diff options
author | Valery Sizov <vsv2711@gmail.com> | 2015-03-11 14:50:06 +0200 |
---|---|---|
committer | Valery Sizov <vsv2711@gmail.com> | 2015-03-11 14:50:06 +0200 |
commit | 9993a749d0e9f753aa7ecd4590260c1730c319a1 (patch) | |
tree | 92e641649c49fe65b725f1e236e2ea120bf8b87a | |
parent | 1c10220fa8bb519c97e6aea1af9620ac38c8a285 (diff) | |
download | gitlab-ci-9993a749d0e9f753aa7ecd4590260c1730c319a1.tar.gz |
Adding brakeman
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | Gemfile | 1 | ||||
-rw-r--r-- | Gemfile.lock | 22 | ||||
-rw-r--r-- | app/controllers/builds_controller.rb | 2 | ||||
-rw-r--r-- | config/application.rb | 4 | ||||
-rw-r--r-- | lib/tasks/brakeman.rake | 9 |
6 files changed, 34 insertions, 5 deletions
@@ -8,6 +8,7 @@ v7.9.0 - Add scroll up/down buttons for better mobile experience with large build traces - Add runner last contact (Kamil Trzciński) - Allow to pause runners - when paused runner will not receive any new build (Kamil Trzciński) + - Add brakeman (security scanner for Ruby on Rails) v7.8.2 - Fix the broken build failed email @@ -83,6 +83,7 @@ gem 'nprogress-rails' group :development do + gem 'brakeman', require: false gem 'rack-mini-profiler', require: false gem 'annotate' gem 'quiet_assets' diff --git a/Gemfile.lock b/Gemfile.lock index 7948015..ef2a25c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -47,6 +47,16 @@ GEM ice_nine (~> 0.9) bootstrap-sass (3.0.3.0) sass (~> 3.2) + brakeman (3.0.2) + erubis (~> 2.6) + fastercsv (~> 1.5) + haml (>= 3.0, < 5.0) + highline (~> 1.6.20) + multi_json (~> 1.2) + ruby2ruby (~> 2.1.1) + ruby_parser (~> 3.6.2) + sass (~> 3.0) + terminal-table (~> 1.4) builder (3.2.2) byebug (3.2.0) columnize (~> 0.8) @@ -102,6 +112,7 @@ GEM railties (>= 3.0.0) faraday (0.9.1) multipart-post (>= 1.2, < 3) + fastercsv (1.5.5) ffaker (1.22.1) ffi (1.9.3) font-awesome-rails (3.2.1.3) @@ -142,6 +153,7 @@ GEM haml (>= 3.1, < 5.0) railties (>= 4.0.1) hashie (2.0.5) + highline (1.6.21) hike (1.2.3) httparty (0.11.0) multi_json (~> 1.0) @@ -176,7 +188,7 @@ GEM mime-types (2.4.3) mini_portile (0.5.2) minitest (5.5.1) - multi_json (1.10.1) + multi_json (1.11.0) multi_xml (0.5.5) multipart-post (2.0.0) mysql2 (0.3.14) @@ -267,6 +279,11 @@ GEM rainbow (>= 1.99.1, < 3.0) ruby-progressbar (~> 1.4) ruby-progressbar (1.7.1) + ruby2ruby (2.1.3) + ruby_parser (~> 3.1) + sexp_processor (~> 4.0) + ruby_parser (3.6.4) + sexp_processor (~> 4.1) safe_yaml (0.9.7) sass (3.2.19) sass-rails (4.0.3) @@ -275,6 +292,7 @@ GEM sprockets (~> 2.8, <= 2.11.0) sprockets-rails (~> 2.0) settingslogic (2.0.9) + sexp_processor (4.5.0) shoulda-matchers (2.4.0) activesupport (>= 3.0.0) sidekiq (2.17.0) @@ -314,6 +332,7 @@ GEM temple (0.6.7) term-ansicolor (1.2.2) tins (~> 0.8) + terminal-table (1.4.5) therubyracer (0.12.0) libv8 (~> 3.16.14.0) ref @@ -357,6 +376,7 @@ DEPENDENCIES acts-as-taggable-on (~> 3.4) annotate bootstrap-sass (~> 3.0) + brakeman byebug capybara coffee-rails (~> 4.0.0) diff --git a/app/controllers/builds_controller.rb b/app/controllers/builds_controller.rb index 324aa4e..c8cb69f 100644 --- a/app/controllers/builds_controller.rb +++ b/app/controllers/builds_controller.rb @@ -41,7 +41,7 @@ class BuildsController < ApplicationController build = Build.retry(@build) if params[:return_to] - redirect_to params[:return_to] + redirect_to URI.parse(params[:return_to]).path else redirect_to project_build_path(project, build) end diff --git a/config/application.rb b/config/application.rb index ba0da4b..e2cea6b 100644 --- a/config/application.rb +++ b/config/application.rb @@ -45,14 +45,12 @@ module GitlabCi # This will create an empty whitelist of attributes available for mass-assignment for all models # in your app. As such, your models will need to explicitly whitelist or blacklist accessible # parameters by using an attr_accessible or attr_protected declaration. - config.active_record.whitelist_attributes = true + config.active_record.whitelist_attributes = false # Enable the asset pipeline config.assets.enabled = true # Version of your assets, change this if you want to expire all your assets config.assets.version = '1.0' - - config.active_record.whitelist_attributes = false end end diff --git a/lib/tasks/brakeman.rake b/lib/tasks/brakeman.rake new file mode 100644 index 0000000..c97efff --- /dev/null +++ b/lib/tasks/brakeman.rake @@ -0,0 +1,9 @@ +desc 'Security check via brakeman' + task :brakeman do + if system("brakeman --skip-files lib/upgrader.rb -w3 -z -x ModelAttributes") + exit 0 + else + puts 'Security check failed' + exit 1 + end +end |