brakeman-lib 5.0.0 → 5.1.0

data/lib/brakeman/tracker/method_info.rb

@@ -0,0 +1,70 @@
+require 'brakeman/util'
+
+module Brakeman
+  class MethodInfo
+    include Brakeman::Util
+
+    attr_reader :name, :src, :owner, :file, :type
+
+    def initialize name, src, owner, file
+      @name = name
+      @src = src
+      @owner = owner
+      @file = file
+      @type = case src.node_type
+              when :defn
+                :instance
+              when :defs
+                :class
+              else
+                raise "Expected sexp type: #{src.node_type}"
+              end
+
+      @simple_method = nil
+    end
+
+    # To support legacy code that expected a Hash
+    def [] attr
+      self.send(attr)
+    end
+
+    def very_simple_method?
+      return @simple_method == :very unless @simple_method.nil?
+
+      # Very simple methods have one (simple) expression in the body and
+      # no arguments
+      if src.formal_args.length == 1 # no args
+        if src.method_length == 1 # Single expression in body
+          value = first_body # First expression in body
+
+          if simple_literal? value or
+              (array? value and all_literals? value) or
+              (hash? value and all_literals? value, :hash)
+
+            @return_value = value
+            @simple_method = :very
+          end
+        end
+      end
+
+      @simple_method ||= false
+    end
+
+    def return_value env = nil
+      if very_simple_method?
+        return @return_value
+      else
+        nil
+      end
+    end
+
+    def first_body
+      case @type
+      when :class
+        src[4]
+      when :instance
+        src[3]
+      end
+    end
+  end
+end

data/lib/brakeman/util.rb

@@ -50,7 +50,11 @@ module Brakeman::Util
 
   # stupid simple, used to delegate to ActiveSupport
   def pluralize word
-    word + "s"
+    if word.end_with? 's'
+      word + 'es'
+    else
+      word + 's'
+    end
   end
 
   #Returns a class name as a Symbol.
@@ -142,6 +146,14 @@ module Brakeman::Util
     nil
   end
 
+  def hash_values hash
+    values = hash.each_sexp.each_slice(2).map do |_, value|
+      value
+    end
+
+    Sexp.new(:array).concat(values).line(hash.line)
+  end
+
   #These are never modified
   PARAMS_SEXP = Sexp.new(:params)
   SESSION_SEXP = Sexp.new(:session)
@@ -230,30 +242,22 @@ module Brakeman::Util
 
   #Check if _exp_ is a params hash
   def params? exp
-    if exp.is_a? Sexp
-      return true if exp.node_type == :params or ALL_PARAMETERS.include? exp
-
-      if call? exp
-        if params? exp[1]
-          return true
-        elsif exp[2] == :[]
-          return params? exp[1]
-        end
-      end
-    end
-
-    false
+    recurse_check?(exp) { |child| child.node_type == :params or ALL_PARAMETERS.include? child }
   end
 
   def cookies? exp
+    recurse_check?(exp) { |child| child.node_type == :cookies or ALL_COOKIES.include? child }
+  end
+
+  def recurse_check? exp, &check
     if exp.is_a? Sexp
-      return true if exp.node_type == :cookies or ALL_COOKIES.include? exp
+      return true if yield(exp)
 
       if call? exp
-        if cookies? exp[1]
+        if recurse_check? exp[1], &check
           return true
         elsif exp[2] == :[]
-          return cookies? exp[1]
+          return recurse_check? exp[1], &check
         end
       end
     end
@@ -293,12 +297,24 @@ module Brakeman::Util
     exp.is_a? Sexp and types.include? exp.node_type
   end
 
-  LITERALS = [:lit, :false, :str, :true, :array, :hash]
+  SIMPLE_LITERALS = [:lit, :false, :str, :true]
+
+  def simple_literal? exp
+    exp.is_a? Sexp and SIMPLE_LITERALS.include? exp.node_type
+  end
+
+  LITERALS = [*SIMPLE_LITERALS, :array, :hash]
 
   def literal? exp
     exp.is_a? Sexp and LITERALS.include? exp.node_type
   end
 
+  def all_literals? exp, expected_type = :array
+    node_type? exp, expected_type and
+      exp.length > 1 and
+      exp.all? { |e| e.is_a? Symbol or node_type? e, :lit, :str }
+  end
+
   DIR_CONST = s(:const, :Dir)
 
   # Dir.glob(...).whatever

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "5.0.0"
+  Version = "5.1.0"
 end

data/lib/ruby_parser/bm_sexp.rb

@@ -543,6 +543,20 @@ class Sexp
     self.body.unshift :rlist
   end
 
+  # Number of "statements" in a method.
+  # This is more effecient than `Sexp#body.length`
+  # because `Sexp#body` creates a new Sexp.
+  def method_length
+    expect :defn, :defs
+
+    case self.node_type
+    when :defn
+      self.length - 3
+    when :defs
+      self.length - 4
+    end
+  end
+
   def render_type
     expect :render
     self[1]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman-lib
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 5.1.0
 platform: ruby
 authors:
 - Justin Collins
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-27 00:00:00.000000000 Z
+date: 2021-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -66,6 +66,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.10.2
+- !ruby/object:Gem::Dependency
+  name: parallel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.20'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.20'
 - !ruby/object:Gem::Dependency
   name: ruby_parser
   requirement: !ruby/object:Gem::Requirement
@@ -380,6 +394,7 @@ files:
 - lib/brakeman/report/report_base.rb
 - lib/brakeman/report/report_codeclimate.rb
 - lib/brakeman/report/report_csv.rb
+- lib/brakeman/report/report_github.rb
 - lib/brakeman/report/report_hash.rb
 - lib/brakeman/report/report_html.rb
 - lib/brakeman/report/report_json.rb
@@ -409,6 +424,7 @@ files:
 - lib/brakeman/tracker/constants.rb
 - lib/brakeman/tracker/controller.rb
 - lib/brakeman/tracker/library.rb
+- lib/brakeman/tracker/method_info.rb
 - lib/brakeman/tracker/model.rb
 - lib/brakeman/tracker/template.rb
 - lib/brakeman/util.rb