brakeman-min 5.0.0.pre1 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ef344d29a0b41b77d931c49ce79ad88e4f17c4e69c51de28a850016029691d35
-  data.tar.gz: b2c7ddb17560b73213f8923e99c8dc96a37be8cd7697bf417d06f66368bfdf98
+  metadata.gz: b3d0b0856b2f8155f922380024dd8055b7a670779da0e2b0fe537296284eedb3
+  data.tar.gz: d53d4b2c2d115e9a37d7f13213d36ea0ee6d74d89f8ff9fa859d769c98335d87
 SHA512:
-  metadata.gz: 7eb5af1fffd3fe230ddf3ea70d826a3eaf82cfc43090cde0b452f24f3382e2c6b1bfcfc84b997b3f4c0bb8088f635965e5297c78fd17a21e87d9aa11dc115d3e
-  data.tar.gz: 6edc3a49f3426c0a215afa6a99ddaf5d531a514df23bd51101f13b800b28640a6b0384f8343c26748e1fe1476159e5a229f904e0728784eb4648de85d22d9be8
+  metadata.gz: 0e2a7a095d2cf2becccd75bb34e3c60924116f91d42bd82ea9327bbdf2ccbc14f27ec735d871ffb4e04ada389a801c54b282029b4b160a75e1cffa5eac0c7812
+  data.tar.gz: 7e8a88f62a20bfbff098321310aa29d901460a91977c0604b4a90b9767447fda738d8604ac72a4ee486d32c250e5fb1f3ad590385d8006a62dd84a2d74948bb0

data/CHANGES.md

@@ -1,3 +1,26 @@
+# 5.0.0 - 2021-01-26
+
+* Ignore `uuid` as a safe attribute
+* Collapse `__send__` calls
+* Ignore `Tempfile#path` in shell commands
+* Ignore development environment
+* Revamp CSV report to a CSV list of warnings
+* Set Rails configuration defaults based on `load_defaults` version
+* Add check for (more) unsafe method reflection
+* Suggest using `--force` if no Rails application is detected
+* Add Sonarqube report format (Adam England)
+* Add check for potential HTTP verb confusion
+* Add `--[no-]skip-vendor` option
+* Scan (almost) all Ruby files in project
+
+# 4.10.1 - 2020-12-24
+
+* Declare REXML as a dependency (Ruby 3.0 compatibility)
+* Use `Sexp#sexp_body` instead of `Sexp#[..]` (Ruby 3.0 compatibility)
+* Prevent render loops when template names are absolute paths
+* Ensure RubyParser is passed file path as a String
+* Support new Haml 5.2.0 escaping method
+
 # 5.0.0.pre1 - 2020-11-17
 
 * Add check for (more) unsafe method reflection

data/lib/brakeman/checks/base_check.rb

@@ -40,7 +40,7 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
     @mass_assign_disabled = nil
     @has_user_input = nil
     @in_array = false
-    @safe_input_attributes = Set[:to_i, :to_f, :arel_table, :id]
+    @safe_input_attributes = Set[:to_i, :to_f, :arel_table, :id, :uuid]
     @comparison_ops  = Set[:==, :!=, :>, :<, :>=, :<=]
   end
 
@@ -151,6 +151,12 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
     method[-1] == "?"
   end
 
+  TEMP_FILE_PATH = s(:call, s(:call, s(:const, :Tempfile), :new), :path).freeze
+
+  def temp_file_path? exp
+    exp == TEMP_FILE_PATH
+  end
+
   #Report a warning
   def warn options
     extra_opts = { :check => self.class.to_s }

data/lib/brakeman/checks/check_execute.rb

@@ -204,11 +204,12 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
       next if node_type? e, :lit, :str
       next if SAFE_VALUES.include? e
       next if shell_escape? e
+      next if temp_file_path? e
 
       if node_type? e, :if
         # If we're in a conditional, evaluate the `then` and `else` clauses to
         # see if they're dangerous.
-        if res = dangerous?(e.values[1..-1])
+        if res = dangerous?(e.sexp_body.sexp_body)
           return res
         end
       elsif node_type? e, :or, :evstr, :dstr

data/lib/brakeman/checks/check_regex_dos.rb

@@ -29,7 +29,7 @@ class Brakeman::CheckRegexDoS < Brakeman::BaseCheck
     return unless original? result
 
     call = result[:call]
-    components = call[1..-1]
+    components = call.sexp_body
 
     components.any? do |component|
       next unless sexp? component

data/lib/brakeman/checks/check_sql.rb

@@ -576,7 +576,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     :sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
     :sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
     :to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,
-    :where_values_hash, :foreign_key
+    :where_values_hash, :foreign_key, :uuid
   ]
 
   def safe_value? exp

data/lib/brakeman/file_parser.rb

@@ -32,7 +32,12 @@ module Brakeman
       end
     end
 
+    # _path_ can be a string or a Brakeman::FilePath
     def parse_ruby input, path
+      if path.is_a? Brakeman::FilePath
+        path = path.relative
+      end
+
       begin
         Brakeman.debug "Parsing #{path}"
         RubyParser.new.parse input, path, @timeout

data/lib/brakeman/processors/alias_processor.rb

@@ -161,6 +161,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
   ARRAY_CONST = s(:const, :Array)
   HASH_CONST = s(:const, :Hash)
   RAILS_TEST = s(:call, s(:call, s(:const, :Rails), :env), :test?)
+  RAILS_DEV = s(:call, s(:call, s(:const, :Rails), :env), :development?)
 
   #Process a method call.
   def process_call exp
@@ -186,7 +187,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     method = exp.method
     first_arg = exp.first_arg
 
-    if method == :send or method == :try
+    if method == :send or method == :__send__ or method == :try
       collapse_send_call exp, first_arg
     end
 
@@ -197,7 +198,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
       return Sexp.new(:array, *exp.args)
     elsif target == HASH_CONST and method == :new and first_arg.nil? and !node_type?(@exp_context.last, :iter)
       return Sexp.new(:hash)
-    elsif exp == RAILS_TEST
+    elsif exp == RAILS_TEST or exp == RAILS_DEV
       return Sexp.new(:false)
     end
 
@@ -236,7 +237,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
         env[target_var] = target
         return target
       elsif string? target and string_interp? first_arg
-        exp = Sexp.new(:dstr, target.value + first_arg[1]).concat(first_arg[2..-1])
+        exp = Sexp.new(:dstr, target.value + first_arg[1]).concat(first_arg.sexp_body(2))
         env[target_var] = exp
       elsif string? first_arg and string_interp? target
         if string? target.last
@@ -346,6 +347,18 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     end
   end
 
+  TEMP_FILE_CLASS = s(:const, :Tempfile)
+
+  def temp_file_open? exp
+    call? exp and
+      exp.target == TEMP_FILE_CLASS and
+      exp.method == :open
+  end
+
+  def temp_file_new line
+    s(:call, TEMP_FILE_CLASS, :new).line(line)
+  end
+
   def process_iter exp
     @exp_context.push exp
     exp[1] = process exp.block_call
@@ -363,6 +376,9 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
         # Iterating over an array of all literal values
         local = Sexp.new(:lvar, block_args.last)
         env.current[local] = safe_literal(exp.line)
+      elsif temp_file_open? call
+        local = Sexp.new(:lvar, block_args.last)
+        env.current[local] = temp_file_new(exp.line)
       else
         block_args.each do |e|
           #Force block arg(s) to be local
@@ -941,7 +957,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     args = exp.args
     exp.pop # remove last arg
     if args.length > 1
-      exp.arglist = args[1..-1]
+      exp.arglist = args.sexp_body
     end
   end
 

data/lib/brakeman/processors/controller_processor.rb

@@ -202,7 +202,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
     end
 
     if node_type? exp.block, :block
-      block_inner = exp.block[1..-1]
+      block_inner = exp.block.sexp_body
     else
       block_inner = [exp.block]
     end

data/lib/brakeman/processors/lib/rails3_config_processor.rb

@@ -57,6 +57,20 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BasicProcessor
     exp
   end
 
+  #Look for configuration settings that
+  #are just a call like
+  #
+  #  config.load_defaults 5.2
+  def process_call exp
+    return exp unless @inside_config
+
+    if exp.target == RAILS_CONFIG and exp.first_arg
+      @tracker.config.rails[exp.method] = exp.first_arg
+    end
+
+    exp
+  end
+
   #Look for configuration settings
   def process_attrasgn exp
     return exp unless @inside_config
@@ -71,22 +85,8 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BasicProcessor
         @tracker.config.rails[attribute] = exp.first_arg
       end
     elsif include_rails_config? exp
-      options = get_rails_config exp
-      level = @tracker.config.rails
-      options[0..-2].each do |o|
-        level[o] ||= {}
-
-        option = level[o]
-
-        if not option.is_a? Hash
-          Brakeman.debug "[Notice] Skipping config setting: #{options.map(&:to_s).join(".")}"
-          return exp
-        end
-
-        level = level[o]
-      end
-
-      level[options.last] = exp.first_arg
+      options_path = get_rails_config exp
+      @tracker.config.set_rails_config(exp.first_arg, *options_path)
     end
 
     exp

data/lib/brakeman/processors/output_processor.rb

@@ -88,7 +88,7 @@ class Brakeman::OutputProcessor < Ruby2Ruby
 
   def process_iter exp
     call = process exp[1]
-    block = process_rlist exp[3..-1]
+    block = process_rlist exp.sexp_body(3)
     out = "#{call} do\n #{block}\n end"
 
     out

data/lib/brakeman/processors/template_alias_processor.rb

@@ -20,6 +20,11 @@ class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor
 
   #Process template
   def process_template name, args, _, line = nil
+    # Strip forward slash from beginning of template path.
+    # This also happens in RenderHelper#process_template but
+    # we need it here too to accurately avoid circular renders below.
+    name = name.to_s.gsub(/^\//, "")
+
     if @called_from
       if @called_from.include_template? name
         Brakeman.debug "Skipping circular render from #{@template.name} to #{name}"

data/lib/brakeman/report/report_base.rb

@@ -11,8 +11,6 @@ class Brakeman::Report::Base
 
   attr_reader :tracker, :checks
 
-  TEXT_CONFIDENCE = Brakeman::Warning::TEXT_CONFIDENCE
-
   def initialize tracker
     @app_tree = tracker.app_tree
     @tracker = tracker

data/lib/brakeman/report/report_csv.rb

@@ -1,72 +1,49 @@
 require 'csv'
-require "brakeman/report/report_table"
 
-class Brakeman::Report::CSV < Brakeman::Report::Table
+class Brakeman::Report::CSV < Brakeman::Report::Base
   def generate_report
-    output = csv_header
-    output << "\nSUMMARY\n"
-
-    output << table_to_csv(generate_overview) << "\n"
-
-    output << table_to_csv(generate_warning_overview) << "\n"
-
-    #Return output early if only summarizing
-    if tracker.options[:summary_only]
-      return output
-    end
-
-    if tracker.options[:report_routes] or tracker.options[:debug]
-      output << "CONTROLLERS\n"
-      output << table_to_csv(generate_controllers) << "\n"
-    end
-
-    if tracker.options[:debug]
-      output << "TEMPLATES\n\n"
-      output << table_to_csv(generate_templates) << "\n"
+    headers = [
+      "Confidence",
+      "Warning Type",
+      "File",
+      "Line",
+      "Message",
+      "Code",
+      "User Input",
+      "Check Name",
+      "Warning Code",
+      "Fingerprint",
+      "Link"
+    ]
+
+    rows = tracker.filtered_warnings.sort_by do |w|
+      [w.confidence, w.warning_type, w.file, w.line, w.fingerprint]
+    end.map do |warning|
+      generate_row(headers, warning)
     end
 
-    res = generate_errors
-    output << "ERRORS\n" << table_to_csv(res) << "\n" if res
-
-    res = generate_warnings
-    output << "SECURITY WARNINGS\n" << table_to_csv(res) << "\n" if res
+    table = CSV::Table.new(rows)
 
-    output << "Controller Warnings\n"
-    res = generate_controller_warnings
-    output << table_to_csv(res) << "\n" if res
-
-    output << "Model Warnings\n"
-    res = generate_model_warnings
-    output << table_to_csv(res) << "\n" if res
-
-    res = generate_template_warnings
-    output << "Template Warnings\n"
-    output << table_to_csv(res) << "\n" if res
-
-    output
+    table.to_csv
   end
 
-  #Generate header for CSV output
-  def csv_header
-    header = CSV.generate_line(["Application Path", "Report Generation Time", "Checks Performed", "Rails Version"])
-    header << CSV.generate_line([File.expand_path(tracker.app_path), Time.now.to_s, checks.checks_run.sort.join(", "), rails_version])
-    "BRAKEMAN REPORT\n\n" + header
+  def generate_row headers, warning
+    CSV::Row.new headers, warning_row(warning)
   end
 
-  # rely on Terminal::Table to build the structure, extract the data out in CSV format
-  def table_to_csv table
-    return "" unless table
-
-    Brakeman.load_brakeman_dependency 'terminal-table'
-    headings = table.headings
-    if headings.is_a? Array
-      headings = headings.first
-    end
-
-    output = CSV.generate_line(headings.cells.map{|cell| cell.to_s.strip})
-    table.rows.each do |row|
-      output << CSV.generate_line(row.cells.map{|cell| cell.to_s.strip})
-    end
-    output
+  def warning_row warning
+    [
+      warning.confidence_name,
+      warning.warning_type,
+      warning_file(warning),
+      warning.line,
+      warning.message,
+      warning.code && warning.format_code(false),
+      warning.user_input && warning.format_user_input(false),
+      warning.check_name,
+      warning.warning_code,
+      warning.fingerprint,
+      warning.link,
+    ]
   end
 end

data/lib/brakeman/report/report_junit.rb

@@ -47,7 +47,7 @@ class Brakeman::Report::JUnit < Brakeman::Report::Base
       warning.add_attribute 'brakeman:file', warning_file(w)
       warning.add_attribute 'brakeman:line', w.line
       warning.add_attribute 'brakeman:fingerprint', w.fingerprint
-      warning.add_attribute 'brakeman:confidence', TEXT_CONFIDENCE[w.confidence]
+      warning.add_attribute 'brakeman:confidence', w.confidence_name 
       warning.add_attribute 'brakeman:code', w.format_code
       warning.add_text w.to_s
     }
@@ -88,7 +88,7 @@ class Brakeman::Report::JUnit < Brakeman::Report::Base
           failure.add_attribute 'brakeman:fingerprint', warning.fingerprint
           failure.add_attribute 'brakeman:file', warning_file(warning)
           failure.add_attribute 'brakeman:line', warning.line
-          failure.add_attribute 'brakeman:confidence', TEXT_CONFIDENCE[warning.confidence]
+          failure.add_attribute 'brakeman:confidence', warning.confidence_name 
           failure.add_attribute 'brakeman:code', warning.format_code
           failure.add_text warning.to_s
         }

data/lib/brakeman/report/report_sarif.rb

@@ -27,7 +27,7 @@ class Brakeman::Report::SARIF < Brakeman::Report::Base
   def rules
     @rules ||= unique_warnings_by_warning_code.map do |warning|
       rule_id = render_id warning
-      check_name = warning.check.gsub(/^Brakeman::Check/, '')
+      check_name = warning.check_name
       check_description = render_message check_descriptions[check_name]
       {
         :id => rule_id,

data/lib/brakeman/report/report_tabs.rb

@@ -10,7 +10,7 @@ class Brakeman::Report::Tabs < Brakeman::Report::Table
       self.send(meth).map do |w|
         line = w.line || 0
         w.warning_type.gsub!(/[^\w\s]/, ' ')
-        "#{(w.file.absolute)}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
+        "#{(w.file.absolute)}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{w.confidence_name}"
       end.join "\n"
 
     end.join "\n"

data/lib/brakeman/report/report_text.rb

@@ -160,7 +160,7 @@ class Brakeman::Report::Text < Brakeman::Report::Base
     when :category
       label('Category', w.warning_type.to_s)
     when :check
-      label('Check', w.check.gsub(/^Brakeman::Check/, ''))
+      label('Check', w.check_name)
     when :message
       label('Message', w.message)
     when :code

data/lib/brakeman/scanner.rb

@@ -25,7 +25,7 @@ class Brakeman::Scanner
 
     if (!@app_tree.root || !@app_tree.exists?("app")) && !options[:force_scan]
       message = "Please supply the path to a Rails application (looking in #{@app_tree.root}).\n" <<
-                "  Use `--force` to run a scan anyway - for example if there are many applications in one directory."
+                "  Use `--force` to run a scan anyway."
 
       raise Brakeman::NoApplication, message
     end
@@ -139,6 +139,8 @@ class Brakeman::Scanner
     if @app_tree.exists? ".ruby-version"
       tracker.config.set_ruby_version @app_tree.file_path(".ruby-version").read
     end
+
+    tracker.config.load_rails_defaults
   end
 
   def process_config_file file

data/lib/brakeman/tracker/config.rb

@@ -149,5 +149,78 @@ module Brakeman
     def session_settings
       @rails.dig(:action_controller, :session)
     end
+
+
+    # Set Rails config option value
+    # where path is an array of attributes, e.g.
+    #
+    #   :action_controller, :perform_caching
+    #
+    # then this will set
+    #
+    #   rails[:action_controller][:perform_caching] = value
+    def set_rails_config value, *path
+      config = self.rails
+
+      path[0..-2].each do |o|
+        config[o] ||= {}
+
+        option = config[o]
+
+        if not option.is_a? Hash
+          Brakeman.debug "[Notice] Skipping config setting: #{path.map(&:to_s).join(".")}"
+          return
+        end
+
+        config = option
+      end
+
+      config[path.last] = value
+    end
+
+    # Load defaults based on config.load_defaults value
+    # as documented here: https://guides.rubyonrails.org/configuring.html#results-of-config-load-defaults
+    def load_rails_defaults
+      return unless number? tracker.config.rails[:load_defaults]
+
+      version = tracker.config.rails[:load_defaults].value
+      true_value = Sexp.new(:true)
+      false_value = Sexp.new(:false)
+
+      if version >= 5.0
+        set_rails_config(true_value, :action_controller, :per_form_csrf_tokens)
+        set_rails_config(true_value, :action_controller, :forgery_protection_origin_check)
+        set_rails_config(true_value, :active_record, :belongs_to_required_by_default)
+        # Note: this may need to be changed, because ssl_options is a Hash
+        set_rails_config(true_value, :ssl_options, :hsts, :subdomains)
+      end
+
+      if version >= 5.1
+        set_rails_config(false_value, :assets, :unknown_asset_fallback)
+        set_rails_config(true_value, :action_view, :form_with_generates_remote_forms)
+      end
+
+      if version >= 5.2
+        set_rails_config(true_value, :active_record, :cache_versioning)
+        set_rails_config(true_value, :action_dispatch, :use_authenticated_cookie_encryption)
+        set_rails_config(true_value, :active_support, :use_authenticated_message_encryption)
+        set_rails_config(true_value, :active_support, :use_sha1_digests)
+        set_rails_config(true_value, :action_controller, :default_protect_from_forgery)
+        set_rails_config(true_value, :action_view, :form_with_generates_ids)
+      end
+
+      if version >= 6.0
+        set_rails_config(Sexp.new(:lit, :zeitwerk), :autoloader)
+        set_rails_config(false_value, :action_view, :default_enforce_utf8)
+        set_rails_config(true_value, :action_dispatch, :use_cookies_with_metadata)
+        set_rails_config(false_value, :action_dispatch, :return_only_media_type_on_content_type)
+        set_rails_config(Sexp.new(:str, 'ActionMailer::MailDeliveryJob'), :action_mailer, :delivery_job)
+        set_rails_config(true_value, :active_job, :return_false_on_aborted_enqueue)
+        set_rails_config(Sexp.new(:lit, :active_storage_analysis), :active_storage, :queues, :analysis)
+        set_rails_config(Sexp.new(:lit, :active_storage_purge), :active_storage, :queues, :purge)
+        set_rails_config(true_value, :active_storage, :replace_on_assign_to_many)
+        set_rails_config(true_value, :active_record, :collection_cache_versioning)
+      end
+    end
   end
 end

data/lib/brakeman/tracker/controller.rb

@@ -125,7 +125,7 @@ module Brakeman
         value = args[-1][2]
         case value.node_type
         when :array
-          filter[option] = value[1..-1].map {|v| v[1] }
+          filter[option] = value.sexp_body.map {|v| v[1] }
         when :lit, :str
           filter[option] = value[1]
         else

data/lib/brakeman/util.rb

@@ -321,7 +321,7 @@ module Brakeman::Util
       if node_type? current, :class
         return true
       elsif sexp? current
-        todo = current[1..-1].concat todo
+        todo = current.sexp_body.concat todo
       end
     end
 
@@ -334,7 +334,7 @@ module Brakeman::Util
     if args.empty? or args.first.empty?
       #nothing to do
     elsif node_type? args.first, :arglist
-      call.concat args.first[1..-1]
+      call.concat args.first.sexp_body
     elsif args.first.node_type.is_a? Sexp #just a list of args
       call.concat args.first
     else

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "5.0.0.pre1"
+  Version = "5.0.0"
 end

data/lib/brakeman/warning.rb

@@ -275,6 +275,14 @@ class Brakeman::Warning
     self.file.relative
   end
 
+  def check_name
+    @check_name ||= self.check.sub(/^Brakeman::Check/, '')
+  end
+
+  def confidence_name
+    TEXT_CONFIDENCE[self.confidence]
+  end
+
   def to_hash absolute_paths: true
     if self.called_from and not absolute_paths
       render_path = self.called_from.with_relative_paths
@@ -285,7 +293,7 @@ class Brakeman::Warning
     { :warning_type => self.warning_type,
       :warning_code => @warning_code,
       :fingerprint => self.fingerprint,
-      :check_name => self.check.gsub(/^Brakeman::Check/, ''),
+      :check_name => self.check_name,
       :message => self.message.to_s,
       :file => (absolute_paths ? self.file.absolute : self.file.relative),
       :line => self.line,
@@ -294,7 +302,7 @@ class Brakeman::Warning
       :render_path => render_path,
       :location => self.location(false),
       :user_input => (@user_input && self.format_user_input(false)),
-      :confidence => TEXT_CONFIDENCE[self.confidence]
+      :confidence => self.confidence_name
     }
   end
 

data/lib/ruby_parser/bm_sexp.rb

@@ -175,7 +175,7 @@ class Sexp
     start_index = 3
 
     if exp.is_a? Sexp and exp.node_type == :arglist
-      exp = exp[1..-1]
+      exp = exp.sexp_body
     end
 
     exp.each_with_index do |e, i|
@@ -198,10 +198,10 @@ class Sexp
 
     case self.node_type
     when :call, :attrasgn, :safe_call, :safe_attrasgn
-      self[3..-1].unshift :arglist
+      self.sexp_body(3).unshift :arglist
     when :super, :zsuper
       if self[1]
-        self[1..-1].unshift :arglist
+        self.sexp_body.unshift :arglist
       else
         Sexp.new(:arglist)
       end
@@ -218,13 +218,13 @@ class Sexp
     case self.node_type
     when :call, :attrasgn, :safe_call, :safe_attrasgn
       if self[3]
-        self[3..-1]
+        self.sexp_body(3)
       else
         Sexp.new
       end
     when :super, :zsuper
       if self[1]
-        self[1..-1]
+        self.sexp_body
       else
         Sexp.new
       end
@@ -512,7 +512,7 @@ class Sexp
     self.slice!(index..-1) #Remove old body
 
     if exp.first == :rlist
-      exp = exp[1..-1]
+      exp = exp.sexp_body
     end
 
     #Insert new body
@@ -529,11 +529,11 @@ class Sexp
 
     case self.node_type
     when :defn, :class
-      self[3..-1]
+      self.sexp_body(3)
     when :defs
-      self[4..-1]
+      self.sexp_body(4)
     when :module
-      self[2..-1]
+      self.sexp_body(2)
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman-min
 version: !ruby/object:Gem::Version
-  version: 5.0.0.pre1
+  version: 5.0.0
 platform: ruby
 authors:
 - Justin Collins
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-18 00:00:00.000000000 Z
+date: 2021-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -349,9 +349,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.1.2
 signing_key: