Results for security-commit

A command-line tool to create and deploy blueprints on Tangle Network

gem-status gets the list of gems you use from Gemfile.lock file and runs some checks on those gems. Checks that can be run are: * Does it has a license? If it does not, it can be a problem for distributing your software with this gem. * Is it Gpl? If it is, it can be a problem if your software or other gems are not GPL compatible. * Is the same in Rubygems.org? This is for people who uses his own gem server. This checks the gems are the same. * Does it has security alerts? This will search into the commits and into security mailing lists for possible security messages.

Rails has a security flaw: All attributes are writable by default. This allows for spectacular hacks, like this one: https://github.com/rails/rails/commit/b83965785db1eec019edf1fc272b1aa393e6dc57. This gem makes all attributes protected by default.

Heimdal AI Analyze installs a git pre-commit hook that runs an AI-assisted code review of your staged diff when you commit with analysis enabled (e.g. `git analyze -m "message"`). Reviews security, duplication, complexity, style, and tests; critical issues can block the commit. Requires CURSOR_API_KEY in the environment or a repo-local `.env`.

Code Quality Check is a Ruby on Rails gem that runs automated quality and security checks on every commit using Overcommit and Git hooks. It bundles and configures RuboCop (style and lint), Brakeman (security), Rails Best Practices, and BundleAudit (CVE checks). The installer sets up a Rails initializer that verifies the gem is installed and ensures Overcommit hooks are present, so teams don't silently skip checks. Optional support for Reek, Flay, and Fasterer via .overcommit.yml. Requires Overcommit in your Gemfile; add the gem and run `rails generate code_quality_check:install` to get started.

Analyses your Gemfile for dependency health: checks if gems are actively maintained (last commit dates via GitHub and GitLab, release dates), outdated versions, archived repos, OpenSSF Scorecard security scores, known vulnerabilities via deps.dev, and libyear drift. Ruby version freshness with EOL detection. Handles rubygems, git, path, and GitHub Packages sources. Outputs coloured terminal tables, markdown, or JSON. CI quality gates with --fail-if-critical, --fail-if-warning, --fail-if-vulnerable, --fail-if-outdated, and --ignore. A comprehensive alternative to running bundle outdated, bundler-audit, and libyear-bundler separately.

If you are a guy who always find something wrong only after sending a pull requset, Priha will help you because Priha lets you examine files' diff between the parent branch and HEAD of the current branch in a real GitHub pull request. However, DO NOT use Priha for your secret repostitory. Since Priha pushes some commits to another repository on GitHub, it easily cause a security incident, espacially the branch you set for Priha is "public". Also, Priha removes all branches on the repository specified in config, so you MUST create a new repository for this purpose and DO NOT use the existing one.

= The Owasp ESAPI Ruby project == Introduction The Owasp ESAPI Ruby is a port for outstanding release quality Owasp ESAPI project to the Ruby programming language. Ruby is now a famous programming language due to its Rails framework developed by David Heinemeier Hansson (http://twitter.com/dhh) that simplify the creation of a web application using a convention over configuration approach to simplify programmers' life. Despite Rails diffusion, there are a lot of Web framework out there that allow people to write web apps in Ruby (merb, sinatra, vintage) [http://accidentaltechnologist.com/ruby/10-alternative-ruby-web-frameworks/]. Owasp Esapi Ruby wants to bring all Ruby deevelopers a gem full of Secure APIs they can use whatever the framework they choose. == Why supporting only Ruby 1.9.2 and beyond? The OWASP Esapi Ruby gem will require at least version 1.9.2 of Ruby interpreter to make sure to have full advantages of the newer language APIs. In particular version 1.9.2 introduces radical changes in the following areas: === Regular expression engine (to be written) === UTF-8 support Unicode support in 1.9.2 is much better and provides better support for character set encoding/decoding * All strings have an additional chunk of info attached: Encoding * String#size takes encoding into account – returns the encoded character count * You can get the raw datasize * Indexed access is by encoded data – characters, not bytes * You can change encoding by force but it doesn’t convert the data === Dates and Time From "Programming Ruby 1.9" "As of Ruby 1.9.2, the range of dates that can be represented is no longer limited by the under- lying operating system’s time representation (so there’s no year 2038 problem). As a result, the year passed to the methods gm, local, new, mktime, and utc must now include the century—a year of 90 now represents 90 and not 1990." == Roadmap Please see ChangeLog file. == Note on Patches/Pull Requests * Fork the project. * Create documentation with rake yard task * Make your feature addition or bug fix. * Add tests for it. This is important so I don't break it in a future version unintentionally. * Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull) * Send me a pull request. Bonus points for topic branches. == Copyright Copyright (c) 2011 the OWASP Foundation. See LICENSE for details.

# Payfast Payfast is a Ruby gem that simplifies the process of integrating the PayFast payment gateway into your Ruby on Rails application. It provides a generator that helps scaffold the necessary configuration, routes, models, and controllers required to integrate PayFast seamlessly. ## Demo  ## Installation Add this line to your application's Gemfile: ```bash bundle add payfast ``` ## Usage ```bash rails generate payfast:install ``` ## This generator will perform the following actions: insert config/routes.rb create app/controllers/carts_controller.rb create app/views/carts/index.html.erb create app/views/carts/make_payment.html.erb create app/helpers/carts_helper.rb create db/migrate/20230824105530_create_carts.rb create config/payfast.yml create app/models/cart.rb insert app/views/layouts/application.html.erb insert config/environments/development.rb ## Additional configuration Setup payfast credentials for your environment rails EDITOR="code --wait" bin/rails credentials:edit This will allow you to securely edit and store your credentials. once you save and exit the file, the credentials will be encrypted and can only be accessed withe rails master key. payfast: merchant_id: {your_merchant_id} merchant_key: {your_merchant_key} passphrase: {{your_passphrase}} ## Update your `payfast.yml` config file - setup the credentials to be use by the rails app - uncomment `Rails.application.credentials.payfast.merchant_id ` and wrap it in erb tags as instructed in the comments. ## Templates Update the `make_payment.html.erb` as instructed in the file. it should look like so: ```js <script> // set the uuid to uuid = @cart.payment_uid. surround @carts.payment_uid with erb tags const uuid = `<%= @cart.payment_uuid %>` window.payfast_do_onsite_payment({uuid}, function (result) { if (result === true) { // redirect success_path(@cart) window.location.href = `<%= success_cart_path(@cart) %>` } else { // Redirect to failure_path(@cart) window.location.href = `<%= failure_cart_path(@cart) %>` } }); </script> ``` ## Testing - payfast api allows only SSL communication from your server. inorder to test locally. you will have to use a tunneling service that allows you to expose your local development server to the internet. your rails development config has was modified by the generator to allow ngrok hosts to hit your rails server ```ruby config.hosts << /[a-z0-9-]+\.ngrok-free\.app/ ``` ## Contributing Thank you for considering contributing to our project! We welcome contributions from the community to help improve this project and make it better for everyone. ### Issues If you encounter any issues or bugs while using our project, please [open a new issue](https://github.com/mactunechy/payfast/issues) on GitHub. Please make sure to include detailed information about the problem, steps to reproduce it, and the environment in which you encountered it. ### Pull Requests We encourage pull requests from the community! If you have an improvement or new feature you'd like to contribute, please follow these steps: 1. Fork the repository and create a new branch for your feature or bug fix. 2. Make your changes and write tests to cover any new functionality. 3. Ensure that the existing tests pass and write additional tests for any bug fixes. 4. Commit your changes and push the new branch to your forked repository. 5. Submit a pull request to our main repository, including a detailed description of the changes you made and any relevant information. We will review your pull request as soon as possible and provide feedback if needed. We value your contributions and will work with you to ensure your changes are integrated smoothly. d Your contributions are essential to the success of this project, and we are grateful for your help in making it better for everyone. If you have any questions or need further assistance, feel free to reach out to us. Happy coding!

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.

No description provided.