From 0273a0d99fe287eb618285fd84dba22b7ce56ed9 Mon Sep 17 00:00:00 2001
From: Priit Tamboom <priit@gitlab.eu>
Date: Fri, 10 Oct 2014 11:02:54 +0300
Subject: [PATCH] Added brakeman to robot

---
 Gemfile      |  3 +++
 Gemfile.lock | 55 ++++++++++++++++++++++++++++++++++------------------
 bin/robot    |  4 ++++
 3 files changed, 43 insertions(+), 19 deletions(-)

diff --git a/Gemfile b/Gemfile
index 2a5252727..759174dbd 100644
--- a/Gemfile
+++ b/Gemfile
@@ -135,4 +135,7 @@ group :development, :test do
 
   # for finding future vulnerable gems
   gem 'bundler-audit'
+
+  # for security audit'
+  gem 'brakeman', '~> 2.6.2', :require => false
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 99cacbe8b..fd2911cbc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -29,8 +29,6 @@ GEM
       tzinfo (~> 1.1)
     arel (5.0.1.20140414130214)
     ast (2.0.0)
-    astrolabe (1.3.0)
-      parser (>= 2.2.0.pre.3, < 3.0)
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)
       ice_nine (~> 0.11.0)
@@ -40,6 +38,17 @@ GEM
       debug_inspector (>= 0.0.1)
     bootstrap-sass (3.2.0.2)
       sass (~> 3.2)
+    brakeman (2.6.2)
+      erubis (~> 2.6)
+      fastercsv (~> 1.5)
+      haml (>= 3.0, < 5.0)
+      highline (~> 1.6.20)
+      multi_json (~> 1.2)
+      ruby2ruby (~> 2.1.1)
+      ruby_parser (~> 3.5.0)
+      sass (~> 3.0)
+      slim (>= 1.3.6, < 3.0)
+      terminal-table (~> 1.4)
     builder (3.2.2)
     bullet (4.14.0)
       activesupport (>= 3.0.0)
@@ -48,7 +57,7 @@ GEM
       bundler (~> 1.2)
       thor (~> 0.18)
     cancan (1.6.10)
-    capybara (2.4.1)
+    capybara (2.4.3)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
@@ -66,7 +75,7 @@ GEM
     coffee-script (2.3.0)
       coffee-script-source
       execjs
-    coffee-script-source (1.7.0)
+    coffee-script-source (1.8.0)
     database_cleaner (1.3.0)
     debug_inspector (0.0.2)
     descendants_tracker (0.0.4)
@@ -88,7 +97,8 @@ GEM
     fabrication (2.11.3)
     faker (1.3.0)
       i18n (~> 0.5)
-    ffi (1.9.3)
+    fastercsv (1.5.5)
+    ffi (1.9.6)
     flay (2.4.0)
       ruby_parser (~> 3.0)
       sexp_processor (~> 4.0)
@@ -115,13 +125,14 @@ GEM
       activesupport (>= 4.0.1)
       haml (>= 3.1, < 5.0)
       railties (>= 4.0.1)
+    highline (1.6.21)
     hike (1.2.3)
     hitimes (1.2.2)
     hpricot (0.8.6)
     i18n (0.6.11)
     ice_nine (0.11.0)
     isikukood (0.1.2)
-    jbuilder (2.1.3)
+    jbuilder (2.2.2)
       activesupport (>= 3.0.0, < 5)
       multi_json (~> 1.2)
     jquery-rails (3.1.2)
@@ -132,9 +143,9 @@ GEM
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
     kgio (2.9.2)
-    libv8 (3.16.14.5)
+    libv8 (3.16.14.7)
     libxml-ruby (2.7.0)
-    listen (2.7.9)
+    listen (2.7.11)
       celluloid (>= 0.15.2)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
@@ -145,16 +156,16 @@ GEM
     method_source (0.8.2)
     mime-types (1.25.1)
     mini_portile (0.6.0)
-    minitest (5.4.1)
+    minitest (5.4.2)
     multi_json (1.10.1)
     nokogiri (1.6.2.1)
       mini_portile (= 0.6.0)
     nprogress-rails (0.1.3.1)
     orm_adapter (0.5.0)
-    paper_trail (3.0.5)
+    paper_trail (3.0.6)
       activerecord (>= 3.0, < 5.0)
       activesupport (>= 3.0, < 5.0)
-    parser (2.2.0.pre.4)
+    parser (2.1.9)
       ast (>= 1.1, < 3.0)
       slop (~> 3.4, >= 3.4.5)
     pg (0.17.1)
@@ -232,17 +243,17 @@ GEM
       rspec-mocks (~> 3.0.0)
       rspec-support (~> 3.0.0)
     rspec-support (3.0.4)
-    rubocop (0.26.0)
-      astrolabe (~> 1.3)
-      parser (>= 2.2.0.pre.4, < 3.0)
+    rubocop (0.23.0)
+      json (>= 1.7.7, < 2)
+      parser (~> 2.1.9)
       powerpack (~> 0.0.6)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.4)
-    ruby-progressbar (1.5.1)
+    ruby-progressbar (1.6.0)
     ruby2ruby (2.1.3)
       ruby_parser (~> 3.1)
       sexp_processor (~> 4.0)
-    ruby_parser (3.6.3)
+    ruby_parser (3.5.0)
       sexp_processor (~> 4.1)
     rubycritic (1.1.1)
       flay (= 2.4.0)
@@ -270,9 +281,12 @@ GEM
       simplecov-html (~> 0.8.0)
     simplecov-html (0.8.0)
     simpleidn (0.0.5)
+    slim (2.0.3)
+      temple (~> 0.6.6)
+      tilt (>= 1.3.3, < 2.1)
     slop (3.6.0)
     spring (1.1.3)
-    sprockets (2.11.0)
+    sprockets (2.8.0)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
@@ -283,6 +297,8 @@ GEM
       sprockets (~> 2.8)
     sys-uname (0.9.0)
       ffi (>= 1.0.0)
+    temple (0.6.8)
+    terminal-table (1.4.5)
     therubyracer (0.12.1)
       libv8 (~> 3.16.14.0)
       ref
@@ -296,7 +312,7 @@ GEM
     treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    turbolinks (2.3.0)
+    turbolinks (2.4.0)
       coffee-rails
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
@@ -321,7 +337,7 @@ GEM
       binding_of_caller (= 0.7.3.pre1)
       railties (~> 4.0)
       sprockets-rails (>= 2.0, < 4.0)
-    websocket-driver (0.3.4)
+    websocket-driver (0.3.5)
     xpath (2.0.0)
       nokogiri (~> 1.3)
 
@@ -330,6 +346,7 @@ PLATFORMS
 
 DEPENDENCIES
   bootstrap-sass (~> 3.2.0.1)
+  brakeman (~> 2.6.2)
   bullet (~> 4.14.0)
   bundler-audit
   cancan (~> 1.6.10)
diff --git a/bin/robot b/bin/robot
index bbd27b7d6..8de058005 100755
--- a/bin/robot
+++ b/bin/robot
@@ -18,8 +18,12 @@ rubocop
 echo "END_OF_RUBOCOP_RESULTS"
 
 bundle install --deployment 
+
+echo "SECURITY_RESULTS"
 bundle-audit update
 bundle-audit
+brakeman
+echo "END_OF_SECURITY_RESULTS"
 
 # cp config/secrets-example.yml config/secrets.yml
 # create manually config/database.yml