Derailer is a static analysis tool for Rails applications. It produces a graph showing the conditions under which your application allows data to flow from the database to rendered web pages seen by users. The goal is for this graph to aid the user in discovering unintended data flows that may represent security bugs.
Add these lines to your application's Gemfile:
gem 'derailer', :git => 'https://github.com/jnear/derailer.git'
gem 'method_source', "~>0.8.3",
:git => 'https://github.com/aleksandarmilicevic/method_source.git'
gem 'sdg_utils', :git => 'https://github.com/jnear/sdg_utils.git'
And then execute:
$ bundle install
To run the analysis, execute:
$ bundle exec rake derailer
Once it's finished, it will start a webserver. To see the analysis results, browse to:
http://localhost:8000
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request