agenda-libre
/
agenda-libre-ruby
2
1
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

Sécurité du projet, en utilisant la gemme brakeman

recurrent
echarp 8 years ago
parent
b3341c1e5d
commit
8940467779
11 changed files with 93 additions and 32 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      .gitignore
  2. 3
      Gemfile
  3. 41
      Gemfile.lock
  4. 7
      Guardfile
  5. 7
      app/assets/stylesheets/tags.css.sass
  6. 2
      app/models/event.rb
  7. 4
      app/views/application/contact.haml
  8. 4
      app/views/application/infos.haml
  9. 33
      app/views/events/_form.html.haml
  10. 12
      app/views/events/show.html.haml
  11. 4
      app/views/regions/stats.html.haml

8
.gitignore
View File

@ -44,11 +44,6 @@ vendor/cache
# Acts as Indexed
index/**/*
# Refinery Specific
*.tmproj
*.autobackupbyrefinery.*
refinerycms-*.gem
# Mac
.DS_Store
@ -96,3 +91,6 @@ vendor/extensions/**/spec/dummy
# exuberant-ctags
tags
# session secret
config/initializers/secret_token.rb

3
Gemfile
View File

@ -78,4 +78,7 @@ group :development do
gem 'guard-minitest'
gem 'quiet_assets'
gem 'webrick', '>= 1.3.1'
# Security checks
gem 'brakeman', require: false
gem 'guard-brakeman'
end

41
Gemfile.lock
View File

@ -7,7 +7,7 @@ GIT
GIT
remote: git://github.com/gregbell/active_admin.git
revision: 3d7605f82706c8e107852f44c61ba6d8e9f2100d
revision: 4f445b51c22b12af2cdde57fe2ce9835c32ef88e
specs:
activeadmin (1.0.0.pre)
arbre (~> 1.0)
@ -65,6 +65,17 @@ GEM
bourbon (3.2.3)
sass (~> 3.2)
thor
brakeman (2.6.0)
erubis (~> 2.6)
fastercsv (~> 1.5)
haml (>= 3.0, < 5.0)
highline (~> 1.6.20)
multi_json (~> 1.2)
ruby2ruby (~> 2.0.5)
ruby_parser (~> 3.5.0)
sass (~> 3.0)
slim (>= 1.3.6, < 3.0)
terminal-table (~> 1.4)
builder (3.2.2)
celluloid (0.15.2)
timers (~> 1.1.0)
@ -99,7 +110,8 @@ GEM
activemodel
erubis (2.7.0)
eventmachine (1.0.3)
execjs (2.1.0)
execjs (2.2.0)
fastercsv (1.5.5)
ffi (1.9.3)
font-awesome-rails (4.1.0.0)
railties (>= 3.2, < 5.0)
@ -114,6 +126,9 @@ GEM
lumberjack (~> 1.0)
pry (>= 0.9.12)
thor (>= 0.18.1)
guard-brakeman (0.8.1)
brakeman (>= 2.1.1)
guard (>= 1.1.0)
guard-bundler (2.0.0)
bundler (~> 1.0)
guard (~> 2.2)
@ -134,13 +149,14 @@ GEM
has_scope (0.6.0.rc)
actionpack (>= 3.2, < 5)
activesupport (>= 3.2, < 5)
highline (1.6.21)
hike (1.2.3)
http_parser.rb (0.6.0)
i18n (0.6.9)
inherited_resources (1.5.0)
has_scope (~> 0.6.0.rc)
responders (~> 1.0)
jbuilder (2.0.7)
jbuilder (2.0.8)
activesupport (>= 3.0.0, < 5)
multi_json (~> 1.2)
jquery-rails (3.1.0)
@ -152,10 +168,10 @@ GEM
jquery-ui-rails (4.2.1)
railties (>= 3.2.16)
json (1.8.1)
kaminari (0.15.1)
kaminari (0.16.0)
actionpack (>= 3.0.0)
activesupport (>= 3.0.0)
listen (2.7.6)
listen (2.7.7)
celluloid (>= 0.15.2)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
@ -210,13 +226,18 @@ GEM
i18n
polyamorous (~> 1.0.0)
rb-fsevent (0.9.4)
rb-inotify (0.9.4)
rb-inotify (0.9.5)
ffi (>= 0.5.0)
rdoc (4.1.1)
json (~> 1.4)
redcarpet (3.1.2)
responders (1.1.0)
railties (>= 3.2, < 5)
ruby2ruby (2.0.8)
ruby_parser (~> 3.1)
sexp_processor (~> 4.0)
ruby_parser (3.5.0)
sexp_processor (~> 4.1)
sass (3.2.19)
sass-rails (4.0.3)
railties (>= 4.0.0, < 5.0)
@ -226,6 +247,10 @@ GEM
sdoc (0.4.0)
json (~> 1.8)
rdoc (~> 4.0, < 5.0)
sexp_processor (4.4.3)
slim (2.0.2)
temple (~> 0.6.6)
tilt (>= 1.3.3, < 2.1)
slop (3.5.0)
spring (1.1.3)
sprockets (2.11.0)
@ -237,6 +262,8 @@ GEM
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (~> 2.8)
temple (0.6.7)
terminal-table (1.4.5)
thor (0.19.1)
thread_safe (0.3.4)
tilt (1.4.1)
@ -260,6 +287,7 @@ PLATFORMS
DEPENDENCIES
activeadmin!
brakeman
coffee-rails
compass-rails
devise
@ -268,6 +296,7 @@ DEPENDENCIES
email_validator
font-awesome-rails
gritter
guard-brakeman
guard-bundler
guard-livereload
guard-minitest

7
Guardfile
View File

@ -27,3 +27,10 @@ guard :minitest do
end
notification :notifysend
guard 'brakeman', run_on_start: true, quiet: true, min_confidence: 10 do
watch(%r{^app/.+\.(erb|haml|rhtml|rb)$})
watch(%r{^config/.+\.rb$})
watch(%r{^lib/.+\.rb$})
watch('Gemfile')
end

7
app/assets/stylesheets/tags.css.sass
View File

@ -1,3 +1,10 @@
// Tag list in event display
p.tags a:after
color: black
content: ','
p.tags a:last-child:after
content: ''
.tag
vertical-align: middle
sub

2
app/models/event.rb
View File

@ -4,7 +4,7 @@ class Event < ActiveRecord::Base
has_one :related_city, foreign_key: :name, primary_key: :city, class_name: City
validates_presence_of :title, :description, :city, :region, :url, :contact
validates_format_of :url, with: /https?:\/\//
validates_format_of :url, with: /\Ahttps?:\/\/.*\z/
validates :contact, email: true
validates :submitter, email: true

4
app/views/application/contact.haml
View File

@ -1,2 +1,2 @@
- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
= raw markdown.render t '.content'
:markdown
#{t '.content'}

4
app/views/application/infos.haml
View File

@ -1,2 +1,2 @@
- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
= raw markdown.render t '.content'
:markdown
#{t '.content'}

33
app/views/events/_form.html.haml
View File

@ -1,5 +1,3 @@
- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
= form_for @event do |f|
- if @event.errors.any?
#error_explanation.error.flash
@ -8,15 +6,20 @@
%p= msg
- unless @event.id
= raw markdown.render t '.subtitle'
:markdown
#{t '.subtitle'}
#advises= raw markdown.render t '.advises'
#advises
:markdown
#{t '.advises'}
- else
= hidden_field_tag :secret, params[:secret]
.field
.helper= raw markdown.render t '.title_helper'
.helper
:markdown
#{t '.title_helper'}
= f.label :title
= f.text_field :title, required: true, size: 70
.field
@ -26,7 +29,9 @@
= f.label Event.human_attribute_name :end_time
= f.datetime_select :end_time, required: true
.field
.helper= raw markdown.render t '.description_helper'
.helper
:markdown
#{t '.description_helper'}
= f.label Event.human_attribute_name :description
= f.text_area :description, required: true, rows: 29, cols: 80
@ -42,19 +47,27 @@
= f.select :locality,
options_for_select([[t('attributes.locality_0'), 0], [t('attributes.locality_1'), 1]], @event.locality)
.field
.helper= raw markdown.render t '.url_helper'
.helper
:markdown
#{t '.url_helper'}
= f.label Event.human_attribute_name :url
= f.text_field :url, required: true, size: 70
.field
.helper= raw markdown.render t '.contact_helper'
.helper
:markdown
#{t '.contact_helper'}
= f.label Event.human_attribute_name :contact
= f.text_field :contact, required: true, size: 70
.field
.helper= raw markdown.render t '.submitter_helper'
.helper
:markdown
#{t '.submitter_helper'}
= f.label :submitter
= f.text_field :submitter, required: true, size: 70
.field
.helper= raw markdown.render t '.tags_helper'
.helper
:markdown
#{t '.tags_helper'}
= f.label :tags
= f.text_field :tags, size: 70

12
app/views/events/show.html.haml
View File

@ -33,7 +33,9 @@
= link_to @event.region.name, "http://fr.wikipedia.org/wiki/#{@event.region.name}" rescue nil
%h3 Description
=raw @event.description
= sanitize @event.description,
tags: %w(p br table tr td ul ol li a strong b em i img),
attributes: %w(href src width height)
%h3 Informations
%p
@ -41,9 +43,11 @@
= link_to @event.url, @event.url
%p
Contact:
= mail_to @event.contact.gsub('@', ' CHEZ ').gsub('.', ' POINT '), @event.contact.gsub('@', ' CHEZ ').gsub('.', ' POINT ')
= mail_to @event.contact.gsub('@', ' CHEZ ').gsub('.', ' POINT '),
@event.contact.gsub('@', ' CHEZ ').gsub('.', ' POINT ')
- if (@event.tags && @event.tags.present?)
%p
%p.tags
Tags:
=raw @event.tags.split.collect { |tag| link_to tag, events_url(tag: tag) }.join(', ')
- @event.tags.split.each do |tag|
= link_to tag, events_url(tag: tag)

4
app/views/regions/stats.html.haml
View File

@ -38,5 +38,5 @@
%h3=t '.web'
- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
= raw markdown.render t '.webalizer'
:markdown
#{t '.webalizer'}

Write Preview
Loading…
Cancel
Save