brakeman-lib 6.2.2 → 7.0.0

data/lib/brakeman/tracker/file_cache.rb

@@ -0,0 +1,83 @@
+module Brakeman
+  class FileCache
+    def initialize(file_list = nil)
+      @file_list = file_list || {
+        controller: {},
+        initializer: {},
+        lib: {},
+        model: {},
+        template: {},
+      }
+    end
+
+    def controllers
+      @file_list[:controller]
+    end
+
+    def initializers
+      @file_list[:initializer]
+    end
+
+    def libs
+      @file_list[:lib]
+    end
+
+    def models
+      @file_list[:model]
+    end
+
+    def templates
+      @file_list[:template]
+    end
+
+    def add_file(astfile, type)
+      raise "Unknown type: #{type}" unless valid_type? type
+      @file_list[type][astfile.path] = astfile
+    end
+
+    def valid_type?(type)
+      @file_list.key? type
+    end
+
+    def cached? path
+      @file_list.any? do |name, list|
+        list[path]
+      end
+    end
+
+    def delete path
+      @file_list.each do |name, list|
+        list.delete path
+      end
+    end
+
+    def diff other
+      @file_list.each do |name, list|
+        other_list = other.send(:"#{name}s")
+
+        if list == other_list
+          next
+        else
+          puts "-- #{name} --"
+          puts "Old: #{other_list.keys - list.keys}"
+          puts "New: #{list.keys - other_list.keys}"
+        end
+      end
+    end
+
+    def dup
+      copy_file_list = @file_list.map do |name, list|
+        copy_list = list.map do |path, astfile|
+          copy_astfile = astfile.dup
+          copy_astfile.ast = copy_astfile.ast.deep_clone
+
+          [path, copy_astfile]
+        end.to_h
+
+        [name, copy_list]
+      end.to_h
+
+      FileCache.new(copy_file_list)
+    end
+  end
+end

data/lib/brakeman/tracker.rb

@@ -12,7 +12,7 @@ class Brakeman::Tracker
   attr_accessor :controllers, :constants, :templates, :models, :errors,
     :checks, :initializers, :config, :routes, :processor, :libs,
     :template_cache, :options, :filter_cache, :start_time, :end_time,
-    :duration, :ignored_filter, :app_tree
+    :duration, :ignored_filter, :app_tree, :file_cache, :pristine_file_cache
 
   #Place holder when there should be a model, but it is not
   #clear what model it will be.
@@ -26,15 +26,22 @@ class Brakeman::Tracker
     @app_tree = app_tree
     @processor = processor
     @options = options
+    @file_cache = Brakeman::FileCache.new
+    @pristine_file_cache = nil
 
-    @config = Brakeman::Config.new(self)
+    reset_all
+  end
+
+  def reset_all
     @templates = {}
     @controllers = {}
+
     #Initialize models with the unknown model so
     #we can match models later without knowing precisely what
     #class they are.
     @models = {}
     @models[UNKNOWN_MODEL] = Brakeman::Model.new(UNKNOWN_MODEL, nil, @app_tree.file_path("NOT_REAL.rb"), nil, self)
+
     @method_cache = {}
     @routes = {}
     @initializers = {}
@@ -46,11 +53,16 @@ class Brakeman::Tracker
     @template_cache = Set.new
     @filter_cache = {}
     @call_index = nil
+    @config = Brakeman::Config.new(self)
     @start_time = Time.now
     @end_time = nil
     @duration = nil
   end
 
+  def save_file_cache!
+    @pristine_file_cache = @file_cache.dup
+  end
+
   #Add an error to the list. If no backtrace is given,
   #the one from the exception will be used.
   def error exception, backtrace = nil
@@ -301,6 +313,11 @@ class Brakeman::Tracker
       method_sets << self.controllers
     end
 
+    if locations.include? :libs
+      classes_to_reindex.merge self.libs.keys
+      method_sets << self.libs
+    end
+
     if locations.include? :initializers
       self.initializers.each do |file_name, src|
         @call_index.remove_indexes_by_file file_name

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "6.2.2"
+  Version = "7.0.0"
 end

data/lib/brakeman.rb

@@ -84,6 +84,15 @@ module Brakeman
       options[:report_progress] = false
     end
 
+    if options[:use_prism]
+      begin
+        require 'prism'
+        notify '[Notice] Using Prism parser'
+      rescue LoadError => e
+        Brakeman.debug "[Notice] Asked to use Prism, but failed to load: #{e}"
+      end
+    end
+
     scan options
   end
 
@@ -196,6 +205,7 @@ module Brakeman
       :pager => true,
       :parallel_checks => true,
       :parser_timeout => 10,
+      :use_prism => true,
       :relative_path => false,
       :report_progress => true,
       :safe_methods => Set.new,
@@ -464,12 +474,12 @@ module Brakeman
   def self.rescan tracker, files, options = {}
     require 'brakeman/rescanner'
 
-    tracker.options.merge! options
+    options = tracker.options.merge options
 
     @quiet = !!tracker.options[:quiet]
     @debug = !!tracker.options[:debug]
 
-    Rescanner.new(tracker.options, tracker.processor, files).recheck
+    Rescanner.new(options, tracker.processor, files).recheck
   end
 
   def self.notify message

metadata

@@ -1,29 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman-lib
 version: !ruby/object:Gem::Version
-  version: 6.2.2
+  version: 7.0.0
 platform: ruby
 authors:
 - Justin Collins
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-17 00:00:00.000000000 Z
+date: 2024-12-31 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: csv
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -66,20 +51,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov-html
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.2
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.2
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -150,20 +121,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: csv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: terminal-table
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
@@ -240,6 +225,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: prism
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications
   via static analysis. This package declares gem dependencies instead of bundling
   them.
@@ -431,6 +430,7 @@ files:
 - lib/brakeman/tracker/config.rb
 - lib/brakeman/tracker/constants.rb
 - lib/brakeman/tracker/controller.rb
+- lib/brakeman/tracker/file_cache.rb
 - lib/brakeman/tracker/library.rb
 - lib/brakeman/tracker/method_info.rb
 - lib/brakeman/tracker/model.rb
@@ -452,7 +452,6 @@ metadata:
   mailing_list_uri: https://gitter.im/presidentbeef/brakeman
   source_code_uri: https://github.com/presidentbeef/brakeman
   wiki_uri: https://github.com/presidentbeef/brakeman/wiki
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -467,8 +466,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Security vulnerability scanner for Ruby on Rails.
 test_files: []