (line 548) | def test_cross_site_request_forgery method test_authentication_skip_before_filter (line 557) | def test_authentication_skip_before_filter method test_authentication_skip_filter (line 566) | def test_authentication_skip_filter method test_authentication_skip_require_user (line 575) | def test_authentication_skip_require_user method test_controller_mixin (line 584) | def test_controller_mixin method test_controller_mixin_default_render (line 593) | def test_controller_mixin_default_render method test_get_in_resources_block (line 602) | def test_get_in_resources_block method test_get_in_controller_block (line 611) | def test_get_in_controller_block method test_post_with_just_hash_in_controller_block (line 620) | def test_post_with_just_hash_in_controller_block method test_put_to_in_controller_block (line 629) | def test_put_to_in_controller_block method test_match_to_route (line 638) | def test_match_to_route method test_delete_in_resources_block (line 647) | def test_delete_in_resources_block method test_route_hash_shorthand (line 656) | def test_route_hash_shorthand method test_model_name_in_collection_xss (line 665) | def test_model_name_in_collection_xss method test_xss_helper_params_return (line 674) | def test_xss_helper_params_return method test_xss_helper_with_args (line 683) | def test_xss_helper_with_args method test_xss_helper_assign_ivar (line 692) | def test_xss_helper_assign_ivar method test_xss_helper_assign_ivar_twice (line 701) | def test_xss_helper_assign_ivar_twice method test_xss_helper_model_return (line 710) | def test_xss_helper_model_return method test_xss_multiple_exp_in_string_interpolation (line 719) | def test_xss_multiple_exp_in_string_interpolation method test_cross_site_scripting_select_tag_CVE_2012_3463 (line 728) | def test_cross_site_scripting_select_tag_CVE_2012_3463 method test_cross_site_scripting_single_quotes_CVE_2012_3464 (line 737) | def test_cross_site_scripting_single_quotes_CVE_2012_3464 method test_file_access_indirect_user_input (line 745) | def test_file_access_indirect_user_input method test_file_access_in_string_interpolation (line 754) | def test_file_access_in_string_interpolation method test_file_access_direct_user_input (line 763) | def test_file_access_direct_user_input method test_file_access_model_attribute (line 772) | def test_file_access_model_attribute method test_CVE_2012_3424 (line 781) | def test_CVE_2012_3424 method test_strip_tags_CVE_2012_3465 (line 789) | def test_strip_tags_CVE_2012_3465 method test_sql_injection_CVE_2013_0155 (line 797) | def test_sql_injection_CVE_2013_0155 method test_remote_code_execution_CVE_2013_0156_fix (line 805) | def test_remote_code_execution_CVE_2013_0156_fix method test_denial_of_service_CVE_2013_0269 (line 813) | def test_denial_of_service_CVE_2013_0269 method test_xss_sanitize_CVE_2013_1857 (line 821) | def test_xss_sanitize_CVE_2013_1857 method test_xss_sanitize_css_CVE_2013_1855 (line 830) | def test_xss_sanitize_css_CVE_2013_1855 method test_xml_jruby_parsing_CVE_2013_1856_workaround (line 839) | def test_xml_jruby_parsing_CVE_2013_1856_workaround method test_denial_of_service_CVE_2013_1854 (line 847) | def test_denial_of_service_CVE_2013_1854 method test_denial_of_service_CVE_2013_6414 (line 858) | def test_denial_of_service_CVE_2013_6414 method test_number_to_currency_CVE_2014_0081 (line 869) | def test_number_to_currency_CVE_2014_0081 method test_sql_injection_CVE_2013_6417 (line 881) | def test_sql_injection_CVE_2013_6417 method test_remote_code_execution_CVE_2014_0130 (line 894) | def test_remote_code_execution_CVE_2014_0130 method test_xml_dos_CVE_2015_3227 (line 906) | def test_xml_dos_CVE_2015_3227 method test_basic_auth_CVE_2015_7576 (line 918) | def test_basic_auth_CVE_2015_7576 method test_denial_of_service_CVE_2016_0751_work_around (line 931) | def test_denial_of_service_CVE_2016_0751_work_around method test_to_json_with_overwritten_config (line 943) | def test_to_json_with_overwritten_config method test_cross_site_scripting_in_haml_interp (line 952) | def test_cross_site_scripting_in_haml_interp method test_cross_site_scripting_escape_html_entities_json (line 963) | def test_cross_site_scripting_escape_html_entities_json method test_arel_table_in_sql (line 976) | def test_arel_table_in_sql method test_to_sql_interpolation (line 985) | def test_to_sql_interpolation method test_sql_injection_update_all (line 994) | def test_sql_injection_update_all method test_sql_injection_update_all_interpolation (line 1003) | def test_sql_injection_update_all_interpolation method test_sql_injection_update_all_interp_array (line 1012) | def test_sql_injection_update_all_interp_array method test_sql_injection_update_all_order_param (line 1021) | def test_sql_injection_update_all_order_param method test_sql_injection_update_all_on_where (line 1030) | def test_sql_injection_update_all_on_where method test_sql_injection_update_all_on_where_interp (line 1039) | def test_sql_injection_update_all_on_where_interp method test_sql_injection_update_all_where_interp_array (line 1048) | def test_sql_injection_update_all_where_interp_array method test_sql_injection_in_pluck (line 1057) | def test_sql_injection_in_pluck method test_sql_injection_with_interpolated_value (line 1067) | def test_sql_injection_with_interpolated_value method test_sql_injection_with_id_call (line 1079) | def test_sql_injection_with_id_call method test_sql_injection_primary_key (line 1091) | def test_sql_injection_primary_key method test_sql_injection_quoted_table_name (line 1103) | def test_sql_injection_quoted_table_name method test_sql_injection_table_name_prefix (line 1115) | def test_sql_injection_table_name_prefix method test_sql_injection_dynamic_finders (line 1127) | def test_sql_injection_dynamic_finders method test_validates_format (line 1151) | def test_validates_format method test_validates_format_with (line 1160) | def test_validates_format_with method test_validates_format_with_short_regex (line 1169) | def test_validates_format_with_short_regex method test_session_secret_token (line 1178) | def test_session_secret_token method test_unsafe_reflection_constantize (line 1187) | def test_unsafe_reflection_constantize method test_unsafe_reflection_safe_constantize (line 1197) | def test_unsafe_reflection_safe_constantize method test_unsafe_reflection_qualified_const_get (line 1206) | def test_unsafe_reflection_qualified_const_get method test_unsafe_relection_const_get (line 1216) | def test_unsafe_relection_const_get method test_unsafe_reflection_constantize_indirect (line 1225) | def test_unsafe_reflection_constantize_indirect method test_csv_load (line 1234) | def test_csv_load method test_marshal_load (line 1245) | def test_marshal_load method test_marshal_restore (line 1256) | def test_marshal_restore method test_attr_accessible_with_role (line 1267) | def test_attr_accessible_with_role method test_attr_accessible_not_matching_regex (line 1277) | def test_attr_accessible_not_matching_regex method test_wrong_model_attributes_in_haml (line 1287) | def test_wrong_model_attributes_in_haml method test_right_model_attribute_in_haml (line 1298) | def test_right_model_attribute_in_haml method test_information_disclosure_detailed_exceptions_override (line 1309) | def test_information_disclosure_detailed_exceptions_override method test_command_injection_interpolation_inside_interpolation (line 1320) | def test_command_injection_interpolation_inside_interpolation method test_command_injection_or_literal_system (line 1332) | def test_command_injection_or_literal_system method test_command_injection_or_literal_backticks (line 1343) | def test_command_injection_or_literal_backticks method test_command_injection_integer_command (line 1354) | def test_command_injection_integer_command method test_command_injection_integer_exec (line 1365) | def test_command_injection_integer_exec method test_eval_from_lambda_filter (line 1376) | def test_eval_from_lambda_filter method test_cross_site_scripting_CVE_2016_6316 (line 1388) | def test_cross_site_scripting_CVE_2016_6316 method test_unmaintained_dependency_rails (line 1400) | def test_unmaintained_dependency_rails FILE: test/tests/rails32.rb class Rails32Tests (line 8) | class Rails32Tests < Minitest::Test method expected (line 12) | def expected method report (line 26) | def report method test_rc_version_number (line 30) | def test_rc_version_number method test_sql_injection_CVE_2012_5664 (line 34) | def test_sql_injection_CVE_2012_5664 method test_sql_injection_CVE_2013_0155 (line 42) | def test_sql_injection_CVE_2013_0155 method test_remote_code_execution_CVE_2013_0156 (line 50) | def test_remote_code_execution_CVE_2013_0156 method test_remote_code_execution_CVE_2013_0269 (line 58) | def test_remote_code_execution_CVE_2013_0269 method test_xss_sanitize_css_CVE_2013_1855 (line 66) | def test_xss_sanitize_css_CVE_2013_1855 method test_xml_jruby_parsing_CVE_2013_1856 (line 75) | def test_xml_jruby_parsing_CVE_2013_1856 method test_denial_of_service_CVE_2013_1854 (line 85) | def test_denial_of_service_CVE_2013_1854 method test_i18n_xss_CVE_2013_4491 (line 96) | def test_i18n_xss_CVE_2013_4491 method test_number_to_currency_CVE_2014_0081 (line 107) | def test_number_to_currency_CVE_2014_0081 method test_sql_injection_CVE_2013_6417 (line 119) | def test_sql_injection_CVE_2013_6417 method test_denial_of_service_CVE_2014_0082 (line 132) | def test_denial_of_service_CVE_2014_0082 method test_remote_code_execution_CVE_2014_0130 (line 144) | def test_remote_code_execution_CVE_2014_0130 method test_xml_dos_2015_3227 (line 156) | def test_xml_dos_2015_3227 method test_denial_of_service_CVE_2015_0751 (line 168) | def test_denial_of_service_CVE_2015_0751 method test_cross_site_scripting_CVE_2016_6316 (line 179) | def test_cross_site_scripting_CVE_2016_6316 method test_path_traversal_sprockets_CVE_2018_3760 (line 191) | def test_path_traversal_sprockets_CVE_2018_3760 method test_redirect_1 (line 204) | def test_redirect_1 method test_cross_site_scripting_2 (line 213) | def test_cross_site_scripting_2 method test_cross_site_scripting_3 (line 222) | def test_cross_site_scripting_3 method test_cross_site_scripting_4 (line 231) | def test_cross_site_scripting_4 method test_cross_site_scripting_5 (line 240) | def test_cross_site_scripting_5 method test_cross_site_scripting_6 (line 249) | def test_cross_site_scripting_6 method test_cross_site_scripting_7 (line 258) | def test_cross_site_scripting_7 method test_escaped_params_to_json (line 267) | def test_escaped_params_to_json method test_cross_site_scripting_in_slim_param (line 276) | def test_cross_site_scripting_in_slim_param method test_cross_site_scripting_in_slim_model (line 285) | def test_cross_site_scripting_in_slim_model method test_cross_site_scripting_slim_partial_param (line 294) | def test_cross_site_scripting_slim_partial_param method test_cross_site_scripting_slim_partial_model (line 303) | def test_cross_site_scripting_slim_partial_model method test_mass_assignment_default (line 312) | def test_mass_assignment_default method test_session_secret_token (line 320) | def test_session_secret_token method test_model_attr_accessible_admin (line 329) | def test_model_attr_accessible_admin method test_model_attr_accessible_account_id (line 338) | def test_model_attr_accessible_account_id method test_model_attr_accessible_account_banned (line 348) | def test_model_attr_accessible_account_banned method test_model_attr_accessible_status_id (line 357) | def test_model_attr_accessible_status_id method test_model_attr_accessible_plan_id (line 366) | def test_model_attr_accessible_plan_id method test_two_distinct_warnings_cant_have_same_fingerprint (line 374) | def test_two_distinct_warnings_cant_have_same_fingerprint method test_controller_command_injection_direct_from_dependency (line 378) | def test_controller_command_injection_direct_from_dependency method test_model_command_injection_direct_from_dependency (line 389) | def test_model_command_injection_direct_from_dependency method test_controller_default_routes (line 400) | def test_controller_default_routes method test_command_injection_from_namespaced_model_1 (line 451) | def test_command_injection_from_namespaced_model_1 method test_command_injection_from_namespaced_model_2 (line 463) | def test_command_injection_from_namespaced_model_2 method test_unmaintained_dependency_rails (line 475) | def test_unmaintained_dependency_rails FILE: test/tests/rails4.rb class Rails4Tests (line 3) | class Rails4Tests < Minitest::Test method report (line 7) | def report method expected (line 19) | def expected method test_redirects_to_created_model_do_not_warn (line 28) | def test_redirects_to_created_model_do_not_warn method test_redirects_with_explicit_host_do_not_warn (line 50) | def test_redirects_with_explicit_host_do_not_warn method test_redirect_with_only_path_in_wrong_method (line 82) | def test_redirect_with_only_path_in_wrong_method method test_redirect_with_unsafe_hash_and_only_path_do_not_warn (line 92) | def test_redirect_with_unsafe_hash_and_only_path_do_not_warn method test_session_secret_token (line 110) | def test_session_secret_token method test_session_secrets_yaml (line 121) | def test_session_secrets_yaml method test_session_manipulation (line 133) | def test_session_manipulation method test_session_manipulation_indirect (line 145) | def test_session_manipulation_indirect method test_json_escaped_by_default_in_rails_4 (line 157) | def test_json_escaped_by_default_in_rails_4 method test_information_disclosure_local_request_config (line 195) | def test_information_disclosure_local_request_config method test_information_disclosure_detailed_exceptions_override (line 205) | def test_information_disclosure_detailed_exceptions_override method test_redirect_with_instance_variable_from_block (line 216) | def test_redirect_with_instance_variable_from_block method test_try_and_send_collapsing_with_sqli (line 227) | def test_try_and_send_collapsing_with_sqli method test_nested_send (line 249) | def test_nested_send method test_sql_injection_connection_execute (line 261) | def test_sql_injection_connection_execute method test_sql_injection_select_rows (line 273) | def test_sql_injection_select_rows method test_sql_injection_select_values (line 285) | def test_sql_injection_select_values method test_sql_injection_exec_query (line 297) | def test_sql_injection_exec_query method test_sql_injection_exec_update (line 309) | def test_sql_injection_exec_update method test_sql_injection_in_select_args (line 321) | def test_sql_injection_in_select_args method test_sql_injection_sanitize (line 333) | def test_sql_injection_sanitize method test_sql_injection_chained_call_in_scope (line 355) | def test_sql_injection_chained_call_in_scope method test_sql_injection_in_find_by (line 367) | def test_sql_injection_in_find_by method test_sql_injection_in_find_by! (line 379) | def test_sql_injection_in_find_by! method test_sql_injection_exists_to_s (line 391) | def test_sql_injection_exists_to_s method test_dynamic_render_path_with_before_action (line 404) | def test_dynamic_render_path_with_before_action method test_dynamic_render_path_with_prepend_before_action (line 417) | def test_dynamic_render_path_with_prepend_before_action method test_dynamic_render_path_1 (line 430) | def test_dynamic_render_path_1 method test_dynamic_render_path_2 (line 444) | def test_dynamic_render_path_2 method test_dynamic_render_safeish_values (line 458) | def test_dynamic_render_safeish_values method test_no_cross_site_scripting_in_case_value (line 482) | def test_no_cross_site_scripting_in_case_value method test_cross_site_request_forgery_with_skip_before_action (line 494) | def test_cross_site_request_forgery_with_skip_before_action method test_redirect_to_new_query_methods (line 506) | def test_redirect_to_new_query_methods method redirect_to_current_user_query_methods (line 538) | def redirect_to_current_user_query_methods method test_symbol_dos_with_safe_parameters (line 551) | def test_symbol_dos_with_safe_parameters method test_symbol_dos_on_model_attributes (line 573) | def test_symbol_dos_on_model_attributes method test_regex_denial_of_service (line 586) | def test_regex_denial_of_service method test_weak_hash_base64 (line 608) | def test_weak_hash_base64 method test_weak_hash_password_variable_nested (line 620) | def test_weak_hash_password_variable_nested method test_weak_hash_creation (line 632) | def test_weak_hash_creation method test_weak_hash_with_password_attribute (line 644) | def test_weak_hash_with_password_attribute method test_weak_hash_in_HMAC (line 656) | def test_weak_hash_in_HMAC method test_weak_hash_openssl_digest (line 668) | def test_weak_hash_openssl_digest method test_weak_hash_openssl_new_md5 (line 681) | def test_weak_hash_openssl_new_md5 method test_weak_hash_openssl_new_sha1 (line 694) | def test_weak_hash_openssl_new_sha1 method test_missing_encryption_force_ssl (line 707) | def test_missing_encryption_force_ssl method test_i18n_xss_CVE_2013_4491_workaround (line 720) | def test_i18n_xss_CVE_2013_4491_workaround method test_denial_of_service_CVE_2013_6414 (line 731) | def test_denial_of_service_CVE_2013_6414 method test_number_to_currency_CVE_2014_0081 (line 741) | def test_number_to_currency_CVE_2014_0081 method test_simple_format_xss_CVE_2013_6416 (line 763) | def test_simple_format_xss_CVE_2013_6416 method test_cross_site_scripting_render_text (line 775) | def test_cross_site_scripting_render_text method test_cross_site_scripting_render_inline (line 821) | def test_cross_site_scripting_render_inline method test_cross_site_scripting_with_double_equals (line 845) | def test_cross_site_scripting_with_double_equals method test_cross_site_scripting_with_html_safe (line 857) | def test_cross_site_scripting_with_html_safe method test_xss_haml_line_number (line 869) | def test_xss_haml_line_number method test_cross_site_scripting_warning_code_for_weak_xss (line 881) | def test_cross_site_scripting_warning_code_for_weak_xss method test_cross_site_scripting_no_warning_on_helper_methods_with_targets (line 892) | def test_cross_site_scripting_no_warning_on_helper_methods_with_targets method test_cross_site_scripting_warn_on_url_methods_in_href (line 903) | def test_cross_site_scripting_warn_on_url_methods_in_href method test_cross_site_scripting_no_warning_on_path_methods_in_href (line 916) | def test_cross_site_scripting_no_warning_on_path_methods_in_href method test_xss_no_warning_on_model_finds_in_href (line 928) | def test_xss_no_warning_on_model_finds_in_href method test_cross_site_scripting_haml_interpolation (line 941) | def test_cross_site_scripting_haml_interpolation method test_cross_site_scripting_find_and_preserve_escape_javascript (line 953) | def test_cross_site_scripting_find_and_preserve_escape_javascript method test_cross_site_scripting_coffee_script (line 965) | def test_cross_site_scripting_coffee_script method test_cross_site_scripting_in_comparison_false_positive (line 976) | def test_cross_site_scripting_in_comparison_false_positive method test_sql_injection_in_chained_string_building (line 989) | def test_sql_injection_in_chained_string_building method test_no_sql_injection_due_to_skipped_filter (line 1001) | def test_no_sql_injection_due_to_skipped_filter method test_sql_injection_ignore_to_sym (line 1013) | def test_sql_injection_ignore_to_sym method test_sql_injection_scope_alias_processing (line 1036) | def test_sql_injection_scope_alias_processing method test_sql_injection_with_to_s_on_string_interp (line 1048) | def test_sql_injection_with_to_s_on_string_interp method test_sql_injection_string_concat (line 1060) | def test_sql_injection_string_concat method test_no_sql_injection_from_arel_methods (line 1072) | def test_no_sql_injection_from_arel_methods method test_hash_keys_not_values (line 1101) | def test_hash_keys_not_values method test_sql_injection_with_permit (line 1134) | def test_sql_injection_with_permit method test_sql_injection_find_or_create_by (line 1169) | def test_sql_injection_find_or_create_by method test_sql_injection_find_or_create_by! (line 1182) | def test_sql_injection_find_or_create_by! method test_sql_injection_find_or_initialize_by (line 1195) | def test_sql_injection_find_or_initialize_by method test_format_validation_model_alias_processing (line 1208) | def test_format_validation_model_alias_processing method test_format_validation_with_multiline (line 1220) | def test_format_validation_with_multiline method test_additional_libs_option (line 1229) | def test_additional_libs_option method test_command_injection_in_library (line 1241) | def test_command_injection_in_library method test_command_injection_interpolated_string_in_library (line 1253) | def test_command_injection_interpolated_string_in_library method test_command_injection_from_not_skipping_before_filter (line 1265) | def test_command_injection_from_not_skipping_before_filter method test_command_injection_in_open (line 1277) | def test_command_injection_in_open method test_file_access_in_open (line 1299) | def test_file_access_in_open method test_unsafe_reflection_comparison_false_positive (line 1342) | def test_unsafe_reflection_comparison_false_positive method test_sql_injection_CVE_2013_6417 (line 1355) | def test_sql_injection_CVE_2013_6417 method test_sql_injection_CVE_2014_0080 (line 1368) | def test_sql_injection_CVE_2014_0080 method test_remote_code_execution_CVE_2014_0130 (line 1381) | def test_remote_code_execution_CVE_2014_0130 method test_sql_injection_CVE_2014_3482 (line 1393) | def test_sql_injection_CVE_2014_3482 method test_sql_injection_CVE_2014_3483 (line 1406) | def test_sql_injection_CVE_2014_3483 method test_mass_assignment_CVE_2014_3514 (line 1419) | def test_mass_assignment_CVE_2014_3514 method test_CVE_2015_3227 (line 1462) | def test_CVE_2015_3227 method test_denial_of_service_CVE_2016_0751 (line 1474) | def test_denial_of_service_CVE_2016_0751 method test_nested_attributes_bypass_CVE_2015_7577 (line 1486) | def test_nested_attributes_bypass_CVE_2015_7577 method test_denial_of_service_CVE_2015_7581 (line 1498) | def test_denial_of_service_CVE_2015_7581 method test_cross_site_scripting_CVE_2016_6316 (line 1510) | def test_cross_site_scripting_CVE_2016_6316 method test_mass_assignment_with_permit! (line 1522) | def test_mass_assignment_with_permit! method test_mass_assign_without_protection_with_hash_literal (line 1564) | def test_mass_assign_without_protection_with_hash_literal method test_only_desired_attribute_is_ignored (line 1577) | def test_only_desired_attribute_is_ignored method test_ssl_verification_bypass (line 1594) | def test_ssl_verification_bypass method test_ssl_verification_bypass_net_start (line 1605) | def test_ssl_verification_bypass_net_start method test_unscoped_find_by_id_bang (line 1617) | def test_unscoped_find_by_id_bang method test_unscoped_find_by (line 1629) | def test_unscoped_find_by method test_unscoped_find_by_bang (line 1643) | def test_unscoped_find_by_bang method test_before_filter_block (line 1657) | def test_before_filter_block method test_eval_duplicates (line 1670) | def test_eval_duplicates method test_private_call (line 1692) | def test_private_call method test_cross_site_request_forgery_setting_in_api_controller (line 1705) | def test_cross_site_request_forgery_setting_in_api_controller method test_unmaintained_dependency_rails (line 1717) | def test_unmaintained_dependency_rails method test_external_check (line 1729) | def test_external_check method test_external_checks (line 1743) | def test_external_checks FILE: test/tests/rails4_with_engines.rb class Rails4WithEnginesTests (line 3) | class Rails4WithEnginesTests < Minitest::Test method expected (line 7) | def expected method report (line 15) | def report method test_dangerous_send_in_engine (line 19) | def test_dangerous_send_in_engine method test_cross_site_scripting_in_engine (line 32) | def test_cross_site_scripting_in_engine method test_remote_code_execution_in_engine (line 45) | def test_remote_code_execution_in_engine method test_i18n_xss_CVE_2013_4491 (line 58) | def test_i18n_xss_CVE_2013_4491 method test_number_to_currency_CVE_2014_0081 (line 69) | def test_number_to_currency_CVE_2014_0081 method test_xss_simple_format_CVE_2013_6416 (line 81) | def test_xss_simple_format_CVE_2013_6416 method test_sql_injection_CVE_2013_6417 (line 103) | def test_sql_injection_CVE_2013_6417 method test_remote_code_execution_CVE_2014_0130 (line 116) | def test_remote_code_execution_CVE_2014_0130 method test_mass_assignment_CVE_2014_3514 (line 128) | def test_mass_assignment_CVE_2014_3514 method test_redirect_1 (line 140) | def test_redirect_1 method test_session_setting_2 (line 151) | def test_session_setting_2 method test_cross_site_scripting_3 (line 162) | def test_cross_site_scripting_3 method test_cross_site_scripting_4 (line 173) | def test_cross_site_scripting_4 method test_cross_site_scripting_5 (line 184) | def test_cross_site_scripting_5 method test_cross_site_scripting_6 (line 195) | def test_cross_site_scripting_6 method test_cross_site_scripting_7 (line 206) | def test_cross_site_scripting_7 method test_cross_site_scripting_8 (line 217) | def test_cross_site_scripting_8 method test_cross_site_scripting_9 (line 228) | def test_cross_site_scripting_9 method test_cross_site_scripting_10 (line 239) | def test_cross_site_scripting_10 method test_cross_site_scripting_11 (line 250) | def test_cross_site_scripting_11 method test_mass_assignment_12 (line 261) | def test_mass_assignment_12 method test_mass_assignment_13 (line 272) | def test_mass_assignment_13 method test_mass_assignment_14 (line 283) | def test_mass_assignment_14 method test_mass_assignment_15 (line 294) | def test_mass_assignment_15 method test_mass_assignment_16 (line 305) | def test_mass_assignment_16 method test_csrf_without_exception (line 316) | def test_csrf_without_exception method test_csrf_in_engine (line 326) | def test_csrf_in_engine method test_xml_dos_CVE_2015_3227 (line 338) | def test_xml_dos_CVE_2015_3227 method test_denial_of_service_CVE_2016_0751 (line 350) | def test_denial_of_service_CVE_2016_0751 method test_nested_attributes_bypass_workaround_CVE_2015_7577 (line 362) | def test_nested_attributes_bypass_workaround_CVE_2015_7577 method test_cross_site_scripting_CVE_2016_6316 (line 374) | def test_cross_site_scripting_CVE_2016_6316 method test_unmaintained_dependency_rails (line 386) | def test_unmaintained_dependency_rails FILE: test/tests/rails5.rb class Rails5Tests (line 3) | class Rails5Tests < Minitest::Test method report (line 7) | def report method expected (line 11) | def expected method test_mass_assignment_with_safe_attrasgn (line 20) | def test_mass_assignment_with_safe_attrasgn method test_mass_assignment_with_slice (line 33) | def test_mass_assignment_with_slice method test_mass_assignment_permit_high (line 46) | def test_mass_assignment_permit_high method test_mass_assignment_permit_medium (line 59) | def test_mass_assignment_permit_medium method test_sql_injection_with_slice (line 72) | def test_sql_injection_with_slice method test_sql_injection_with_quoted_primary_key (line 85) | def test_sql_injection_with_quoted_primary_key method test_divide_by_zero_1 (line 97) | def test_divide_by_zero_1 method test_divide_by_zero_2 (line 110) | def test_divide_by_zero_2 method test_dangerous_send_with_safe_call (line 123) | def test_dangerous_send_with_safe_call method test_dangerous_send_with_early_return (line 136) | def test_dangerous_send_with_early_return method test_dangerous_send_with_fail (line 149) | def test_dangerous_send_with_fail method test_no_symbol_denial_of_service (line 162) | def test_no_symbol_denial_of_service method test_secrets_in_source (line 175) | def test_secrets_in_source method test_skipping_rails_env_test (line 187) | def test_skipping_rails_env_test method test_default_routes_in_test (line 200) | def test_default_routes_in_test method test_redirect_with_slice (line 212) | def test_redirect_with_slice method test_redirect_with_return_guard (line 225) | def test_redirect_with_return_guard method test_redirect_with_unsafe_permit_values (line 238) | def test_redirect_with_unsafe_permit_values method test_redirect_with_safe_permit_values (line 251) | def test_redirect_with_safe_permit_values method test_redirect_with_path_on_model (line 264) | def test_redirect_with_path_on_model method test_cross_site_scripting_with_slice (line 277) | def test_cross_site_scripting_with_slice method test_cross_site_scripting_with_merge_in_link_to (line 290) | def test_cross_site_scripting_with_merge_in_link_to method test_cross_site_scripting_link_to_url_for (line 303) | def test_cross_site_scripting_link_to_url_for method test_cross_site_scripting_inline_erb (line 316) | def test_cross_site_scripting_inline_erb method test_cross_site_scripting_in_layout (line 329) | def test_cross_site_scripting_in_layout method test_cross_site_scripting_in_template_with_no_html_extension (line 342) | def test_cross_site_scripting_in_template_with_no_html_extension method test_if_expression_in_templates (line 355) | def test_if_expression_in_templates method test_remote_code_execution_in_dynamic_constant (line 367) | def test_remote_code_execution_in_dynamic_constant method test_dynamic_render_path_with_boolean (line 380) | def test_dynamic_render_path_with_boolean method test_dynamic_render_path_template_exists (line 393) | def test_dynamic_render_path_template_exists method test_render_inline_cookies (line 406) | def test_render_inline_cookies method test_warning_in_helper_method (line 419) | def test_warning_in_helper_method method test_sql_injection_where_values_hash_fp (line 432) | def test_sql_injection_where_values_hash_fp method test_sql_injection_from_model_call_fp (line 445) | def test_sql_injection_from_model_call_fp method test_targetless_sql_injection_outside_of_AR_model (line 458) | def test_targetless_sql_injection_outside_of_AR_model method test_sql_injection_in_interp_branch (line 471) | def test_sql_injection_in_interp_branch method test_sql_injection_arel_sql (line 484) | def test_sql_injection_arel_sql method test_tempfile_access (line 497) | def test_tempfile_access method test_activestorage_sanitized (line 530) | def test_activestorage_sanitized method test_missing_encryption_force_ssl (line 543) | def test_missing_encryption_force_ssl method test_cross_site_scripting_CVE_2015_7578 (line 556) | def test_cross_site_scripting_CVE_2015_7578 method test_cross_site_scripting_CVE_2015_7580 (line 568) | def test_cross_site_scripting_CVE_2015_7580 method test_cross_site_scripting_CVE_2015_7579 (line 580) | def test_cross_site_scripting_CVE_2015_7579 method test_cross_site_scripting_sanitize_cve (line 593) | def test_cross_site_scripting_sanitize_cve method test_cross_site_scripting_strip_tags_cve (line 606) | def test_cross_site_scripting_strip_tags_cve method test_xss_content_tag_CVE_2016_6316_html_safe (line 618) | def test_xss_content_tag_CVE_2016_6316_html_safe method test_xss_content_tag_CVE_2016_6316_sanitize (line 631) | def test_xss_content_tag_CVE_2016_6316_sanitize method test_cross_site_scripting_CVE_2016_6316_general (line 644) | def test_cross_site_scripting_CVE_2016_6316_general method test_cross_site_scripting_loofah_CVE_2018_8048 (line 656) | def test_cross_site_scripting_loofah_CVE_2018_8048 method test_cross_site_scripting_CVE_2018_3741 (line 668) | def test_cross_site_scripting_CVE_2018_3741 method test_path_traversal_sprockets_CVE_2018_3760 (line 680) | def test_path_traversal_sprockets_CVE_2018_3760 method test_directory_traversal_caching_page_CVE_2020_8159 (line 693) | def test_directory_traversal_caching_page_CVE_2020_8159 method test_cross_site_scripting_CVE_2022_32209_rails_config (line 706) | def test_cross_site_scripting_CVE_2022_32209_rails_config method test_dangerous_eval_in_prior_class_method_with_same_name (line 720) | def test_dangerous_eval_in_prior_class_method_with_same_name method test_template_injection_1 (line 733) | def test_template_injection_1 method test_link_to_href_safe_interpolation (line 746) | def test_link_to_href_safe_interpolation method test_cross_site_scripting_sanitize_in_link_to (line 770) | def test_cross_site_scripting_sanitize_in_link_to method test_mixed_in_csrf_protection (line 783) | def test_mixed_in_csrf_protection method test_unscoped_find (line 791) | def test_unscoped_find method test_reverse_tabnabbing (line 804) | def test_reverse_tabnabbing method test_haml_attributes (line 911) | def test_haml_attributes method test_haml_interpolation (line 923) | def test_haml_interpolation method test_haml_textareas (line 936) | def test_haml_textareas method test_cross_site_scripting_haml_interpolation (line 947) | def test_cross_site_scripting_haml_interpolation method test_unmaintained_dependency_rails (line 960) | def test_unmaintained_dependency_rails FILE: test/tests/rails52.rb class Rails52Tests (line 3) | class Rails52Tests < Minitest::Test method report (line 7) | def report method expected (line 11) | def expected method test_cross_site_request_forgery_false_positive (line 20) | def test_cross_site_request_forgery_false_positive method test_query_with_symbolize_keys (line 30) | def test_query_with_symbolize_keys method test_sql_injection_not (line 41) | def test_sql_injection_not method test_sql_injection_string_freeze (line 54) | def test_sql_injection_string_freeze method test_sql_injection_with_array_map (line 67) | def test_sql_injection_with_array_map method test_sql_injection_safe_literal_to_s_singularize (line 80) | def test_sql_injection_safe_literal_to_s_singularize method test_sql_injection_foreign_key (line 93) | def test_sql_injection_foreign_key method test_sql_injection_polymorphic_name (line 106) | def test_sql_injection_polymorphic_name method test_sql_injection_user_input (line 119) | def test_sql_injection_user_input method test_sql_injection_splat (line 132) | def test_sql_injection_splat method test_sql_injection_kwsplat (line 145) | def test_sql_injection_kwsplat method test_ignoring_freeze_generally (line 158) | def test_ignoring_freeze_generally method test_treat_if_not_like_unless (line 171) | def test_treat_if_not_like_unless method test_command_injection_1 (line 184) | def test_command_injection_1 method test_command_injection_in_job (line 197) | def test_command_injection_in_job method test_command_injection_shellwords (line 210) | def test_command_injection_shellwords method test_command_injection_nested_shellwords (line 223) | def test_command_injection_nested_shellwords method test_command_injection_backticks_as_target (line 236) | def test_command_injection_backticks_as_target method test_command_injection_array_join (line 249) | def test_command_injection_array_join method test_command_injection_as_target (line 262) | def test_command_injection_as_target method test_command_injection_interpolated_conditional_safe (line 275) | def test_command_injection_interpolated_conditional_safe method test_command_injection_interpolated_ternary_safe (line 286) | def test_command_injection_interpolated_ternary_safe method test_command_injection_interpolated_conditional_dangerous (line 297) | def test_command_injection_interpolated_conditional_dangerous method test_command_injection_interpolated_ternary_dangerous (line 310) | def test_command_injection_interpolated_ternary_dangerous method test_command_injection_with_hash_unknown_key_access (line 323) | def test_command_injection_with_hash_unknown_key_access method test_command_injection_with_array_each (line 336) | def test_command_injection_with_array_each method test_command_injection_shell_escape_model (line 349) | def test_command_injection_shell_escape_model method test_command_injection_with__file__ (line 373) | def test_command_injection_with__file__ method test_command_injection_percent_W (line 386) | def test_command_injection_percent_W method test_command_injection_with_concatenation (line 398) | def test_command_injection_with_concatenation method test_dash_c_command_injection_with_concatenation (line 411) | def test_dash_c_command_injection_with_concatenation method test_dash_c_command_injection_with_popen (line 424) | def test_dash_c_command_injection_with_popen method test_command_injection_concatenation_with_popen (line 437) | def test_command_injection_concatenation_with_popen method test_command_injection_ignored_in_vendor_dir (line 450) | def test_command_injection_ignored_in_vendor_dir method test_cross_site_scripting_haml_sass (line 462) | def test_cross_site_scripting_haml_sass method test_cross_site_scripting_slim_sass (line 475) | def test_cross_site_scripting_slim_sass method test_cross_site_scripting_kwsplat_known_values (line 488) | def test_cross_site_scripting_kwsplat_known_values method test_cross_site_scripting_kwsplat_unknown_values (line 501) | def test_cross_site_scripting_kwsplat_unknown_values method test_cross_site_scripting_link_to_with_block (line 514) | def test_cross_site_scripting_link_to_with_block method test_cross_site_scripting_not_not_false_positive (line 527) | def test_cross_site_scripting_not_not_false_positive method test_remote_code_execution_oj_load (line 538) | def test_remote_code_execution_oj_load method test_remote_code_execution_oj_load_mode (line 551) | def test_remote_code_execution_oj_load_mode method test_remote_code_execution_oj_object_load (line 564) | def test_remote_code_execution_oj_object_load method test_remote_code_execution_cookie_serialization_config (line 577) | def test_remote_code_execution_cookie_serialization_config method test_missing_encryption_force_ssl (line 590) | def test_missing_encryption_force_ssl method test_cross_site_scripting_loofah_CVE_2018_8048 (line 603) | def test_cross_site_scripting_loofah_CVE_2018_8048 method test_cross_site_scripting_CVE_2018_3741 (line 617) | def test_cross_site_scripting_CVE_2018_3741 method test_cross_site_scripting_CVE_2022_32209_sanitize_call (line 631) | def test_cross_site_scripting_CVE_2022_32209_sanitize_call method test_command_injection_ignored_in_stdin (line 645) | def test_command_injection_ignored_in_stdin method test_unmaintained_dependency_ruby (line 674) | def test_unmaintained_dependency_ruby class Rails52WithVendorTests (line 689) | class Rails52WithVendorTests < Minitest::Test method report (line 692) | def report method test_command_injection_ignored_vendor_dir (line 696) | def test_command_injection_ignored_vendor_dir FILE: test/tests/rails52_csrf.rb class Rails52CSRFTest (line 4) | class Rails52CSRFTest < Minitest::Test method report (line 8) | def report method test_csrf_with_no_load_defaults (line 12) | def test_csrf_with_no_load_defaults FILE: test/tests/rails6.rb class Rails6Tests (line 3) | class Rails6Tests < Minitest::Test method report (line 7) | def report method expected (line 11) | def expected method test_sql_injection_delete_by (line 20) | def test_sql_injection_delete_by method test_sql_injection_destroy_by (line 33) | def test_sql_injection_destroy_by method test_sql_injection_strip_heredoc (line 46) | def test_sql_injection_strip_heredoc method test_sql_injection_squish_string (line 59) | def test_sql_injection_squish_string method test_sql_injection_strip_string (line 72) | def test_sql_injection_strip_string method test_sql_injection_chomp_string (line 85) | def test_sql_injection_chomp_string method test_sql_injection_nonstandard_directory (line 98) | def test_sql_injection_nonstandard_directory method test_sql_injection_uuid_false_positive (line 111) | def test_sql_injection_uuid_false_positive method test_sql_injection_safe_sql_methods_false_postitive (line 124) | def test_sql_injection_safe_sql_methods_false_postitive method test_sql_injection_date_integer_target_false_positive (line 137) | def test_sql_injection_date_integer_target_false_positive method test_sql_injection_sanitize_sql_like (line 150) | def test_sql_injection_sanitize_sql_like method test_sql_injection_hash_fetch_all_literals (line 163) | def test_sql_injection_hash_fetch_all_literals method test_sql_injection_with_date (line 176) | def test_sql_injection_with_date method test_sql_injection_rewhere (line 189) | def test_sql_injection_rewhere method test_sql_injection_reselect (line 202) | def test_sql_injection_reselect method test_sql_injection_pluck (line 215) | def test_sql_injection_pluck method test_sql_injection_order (line 229) | def test_sql_injection_order method test_sql_injection_reorder (line 243) | def test_sql_injection_reorder method test_sql_injection_enum (line 257) | def test_sql_injection_enum method test_sql_injection_locale (line 270) | def test_sql_injection_locale method test_sql_injection_tr_method (line 283) | def test_sql_injection_tr_method method test_dangerous_send_enum (line 297) | def test_dangerous_send_enum method test_cross_site_scripting_sanity (line 310) | def test_cross_site_scripting_sanity method test_cross_site_scripting_2 (line 323) | def test_cross_site_scripting_2 method test_cross_site_scripting_3 (line 336) | def test_cross_site_scripting_3 method test_cross_site_scripting_4 (line 349) | def test_cross_site_scripting_4 method test_cross_site_scripting_json_escape_config (line 362) | def test_cross_site_scripting_json_escape_config method test_cross_site_scripting_json_escape_module (line 375) | def test_cross_site_scripting_json_escape_module method test_remote_code_execution_cookie_serialization (line 388) | def test_remote_code_execution_cookie_serialization method test_remote_code_execution_method (line 401) | def test_remote_code_execution_method method test_remote_code_execution_tap (line 414) | def test_remote_code_execution_tap method test_remote_code_execution_to_proc (line 427) | def test_remote_code_execution_to_proc method test_remote_code_execution_not_query_parameters (line 440) | def test_remote_code_execution_not_query_parameters method test_safe_yaml_load_option (line 453) | def test_safe_yaml_load_option method test_safe_yaml_load_option_false (line 466) | def test_safe_yaml_load_option_false method test_safe_yaml_load_option_missing (line 479) | def test_safe_yaml_load_option_missing method test_dup_call (line 492) | def test_dup_call method test_redirect_request_params (line 505) | def test_redirect_request_params method test_basic_dash_c_command_injection (line 518) | def test_basic_dash_c_command_injection method test_complex_dash_c_command_injection (line 531) | def test_complex_dash_c_command_injection method test_without_shell_dash_c_is_not_command_injection (line 544) | def test_without_shell_dash_c_is_not_command_injection method test_command_injection_in_render_1 (line 556) | def test_command_injection_in_render_1 method test_command_injection_in_render_2 (line 569) | def test_command_injection_in_render_2 method test_command_injection_nonstandard_directory (line 582) | def test_command_injection_nonstandard_directory method test_command_injection_with_temp_file_path (line 595) | def test_command_injection_with_temp_file_path method test_dynamic_render_path_renderable (line 608) | def test_dynamic_render_path_renderable method test_dynamic_render_path_known_renderable_class (line 621) | def test_dynamic_render_path_known_renderable_class method test_dynamic_render_path_fully_qualified_known_renderable_class (line 634) | def test_dynamic_render_path_fully_qualified_known_renderable_class method test_dynamic_render_path_fully_qualified_ancestor_known_renderable_class (line 648) | def test_dynamic_render_path_fully_qualified_ancestor_known_renderable... method test_dynamic_render_path_phlex_component (line 662) | def test_dynamic_render_path_phlex_component method test_dynamic_render_view_component_contrib (line 674) | def test_dynamic_render_view_component_contrib method test_dynamic_render_path_view_component_with_content (line 686) | def test_dynamic_render_path_view_component_with_content method test_dynamic_render_path_dir_glob_filter (line 696) | def test_dynamic_render_path_dir_glob_filter method test_mass_assignment_permit_bang_1 (line 709) | def test_mass_assignment_permit_bang_1 method test_mass_assignment_permit_bang_2 (line 722) | def test_mass_assignment_permit_bang_2 method test_mass_assignment_in_path_helper_false_positive (line 735) | def test_mass_assignment_in_path_helper_false_positive method test_mass_assignment_global_allow_all_parameters (line 748) | def test_mass_assignment_global_allow_all_parameters method test_mass_assignment_permit_bang_slice_false_positive (line 761) | def test_mass_assignment_permit_bang_slice_false_positive method test_secrets_file_1 (line 774) | def test_secrets_file_1 method test_template_injection_1 (line 787) | def test_template_injection_1 method test_http_verb_confusion_1 (line 800) | def test_http_verb_confusion_1 method test_skip_dev_environment (line 813) | def test_skip_dev_environment method test_dangerous_eval_as_method_target (line 826) | def test_dangerous_eval_as_method_target method test_unmaintained_dependency_ruby (line 839) | def test_unmaintained_dependency_ruby FILE: test/tests/rails7.rb class Rails7Tests (line 3) | class Rails7Tests < Minitest::Test method report (line 7) | def report method expected (line 14) | def expected method test_ruby_2_7_eol (line 23) | def test_ruby_2_7_eol method test_missing_encryption_1 (line 37) | def test_missing_encryption_1 method test_path_traversal_1 (line 50) | def test_path_traversal_1 method test_path_traversal_2 (line 64) | def test_path_traversal_2 method test_redirect_to_last (line 78) | def test_redirect_to_last method test_weak_cryptography_1 (line 92) | def test_weak_cryptography_1 method test_weak_cryptography_2 (line 106) | def test_weak_cryptography_2 method test_weak_cryptography_3 (line 120) | def test_weak_cryptography_3 method test_weak_cryptography_4 (line 134) | def test_weak_cryptography_4 method test_weak_cryptography_5 (line 148) | def test_weak_cryptography_5 method test_weak_cryptography_6 (line 162) | def test_weak_cryptography_6 method test_weak_cryptography_7 (line 176) | def test_weak_cryptography_7 method test_weak_cryptography_8 (line 190) | def test_weak_cryptography_8 method test_weak_cryptography_9 (line 204) | def test_weak_cryptography_9 method test_weak_cryptography_10 (line 218) | def test_weak_cryptography_10 method test_weak_cryptography_11 (line 232) | def test_weak_cryptography_11 method test_weak_cryptography_12 (line 246) | def test_weak_cryptography_12 method test_weak_cryptography_13 (line 260) | def test_weak_cryptography_13 method test_weak_cryptography_14 (line 274) | def test_weak_cryptography_14 method test_presence_in_with_render_path_false_positive (line 288) | def test_presence_in_with_render_path_false_positive method test_cross_site_scripting_CVE_2022_32209_allowed_tags_initializer (line 302) | def test_cross_site_scripting_CVE_2022_32209_allowed_tags_initializer method test_cross_site_scripting_content_tag (line 316) | def test_cross_site_scripting_content_tag method test_redirect_1 (line 329) | def test_redirect_1 method test_redirect_2 (line 343) | def test_redirect_2 method test_redirect_disallow_other_host (line 357) | def test_redirect_disallow_other_host method test_redirect_allow_other_host (line 371) | def test_redirect_allow_other_host method test_redirect_back (line 385) | def test_redirect_back method test_redirect_back_or_to (line 399) | def test_redirect_back_or_to method test_missing_authorization_ransack (line 413) | def test_missing_authorization_ransack method test_missing_authorization_ransack_admin (line 427) | def test_missing_authorization_ransack_admin method test_missing_authorization_ransack_2 (line 441) | def test_missing_authorization_ransack_2 method test_missing_authorization_ransack_low (line 452) | def test_missing_authorization_ransack_low FILE: test/tests/rails7_redirect.rb class RailsConfiguration (line 4) | class RailsConfiguration < Minitest::Test method report (line 8) | def report method test_rails7_default_no_open_redirects (line 12) | def test_rails7_default_no_open_redirects FILE: test/tests/rails8.rb class Rails8Tests (line 3) | class Rails8Tests < Minitest::Test method report (line 7) | def report method expected (line 14) | def expected method test_dangerous_eval_1 (line 23) | def test_dangerous_eval_1 method test_dangerous_eval_2 (line 37) | def test_dangerous_eval_2 method test_dangerous_eval_3 (line 51) | def test_dangerous_eval_3 method test_dangerous_eval_4 (line 65) | def test_dangerous_eval_4 method test_dangerous_eval_5 (line 80) | def test_dangerous_eval_5 method test_dangerous_eval_6 (line 95) | def test_dangerous_eval_6 method test_dangerous_eval_7 (line 110) | def test_dangerous_eval_7 method test_plain_marshal_load_weak_warning (line 125) | def test_plain_marshal_load_weak_warning method test_dangerous_eval_plain_strings (line 139) | def test_dangerous_eval_plain_strings method test_cross_site_scripting_render_model_partial (line 151) | def test_cross_site_scripting_render_model_partial method test_cross_site_scripting_render_model_as_collection (line 165) | def test_cross_site_scripting_render_model_as_collection method test_cross_site_scripting_haml6_attribute_builder (line 179) | def test_cross_site_scripting_haml6_attribute_builder method test_sql_injection_permit_or_false_positive (line 193) | def test_sql_injection_permit_or_false_positive method test_sql_injection_count_false_positive (line 207) | def test_sql_injection_count_false_positive method test_sql_injection_count_less_false_positive (line 221) | def test_sql_injection_count_less_false_positive FILE: test/tests/rails_61_sql.rb class Rails61SQLTests (line 4) | class Rails61SQLTests < Minitest::Test method test_pluck_safe_in_rails_6_1 (line 9) | def test_pluck_safe_in_rails_6_1 FILE: test/tests/rails_lts.rb class RailsLTSTests (line 4) | class RailsLTSTests < Minitest::Test method test_gemfile_lock_rails_lts (line 7) | def test_gemfile_lock_rails_lts method test_rails_lts_CVE_2012_1099 (line 19) | def test_rails_lts_CVE_2012_1099 method test_rails_lts_CVE_2014_0081 (line 31) | def test_rails_lts_CVE_2014_0081 method test_rails_lts_CVE_2014_0130 (line 43) | def test_rails_lts_CVE_2014_0130 FILE: test/tests/rails_with_xss_plugin.rb class RailsWithXssPluginTests (line 3) | class RailsWithXssPluginTests < Minitest::Test method expected (line 7) | def expected method report (line 15) | def report method test_default_routes_1 (line 25) | def test_default_routes_1 method test_command_injection_2 (line 35) | def test_command_injection_2 method test_command_injection_3 (line 45) | def test_command_injection_3 method test_command_injection_4 (line 55) | def test_command_injection_4 method test_mass_assignment_5 (line 65) | def test_mass_assignment_5 method test_mass_assignment_6 (line 75) | def test_mass_assignment_6 method test_mass_assignment_7 (line 85) | def test_mass_assignment_7 method test_mass_assignment_8 (line 95) | def test_mass_assignment_8 method test_mass_assignment_with_string (line 104) | def test_mass_assignment_with_string method test_redirect_to_model_instance (line 116) | def test_redirect_to_model_instance method test_another_redirect_to_model_instance (line 126) | def test_another_redirect_to_model_instance method test_redirect_11 (line 136) | def test_redirect_11 method test_rails_cve_2012_2660 (line 146) | def test_rails_cve_2012_2660 method test_rails_cve_2012_2695 (line 154) | def test_rails_cve_2012_2695 method test_sql_injection_12 (line 162) | def test_sql_injection_12 method test_cross_site_scripting_13 (line 172) | def test_cross_site_scripting_13 method test_cross_site_scripting_14 (line 182) | def test_cross_site_scripting_14 method test_cross_site_scripting_single_quotes_CVE_2012_3464 (line 191) | def test_cross_site_scripting_single_quotes_CVE_2012_3464 method test_dynamic_render_path_15 (line 199) | def test_dynamic_render_path_15 method test_sql_injection_16 (line 209) | def test_sql_injection_16 method test_sql_injection_17 (line 219) | def test_sql_injection_17 method test_sql_injection_select_value (line 228) | def test_sql_injection_select_value method test_cross_site_request_forgery_18 (line 240) | def test_cross_site_request_forgery_18 method test_cross_site_scripting (line 249) | def test_cross_site_scripting method test_cross_site_scripting_sanitize_dupe (line 261) | def test_cross_site_scripting_sanitize_dupe method test_attribute_restriction_1 (line 273) | def test_attribute_restriction_1 method test_attribute_restriction_2 (line 286) | def test_attribute_restriction_2 method test_format_validation_20 (line 299) | def test_format_validation_20 method test_format_validation_21 (line 309) | def test_format_validation_21 method test_strip_tags_CVE_2012_3465 (line 318) | def test_strip_tags_CVE_2012_3465 method test_sql_injection_CVE_2012_5664 (line 326) | def test_sql_injection_CVE_2012_5664 method test_to_json (line 334) | def test_to_json method test_session_secret_token (line 343) | def test_session_secret_token method test_absolute_paths (line 352) | def test_absolute_paths method test_cross_site_scripting_CVE_2012_1099 (line 356) | def test_cross_site_scripting_CVE_2012_1099 method test_cross_site_scripting_html_entities_in_json (line 368) | def test_cross_site_scripting_html_entities_in_json method test_sql_injection_CVE_2013_0155 (line 381) | def test_sql_injection_CVE_2013_0155 method test_parsing_disable_CVE_2013_0156 (line 389) | def test_parsing_disable_CVE_2013_0156 method test_remote_code_execution_CVE_2013_0156 (line 397) | def test_remote_code_execution_CVE_2013_0156 method test_denial_of_service_CVE_2013_0269 (line 404) | def test_denial_of_service_CVE_2013_0269 method test_json_parsing_workaround_CVE_2013_0333 (line 412) | def test_json_parsing_workaround_CVE_2013_0333 method test_denial_of_service_CVE_2013_1854 (line 420) | def test_denial_of_service_CVE_2013_1854 method test_sql_injection_CVE_2013_6417 (line 428) | def test_sql_injection_CVE_2013_6417 method test_number_to_currency_CVE_2014_0081 (line 441) | def test_number_to_currency_CVE_2014_0081 method test_remote_code_execution_CVE_2014_0130 (line 452) | def test_remote_code_execution_CVE_2014_0130 method test_xml_dos_CVE_2015_3227 (line 464) | def test_xml_dos_CVE_2015_3227 method test_unmaintained_dependency_rails (line 476) | def test_unmaintained_dependency_rails FILE: test/tests/render_path.rb class RenderPathTests (line 3) | class RenderPathTests < Minitest::Test method setup (line 4) | def setup method fp (line 9) | def fp path method test_include_controller (line 13) | def test_include_controller method test_rendered_from_controller (line 19) | def test_rendered_from_controller method test_include_template (line 25) | def test_include_template method test_include_any_method (line 31) | def test_include_any_method method test_each (line 39) | def test_each method test_dup (line 54) | def test_dup method test_with_relative_paths (line 64) | def test_with_relative_paths method assert_relative (line 79) | def assert_relative path FILE: test/tests/report_generation.rb class TestReportGeneration (line 4) | class TestReportGeneration < Minitest::Test method setup (line 5) | def setup method test_html_sanity (line 10) | def test_html_sanity method test_table_sanity (line 20) | def test_table_sanity method test_json_sanity (line 25) | def test_json_sanity method test_codeclimate_sanity (line 36) | def test_codeclimate_sanity method test_csv_sanity (line 43) | def test_csv_sanity method test_csv_report_no_warnings (line 53) | def test_csv_report_no_warnings method test_obsolete_reporting (line 59) | def test_obsolete_reporting method test_tabs_sanity (line 66) | def test_tabs_sanity method test_text_sanity (line 72) | def test_text_sanity method test_text_debug_sanity (line 78) | def test_text_debug_sanity method test_text_format_all (line 87) | def test_text_format_all method test_text_format (line 108) | def test_text_format method test_markdown_sanity (line 129) | def test_markdown_sanity method test_markdown_debug_sanity (line 138) | def test_markdown_debug_sanity method test_github_sanity (line 147) | def test_github_sanity method test_bad_format_type (line 154) | def test_bad_format_type method test_controller_output (line 160) | def test_controller_output method test_plain_debug_sanity (line 170) | def test_plain_debug_sanity method test_github_markdown_sanity (line 180) | def test_github_markdown_sanity method test_junit_sanity (line 191) | def test_junit_sanity FILE: test/tests/rescanner.rb class RescannerTests (line 5) | class RescannerTests < Minitest::Test method test_no_change_no_warnings (line 8) | def test_no_change_no_warnings method test_no_change (line 16) | def test_no_change method test_irrelavent_new_file (line 24) | def test_irrelavent_new_file method test_irrelevant_deleted_file (line 33) | def test_irrelevant_deleted_file method test_delete_template (line 42) | def test_delete_template method test_controller_remove_method (line 53) | def test_controller_remove_method method test_controller_remove_method_for_line_numbers_only (line 64) | def test_controller_remove_method_for_line_numbers_only method test_delete_controller (line 75) | def test_delete_controller method test_delete_controller_dependency (line 86) | def test_delete_controller_dependency method test_controller_escape_params (line 97) | def test_controller_escape_params method test_template_add_line (line 108) | def test_template_add_line method test_partial_template_add_line (line 119) | def test_partial_template_add_line method test_delete_model (line 130) | def test_delete_model method test_delete_model_and_dependency (line 144) | def test_delete_model_and_dependency method test_add_method_to_model (line 157) | def test_add_method_to_model method test_change_config (line 172) | def test_change_config method test_remove_route (line 184) | def test_remove_route method test_remove_initializer (line 195) | def test_remove_initializer method test_remove_mixin (line 207) | def test_remove_mixin method test_remove_route_from_mixin (line 218) | def test_remove_route_from_mixin method test_gemfile_rails_version_change (line 229) | def test_gemfile_rails_version_change method test_gemfile_rails_version_fix_CVE_2014_0082 (line 242) | def test_gemfile_rails_version_fix_CVE_2014_0082 method test_gitignore_session_secret_subdir (line 259) | def test_gitignore_session_secret_subdir FILE: test/tests/routes_error.rb class BrakemanTests (line 4) | class BrakemanTests < Minitest::Test method test_parse_error_in_routes_rb (line 7) | def test_parse_error_in_routes_rb FILE: test/tests/sarif_output.rb class SARIFOutputTests (line 4) | class SARIFOutputTests < Minitest::Test method tracker_3_2 (line 6) | def tracker_3_2 method setup (line 10) | def setup method test_render_message (line 15) | def test_render_message method test_log_shape (line 22) | def test_log_shape method test_runs_shape (line 27) | def test_runs_shape method test_driver_shape (line 39) | def test_driver_shape method test_rules_shape (line 56) | def test_rules_shape method test_results_shape (line 83) | def test_results_shape method test_with_ignore_has_one_suppressed_finding (line 124) | def test_with_ignore_has_one_suppressed_finding method test_with_ignore_results_suppression_shape (line 132) | def test_with_ignore_results_suppression_shape method test_uri_base_ids_with_absolute_app_path (line 153) | def test_uri_base_ids_with_absolute_app_path method test_uri_base_ids_with_relative_app_path (line 162) | def test_uri_base_ids_with_relative_app_path method test_uri_base_ids_with_absolute_app_path_and_absolute_path_option (line 184) | def test_uri_base_ids_with_absolute_app_path_and_absolute_path_option method test_uri_base_ids_with_relative_app_path_and_absolute_path_option (line 200) | def test_uri_base_ids_with_relative_app_path_and_absolute_path_option method test_uri_base_ids_with_default_app_path_and_absolute_path_option (line 226) | def test_uri_base_ids_with_default_app_path_and_absolute_path_option FILE: test/tests/sexp.rb class SexpTests (line 4) | class SexpTests < Minitest::Test method setup (line 5) | def setup method parse (line 9) | def parse string method test_method_call_with_no_args (line 13) | def test_method_call_with_no_args method test_method_call_with_args (line 25) | def test_method_call_with_args method test_method_call_no_target (line 37) | def test_method_call_no_target method test_method_call_set_target (line 49) | def test_method_call_set_target method test_method_call_set_arglist (line 56) | def test_method_call_set_arglist method test_method_call_set_args (line 67) | def test_method_call_set_args method test_method_call_set_method (line 80) | def test_method_call_set_method method test_method_call_with_block (line 90) | def test_method_call_with_block method test_stabby_lambda_no_args (line 101) | def test_stabby_lambda_no_args method test_or (line 109) | def test_or method test_and (line 116) | def test_and method test_if_expression (line 123) | def test_if_expression method test_local_assignment (line 137) | def test_local_assignment method test_instance_assignment (line 144) | def test_instance_assignment method test_attribute_index_assignment (line 151) | def test_attribute_index_assignment method test_global_assignment (line 157) | def test_global_assignment method test_constant_assignment (line 164) | def test_constant_assignment method test_class_variable_declaration (line 171) | def test_class_variable_declaration method test_class_variable_assignment (line 179) | def test_class_variable_assignment method test_method_def_name (line 188) | def test_method_def_name method test_method_self_def_name (line 199) | def test_method_self_def_name method test_method_def_body (line 210) | def test_method_def_body method test_method_def_body_single_line (line 221) | def test_method_def_body_single_line method test_class_body (line 231) | def test_class_body method test_module_body (line 242) | def test_module_body method test_class_name (line 253) | def test_class_name method test_parent_name (line 259) | def test_parent_name method test_module_name (line 265) | def test_module_name method test_wrong_sexp_error (line 271) | def test_wrong_sexp_error method test_zsuper_call (line 279) | def test_zsuper_call method test_super_call (line 287) | def test_super_call method test_resbody_block (line 295) | def test_resbody_block method test_lasgn (line 303) | def test_lasgn method test_iasgn (line 312) | def test_iasgn method test_each_arg (line 321) | def test_each_arg method test_each_arg! (line 332) | def test_each_arg! method test_num_args (line 342) | def test_num_args method test_hash_invalidation_on_push (line 361) | def test_hash_invalidation_on_push method test_hash_invalidation_on_line_number_change (line 371) | def test_hash_invalidation_on_line_number_change method test_sexp_line_set (line 380) | def test_sexp_line_set method test_sexp_original_line_set (line 391) | def test_sexp_original_line_set method test_combine_and_or_depth (line 400) | def test_combine_and_or_depth method test_inspect_recursive (line 411) | def test_inspect_recursive method test_value (line 417) | def test_value method test_call_chain (line 425) | def test_call_chain method test_short_call_chain (line 432) | def test_short_call_chain method test_local_call_chain (line 438) | def test_local_call_chain method test_body_list_set (line 444) | def test_body_list_set FILE: test/tests/sonar_output.rb class SonarOutputTests (line 4) | class SonarOutputTests < Minitest::Test method setup (line 5) | def setup method test_for_expected_keys (line 9) | def test_for_expected_keys method test_for_issues_keys (line 13) | def test_for_issues_keys FILE: test/tests/tabs_output.rb class TestTabsOutput (line 3) | class TestTabsOutput < Minitest::Test method setup (line 4) | def setup method test_reported_warnings (line 12) | def test_reported_warnings FILE: test/tests/tracker.rb class TrackerTests (line 3) | class TrackerTests < Minitest::Test method setup (line 4) | def setup method test_exception_in_error_list (line 8) | def test_exception_in_error_list method test_method_lookup_default_type (line 24) | def test_method_lookup_default_type method test_method_lookup_instance (line 29) | def test_method_lookup_instance method test_method_lookup_class (line 34) | def test_method_lookup_class method test_method_lookup_wrong_type (line 39) | def test_method_lookup_wrong_type method test_method_lookup_no_method (line 44) | def test_method_lookup_no_method method test_method_lookup_in_parent (line 49) | def test_method_lookup_in_parent method test_method_lookup_in_mixin (line 54) | def test_method_lookup_in_mixin method test_method_lookup_in_module (line 59) | def test_method_lookup_in_module method test_method_lookup_invalid_type (line 64) | def test_method_lookup_invalid_type method test_method_inside_sclass (line 71) | def test_method_inside_sclass method test_class_method_in_parent (line 76) | def test_class_method_in_parent method test_invalid_method_info_src (line 81) | def test_invalid_method_info_src method test_module_includes_in_same_class (line 87) | def test_module_includes_in_same_class method parse_class (line 102) | def parse_class FILE: test/tests/warning.rb class WarningTests (line 4) | class WarningTests < Minitest::Test method test_confidence_symbols (line 5) | def test_confidence_symbols method test_confidence_integers (line 12) | def test_confidence_integers method test_bad_confidence_symbol (line 19) | def test_bad_confidence_symbol method test_bad_confidence_integer (line 25) | def test_bad_confidence_integer method test_relative_path (line 31) | def test_relative_path FILE: test/to_test.rb class Brakeman::Report::Tests (line 19) | class Brakeman::Report::Tests < Brakeman::Report::Base method generate_report (line 20) | def generate_report