RubyGems - brakeman-lib - Versions diffs - 6.2.2 → 7.0.0 - Mend

brakeman-lib 6.2.2 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +4 -4
data/CHANGES.md +17 -0
data/lib/brakeman/app_tree.rb +23 -18
data/lib/brakeman/checks/check_deserialize.rb +4 -1
data/lib/brakeman/checks/check_evaluation.rb +20 -2
data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -0
data/lib/brakeman/file_parser.rb +2 -1
data/lib/brakeman/options.rb +8 -5
data/lib/brakeman/processors/alias_processor.rb +6 -2
data/lib/brakeman/processors/lib/file_type_detector.rb +9 -7
data/lib/brakeman/report/ignore/config.rb +0 -1
data/lib/brakeman/report/report_sarif.rb +122 -2
data/lib/brakeman/rescanner.rb +40 -390
data/lib/brakeman/scanner.rb +62 -38
data/lib/brakeman/tracker/file_cache.rb +83 -0
data/lib/brakeman/tracker.rb +19 -2
data/lib/brakeman/version.rb +1 -1
data/lib/brakeman.rb +12 -2
metadata +36 -38

data/lib/brakeman/tracker/file_cache.rb ADDED Viewed

@@ -0,0 +1,83 @@
+module Brakeman
+  class FileCache
+    def initialize(file_list = nil)
+      @file_list = file_list || {
+        controller: {},
+        initializer: {},
+        lib: {},
+        model: {},
+        template: {},
+      }
+    end
+    def controllers
+      @file_list[:controller]
+    end
+    def initializers
+      @file_list[:initializer]
+    end
+    def libs
+      @file_list[:lib]
+    end
+    def models
+      @file_list[:model]
+    end
+    def templates
+      @file_list[:template]
+    end
+    def add_file(astfile, type)
+      raise "Unknown type: #{type}" unless valid_type? type
+      @file_list[type][astfile.path] = astfile
+    end
+    def valid_type?(type)
+      @file_list.key? type
+    end
+    def cached? path
+      @file_list.any? do |name, list|
+        list[path]
+      end
+    end
+    def delete path
+      @file_list.each do |name, list|
+        list.delete path
+      end
+    end
+    def diff other
+      @file_list.each do |name, list|
+        other_list = other.send(:"#{name}s")
+        if list == other_list
+          next
+        else
+          puts "-- #{name} --"
+          puts "Old: #{other_list.keys - list.keys}"
+          puts "New: #{list.keys - other_list.keys}"
+        end
+      end
+    end
+    def dup
+      copy_file_list = @file_list.map do |name, list|
+        copy_list = list.map do |path, astfile|
+          copy_astfile = astfile.dup
+          copy_astfile.ast = copy_astfile.ast.deep_clone
+          [path, copy_astfile]
+        end.to_h
+        [name, copy_list]
+      end.to_h
+      FileCache.new(copy_file_list)
+    end
+  end
+end

data/lib/brakeman/tracker.rb CHANGED Viewed

@@ -12,7 +12,7 @@ class Brakeman::Tracker
   attr_accessor :controllers, :constants, :templates, :models, :errors,
     :checks, :initializers, :config, :routes, :processor, :libs,
     :template_cache, :options, :filter_cache, :start_time, :end_time,
-    :duration, :ignored_filter, :app_tree
+    :duration, :ignored_filter, :app_tree, :file_cache, :pristine_file_cache
   #Place holder when there should be a model, but it is not
   #clear what model it will be.
@@ -26,15 +26,22 @@ class Brakeman::Tracker
     @app_tree = app_tree
     @processor = processor
     @options = options
+    @file_cache = Brakeman::FileCache.new
+    @pristine_file_cache = nil
-    @config = Brakeman::Config.new(self)
+    reset_all
+  end
+  def reset_all
     @templates = {}
     @controllers = {}
     #Initialize models with the unknown model so
     #we can match models later without knowing precisely what
     #class they are.
     @models = {}
     @models[UNKNOWN_MODEL] = Brakeman::Model.new(UNKNOWN_MODEL, nil, @app_tree.file_path("NOT_REAL.rb"), nil, self)
     @method_cache = {}
     @routes = {}
     @initializers = {}
@@ -46,11 +53,16 @@ class Brakeman::Tracker
     @template_cache = Set.new
     @filter_cache = {}
     @call_index = nil
+    @config = Brakeman::Config.new(self)
     @start_time = Time.now
     @end_time = nil
     @duration = nil
   end
+  def save_file_cache!
+    @pristine_file_cache = @file_cache.dup
+  end
   #Add an error to the list. If no backtrace is given,
   #the one from the exception will be used.
   def error exception, backtrace = nil
@@ -301,6 +313,11 @@ class Brakeman::Tracker
       method_sets << self.controllers
     end
+    if locations.include? :libs
+      classes_to_reindex.merge self.libs.keys
+      method_sets << self.libs
+    end
     if locations.include? :initializers
       self.initializers.each do |file_name, src|
         @call_index.remove_indexes_by_file file_name

data/lib/brakeman/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "6.2.2"
+  Version = "7.0.0"
 end

data/lib/brakeman.rb CHANGED Viewed

@@ -84,6 +84,15 @@ module Brakeman
       options[:report_progress] = false
     end
+    if options[:use_prism]
+      begin
+        require 'prism'
+        notify '[Notice] Using Prism parser'
+      rescue LoadError => e
+        Brakeman.debug "[Notice] Asked to use Prism, but failed to load: #{e}"
+      end
+    end
     scan options
   end
@@ -196,6 +205,7 @@ module Brakeman
       :pager => true,
       :parallel_checks => true,
       :parser_timeout => 10,
+      :use_prism => true,
       :relative_path => false,
       :report_progress => true,
       :safe_methods => Set.new,
@@ -464,12 +474,12 @@ module Brakeman
   def self.rescan tracker, files, options = {}
     require 'brakeman/rescanner'
-    tracker.options.merge! options
+    options = tracker.options.merge options
     @quiet = !!tracker.options[:quiet]
     @debug = !!tracker.options[:debug]
-    Rescanner.new(tracker.options, tracker.processor, files).recheck
+    Rescanner.new(options, tracker.processor, files).recheck
   end
   def self.notify message

metadata CHANGED Viewed

@@ -1,29 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman-lib
 version: !ruby/object:Gem::Version
-  version: 6.2.2
+  version: 7.0.0
 platform: ruby
 authors:
 - Justin Collins
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-17 00:00:00.000000000 Z
+date: 2024-12-31 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: csv
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -66,20 +51,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov-html
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.2
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.2
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -150,20 +121,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: csv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: terminal-table
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
@@ -240,6 +225,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: prism
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications
   via static analysis. This package declares gem dependencies instead of bundling
   them.
@@ -431,6 +430,7 @@ files:
 - lib/brakeman/tracker/config.rb
 - lib/brakeman/tracker/constants.rb
 - lib/brakeman/tracker/controller.rb
+- lib/brakeman/tracker/file_cache.rb
 - lib/brakeman/tracker/library.rb
 - lib/brakeman/tracker/method_info.rb
 - lib/brakeman/tracker/model.rb
@@ -452,7 +452,6 @@ metadata:
   mailing_list_uri: https://gitter.im/presidentbeef/brakeman
   source_code_uri: https://github.com/presidentbeef/brakeman
   wiki_uri: https://github.com/presidentbeef/brakeman/wiki
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -467,8 +466,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Security vulnerability scanner for Ruby on Rails.
 test_files: []