New release is pending...! Expect to have it out this evening. The minimum required Ruby version to run Brakeman will be raised from 1.9.3 (!!) to 2.3.0. Additionally, the new version of RubyParser will fix a lot (all?) of the parsing issues folks have been seeing.
@presidentbeef will you update the license?
Rubygems still say non standard
which is really broad
also @presidentbeef is the license document for breakman open source or not? :D
That is, can the license it self be used in other software? :D
So I didn't get the release out yet. Shouldn't have estimated the time when there's an external dependency..
@mensfeld when the release is out the license on rubygems
Will be updated
The license is based on the WPScan license... So I guess it's fine to take and adapt it if it fits your needs? Probably should ask a lawyer...
OK their license is public
I will reuse it than
I have a lot of OSS that I want to release on the same license as Brakeman
that is - completely free to run as long as it runs within the organization (not when it is executed as a service by someone else for the organization)
@mensfeld a couple notes: 1 - It's not an "open source" license, it does not meet the definition of open source by the OSI: https://opensource.org/osd 2 - The lawyer who wrote the Brakeman license said the WPScan license is flawed because it does not include a "Grant" section
@linosgian it is not... 2.3.0 is the current minimum
I thought so since it's discontinued for so long, just making sure before I start developing. Cheers!
@/all Hi folks - if you are interested in "incremental scans" - scanning only a subset of files for e.g. a git commit hook or IDE integration, I would appreciate your feedback here: presidentbeef/brakeman#1368
In the case of a function call (e.g. func(var1, var2)), variables will appear as :call right? Is this because of the () being optional in Ruby? Is there a way to distinguish the no-argument function call vs variable passing in brakeman (aka statically)?
@linosgian it depends on context. In Ruby, if x is not a local variable then it is a method call. If you only parse blah(x) then x will be a call. But if it were like x = 1; blah(x) then x would be an lvar according to ruby_parser
I see, if the variable is in a function's definition as such: