Site updated at Fri Jan 26 03:28:08 PM PST 2024

presidentbeef · Jan 26, 2024 · 6f21ef4 · 6f21ef4
1 parent 31335b4
commit 6f21ef4
Show file tree

Hide file tree

Showing 9 changed files with 9 additions and 9 deletions.
diff --git a/docs/troubleshooting/parse_errors/index.html b/docs/troubleshooting/parse_errors/index.html
@@ -102,7 +102,7 @@ <h3 id="check-haml-output">Check Haml Output</h3>
 
 <p>If the file is a Haml template, then the output of <code class="language-plaintext highlighter-rouge">haml</code> needs to be checked.</p>
 
-<p>Run <code class="language-plaintext highlighter-rouge">haml -e --debug file_name.html.haml</code> to check the output. Note that this will attempt to execute the code, which will likely fail. However, it will also indicate syntax problems.</p>
+<p>Run <code class="language-plaintext highlighter-rouge">haml compile -c file_name.html.haml</code> to check the output. Note that this will attempt to execute the code, which will likely fail. However, it will also indicate syntax problems.</p>
 
 <h3 id="file-an-issue">File an Issue</h3>
 

diff --git a/docs/warning_types/command_injection/index.html b/docs/warning_types/command_injection/index.html
@@ -78,7 +78,7 @@ <h2>Ruby on Rails Static Analysis Security Tool</h2>
     <h1 class="entry-title">Command Injection</h1>
   </header>
 
-  <p>Injection is #1 on the 2010 <a href="https://www.owasp.org/index.php/Top_10_2010-A1">OWASP Top Ten</a> web security risks. Command injection occurs when shell commands unsafely include user-manipulatable values.</p>
+  <p>Injection is #1 on the 2010 <a href="https://web.archive.org/web/20190223031311/https://www.owasp.org/index.php/Top_10_2010-A1">OWASP Top Ten</a> web security risks. Command injection occurs when shell commands unsafely include user-manipulatable values.</p>
 
 <p>There are many ways to run commands in Ruby:</p>
 

diff --git a/docs/warning_types/content_tag/index.html b/docs/warning_types/content_tag/index.html
@@ -78,7 +78,7 @@ <h2>Ruby on Rails Static Analysis Security Tool</h2>
     <h1 class="entry-title">Cross Site Scripting (Content Tag)</h1>
   </header>
 
-  <p>Cross site scripting (or XSS) is #2 on the 2010 <a href="https://www.owasp.org/index.php/Top_10_2010-A2">OWASP Top Ten</a> web security risks and it pops up nearly everywhere. XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.</p>
+  <p>Cross site scripting (or XSS) is #2 on the 2010 <a href="https://web.archive.org/web/20190223031311/https://www.owasp.org/index.php/Top_10_2010-A2">OWASP Top Ten</a> web security risks and it pops up nearly everywhere. XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.</p>
 
 <p><a href="http://apidock.com/rails/ActionView/Helpers/TagHelper/content_tag">content_tag</a> is a view helper which generates an HTML tag with some content:</p>
 

diff --git a/docs/warning_types/cross-site_request_forgery/index.html b/docs/warning_types/cross-site_request_forgery/index.html
@@ -78,7 +78,7 @@ <h2>Ruby on Rails Static Analysis Security Tool</h2>
     <h1 class="entry-title">Cross Site Request Forgery</h1>
   </header>
 
-  <p>Cross-site request forgery is #5 on the <a href="https://www.owasp.org/index.php/Top_10_2010-A5">OWASP Top Ten</a>. CSRF allows an attacker to perform actions on a website as if they are an authenticated user.</p>
+  <p>Cross-site request forgery is #5 on the <a href="https://web.archive.org/web/20190223031311/https://www.owasp.org/index.php/Top_10_2010-A5">OWASP Top Ten</a>. CSRF allows an attacker to perform actions on a website as if they are an authenticated user.</p>
 
 <p>This warning is raised when no call to <code class="language-plaintext highlighter-rouge">protect_from_forgery</code> is found in <code class="language-plaintext highlighter-rouge">ApplicationController</code>. This method prevents CSRF.</p>
 

diff --git a/docs/warning_types/cross_site_scripting/index.html b/docs/warning_types/cross_site_scripting/index.html
@@ -78,7 +78,7 @@ <h2>Ruby on Rails Static Analysis Security Tool</h2>
     <h1 class="entry-title">Cross Site Scripting</h1>
   </header>
 
-  <p>Cross site scripting (or XSS) is #2 on the 2010 <a href="https://www.owasp.org/index.php/Top_10_2010-A2">OWASP Top Ten</a> web security risks and it pops up nearly everywhere.</p>
+  <p>Cross site scripting (or XSS) is #2 on the 2010 <a href="https://web.archive.org/web/20190223031311/https://www.owasp.org/index.php/Top_10_2010-A2">OWASP Top Ten</a> web security risks and it pops up nearly everywhere.</p>
 
 <p>XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.</p>
 

diff --git a/docs/warning_types/cross_site_scripting_to_json/index.html b/docs/warning_types/cross_site_scripting_to_json/index.html
@@ -78,7 +78,7 @@ <h2>Ruby on Rails Static Analysis Security Tool</h2>
     <h1 class="entry-title">Cross Site Scripting (JSON)</h1>
   </header>
 
-  <p>Cross site scripting (or XSS) is #2 on the 2010 <a href="https://www.owasp.org/index.php/Top_10_2010-A2">OWASP Top Ten</a> web security risks and it pops up nearly everywhere.</p>
+  <p>Cross site scripting (or XSS) is #2 on the 2010 <a href="https://web.archive.org/web/20190223031311/https://www.owasp.org/index.php/Top_10_2010-A2">OWASP Top Ten</a> web security risks and it pops up nearly everywhere.</p>
 
 <p>XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.  Calls to <code class="language-plaintext highlighter-rouge">Hash#to_json</code> can be used to trigger XSS.  Brakeman will check to see if there are any calls to <code class="language-plaintext highlighter-rouge">Hash#to_json</code> with <code class="language-plaintext highlighter-rouge">ActiveSupport#escape_html_entities_in_json</code> set to false (or if you are running Rails &lt; 2.1.0 which did not have this functionality).</p>
 

diff --git a/docs/warning_types/redirect/index.html b/docs/warning_types/redirect/index.html
@@ -78,7 +78,7 @@ <h2>Ruby on Rails Static Analysis Security Tool</h2>
     <h1 class="entry-title">Redirect</h1>
   </header>
 
-  <p>Unvalidated redirects and forwards are #10 on the <a href="https://www.owasp.org/index.php/Top_10_2010-A10">OWASP Top Ten</a>.</p>
+  <p>Unvalidated redirects and forwards are #10 on the <a href="https://web.archive.org/web/20190223031311/https://www.owasp.org/index.php/Top_10_2010-A10">OWASP Top Ten</a>.</p>
 
 <p>Redirects which rely on user-supplied values can be used to “spoof” websites or hide malicious links in otherwise harmless-looking URLs. They can also allow access to restricted areas of a site if the destination is not validated.</p>
 

diff --git a/docs/warning_types/sql_injection/index.html b/docs/warning_types/sql_injection/index.html
@@ -78,7 +78,7 @@ <h2>Ruby on Rails Static Analysis Security Tool</h2>
     <h1 class="entry-title">SQL Injection</h1>
   </header>
 
-  <p>Injection is #1 on the 2010 <a href="https://www.owasp.org/index.php/Top_10_2010-A1">OWASP Top Ten</a> web security risks. SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query. This can lead to data leaks, data loss, elevation of privilege, and other unpleasant outcomes.</p>
+  <p>Injection is #1 on the 2010 <a href="https://web.archive.org/web/20190223031311/https://www.owasp.org/index.php/Top_10_2010-A1">OWASP Top Ten</a> web security risks. SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query. This can lead to data leaks, data loss, elevation of privilege, and other unpleasant outcomes.</p>
 
 <p>Brakeman focuses on ActiveRecord methods dealing with building SQL statements.</p>
 

diff --git a/feed.xml b/feed.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="3.9.3">Jekyll</generator><link href="https://brakemanscanner.org/feed.xml" rel="self" type="application/atom+xml" /><link href="https://brakemanscanner.org/" rel="alternate" type="text/html" /><updated>2024-01-26T15:21:48-08:00</updated><id>https://brakemanscanner.org/feed.xml</id><title type="html">Brakeman</title><entry><title type="html">Brakeman 6.1.0 Released</title><link href="https://brakemanscanner.org/blog/2023/12/04/brakeman-6-dot-1-dot-0-released" rel="alternate" type="text/html" title="Brakeman 6.1.0 Released" /><published>2023-12-04T22:30:00-08:00</published><updated>2023-12-04T22:30:00-08:00</updated><id>https://brakemanscanner.org/blog/2023/12/04/brakeman-6-dot-1-dot-0-released</id><content type="html" xml:base="https://brakemanscanner.org/blog/2023/12/04/brakeman-6-dot-1-dot-0-released">&lt;p&gt;It’s been a while!&lt;/p&gt;
+<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="3.9.3">Jekyll</generator><link href="https://brakemanscanner.org/feed.xml" rel="self" type="application/atom+xml" /><link href="https://brakemanscanner.org/" rel="alternate" type="text/html" /><updated>2024-01-26T15:26:56-08:00</updated><id>https://brakemanscanner.org/feed.xml</id><title type="html">Brakeman</title><entry><title type="html">Brakeman 6.1.0 Released</title><link href="https://brakemanscanner.org/blog/2023/12/04/brakeman-6-dot-1-dot-0-released" rel="alternate" type="text/html" title="Brakeman 6.1.0 Released" /><published>2023-12-04T22:30:00-08:00</published><updated>2023-12-04T22:30:00-08:00</updated><id>https://brakemanscanner.org/blog/2023/12/04/brakeman-6-dot-1-dot-0-released</id><content type="html" xml:base="https://brakemanscanner.org/blog/2023/12/04/brakeman-6-dot-1-dot-0-released">&lt;p&gt;It’s been a while!&lt;/p&gt;
 
 &lt;p&gt;&lt;em&gt;Changes since 6.0.1:&lt;/em&gt;&lt;/p&gt;