Andreas Tiefenthaler pxlpnk

## kubernetes.rego
package kubernetes

name = input.metadata.name

kind = input.kind

is_service {
	kind = "Service"
}

## Dockerfile.rails
FROM ubuntu:18.04
FROM ruby:2.6.3

# Install apt based dependencies required to run Rails as
# well as RubyGems. As the Ruby image itself is based on a
# Debian image, we use apt-get to install those.
RUN apt-get update && apt-get install -y \
  build-essential

RUN curl -sL https://deb.nodesource.com/setup_10.x |  bash -

## main.go
package main

import (
	"encoding/json"
	"fmt"
	"log"
)

const inputSound = `
{

## go-commit.rb
#!/usr/bin/env ruby

require 'optparse'

class CommitParser
  def self.parse(args)
    options = {}
    opts = OptionParser.new do |opts|
      opts.banner = 'Usage: name'

## cache.go
package cache

import "fmt"

// Item represents an item within the cache
type Item struct {
	Object interface{}
}

// Cache represents the data structure for storing items in memory

## 355.patch
From 9eea6bc2cd680cb78c7258e8e4873bf3d09391c3 Mon Sep 17 00:00:00 2001
From: Andreas Tiefenthaler <164718+pxlpnk@users.noreply.github.com>
Date: Thu, 20 Sep 2018 18:23:19 +0700
Subject: [PATCH] Fix broken link in CVE-2014-4920

Closes: #354
---
 gems/twitter-bootstrap-rails/OSVDB-109206.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

## rubocop output
$ bundle exec rubocop --require rubocop-gitlab-security
Inspecting 121 files
.....CC.....CC..C..C....................C................................................................................

Offenses:

app/controllers/api/v1/mobile_controller.rb:11:44: C: GitlabSecurity/JsonSerialization: Don't use to_json without specifying only
      respond_with model.find(params[:id]).to_json
                                           ^^^^^^^
app/controllers/api/v1/mobile_controller.rb:18:30: C: GitlabSecurity/JsonSerialization: Don't use to_json without specifying only

## bundle audit check --update
$ bundle audit check --update

Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
 * branch            master     -> FETCH_HEAD
Already up to date.
Updated ruby-advisory-db
ruby-advisory-db: 322 advisories
Name: omniauth-oauth2
Version: 1.0.2

## brakeman output
Loading scanner...
Processing application in /Users/at/src/github.com/OWASP/railsgoat
Processing gems...
[Notice] Detected Rails 5 application
Processing configuration...
[Notice] Escaping HTML by default
Parsing files...
Processing initializers...
Processing libs...sed
Processing routes...

## gist:80a9f3e6c236f7b40999
var Alpine = require('alpine');
var alpine = new Alpine("%h %s %B");
var data = alpine.parseLine("www.brain-salad.com 403 4321");
	package kubernetes

	name = input.metadata.name

	kind = input.kind

	is_service {
	kind = "Service"
	}
	FROM ubuntu:18.04
	FROM ruby:2.6.3

	# Install apt based dependencies required to run Rails as
	# well as RubyGems. As the Ruby image itself is based on a
	# Debian image, we use apt-get to install those.
	RUN apt-get update && apt-get install -y \
	build-essential

	RUN curl -sL https://deb.nodesource.com/setup_10.x \| bash -
	package main

	import (
	"encoding/json"
	"fmt"
	"log"
	)

	const inputSound = `
	{
	#!/usr/bin/env ruby

	require 'optparse'

	class CommitParser
	def self.parse(args)
	options = {}
	opts = OptionParser.new do \|opts\|
	opts.banner = 'Usage: name'
	package cache

	import "fmt"

	// Item represents an item within the cache
	type Item struct {
	Object interface{}
	}

	// Cache represents the data structure for storing items in memory
	From 9eea6bc2cd680cb78c7258e8e4873bf3d09391c3 Mon Sep 17 00:00:00 2001
	From: Andreas Tiefenthaler <164718+pxlpnk@users.noreply.github.com>
	Date: Thu, 20 Sep 2018 18:23:19 +0700
	Subject: [PATCH] Fix broken link in CVE-2014-4920

	Closes: #354
	---
	gems/twitter-bootstrap-rails/OSVDB-109206.yml \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)
	$ bundle exec rubocop --require rubocop-gitlab-security
	Inspecting 121 files
	.....CC.....CC..C..C....................C................................................................................

	Offenses:

	app/controllers/api/v1/mobile_controller.rb:11:44: C: GitlabSecurity/JsonSerialization: Don't use to_json without specifying only
	respond_with model.find(params[:id]).to_json
	^^^^^^^
	app/controllers/api/v1/mobile_controller.rb:18:30: C: GitlabSecurity/JsonSerialization: Don't use to_json without specifying only
	$ bundle audit check --update

	Updating ruby-advisory-db ...
	From https://github.com/rubysec/ruby-advisory-db
	* branch master -> FETCH_HEAD
	Already up to date.
	Updated ruby-advisory-db
	ruby-advisory-db: 322 advisories
	Name: omniauth-oauth2
	Version: 1.0.2
	Loading scanner...
	Processing application in /Users/at/src/github.com/OWASP/railsgoat
	Processing gems...
	[Notice] Detected Rails 5 application
	Processing configuration...
	[Notice] Escaping HTML by default
	Parsing files...
	Processing initializers...
	Processing libs...sed
	Processing routes...
	var Alpine = require('alpine');
	var alpine = new Alpine("%h %s %B");
	var data = alpine.parseLine("www.brain-salad.com 403 4321");