brakeman-lib 6.1.1 → 6.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +10 -0
- data/lib/brakeman/checks/check_eol_ruby.rb +1 -0
- data/lib/brakeman/checks/check_render.rb +6 -1
- data/lib/brakeman/checks/check_session_settings.rb +2 -3
- data/lib/brakeman/processors/alias_processor.rb +7 -2
- data/lib/brakeman/report/pager.rb +1 -1
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman.rb +2 -3
- metadata +5 -19
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5c304c8cdc5e9e696b5e8780433a1bc611f89e0ea2f0c1c56b3e8a11547a7d1a
|
4
|
+
data.tar.gz: eab139739dbe7b93277f36d8909a8d49a283172879df524fc691386823e2ba68
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d790830a233a7543427ff1236e1929342cf3e4a42b207eb557a3502d237e39f674a27fd74b881acbd92348539f9318eab9ea1718e7fbe570a1cedca3278c5c06
|
7
|
+
data.tar.gz: 23c77975be13a621836f59f2cad832fc94add807b70db5c8809c888a1bf2229345154eb61adb65510c6abf067e10646ba6df1935565defac4753b365ea30fb5b
|
data/CHANGES.md
CHANGED
@@ -1,3 +1,13 @@
|
|
1
|
+
# 6.1.2 - 2024-02-01
|
2
|
+
|
3
|
+
* Update Highline to 3.0
|
4
|
+
* Add EOL date for Ruby 3.3.0
|
5
|
+
* Avoid copying Sexps that are too large
|
6
|
+
* Avoid detecting `ViewComponentContrib::Base` as dynamic render paths (vividmuimui)
|
7
|
+
* Remove deprecated use of `Kernel#open("|...")`
|
8
|
+
* Remove `safe_yaml` gem dependency
|
9
|
+
* Avoid detecting Phlex components as dynamic render paths (Máximo Mussini)
|
10
|
+
|
1
11
|
# 6.1.1 - 2023-12-24
|
2
12
|
|
3
13
|
* Handle racc as a default gem in Ruby 3.3.0
|
@@ -108,6 +108,11 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
|
|
108
108
|
def known_renderable_class? class_name
|
109
109
|
klass = tracker.find_class(class_name)
|
110
110
|
return false if klass.nil?
|
111
|
-
|
111
|
+
knowns = [
|
112
|
+
:"ViewComponent::Base",
|
113
|
+
:"ViewComponentContrib::Base",
|
114
|
+
:"Phlex::HTML"
|
115
|
+
]
|
116
|
+
knowns.any? { |k| klass.ancestor? k }
|
112
117
|
end
|
113
118
|
end
|
@@ -116,10 +116,9 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
|
|
116
116
|
|
117
117
|
if secrets_file.exists? and not ignored? "secrets.yml" and not ignored? "config/*.yml"
|
118
118
|
yaml = secrets_file.read
|
119
|
-
require '
|
120
|
-
require 'safe_yaml/load'
|
119
|
+
require 'yaml'
|
121
120
|
begin
|
122
|
-
secrets =
|
121
|
+
secrets = YAML.safe_load yaml
|
123
122
|
rescue Psych::SyntaxError, RuntimeError => e
|
124
123
|
Brakeman.notify "[Notice] #{self.class}: Unable to parse `#{secrets_file}`"
|
125
124
|
Brakeman.debug "Failed to parse #{secrets_file}: #{e.inspect}"
|
@@ -32,6 +32,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
32
32
|
@or_depth_limit = (tracker && tracker.options[:branch_limit]) || 5 #arbitrary default
|
33
33
|
@meth_env = nil
|
34
34
|
@current_file = current_file
|
35
|
+
@mass_limit = (tracker && tracker.options[:mass_limit]) || 1000 # arbitrary default
|
35
36
|
set_env_defaults
|
36
37
|
end
|
37
38
|
|
@@ -82,8 +83,12 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
82
83
|
def replace exp, int = 0
|
83
84
|
return exp if int > 3
|
84
85
|
|
85
|
-
if replacement = env[exp]
|
86
|
-
|
86
|
+
if replacement = env[exp]
|
87
|
+
if not duplicate? replacement and replacement.mass < @mass_limit
|
88
|
+
replace(replacement.deep_clone(exp.line), int + 1)
|
89
|
+
else
|
90
|
+
exp
|
91
|
+
end
|
87
92
|
elsif tracker and replacement = tracker.constant_lookup(exp) and not duplicate? replacement
|
88
93
|
replace(replacement.deep_clone(exp.line), int + 1)
|
89
94
|
else
|
@@ -52,7 +52,7 @@ module Brakeman
|
|
52
52
|
def page_via_less text
|
53
53
|
# Adapted from https://github.com/piotrmurach/tty-pager/
|
54
54
|
|
55
|
-
write_io =
|
55
|
+
write_io = IO.popen("less #{less_options.join}", 'w')
|
56
56
|
pid = write_io.pid
|
57
57
|
|
58
58
|
write_io.write(text)
|
data/lib/brakeman/version.rb
CHANGED
data/lib/brakeman.rb
CHANGED
@@ -128,9 +128,8 @@ module Brakeman
|
|
128
128
|
|
129
129
|
#Load configuration file
|
130
130
|
if config = config_file(custom_location, app_path)
|
131
|
-
require '
|
132
|
-
|
133
|
-
options = SafeYAML.load_file config, :deserialize_symbols => true
|
131
|
+
require 'yaml'
|
132
|
+
options = YAML.safe_load_file config, permitted_classes: [Symbol], symbolize_names: true
|
134
133
|
|
135
134
|
if options
|
136
135
|
options.each { |k, v| options[k] = Set.new v if v.is_a? Array }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman-lib
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.1.
|
4
|
+
version: 6.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-02-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: minitest
|
@@ -122,20 +122,6 @@ dependencies:
|
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: 2.4.0
|
125
|
-
- !ruby/object:Gem::Dependency
|
126
|
-
name: safe_yaml
|
127
|
-
requirement: !ruby/object:Gem::Requirement
|
128
|
-
requirements:
|
129
|
-
- - ">="
|
130
|
-
- !ruby/object:Gem::Version
|
131
|
-
version: '1.0'
|
132
|
-
type: :runtime
|
133
|
-
prerelease: false
|
134
|
-
version_requirements: !ruby/object:Gem::Requirement
|
135
|
-
requirements:
|
136
|
-
- - ">="
|
137
|
-
- !ruby/object:Gem::Version
|
138
|
-
version: '1.0'
|
139
125
|
- !ruby/object:Gem::Dependency
|
140
126
|
name: racc
|
141
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -170,14 +156,14 @@ dependencies:
|
|
170
156
|
requirements:
|
171
157
|
- - "~>"
|
172
158
|
- !ruby/object:Gem::Version
|
173
|
-
version: '
|
159
|
+
version: '3.0'
|
174
160
|
type: :runtime
|
175
161
|
prerelease: false
|
176
162
|
version_requirements: !ruby/object:Gem::Requirement
|
177
163
|
requirements:
|
178
164
|
- - "~>"
|
179
165
|
- !ruby/object:Gem::Version
|
180
|
-
version: '
|
166
|
+
version: '3.0'
|
181
167
|
- !ruby/object:Gem::Dependency
|
182
168
|
name: erubis
|
183
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -466,7 +452,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
466
452
|
- !ruby/object:Gem::Version
|
467
453
|
version: '0'
|
468
454
|
requirements: []
|
469
|
-
rubygems_version: 3.
|
455
|
+
rubygems_version: 3.5.3
|
470
456
|
signing_key:
|
471
457
|
specification_version: 4
|
472
458
|
summary: Security vulnerability scanner for Ruby on Rails.
|