brakeman-min 5.0.2 → 5.0.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a486f805cfd0fd1c36ac34bf44f473b3ed7814316ee4c0d143e9e01c58a13193
4
- data.tar.gz: b6bbf137c70cb2d18fe360ece53eb603b1ba98514f78226a330966c315b29e25
3
+ metadata.gz: 4427b42453d4b3fe3f8e11dfc21bfdbd28b71fa4ccb4defac5996e83e24cb241
4
+ data.tar.gz: 4900a0b9e21a6d07461745ee3e62e0604a744808fd73e905b9c8f02ac69fb74f
5
5
  SHA512:
6
- metadata.gz: f710fa000e8f3db9dc3483be367c20fad55c5d6ece2d16911cfd61db5f1daf8c0eaa13673c5f0df36d5636c8b1699f286d8f30329c3726050ee59ee69d4f2a2c
7
- data.tar.gz: 41099aaaf36e61dd7fcca6607b67b8007c0436a8d8c222027ff6cc5576a1c9e0a1e9a26b2b3a401b2b8bb2b425301689325e0a3a30e030b1e45a049424b69e52
6
+ metadata.gz: 6402aac15ef3608d22d571febb4757f2d88d0eeb21f1be50905e7d0e1ab473cf312a122c318ec5c78ae15e1c1ba024e7dc14c3fd51d7d740e16ad8fa0442c5f1
7
+ data.tar.gz: c72b497d8a9efaf76d24e483ed8f255e3915f6999766a370bcd1c92095dc5e0e890ef0302feea5e38c95d2cb4fd200a865439b75d9460acd4a136f455296d19c
data/CHANGES.md CHANGED
@@ -1,3 +1,9 @@
1
+ # 5.0.4 - 2021-06-08
2
+
3
+ (brakeman gem release only)
4
+
5
+ * Update bundled `ruby_parser` to include argument forwarding support
6
+
1
7
  # 5.0.2 - 2021-06-07
2
8
 
3
9
  * Fix Loofah version check
data/lib/brakeman.rb CHANGED
@@ -250,8 +250,6 @@ module Brakeman
250
250
  [:to_sarif]
251
251
  when :sonar, :to_sonar
252
252
  [:to_sonar]
253
- when :github, :to_github
254
- [:to_github]
255
253
  else
256
254
  [:to_text]
257
255
  end
@@ -285,8 +283,6 @@ module Brakeman
285
283
  :to_sarif
286
284
  when /\.sonar$/i
287
285
  :to_sonar
288
- when /\.github$/i
289
- :to_github
290
286
  else
291
287
  :to_text
292
288
  end
@@ -26,7 +26,7 @@ class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck
26
26
  def check_detailed_exceptions
27
27
  tracker.controllers.each do |_name, controller|
28
28
  controller.methods_public.each do |method_name, definition|
29
- src = definition.src
29
+ src = definition[:src]
30
30
  body = src.body.last
31
31
  next unless body
32
32
 
@@ -10,7 +10,7 @@ class Brakeman::CheckEvaluation < Brakeman::BaseCheck
10
10
  #Process calls
11
11
  def run_check
12
12
  Brakeman.debug "Finding eval-like calls"
13
- calls = tracker.find_call methods: [:eval, :instance_eval, :class_eval, :module_eval], nested: true
13
+ calls = tracker.find_call :method => [:eval, :instance_eval, :class_eval, :module_eval]
14
14
 
15
15
  Brakeman.debug "Processing eval-like calls"
16
16
  calls.each do |call|
@@ -572,7 +572,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
572
572
  end
573
573
 
574
574
  IGNORE_METHODS_IN_SQL = Set[:id, :merge_conditions, :table_name, :quoted_table_name,
575
- :quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array, :sanitize_sql_like,
575
+ :quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array,
576
576
  :sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
577
577
  :sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
578
578
  :to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,
@@ -592,8 +592,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
592
592
  IGNORE_METHODS_IN_SQL.include? exp.method or
593
593
  quote_call? exp or
594
594
  arel? exp or
595
- exp.method.to_s.end_with? "_id" or
596
- number_target? exp
595
+ exp.method.to_s.end_with? "_id"
597
596
  end
598
597
  when :if
599
598
  safe_value? exp.then_clause and safe_value? exp.else_clause
@@ -696,16 +695,4 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
696
695
  active_record_models.include? klass
697
696
  end
698
697
  end
699
-
700
- def number_target? exp
701
- return unless call? exp
702
-
703
- if number? exp.target
704
- true
705
- elsif call? exp.target
706
- number_target? exp.target
707
- else
708
- false
709
- end
710
- end
711
698
  end
@@ -32,7 +32,7 @@ class Brakeman::CheckVerbConfusion < Brakeman::BaseCheck
32
32
  return
33
33
  end
34
34
 
35
- process method.src
35
+ process method[:src]
36
36
  end
37
37
 
38
38
  def process_if exp
@@ -1,5 +1,3 @@
1
- require 'parallel'
2
-
3
1
  module Brakeman
4
2
  ASTFile = Struct.new(:path, :ast)
5
3
 
@@ -15,46 +13,21 @@ module Brakeman
15
13
  end
16
14
 
17
15
  def parse_files list
18
- # Parse the files in parallel.
19
- # By default, the parsing will be in separate processes.
20
- # So we map the result to ASTFiles and/or Exceptions
21
- # then partition them into ASTFiles and Exceptions
22
- # and add the Exceptions to @errors
23
- #
24
- # Basically just a funky way to deal with two possible
25
- # return types that are returned from isolated processes.
26
- #
27
- # Note this method no longer uses read_files
28
- @file_list, new_errors = Parallel.map(list) do |file_name|
29
- file_path = @app_tree.file_path(file_name)
30
- contents = file_path.read
31
-
32
- begin
33
- if ast = parse_ruby(contents, file_path.relative)
34
- ASTFile.new(file_name, ast)
35
- end
36
- rescue Exception => e
37
- e
16
+ read_files list do |path, contents|
17
+ if ast = parse_ruby(contents, path.relative)
18
+ ASTFile.new(path, ast)
38
19
  end
39
- end.compact.partition do |result|
40
- result.is_a? ASTFile
41
20
  end
42
-
43
- errors.concat new_errors
44
21
  end
45
22
 
46
23
  def read_files list
47
24
  list.each do |path|
48
25
  file = @app_tree.file_path(path)
49
26
 
50
- begin
51
- result = yield file, file.read
27
+ result = yield file, file.read
52
28
 
53
- if result
54
- @file_list << result
55
- end
56
- rescue Exception => e
57
- @errors << e
29
+ if result
30
+ @file_list << result
58
31
  end
59
32
  end
60
33
  end
@@ -69,12 +42,17 @@ module Brakeman
69
42
  Brakeman.debug "Parsing #{path}"
70
43
  RubyParser.new.parse input, path, @timeout
71
44
  rescue Racc::ParseError => e
72
- raise e.exception(e.message + "\nCould not parse #{path}")
45
+ error e.exception(e.message + "\nCould not parse #{path}")
73
46
  rescue Timeout::Error => e
74
- raise Exception.new("Parsing #{path} took too long (> #{@timeout} seconds). Try increasing the limit with --parser-timeout")
47
+ error Exception.new("Parsing #{path} took too long (> #{@timeout} seconds). Try increasing the limit with --parser-timeout")
75
48
  rescue => e
76
- raise e.exception(e.message + "\nWhile processing #{path}")
49
+ error e.exception(e.message + "\nWhile processing #{path}")
77
50
  end
78
51
  end
52
+
53
+ def error exception
54
+ @errors << exception
55
+ nil
56
+ end
79
57
  end
80
58
  end
@@ -233,7 +233,7 @@ module Brakeman::Options
233
233
 
234
234
  opts.on "-f",
235
235
  "--format TYPE",
236
- [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit, :sarif, :sonar, :github],
236
+ [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit, :sarif, :sonar],
237
237
  "Specify output formats. Default is text" do |type|
238
238
 
239
239
  type = "s" if type == :text
@@ -220,28 +220,13 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
220
220
  exp = math_op(:+, target, first_arg, exp)
221
221
  end
222
222
  when :-, :*, :/
223
- if method == :* and array? target
224
- if string? first_arg
225
- exp = process_array_join(target, first_arg)
226
- end
227
- else
228
- exp = math_op(method, target, first_arg, exp)
229
- end
223
+ exp = math_op(method, target, first_arg, exp)
230
224
  when :[]
231
225
  if array? target
232
226
  exp = process_array_access(target, exp.args, exp)
233
227
  elsif hash? target
234
228
  exp = process_hash_access(target, first_arg, exp)
235
229
  end
236
- when :fetch
237
- if array? target
238
- # Not dealing with default value
239
- # so just pass in first argument, but process_array_access expects
240
- # an array of arguments.
241
- exp = process_array_access(target, [first_arg], exp)
242
- elsif hash? target
243
- exp = process_hash_access(target, first_arg, exp)
244
- end
245
230
  when :merge!, :update
246
231
  if hash? target and hash? first_arg
247
232
  target = process_hash_merge! target, first_arg
@@ -281,12 +266,6 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
281
266
  target = find_push_target(target_var)
282
267
  env[target] = exp unless target.nil? # Happens in TemplateAliasProcessor
283
268
  end
284
- when :push
285
- if array? target
286
- target << first_arg
287
- env[target_var] = target
288
- return target
289
- end
290
269
  when :first
291
270
  if array? target and first_arg.nil? and sexp? target[1]
292
271
  exp = target[1]
@@ -300,7 +279,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
300
279
  exp = target
301
280
  end
302
281
  when :join
303
- if array? target and (string? first_arg or first_arg.nil?)
282
+ if array? target and target.length > 2 and (string? first_arg or first_arg.nil?)
304
283
  exp = process_array_join(target, first_arg)
305
284
  end
306
285
  when :!
@@ -308,15 +287,6 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
308
287
  if call? target and target.method == :!
309
288
  exp = s(:or, s(:true).line(exp.line), s(:false).line(exp.line)).line(exp.line)
310
289
  end
311
- when :values
312
- # Hash literal
313
- if node_type? target, :hash
314
- exp = hash_values(target)
315
- end
316
- when :values_at
317
- if hash? target
318
- exp = hash_values_at target, exp.args
319
- end
320
290
  end
321
291
 
322
292
  exp
@@ -324,11 +294,6 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
324
294
 
325
295
  # Painful conversion of Array#join into string interpolation
326
296
  def process_array_join array, join_str
327
- # Empty array
328
- if array.length == 1
329
- return s(:str, '').line(array.line)
330
- end
331
-
332
297
  result = s().line(array.line)
333
298
 
334
299
  join_value = if string? join_str
@@ -337,10 +302,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
337
302
  nil
338
303
  end
339
304
 
340
- if array.length > 2
341
- array[1..-2].each do |e|
342
- result << join_item(e, join_value)
343
- end
305
+ array[1..-2].each do |e|
306
+ result << join_item(e, join_value)
344
307
  end
345
308
 
346
309
  result << join_item(array.last, nil)
@@ -369,7 +332,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
369
332
  result.unshift combined_first
370
333
 
371
334
  # Have to fix up strings that follow interpolation
372
- string = result.reduce(s(:dstr).line(array.line)) do |memo, e|
335
+ result.reduce(s(:dstr).line(array.line)) do |memo, e|
373
336
  if string? e and node_type? memo.last, :evstr
374
337
  e.value = "#{join_value}#{e.value}"
375
338
  elsif join_value and node_type? memo.last, :evstr and node_type? e, :evstr
@@ -378,14 +341,6 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
378
341
 
379
342
  memo << e
380
343
  end
381
-
382
- # Convert (:dstr, "hello world")
383
- # to (:str, "hello world")
384
- if string.length == 2 and string.last.is_a? String
385
- string[0] = :str
386
- end
387
-
388
- string
389
344
  end
390
345
 
391
346
  def join_item item, join_value
@@ -1058,8 +1013,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
1058
1013
  method_name = call.method
1059
1014
 
1060
1015
  #Look for helper methods and see if we can get a return value
1061
- if found_method = tracker.find_method(method_name, @current_class)
1062
- helper = found_method.src
1016
+ if found_method = find_method(method_name, @current_class)
1017
+ helper = found_method[:method]
1063
1018
 
1064
1019
  if sexp? helper
1065
1020
  value = process_helper_method helper, call.args
@@ -51,7 +51,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
51
51
  #Need to process the method like it was in a controller in order
52
52
  #to get the renders set
53
53
  processor = Brakeman::ControllerProcessor.new(@tracker, mixin.file)
54
- method = mixin.get_method(name).src.deep_clone
54
+ method = mixin.get_method(name)[:src].deep_clone
55
55
 
56
56
  if node_type? method, :defn
57
57
  method = processor.process_defn method
@@ -143,16 +143,16 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
143
143
  #Basically, adds any instance variable assignments to the environment.
144
144
  #TODO: method arguments?
145
145
  def process_before_filter name
146
- filter = tracker.find_method name, @current_class
146
+ filter = find_method name, @current_class
147
147
 
148
148
  if filter.nil?
149
149
  Brakeman.debug "[Notice] Could not find filter #{name}"
150
150
  return
151
151
  end
152
152
 
153
- method = filter.src
153
+ method = filter[:method]
154
154
 
155
- if ivars = @tracker.filter_cache[[filter.owner, name]]
155
+ if ivars = @tracker.filter_cache[[filter[:controller], name]]
156
156
  ivars.each do |variable, value|
157
157
  env[variable] = value
158
158
  end
@@ -162,7 +162,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
162
162
 
163
163
  ivars = processor.only_ivars(:include_request_vars).all
164
164
 
165
- @tracker.filter_cache[[filter.owner, name]] = ivars
165
+ @tracker.filter_cache[[filter[:controller], name]] = ivars
166
166
 
167
167
  ivars.each do |variable, value|
168
168
  env[variable] = value
@@ -182,7 +182,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
182
182
  # method as the line number
183
183
  if line.nil? and controller = @tracker.controllers[@current_class]
184
184
  if meth = controller.get_method(@current_method)
185
- if line = meth.src && meth.src.last && meth.src.last.line
185
+ if line = meth[:src] && meth[:src].last && meth[:src].last.line
186
186
  line += 1
187
187
  else
188
188
  line = 1
@@ -241,4 +241,41 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
241
241
  []
242
242
  end
243
243
  end
244
+
245
+ #Finds a method in the given class or a parent class
246
+ #
247
+ #Returns nil if the method could not be found.
248
+ #
249
+ #If found, returns hash table with controller name and method sexp.
250
+ def find_method method_name, klass
251
+ return nil if sexp? method_name
252
+ method_name = method_name.to_sym
253
+
254
+ if method = @method_cache[method_name]
255
+ return method
256
+ end
257
+
258
+ controller = @tracker.controllers[klass]
259
+ controller ||= @tracker.libs[klass]
260
+
261
+ if klass and controller
262
+ method = controller.get_method method_name
263
+
264
+ if method.nil?
265
+ controller.includes.each do |included|
266
+ method = find_method method_name, included
267
+ if method
268
+ @method_cache[method_name] = method
269
+ return method
270
+ end
271
+ end
272
+
273
+ @method_cache[method_name] = find_method method_name, controller.parent
274
+ else
275
+ @method_cache[method_name] = { :controller => controller.name, :method => method[:src] }
276
+ end
277
+ else
278
+ nil
279
+ end
280
+ end
244
281
  end
@@ -76,8 +76,6 @@ module Brakeman
76
76
 
77
77
  #Have to do this because first element is :array and we have to skip it
78
78
  array[1..-1][index] or original_exp
79
- elsif all_literals? array
80
- safe_literal(array.line)
81
79
  else
82
80
  original_exp
83
81
  end
@@ -94,13 +92,5 @@ module Brakeman
94
92
  original_exp
95
93
  end
96
94
  end
97
-
98
- def hash_values_at hash, keys
99
- values = keys.map do |key|
100
- process_hash_access hash, key
101
- end
102
-
103
- Sexp.new(:array).concat(values).line(hash.line)
104
- end
105
95
  end
106
96
  end
@@ -54,15 +54,6 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
54
54
 
55
55
  def process_call exp
56
56
  if process_call_defn? exp
57
- exp
58
- elsif @current_method.nil? and exp.target.nil? and (@current_class or @current_module)
59
- # Methods called inside class / module
60
- case exp.method
61
- when :include
62
- module_name = class_name(exp.first_arg)
63
- (@current_class || @current_module).add_include module_name
64
- end
65
-
66
57
  exp
67
58
  else
68
59
  process_default exp
@@ -6,7 +6,7 @@ require 'brakeman/report/report_base'
6
6
  class Brakeman::Report
7
7
  attr_reader :tracker
8
8
 
9
- VALID_FORMATS = [:to_html, :to_pdf, :to_csv, :to_json, :to_tabs, :to_hash, :to_s, :to_markdown, :to_codeclimate, :to_plain, :to_text, :to_junit, :to_github]
9
+ VALID_FORMATS = [:to_html, :to_pdf, :to_csv, :to_json, :to_tabs, :to_hash, :to_s, :to_markdown, :to_codeclimate, :to_plain, :to_text, :to_junit]
10
10
 
11
11
  def initialize tracker
12
12
  @app_tree = tracker.app_tree
@@ -48,9 +48,6 @@ class Brakeman::Report
48
48
  when :to_sonar
49
49
  require_report 'sonar'
50
50
  Brakeman::Report::Sonar
51
- when :to_github
52
- require_report 'github'
53
- Brakeman::Report::Github
54
51
  else
55
52
  raise "Invalid format: #{format}. Should be one of #{VALID_FORMATS.inspect}"
56
53
  end
@@ -62,7 +62,7 @@ module Brakeman
62
62
  process_warnings
63
63
  end
64
64
 
65
- m.choice "Inspect new warnings" do
65
+ m.choice "Hide previously ignored warnings" do
66
66
  @skip_ignored = true
67
67
  pre_show_help
68
68
  process_warnings
@@ -353,9 +353,6 @@ class Brakeman::Scanner
353
353
  def parse_ruby_file file
354
354
  fp = Brakeman::FileParser.new(tracker.app_tree, tracker.options[:parser_timeout])
355
355
  fp.parse_ruby(file.read, file)
356
- rescue Exception => e
357
- tracker.error(e)
358
- nil
359
356
  end
360
357
  end
361
358
 
@@ -35,7 +35,6 @@ class Brakeman::Tracker
35
35
  #class they are.
36
36
  @models = {}
37
37
  @models[UNKNOWN_MODEL] = Brakeman::Model.new(UNKNOWN_MODEL, nil, @app_tree.file_path("NOT_REAL.rb"), nil, self)
38
- @method_cache = {}
39
38
  @routes = {}
40
39
  @initializers = {}
41
40
  @errors = []
@@ -100,8 +99,8 @@ class Brakeman::Tracker
100
99
  classes.each do |set|
101
100
  set.each do |set_name, collection|
102
101
  collection.each_method do |method_name, definition|
103
- src = definition.src
104
- yield src, set_name, method_name, definition.file
102
+ src = definition[:src]
103
+ yield src, set_name, method_name, definition[:file]
105
104
  end
106
105
  end
107
106
  end
@@ -221,34 +220,6 @@ class Brakeman::Tracker
221
220
  nil
222
221
  end
223
222
 
224
- def find_method method_name, class_name, method_type = :instance
225
- return nil unless method_name.is_a? Symbol
226
-
227
- klass = find_class(class_name)
228
- return nil unless klass
229
-
230
- cache_key = [klass, method_name, method_type]
231
-
232
- if method = @method_cache[cache_key]
233
- return method
234
- end
235
-
236
- if method = klass.get_method(method_name, method_type)
237
- return method
238
- else
239
- # Check modules included for method definition
240
- # TODO: only for instance methods, otherwise check extends!
241
- klass.includes.each do |included_name|
242
- if method = find_method(method_name, included_name, method_type)
243
- return (@method_cache[cache_key] = method)
244
- end
245
- end
246
-
247
- # Not in any included modules, check the parent
248
- @method_cache[cache_key] = find_method(method_name, klass.parent)
249
- end
250
- end
251
-
252
223
  def index_call_sites
253
224
  finder = Brakeman::FindAllCalls.new self
254
225
 
@@ -314,8 +285,8 @@ class Brakeman::Tracker
314
285
  method_sets.each do |set|
315
286
  set.each do |set_name, info|
316
287
  info.each_method do |method_name, definition|
317
- src = definition.src
318
- finder.process_source src, :class => set_name, :method => method_name, :file => definition.file
288
+ src = definition[:src]
289
+ finder.process_source src, :class => set_name, :method => method_name, :file => definition[:file]
319
290
  end
320
291
  end
321
292
  end
@@ -1,5 +1,4 @@
1
1
  require 'brakeman/util'
2
- require 'brakeman/tracker/method_info'
3
2
 
4
3
  module Brakeman
5
4
  class Collection
@@ -14,7 +13,6 @@ module Brakeman
14
13
  @src = {}
15
14
  @includes = []
16
15
  @methods = { :public => {}, :private => {}, :protected => {} }
17
- @class_methods = {}
18
16
  @options = {}
19
17
  @tracker = tracker
20
18
 
@@ -48,16 +46,11 @@ module Brakeman
48
46
  end
49
47
 
50
48
  def add_method visibility, name, src, file_name
51
- meth_info = Brakeman::MethodInfo.new(name, src, self, file_name)
52
-
53
49
  if src.node_type == :defs
54
- @class_methods[name] = meth_info
55
-
56
- # TODO fix this weirdness
57
50
  name = :"#{src[1]}.#{name}"
58
51
  end
59
52
 
60
- @methods[visibility][name] = meth_info
53
+ @methods[visibility][name] = { :src => src, :file => file_name }
61
54
  end
62
55
 
63
56
  def each_method
@@ -68,31 +61,16 @@ module Brakeman
68
61
  end
69
62
  end
70
63
 
71
- def get_method name, type = :instance
72
- case type
73
- when :class
74
- get_class_method name
75
- when :instance
76
- get_instance_method name
77
- else
78
- raise "Unexpected method type: #{type.inspect}"
79
- end
80
- end
81
-
82
- def get_instance_method name
83
- @methods.each do |_vis, meths|
84
- if meths[name]
85
- return meths[name]
64
+ def get_method name
65
+ each_method do |n, info|
66
+ if n == name
67
+ return info
86
68
  end
87
69
  end
88
70
 
89
71
  nil
90
72
  end
91
73
 
92
- def get_class_method name
93
- @class_methods[name]
94
- end
95
-
96
74
  def file
97
75
  @files.first
98
76
  end
data/lib/brakeman/util.rb CHANGED
@@ -142,14 +142,6 @@ module Brakeman::Util
142
142
  nil
143
143
  end
144
144
 
145
- def hash_values hash
146
- values = hash.each_sexp.each_slice(2).map do |_, value|
147
- value
148
- end
149
-
150
- Sexp.new(:array).concat(values).line(hash.line)
151
- end
152
-
153
145
  #These are never modified
154
146
  PARAMS_SEXP = Sexp.new(:params)
155
147
  SESSION_SEXP = Sexp.new(:session)
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "5.0.2"
2
+ Version = "5.0.4"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman-min
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.2
4
+ version: 5.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-07 00:00:00.000000000 Z
11
+ date: 2021-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest
@@ -66,20 +66,6 @@ dependencies:
66
66
  - - '='
67
67
  - !ruby/object:Gem::Version
68
68
  version: 0.10.2
69
- - !ruby/object:Gem::Dependency
70
- name: parallel
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - "~>"
74
- - !ruby/object:Gem::Version
75
- version: '1.20'
76
- type: :runtime
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - "~>"
81
- - !ruby/object:Gem::Version
82
- version: '1.20'
83
69
  - !ruby/object:Gem::Dependency
84
70
  name: ruby_parser
85
71
  requirement: !ruby/object:Gem::Requirement
@@ -304,7 +290,6 @@ files:
304
290
  - lib/brakeman/report/report_base.rb
305
291
  - lib/brakeman/report/report_codeclimate.rb
306
292
  - lib/brakeman/report/report_csv.rb
307
- - lib/brakeman/report/report_github.rb
308
293
  - lib/brakeman/report/report_hash.rb
309
294
  - lib/brakeman/report/report_html.rb
310
295
  - lib/brakeman/report/report_json.rb
@@ -334,7 +319,6 @@ files:
334
319
  - lib/brakeman/tracker/constants.rb
335
320
  - lib/brakeman/tracker/controller.rb
336
321
  - lib/brakeman/tracker/library.rb
337
- - lib/brakeman/tracker/method_info.rb
338
322
  - lib/brakeman/tracker/model.rb
339
323
  - lib/brakeman/tracker/template.rb
340
324
  - lib/brakeman/util.rb
@@ -1,31 +0,0 @@
1
- # Github Actions Formatter
2
- # Formats warnings as workflow commands to create annotations in GitHub UI
3
- class Brakeman::Report::Github < Brakeman::Report::Base
4
- def generate_report
5
- # @see https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-a-warning-message
6
- errors.concat(warnings).join("\n")
7
- end
8
-
9
- def warnings
10
- all_warnings
11
- .map { |warning| "::warning file=#{warning_file(warning)},line=#{warning.line}::#{warning.message}" }
12
- end
13
-
14
- def errors
15
- tracker.errors.map do |error|
16
- if error[:exception].is_a?(Racc::ParseError)
17
- # app/services/balance.rb:4 :: parse error on value "..." (tDOT3)
18
- file, line = error[:exception].message.split(':').map(&:strip)[0,2]
19
- "::error file=#{file},line=#{line}::#{clean_message(error[:error])}"
20
- else
21
- "::error ::#{clean_message(error[:error])}"
22
- end
23
- end
24
- end
25
-
26
- private
27
-
28
- def clean_message(msg)
29
- msg.gsub('::','').squeeze(' ')
30
- end
31
- end
@@ -1,29 +0,0 @@
1
- require 'brakeman/util'
2
-
3
- module Brakeman
4
- class MethodInfo
5
- include Brakeman::Util
6
-
7
- attr_reader :name, :src, :owner, :file, :type
8
-
9
- def initialize name, src, owner, file
10
- @name = name
11
- @src = src
12
- @owner = owner
13
- @file = file
14
- @type = case src.node_type
15
- when :defn
16
- :instance
17
- when :defs
18
- :class
19
- else
20
- raise "Expected sexp type: #{src.node_type}"
21
- end
22
- end
23
-
24
- # To support legacy code that expected a Hash
25
- def [] attr
26
- self.send(attr)
27
- end
28
- end
29
- end