brakeman-lib 7.0.2 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6159d3bde042821529cf3e5200e88de8e8706879cf44fb273e3291bb68d4f2b7
-  data.tar.gz: bf06c105b4c21ca099b017f9407f582a7a47515bebe5a834c8fe8296382b9a6d
+  metadata.gz: c2279f2b84d3be0e168b6b16e59855f5507c0514df39c4fb4b63d76721b7e87d
+  data.tar.gz: 37751126761102664819b8779940ecbc2097caec46176f4fc8d3b0f740585579
 SHA512:
-  metadata.gz: baf1296b60acc90093aab77e65fbdc6d2f9ea4c60371b7bfd5d6301b3fd2e7195f46bec8b3d3811a011f144d22d597303a41bf517d4d257eec382d52de0d109f
-  data.tar.gz: f4770665453293c3b06b9bb3bdca5216eb81d8696e929fcc9d4dd2d416a017296664794134022a6812bda18fe16fffaedb17daa2ff93e049eb0ee760eb5e00fc
+  metadata.gz: 2c8a2bf6f2f3c2ee11419def7e7e91a4942cf337504db7a6e54c66f7b6a645cef31ac86de9580f78bdfe0ca66d08387d4125d36f106ac63354423e3973917deb
+  data.tar.gz: b77e61957f321cdbdf33a41b057779c5b5f60a41512d538737a8aa0e57e6c6fc13cf9213cc710995ff55de04a57c1640492108529fda616553c6fb7ba5cd81d7

data/CHANGES.md

@@ -1,3 +1,14 @@
+# 7.1.0 - 2025-07-18
+
+* Add EOL dates for Rails 8.0 and Ruby 3.4
+* Support render model shortcut
+* Use lazy file lists for AppTree
+* Add Haml 6.x support
+* Improve ignored warnings layout in HTML report (Sebastien Savater)
+* Update JUnit report for CircleCI (Philippe Bernery)
+* Only load escape functionality from cgi library (Earlopain)
+* Add `--ensure-no-obsolete-config-entries` option (viralpraxis)
+
 # 7.0.2 - 2025-04-04
 
 * Fix error with empty `BUNDLE_GEMFILE` env variable

data/lib/brakeman/app_tree.rb

@@ -145,6 +145,17 @@ module Brakeman
       end
     end
 
+
+    # Call this to be able to marshall the AppTree
+    def marshallable
+      @initializer_paths = @initializer_paths.to_a
+      @controller_paths = @controller_paths.to_a
+      @template_paths = @template_paths.to_a
+      @lib_files = @file_paths.to_a
+
+      self
+    end
+
   private
 
     def find_helper_paths
@@ -160,7 +171,7 @@ module Brakeman
     end
 
     def find_paths(directory, extensions = ".rb")
-      select_files(glob_files(directory, "*", extensions).sort)
+      select_files(glob_files(directory, "*", extensions))
     end
 
     def glob_files(directory, name, extensions = ".rb")
@@ -179,10 +190,10 @@ module Brakeman
         end
 
         files = patterns.flat_map { |pattern| Dir.glob(pattern) }
-        files.uniq
+        files.uniq.lazy
       else
         pattern = "#{root_search_pattern}#{directory}/**/#{name}#{extensions}"
-        Dir.glob(pattern)
+        Dir.glob(pattern).lazy
       end
     end
 
@@ -191,7 +202,8 @@ module Brakeman
       paths = reject_skipped_files(paths)
       paths = convert_to_file_paths(paths)
       paths = reject_global_excludes(paths)
-      reject_directories(paths)
+      paths = reject_directories(paths)
+      paths
     end
 
     def reject_directories(paths)

data/lib/brakeman/checks/check_eol_rails.rb

@@ -25,5 +25,6 @@ class Brakeman::CheckEOLRails < Brakeman::EOLCheck
     ['7.0.0', '7.0.99'] => Date.new(2025, 4, 1),
     ['7.1.0', '7.1.99'] => Date.new(2025, 10, 1),
     ['7.2.0', '7.2.99'] => Date.new(2026, 8, 9),
+    ['8.0.0', '8.0.99'] => Date.new(2026, 10, 7),
   }
 end

data/lib/brakeman/checks/check_eol_ruby.rb

@@ -25,5 +25,6 @@ class Brakeman::CheckEOLRuby < Brakeman::EOLCheck
     ['3.1.0', '3.1.99'] => Date.new(2025, 3, 31),
     ['3.2.0', '3.2.99'] => Date.new(2026, 3, 31),
     ['3.3.0', '3.3.99'] => Date.new(2027, 3, 31),
+    ['3.4.0', '3.4.99'] => Date.new(2028, 3, 31),
   }
 end

data/lib/brakeman/commandline.rb

@@ -145,6 +145,11 @@ module Brakeman
           quit Brakeman::Errors_Found_Exit_Code
         end
 
+        if tracker.options[:ensure_no_obsolete_ignore_entries] && tracker.unused_fingerprints.any?
+          warn '[Error] Obsolete ignore entries were found, exiting with an error code.'
+          quit Brakeman::Obsolete_Ignore_Entries_Exit_Code
+        end
+
         if ensure_ignore_notes_failed
           quit Brakeman::Empty_Ignore_Note_Exit_Code
         end

data/lib/brakeman/messages.rb

@@ -86,7 +86,7 @@ class Brakeman::Messages::Message
   end
 
   def to_html
-    require 'cgi'
+    require 'cgi/escape'
 
     output = @parts.map(&:to_html).join
 

data/lib/brakeman/options.rb

@@ -71,6 +71,10 @@ module Brakeman::Options
           options[:ensure_ignore_notes] = true
         end
 
+        opts.on "--ensure-no-obsolete-ignore-entries", "Fail when an obsolete ignore entry is found" do
+          options[:ensure_no_obsolete_ignore_entries] = true
+        end
+
         opts.on "-3", "--rails3", "Force Rails 3 mode" do
           options[:rails3] = true
         end

data/lib/brakeman/parsers/haml6_embedded.rb

@@ -0,0 +1,23 @@
+[:Coffee, :CoffeeScript, :Markdown, :Sass].each do |name|
+  klass = Module.const_get("Haml::Filters::#{name}")
+
+  klass.define_method(:compile) do |node|
+    temple = [:multi]
+    temple << [:static, "<script>\n"]
+    temple << compile_with_tilt(node)
+    temple << [:static, "</script>"]
+    temple
+  end
+
+  klass.define_method(:compile_with_tilt) do |node|
+    # From Haml
+    text = ::Haml::Util.unescape_interpolation(node.value[:text]).gsub(/(\\+)n/) do |s|
+      escapes = $1.size
+      next s if escapes % 2 == 0
+      "#{'\\' * (escapes - 1)}\n"
+    end
+    text.prepend("\n").sub!(/\n"\z/, '"')
+
+    [:dynamic, "BrakemanFilter.render(#{text})"]
+  end
+end

data/lib/brakeman/parsers/template_parser.rb

@@ -24,6 +24,7 @@ module Brakeman
                 type = :erubis if erubis?
                 parse_erb path, text
               when :haml
+                type = :haml6 if haml6?
                 parse_haml path, text
               when :slim
                 parse_slim path, text
@@ -74,19 +75,43 @@ module Brakeman
     end
 
     def parse_haml path, text
-      Brakeman.load_brakeman_dependency 'haml'
-      require_relative 'haml_embedded'
+      if haml6?
+        require_relative 'haml6_embedded'
+
+        Haml::Template.new(filename: path.relative,
+                           :escape_html => tracker.config.escape_html?,
+                           generator: Temple::Generators::RailsOutputBuffer,
+                           use_html_safe: true,
+                           buffer_class: 'ActionView::OutputBuffer',
+                           disable_capture: true,
+                          ) { text }.precompiled_template
+      else
+        require_relative 'haml_embedded'
 
-      Haml::Engine.new(text,
-                       :filename => path,
-                       :escape_html => tracker.config.escape_html?,
-                       :escape_filter_interpolations => tracker.config.escape_filter_interpolations?
-                      ).precompiled.gsub(/([^\\])\\n/, '\1')
+        Haml::Engine.new(text,
+                         :filename => path,
+                         :escape_html => tracker.config.escape_html?,
+                         :escape_filter_interpolations => tracker.config.escape_filter_interpolations?
+                        ).precompiled.gsub(/([^\\])\\n/, '\1')
+      end
     rescue Haml::Error => e
       tracker.error e, ["While compiling HAML in #{path}"] << e.backtrace
       nil
     end
 
+    def haml6?
+      return @haml6 unless @haml6.nil?
+
+      Brakeman.load_brakeman_dependency 'haml'
+      major_version = Haml::VERSION.split('.').first.to_i
+
+      if major_version >= 6
+        @haml6 = true
+      else
+        @haml6 = false
+      end
+    end
+
     def parse_slim path, text
       Brakeman.load_brakeman_dependency 'slim'
 

data/lib/brakeman/processor.rb

@@ -63,6 +63,8 @@ module Brakeman
         result = ErbTemplateProcessor.new(@tracker, name, called_from, file_name).process src
       when :haml
         result = HamlTemplateProcessor.new(@tracker, name, called_from, file_name).process src
+      when :haml6
+        result = Haml6TemplateProcessor.new(@tracker, name, called_from, file_name).process src
       when :erubis
         result = ErubisTemplateProcessor.new(@tracker, name, called_from, file_name).process src
       when :slim

data/lib/brakeman/processors/base_processor.rb

@@ -205,6 +205,7 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
     rest = process rest
     result = Sexp.new(:render, render_type, value, rest)
     result.line(exp.line)
+
     result
   end
 
@@ -240,6 +241,7 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
     elsif first_arg.nil?
       type = :default
     elsif not hash? first_arg
+      # Maybe do partial if in view?
       type = :action
       value = first_arg
     end

data/lib/brakeman/processors/haml6_template_processor.rb

@@ -0,0 +1,92 @@
+require 'brakeman/processors/haml_template_processor'
+
+class Brakeman::Haml6TemplateProcessor < Brakeman::HamlTemplateProcessor
+
+  OUTPUT_BUFFER = s(:ivar, :@output_buffer)
+  HAML_UTILS = s(:colon2, s(:colon3, :Haml), :Util)
+  HAML_UTILS2 = s(:colon2, s(:const, :Haml), :Util)
+  # @output_buffer = output_buffer || ActionView::OutputBuffer.new
+  AV_SAFE_BUFFER = s(:or, s(:call, nil, :output_buffer), s(:call, s(:colon2, s(:const, :ActionView), :OutputBuffer), :new))
+  EMBEDDED_FILTER = s(:const, :BrakemanFilter)
+
+  def initialize(*)
+    super
+
+    # Because of how Haml 6 handles line breaks -
+    # we have to track where _haml_compiler variables are assigned.
+    # then change the line number of where they are output to where
+    # they are assigned.
+    #
+    # Like this:
+    #
+    #   ; _haml_compiler1 = (params[:x]; 
+    #   ; ); @output_buffer.safe_concat((((::Haml::Util.escape_html_safe((_haml_compiler1))).to_s).to_s));
+    #
+    #  `_haml_compiler1` is output a line after it's assigned,
+    #  but the assignment matches the "real" line where it is output in the template.
+    @compiler_assigns = {}
+  end
+
+  # @output_buffer.safe_concat
+  def buffer_append? exp
+    call? exp and
+      output_buffer? exp.target and
+      exp.method == :safe_concat
+  end
+
+  def process_lasgn exp
+    if exp.lhs.match?(/_haml_compiler\d+/)
+      @compiler_assigns[exp.lhs] = exp.rhs
+      ignore
+    else
+      exp
+    end
+  end
+
+  def process_lvar exp
+    if exp.value.match?(/_haml_compiler\d+/)
+      exp = @compiler_assigns[exp.value] || exp
+    end
+
+    exp
+  end
+
+  def is_escaped? exp
+    return unless call? exp
+
+    html_escaped? exp or
+      javascript_escaped? exp
+  end
+
+  def javascript_escaped? call
+    # TODO: Adding here to match existing behavior for HAML,
+    # but really this is not safe and needs to be revisited
+      call.method == :j or
+        call.method == :escape_javascript
+  end
+
+  def html_escaped? call
+    (call.target == HAML_UTILS or call.target == HAML_UTILS2) and
+      (call.method == :escape_html or call.method == :escape_html_safe)
+  end
+
+  def output_buffer? exp
+    exp == OUTPUT_BUFFER or
+      exp == AV_SAFE_BUFFER
+  end
+
+  def normalize_output arg
+    arg = super(arg)
+
+    if embedded_filter? arg
+      super(arg.first_arg)
+    else
+      arg
+    end
+  end
+
+  # Handle our "fake" embedded filters
+  def embedded_filter? arg
+    call? arg and arg.method == :render and arg.target == EMBEDDED_FILTER
+  end
+end

data/lib/brakeman/processors/haml_template_processor.rb

@@ -84,6 +84,12 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
     :escape_once_without_haml_xss
   ]
 
+  def is_escaped? exp
+    return unless call? exp
+
+    haml_helpers? exp.target and ESCAPE_METHODS.include? exp.method
+  end
+
   def get_pushed_value exp, default = :output
     return exp unless sexp? exp
 
@@ -113,7 +119,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
     when :call
       if exp.method == :to_s or exp.method == :strip
         get_pushed_value(exp.target, default)
-      elsif haml_helpers? exp.target and ESCAPE_METHODS.include? exp.method
+      elsif is_escaped? exp
         get_pushed_value(exp.first_arg, :escaped_output)
       elsif @javascript and (exp.method == :j or exp.method == :escape_javascript) # TODO: Remove - this is not safe
         get_pushed_value(exp.first_arg, :escaped_output)

data/lib/brakeman/processors/lib/render_helper.rb

@@ -9,7 +9,14 @@ module Brakeman::RenderHelper
     @rendered = true
     case exp.render_type
     when :action, :template, :inline
-      process_action exp[2][1], exp[3], exp.line
+      action = exp[2]
+      args = exp[3]
+
+      if string? action or symbol? action
+        process_action action.value, args, exp.line
+      else
+        process_model_action action, args
+      end
     when :default
       begin
         process_template template_name, exp[3], nil, exp.line
@@ -49,6 +56,36 @@ module Brakeman::RenderHelper
   def process_action name, args, line
     if name.is_a? String or name.is_a? Symbol
       process_template template_name(name), args, nil, line
+    else
+      Brakeman.debug "Not processing render #{name.inspect}"
+    end
+  end
+
+  SINGLE_RECORD = [:first, :find, :last, :new]
+  COLLECTION = [:all, :where]
+
+  def process_model_action action, args
+    return unless call? action
+
+    method = action.method
+
+    klass = get_class_target(action) || Brakeman::Tracker::UNKNOWN_MODEL
+    name = Sexp.new(:lit, klass.downcase)
+
+    if SINGLE_RECORD.include? method
+      # Set a local variable with name based on class of model
+      # and value of the value passed to render
+      local_key = Sexp.new(:lit, :locals)
+      locals = hash_access(args, local_key) || Sexp.new(:hash)
+      hash_insert(locals, name, action)
+      hash_insert(args, local_key, locals)
+
+      process_partial name, args, action.line
+    elsif COLLECTION.include? method
+      collection_key = Sexp.new(:lit, :collection)
+      hash_insert(args, collection_key, action)
+
+      process_partial name, args, action.line
     end
   end
 

data/lib/brakeman/processors/template_processor.rb

@@ -56,7 +56,7 @@ class Brakeman::TemplateProcessor < Brakeman::BaseProcessor
   # Pull out actual output value from template
   def normalize_output arg
     if call? arg and [:to_s, :html_safe!, :freeze].include? arg.method
-      arg.target
+      normalize_output(arg.target) # sometimes it's foo.to_s.to_s
     elsif node_type? arg, :if
       branches = [arg.then_clause, arg.else_clause].compact
 

data/lib/brakeman/report/report_html.rb

@@ -1,4 +1,4 @@
-require 'cgi'
+require 'cgi/escape'
 require 'brakeman/report/report_table.rb'
 
 class Brakeman::Report::HTML < Brakeman::Report::Table

data/lib/brakeman/report/report_junit.rb

@@ -9,50 +9,7 @@ class Brakeman::Report::JUnit < Brakeman::Report::Base
     doc.add REXML::XMLDecl.new '1.0', 'UTF-8'
 
     test_suites = REXML::Element.new 'testsuites'
-    test_suites.add_attribute 'xmlns:brakeman', 'https://brakemanscanner.org/'
-    properties = test_suites.add_element 'brakeman:properties', { 'xml:id' => 'scan_info' }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'app_path', 'brakeman:value' => tracker.app_path }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'rails_version', 'brakeman:value' => rails_version }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'security_warnings', 'brakeman:value' => all_warnings.length }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'start_time', 'brakeman:value' => tracker.start_time.iso8601 }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'end_time', 'brakeman:value' => tracker.end_time.iso8601 }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'duration', 'brakeman:value' => tracker.duration }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'checks_performed', 'brakeman:value' => checks.checks_run.join(',') }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'number_of_controllers', 'brakeman:value' => tracker.controllers.length }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'number_of_models', 'brakeman:value' => tracker.models.length - 1 }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'ruby_version', 'brakeman:value' => number_of_templates(@tracker) }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'number_of_templates', 'brakeman:value' => RUBY_VERSION }
-    properties.add_element 'brakeman:property', { 'brakeman:name' => 'brakeman_version', 'brakeman:value' => Brakeman::Version }
 
-    errors = test_suites.add_element 'brakeman:errors'
-    tracker.errors.each { |e|
-      error = errors.add_element 'brakeman:error'
-      error.add_attribute 'brakeman:message', e[:error]
-      e[:backtrace].each { |b|
-        backtrace = error.add_element 'brakeman:backtrace'
-        backtrace.add_text b
-      }
-    }
-
-    obsolete = test_suites.add_element 'brakeman:obsolete'
-    tracker.unused_fingerprints.each { |fingerprint|
-      obsolete.add_element 'brakeman:warning', { 'brakeman:fingerprint' => fingerprint }
-    }
-
-    ignored = test_suites.add_element 'brakeman:ignored'
-    ignored_warnings.each { |w|
-      warning = ignored.add_element 'brakeman:warning'
-      warning.add_attribute 'brakeman:message', w.message
-      warning.add_attribute 'brakeman:category', w.warning_type
-      warning.add_attribute 'brakeman:file', warning_file(w)
-      warning.add_attribute 'brakeman:line', w.line
-      warning.add_attribute 'brakeman:fingerprint', w.fingerprint
-      warning.add_attribute 'brakeman:confidence', w.confidence_name 
-      warning.add_attribute 'brakeman:code', w.format_code
-      warning.add_text w.to_s
-    }
-
-    hostname = `hostname`.strip
     i = 0
     all_warnings
       .map { |warning| [warning.file, [warning]] }
@@ -66,35 +23,25 @@ class Brakeman::Report::JUnit < Brakeman::Report::Base
         test_suite = test_suites.add_element 'testsuite'
         test_suite.add_attribute 'id', i
         test_suite.add_attribute 'package', 'brakeman'
-        test_suite.add_attribute 'name', file.relative
+        test_suite.add_attribute 'file', file.relative
         test_suite.add_attribute 'timestamp', tracker.start_time.strftime('%FT%T')
-        test_suite.add_attribute 'hostname', hostname == '' ? 'localhost' : hostname
         test_suite.add_attribute 'tests', checks.checks_run.length
         test_suite.add_attribute 'failures', warnings.length
         test_suite.add_attribute 'errors', '0'
         test_suite.add_attribute 'time', '0'
 
-        test_suite.add_element 'properties'
-
         warnings.each { |warning|
           test_case = test_suite.add_element 'testcase'
-          test_case.add_attribute 'name', 'run_check'
-          test_case.add_attribute 'classname', warning.check
+          test_case.add_attribute 'name', warning.check.sub(/^Brakeman::/, '')
+          test_case.add_attribute 'file', file.relative
+          test_case.add_attribute 'line', warning.line if warning.line
           test_case.add_attribute 'time', '0'
 
           failure = test_case.add_element 'failure'
           failure.add_attribute 'message', warning.message
           failure.add_attribute 'type', warning.warning_type
-          failure.add_attribute 'brakeman:fingerprint', warning.fingerprint
-          failure.add_attribute 'brakeman:file', warning_file(warning)
-          failure.add_attribute 'brakeman:line', warning.line
-          failure.add_attribute 'brakeman:confidence', warning.confidence_name 
-          failure.add_attribute 'brakeman:code', warning.format_code
           failure.add_text warning.to_s
         }
-
-        test_suite.add_element 'system-out'
-        test_suite.add_element 'system-err'
       }
 
     doc.add test_suites

data/lib/brakeman/report/templates/header.html.erb

@@ -9,10 +9,15 @@
     function toggle(context) {
       var elem = document.getElementById(context);
 
-      if (elem.style.display != "block")
+      if (elem.style.display != "block") {
         elem.style.display = "block";
-      else
+
+        elem.querySelectorAll("table").forEach(function(table) {
+          $(table).DataTable().columns.adjust();
+        });
+      } else {
         elem.style.display = "none";
+      }
 
       elem.parentNode.scrollIntoView();
     }

data/lib/brakeman/report/templates/ignored_warnings.html.erb

@@ -1,6 +1,6 @@
 <div onClick="toggle('ignored_table');">  <h2><%= warnings.length %> Ignored Warnings (click to see them)</h2 ></div>
-<div>
-  <table style="display:none" id="ignored_table">
+<div style="display:none; width:100%" id="ignored_table">
+  <table>
     <thead>
       <tr>
         <th>Confidence</th>
@@ -8,7 +8,7 @@
         <th>Warning Type</th>
         <th>CWE ID</th>
         <th>Message</th>
-        <th>Note</th>
+        <th width="auto">Note</th>
       </tr>
     </thead>
     <tbody>

data/lib/brakeman/tracker.rb

@@ -441,4 +441,10 @@ class Brakeman::Tracker
 
     @call_index.remove_indexes_by_file path
   end
+
+  # Call this to be able to marshal the Tracker
+  def marshallable
+    @app_tree.marshallable
+    self
+  end
 end

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "7.0.2"
+  Version = "7.1.0"
 end

data/lib/brakeman.rb

@@ -24,6 +24,10 @@ module Brakeman
   #--ensure-ignore-notes is set
   Empty_Ignore_Note_Exit_Code = 8
 
+  # Exit code returned when at least one obsolete ignore entry is present
+  # and `--ensure-no-obsolete-ignore-entries` is set.
+  Obsolete_Ignore_Entries_Exit_Code = 9
+
   @debug = false
   @quiet = false
   @loaded_dependencies = []

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman-lib
 version: !ruby/object:Gem::Version
-  version: 7.0.2
+  version: 7.1.0
 platform: ruby
 authors:
 - Justin Collins
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-04 00:00:00.000000000 Z
+date: 2025-07-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -182,16 +182,16 @@ dependencies:
   name: haml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '5.1'
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '5.1'
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: slim
   requirement: !ruby/object:Gem::Requirement
@@ -353,6 +353,7 @@ files:
 - lib/brakeman/messages.rb
 - lib/brakeman/options.rb
 - lib/brakeman/parsers/erubis_patch.rb
+- lib/brakeman/parsers/haml6_embedded.rb
 - lib/brakeman/parsers/haml_embedded.rb
 - lib/brakeman/parsers/rails2_erubis.rb
 - lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
@@ -368,6 +369,7 @@ files:
 - lib/brakeman/processors/erb_template_processor.rb
 - lib/brakeman/processors/erubis_template_processor.rb
 - lib/brakeman/processors/gem_processor.rb
+- lib/brakeman/processors/haml6_template_processor.rb
 - lib/brakeman/processors/haml_template_processor.rb
 - lib/brakeman/processors/lib/basic_processor.rb
 - lib/brakeman/processors/lib/call_conversion_helper.rb
@@ -468,7 +470,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: Security vulnerability scanner for Ruby on Rails.