Use Brakeman (closes #11)
This commit is contained in:
parent
6ad21e32b0
commit
95f10b8022
4
Gemfile
4
Gemfile
|
@ -112,6 +112,10 @@ group :development, :test do
|
||||||
|
|
||||||
# bundler-audit provides patch-level verification for Bundled apps.
|
# bundler-audit provides patch-level verification for Bundled apps.
|
||||||
gem 'bundler-audit', '~> 0.6'
|
gem 'bundler-audit', '~> 0.6'
|
||||||
|
|
||||||
|
# Brakeman detects security vulnerabilities
|
||||||
|
# in Ruby on Rails applications via static analysis.
|
||||||
|
gem 'brakeman', '~> 4.3'
|
||||||
end
|
end
|
||||||
|
|
||||||
group :development do
|
group :development do
|
||||||
|
|
|
@ -59,6 +59,7 @@ GEM
|
||||||
autoprefixer-rails (>= 6.0.3)
|
autoprefixer-rails (>= 6.0.3)
|
||||||
popper_js (>= 1.12.9, < 2)
|
popper_js (>= 1.12.9, < 2)
|
||||||
sass (>= 3.5.2)
|
sass (>= 3.5.2)
|
||||||
|
brakeman (4.3.1)
|
||||||
builder (3.2.3)
|
builder (3.2.3)
|
||||||
bundler-audit (0.6.0)
|
bundler-audit (0.6.0)
|
||||||
bundler (~> 1.2)
|
bundler (~> 1.2)
|
||||||
|
@ -396,6 +397,7 @@ DEPENDENCIES
|
||||||
bcrypt (~> 3.1)
|
bcrypt (~> 3.1)
|
||||||
bootsnap (>= 1.1.0)
|
bootsnap (>= 1.1.0)
|
||||||
bootstrap (~> 4.1.3)
|
bootstrap (~> 4.1.3)
|
||||||
|
brakeman (~> 4.3)
|
||||||
bundler-audit (~> 0.6)
|
bundler-audit (~> 0.6)
|
||||||
byebug
|
byebug
|
||||||
capistrano (~> 3.11)
|
capistrano (~> 3.11)
|
||||||
|
|
15
Rakefile
15
Rakefile
|
@ -8,7 +8,7 @@ desc 'Run all checks (test, lint...)'
|
||||||
task default: :lint
|
task default: :lint
|
||||||
|
|
||||||
desc 'Run all code analysis tools (RuboCop...)'
|
desc 'Run all code analysis tools (RuboCop...)'
|
||||||
task lint: %i[rubocop bundler:audit]
|
task lint: %i[rubocop bundler:audit brakeman]
|
||||||
|
|
||||||
desc 'Fix code style (rubocop --auto-correct)'
|
desc 'Fix code style (rubocop --auto-correct)'
|
||||||
task fix: 'rubocop:auto_correct'
|
task fix: 'rubocop:auto_correct'
|
||||||
|
@ -48,3 +48,16 @@ namespace :bundler do
|
||||||
rescue LoadError
|
rescue LoadError
|
||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
desc 'Detects security vulnerabilities via static analysis'
|
||||||
|
task :brakeman do
|
||||||
|
sh(
|
||||||
|
'bundle',
|
||||||
|
'exec',
|
||||||
|
'brakeman',
|
||||||
|
Rails.root.to_s,
|
||||||
|
'--confidence-level',
|
||||||
|
'1',
|
||||||
|
'--run-all-checks',
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
|
|
||||||
<%= f.input :password,
|
<%= f.input :password,
|
||||||
hint: translate('.leave_blank_if_you_don_t_want_to_change_it'),
|
hint: translate('.leave_blank_if_you_don_t_want_to_change_it'),
|
||||||
required: false
|
required: false,
|
||||||
input_html: { autocomplete: 'new-password' } %>
|
input_html: { autocomplete: 'new-password' } %>
|
||||||
|
|
||||||
<%= f.input :password_confirmation,
|
<%= f.input :password_confirmation,
|
||||||
|
|
Reference in New Issue