brakeman-lib 3.3.1

data/lib/ruby_parser/bm_sexp_processor.rb

@@ -0,0 +1,116 @@
+##
+# SexpProcessor provides a uniform interface to process Sexps.
+#
+# In order to create your own SexpProcessor subclass you'll need
+# to call super in the initialize method, then set any of the
+# Sexp flags you want to be different from the defaults.
+#
+# SexpProcessor uses a Sexp's type to determine which process method
+# to call in the subclass.  For Sexp <code>s(:lit, 1)</code>
+# SexpProcessor will call #process_lit, if it is defined.
+#
+
+class Brakeman::SexpProcessor
+
+  VERSION = 'CUSTOM'
+
+  ##
+  # Return a stack of contexts. Most recent node is first.
+
+  attr_reader :context
+
+  ##
+  # Expected result class
+
+  attr_accessor :expected
+
+  ##
+  # A scoped environment to make you happy.
+
+  attr_reader :env
+
+  # Cache process methods per class
+
+  def self.processors
+    @processors ||= {}
+  end
+
+  ##
+  # Creates a new SexpProcessor.  Use super to invoke this
+  # initializer from SexpProcessor subclasses, then use the
+  # attributes above to customize the functionality of the
+  # SexpProcessor
+
+  def initialize
+    @expected            = Sexp
+    @processors = self.class.processors
+    @context    = []
+
+    if @processors.empty?
+      public_methods.each do |name|
+        if name.to_s.start_with? "process_" then
+          @processors[name[8..-1].to_sym] = name.to_sym
+        end
+      end
+    end
+  end
+
+  ##
+  # Default Sexp processor.  Invokes process_<type> methods matching
+  # the Sexp type given.  Performs additional checks as specified by
+  # the initializer.
+
+  def process(exp)
+    return nil if exp.nil?
+
+    result = nil
+
+    type = exp.first
+    raise "Type should be a Symbol, not: #{exp.first.inspect} in #{exp.inspect}" unless Symbol === type
+
+    in_context type do
+      # now do a pass with the real processor (or generic)
+      meth = @processors[type]
+      if meth then
+        result = self.send(meth, exp)
+      else
+        result = self.process_default(exp)
+      end
+    end
+    
+    raise SexpTypeError, "Result must be a #{@expected}, was #{result.class}:#{result.inspect}" unless @expected === result
+    
+    result
+  end
+
+  ##
+  # Add a scope level to the current env. Eg:
+  #
+  #   def process_defn exp
+  #     name = exp.shift
+  #     args = process(exp.shift)
+  #     scope do
+  #       body = process(exp.shift)
+  #       # ...
+  #     end
+  #   end
+  #
+  #   env[:x] = 42
+  #   scope do
+  #     env[:x]       # => 42
+  #     env[:y] = 24
+  #   end
+  #   env[:y]         # => nil
+
+  def scope &block
+    env.scope(&block)
+  end
+
+  def in_context type
+    self.context.unshift type
+
+    yield
+
+    self.context.shift
+  end
+end

metadata

@@ -0,0 +1,362 @@
+--- !ruby/object:Gem::Specification
+name: brakeman-lib
+version: !ruby/object:Gem::Version
+  version: 3.3.1
+platform: ruby
+authors:
+- Justin Collins
+autorequire: 
+bindir: bin
+cert_chain:
+- brakeman-public_cert.pem
+date: 2016-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby_parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.8.1
+- !ruby/object:Gem::Dependency
+  name: ruby2ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: safe_yaml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.20
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.20
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: haml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: sass
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: slim
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+description: Brakeman detects security vulnerabilities in Ruby on Rails applications
+  via static analysis. This package declares gem dependencies instead of bundling
+  them.
+email: gem@brakeman.org
+executables:
+- brakeman
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGES
+- FEATURES
+- README.md
+- WARNING_TYPES
+- bin/brakeman
+- lib/brakeman.rb
+- lib/brakeman/app_tree.rb
+- lib/brakeman/brakeman.rake
+- lib/brakeman/call_index.rb
+- lib/brakeman/checks.rb
+- lib/brakeman/checks/base_check.rb
+- lib/brakeman/checks/check_basic_auth.rb
+- lib/brakeman/checks/check_basic_auth_timing_attack.rb
+- lib/brakeman/checks/check_content_tag.rb
+- lib/brakeman/checks/check_create_with.rb
+- lib/brakeman/checks/check_cross_site_scripting.rb
+- lib/brakeman/checks/check_default_routes.rb
+- lib/brakeman/checks/check_deserialize.rb
+- lib/brakeman/checks/check_detailed_exceptions.rb
+- lib/brakeman/checks/check_digest_dos.rb
+- lib/brakeman/checks/check_dynamic_finders.rb
+- lib/brakeman/checks/check_escape_function.rb
+- lib/brakeman/checks/check_evaluation.rb
+- lib/brakeman/checks/check_execute.rb
+- lib/brakeman/checks/check_file_access.rb
+- lib/brakeman/checks/check_file_disclosure.rb
+- lib/brakeman/checks/check_filter_skipping.rb
+- lib/brakeman/checks/check_forgery_setting.rb
+- lib/brakeman/checks/check_header_dos.rb
+- lib/brakeman/checks/check_i18n_xss.rb
+- lib/brakeman/checks/check_jruby_xml.rb
+- lib/brakeman/checks/check_json_encoding.rb
+- lib/brakeman/checks/check_json_parsing.rb
+- lib/brakeman/checks/check_link_to.rb
+- lib/brakeman/checks/check_link_to_href.rb
+- lib/brakeman/checks/check_mail_to.rb
+- lib/brakeman/checks/check_mass_assignment.rb
+- lib/brakeman/checks/check_mime_type_dos.rb
+- lib/brakeman/checks/check_model_attr_accessible.rb
+- lib/brakeman/checks/check_model_attributes.rb
+- lib/brakeman/checks/check_model_serialize.rb
+- lib/brakeman/checks/check_nested_attributes.rb
+- lib/brakeman/checks/check_nested_attributes_bypass.rb
+- lib/brakeman/checks/check_number_to_currency.rb
+- lib/brakeman/checks/check_quote_table_name.rb
+- lib/brakeman/checks/check_redirect.rb
+- lib/brakeman/checks/check_regex_dos.rb
+- lib/brakeman/checks/check_render.rb
+- lib/brakeman/checks/check_render_dos.rb
+- lib/brakeman/checks/check_render_inline.rb
+- lib/brakeman/checks/check_response_splitting.rb
+- lib/brakeman/checks/check_route_dos.rb
+- lib/brakeman/checks/check_safe_buffer_manipulation.rb
+- lib/brakeman/checks/check_sanitize_methods.rb
+- lib/brakeman/checks/check_secrets.rb
+- lib/brakeman/checks/check_select_tag.rb
+- lib/brakeman/checks/check_select_vulnerability.rb
+- lib/brakeman/checks/check_send.rb
+- lib/brakeman/checks/check_send_file.rb
+- lib/brakeman/checks/check_session_manipulation.rb
+- lib/brakeman/checks/check_session_settings.rb
+- lib/brakeman/checks/check_simple_format.rb
+- lib/brakeman/checks/check_single_quotes.rb
+- lib/brakeman/checks/check_skip_before_filter.rb
+- lib/brakeman/checks/check_sql.rb
+- lib/brakeman/checks/check_sql_cves.rb
+- lib/brakeman/checks/check_ssl_verify.rb
+- lib/brakeman/checks/check_strip_tags.rb
+- lib/brakeman/checks/check_symbol_dos.rb
+- lib/brakeman/checks/check_symbol_dos_cve.rb
+- lib/brakeman/checks/check_translate_bug.rb
+- lib/brakeman/checks/check_unsafe_reflection.rb
+- lib/brakeman/checks/check_unscoped_find.rb
+- lib/brakeman/checks/check_validation_regex.rb
+- lib/brakeman/checks/check_weak_hash.rb
+- lib/brakeman/checks/check_without_protection.rb
+- lib/brakeman/checks/check_xml_dos.rb
+- lib/brakeman/checks/check_yaml_parsing.rb
+- lib/brakeman/differ.rb
+- lib/brakeman/file_parser.rb
+- lib/brakeman/format/style.css
+- lib/brakeman/options.rb
+- lib/brakeman/parsers/rails2_erubis.rb
+- lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
+- lib/brakeman/parsers/rails3_erubis.rb
+- lib/brakeman/parsers/template_parser.rb
+- lib/brakeman/processor.rb
+- lib/brakeman/processors/alias_processor.rb
+- lib/brakeman/processors/base_processor.rb
+- lib/brakeman/processors/config_processor.rb
+- lib/brakeman/processors/controller_alias_processor.rb
+- lib/brakeman/processors/controller_processor.rb
+- lib/brakeman/processors/erb_template_processor.rb
+- lib/brakeman/processors/erubis_template_processor.rb
+- lib/brakeman/processors/gem_processor.rb
+- lib/brakeman/processors/haml_template_processor.rb
+- lib/brakeman/processors/lib/basic_processor.rb
+- lib/brakeman/processors/lib/find_all_calls.rb
+- lib/brakeman/processors/lib/find_call.rb
+- lib/brakeman/processors/lib/find_return_value.rb
+- lib/brakeman/processors/lib/processor_helper.rb
+- lib/brakeman/processors/lib/rails2_config_processor.rb
+- lib/brakeman/processors/lib/rails2_route_processor.rb
+- lib/brakeman/processors/lib/rails3_config_processor.rb
+- lib/brakeman/processors/lib/rails3_route_processor.rb
+- lib/brakeman/processors/lib/render_helper.rb
+- lib/brakeman/processors/lib/render_path.rb
+- lib/brakeman/processors/lib/route_helper.rb
+- lib/brakeman/processors/lib/safe_call_helper.rb
+- lib/brakeman/processors/library_processor.rb
+- lib/brakeman/processors/model_processor.rb
+- lib/brakeman/processors/output_processor.rb
+- lib/brakeman/processors/route_processor.rb
+- lib/brakeman/processors/slim_template_processor.rb
+- lib/brakeman/processors/template_alias_processor.rb
+- lib/brakeman/processors/template_processor.rb
+- lib/brakeman/report.rb
+- lib/brakeman/report/config/remediation.yml
+- lib/brakeman/report/ignore/config.rb
+- lib/brakeman/report/ignore/interactive.rb
+- lib/brakeman/report/renderer.rb
+- lib/brakeman/report/report_base.rb
+- lib/brakeman/report/report_codeclimate.rb
+- lib/brakeman/report/report_csv.rb
+- lib/brakeman/report/report_hash.rb
+- lib/brakeman/report/report_html.rb
+- lib/brakeman/report/report_json.rb
+- lib/brakeman/report/report_markdown.rb
+- lib/brakeman/report/report_table.rb
+- lib/brakeman/report/report_tabs.rb
+- lib/brakeman/report/templates/controller_overview.html.erb
+- lib/brakeman/report/templates/controller_warnings.html.erb
+- lib/brakeman/report/templates/error_overview.html.erb
+- lib/brakeman/report/templates/header.html.erb
+- lib/brakeman/report/templates/ignored_warnings.html.erb
+- lib/brakeman/report/templates/model_warnings.html.erb
+- lib/brakeman/report/templates/overview.html.erb
+- lib/brakeman/report/templates/security_warnings.html.erb
+- lib/brakeman/report/templates/template_overview.html.erb
+- lib/brakeman/report/templates/view_warnings.html.erb
+- lib/brakeman/report/templates/warning_overview.html.erb
+- lib/brakeman/rescanner.rb
+- lib/brakeman/scanner.rb
+- lib/brakeman/tracker.rb
+- lib/brakeman/tracker/collection.rb
+- lib/brakeman/tracker/config.rb
+- lib/brakeman/tracker/constants.rb
+- lib/brakeman/tracker/controller.rb
+- lib/brakeman/tracker/library.rb
+- lib/brakeman/tracker/model.rb
+- lib/brakeman/tracker/template.rb
+- lib/brakeman/util.rb
+- lib/brakeman/version.rb
+- lib/brakeman/warning.rb
+- lib/brakeman/warning_codes.rb
+- lib/ruby_parser/bm_sexp.rb
+- lib/ruby_parser/bm_sexp_processor.rb
+homepage: http://brakemanscanner.org
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Security vulnerability scanner for Ruby on Rails.
+test_files: []