diff --git a/Gemfile b/Gemfile index 0758d94..29038bf 100644 --- a/Gemfile +++ b/Gemfile @@ -112,6 +112,10 @@ group :development, :test do # bundler-audit provides patch-level verification for Bundled apps. gem 'bundler-audit', '~> 0.6' + + # Brakeman detects security vulnerabilities + # in Ruby on Rails applications via static analysis. + gem 'brakeman', '~> 4.3' end group :development do diff --git a/Gemfile.lock b/Gemfile.lock index 37963be..31060b3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -59,6 +59,7 @@ GEM autoprefixer-rails (>= 6.0.3) popper_js (>= 1.12.9, < 2) sass (>= 3.5.2) + brakeman (4.3.1) builder (3.2.3) bundler-audit (0.6.0) bundler (~> 1.2) @@ -396,6 +397,7 @@ DEPENDENCIES bcrypt (~> 3.1) bootsnap (>= 1.1.0) bootstrap (~> 4.1.3) + brakeman (~> 4.3) bundler-audit (~> 0.6) byebug capistrano (~> 3.11) diff --git a/Rakefile b/Rakefile index e494e7d..d665823 100644 --- a/Rakefile +++ b/Rakefile @@ -8,7 +8,7 @@ desc 'Run all checks (test, lint...)' task default: :lint desc 'Run all code analysis tools (RuboCop...)' -task lint: %i[rubocop bundler:audit] +task lint: %i[rubocop bundler:audit brakeman] desc 'Fix code style (rubocop --auto-correct)' task fix: 'rubocop:auto_correct' @@ -48,3 +48,16 @@ namespace :bundler do rescue LoadError nil end + +desc 'Detects security vulnerabilities via static analysis' +task :brakeman do + sh( + 'bundle', + 'exec', + 'brakeman', + Rails.root.to_s, + '--confidence-level', + '1', + '--run-all-checks', + ) +end diff --git a/app/views/users/registrations/edit.html.erb b/app/views/users/registrations/edit.html.erb index 49b80fc..eeda9e5 100644 --- a/app/views/users/registrations/edit.html.erb +++ b/app/views/users/registrations/edit.html.erb @@ -13,7 +13,7 @@ <%= f.input :password, hint: translate('.leave_blank_if_you_don_t_want_to_change_it'), - required: false + required: false, input_html: { autocomplete: 'new-password' } %> <%= f.input :password_confirmation,