brakeman-lib 4.5.0 → 4.7.1

data/lib/brakeman/warning_codes.rb

@@ -110,6 +110,10 @@ module Brakeman::WarningCodes
     :CVE_2018_8048 => 106,
     :CVE_2018_3741 => 107,
     :CVE_2018_3760 => 108,
+    :force_ssl_disabled => 109,
+    :unsafe_cookie_serialization => 110,
+    :reverse_tabnabbing => 111,
+    :custom_check => 9090,
   }
 
   def self.code name

data/lib/ruby_parser/bm_sexp.rb

@@ -40,7 +40,7 @@ class Sexp
       s.line(line)
     else
       s.original_line = self.original_line
-      s.line(self.line)
+      s.line(self.line) if self.line
     end
 
     s
@@ -371,7 +371,12 @@ class Sexp
   #       s(:block, s(:lvar, :y), s(:call, nil, :z, s(:arglist))))
   def block_call
     expect :iter
-    self[1]
+
+    if self[1].node_type == :lambda
+      s(:call, nil, :lambda).line(self.line)
+    else
+      self[1]
+    end
   end
 
   #Returns block of a call with a block.

data/lib/ruby_parser/bm_sexp_processor.rb

@@ -45,6 +45,7 @@ class Brakeman::SexpProcessor
     @expected            = Sexp
     @processors = self.class.processors
     @context    = []
+    @current_class = @current_module = @current_method = @visibility = nil
 
     if @processors.empty?
       public_methods.each do |name|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: brakeman-lib
 version: !ruby/object:Gem::Version
-  version: 4.5.0
+  version: 4.7.1
 platform: ruby
 authors:
 - Justin Collins
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain:
 - brakeman-public_cert.pem
-date: 2019-03-16 00:00:00.000000000 Z
+date: 2019-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -39,6 +39,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ruby_parser
   requirement: !ruby/object:Gem::Requirement
@@ -127,20 +141,14 @@ dependencies:
   name: highline
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.6.20
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.6.20
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
@@ -161,22 +169,16 @@ dependencies:
   name: haml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '3.0'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '3.0'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.1'
 - !ruby/object:Gem::Dependency
   name: slim
   requirement: !ruby/object:Gem::Requirement
@@ -218,6 +220,7 @@ files:
 - lib/brakeman/checks/check_basic_auth.rb
 - lib/brakeman/checks/check_basic_auth_timing_attack.rb
 - lib/brakeman/checks/check_content_tag.rb
+- lib/brakeman/checks/check_cookie_serialization.rb
 - lib/brakeman/checks/check_create_with.rb
 - lib/brakeman/checks/check_cross_site_scripting.rb
 - lib/brakeman/checks/check_default_routes.rb
@@ -232,6 +235,7 @@ files:
 - lib/brakeman/checks/check_file_access.rb
 - lib/brakeman/checks/check_file_disclosure.rb
 - lib/brakeman/checks/check_filter_skipping.rb
+- lib/brakeman/checks/check_force_ssl.rb
 - lib/brakeman/checks/check_forgery_setting.rb
 - lib/brakeman/checks/check_header_dos.rb
 - lib/brakeman/checks/check_i18n_xss.rb
@@ -257,6 +261,7 @@ files:
 - lib/brakeman/checks/check_render_dos.rb
 - lib/brakeman/checks/check_render_inline.rb
 - lib/brakeman/checks/check_response_splitting.rb
+- lib/brakeman/checks/check_reverse_tabnabbing.rb
 - lib/brakeman/checks/check_route_dos.rb
 - lib/brakeman/checks/check_safe_buffer_manipulation.rb
 - lib/brakeman/checks/check_sanitize_methods.rb
@@ -289,6 +294,7 @@ files:
 - lib/brakeman/commandline.rb
 - lib/brakeman/differ.rb
 - lib/brakeman/file_parser.rb
+- lib/brakeman/file_path.rb
 - lib/brakeman/format/style.css
 - lib/brakeman/messages.rb
 - lib/brakeman/options.rb
@@ -393,8 +399,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.8
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Security vulnerability scanner for Ruby on Rails.