brakeman 2.4.3 → 2.5.0

data/lib/brakeman/checks/check_symbol_dos.rb

@@ -3,6 +3,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
   Brakeman::Checks.add self
 
+  UNSAFE_METHODS = [:to_sym, :literal_to_sym, :intern, :symbolize_keys, :symbolize_keys!]
+
   @description = "Checks for versions with ActiveRecord symbol denial of service, or code with a similar vulnerability"
 
   def run_check
@@ -26,7 +28,7 @@ class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
         :link => "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ"
     end
 
-    tracker.find_call(:methods => [:to_sym, :literal_to_sym], :nested => true).each do |result|
+    tracker.find_call(:methods => UNSAFE_METHODS, :nested => true).each do |result|
       check_unsafe_symbol_creation(result)
     end
 
@@ -39,10 +41,10 @@ class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
 
     call = result[:call]
 
-    if result[:method] == :to_sym
-      args = [call.target]
-    else
+    if result[:method] == :literal_to_sym
       args = call.select { |e| sexp? e }
+    else
+      args = [call.target]
     end
 
     if input = args.map{ |arg| has_immediate_user_input?(arg) }.compact.first

data/lib/brakeman/options.rb

@@ -142,7 +142,7 @@ module Brakeman::Options
 
         opts.on "-f",
           "--format TYPE",
-          [:pdf, :text, :html, :csv, :tabs, :json],
+          [:pdf, :text, :html, :csv, :tabs, :json, :markdown],
           "Specify output formats. Default is text" do |type|
 
           type = "s" if type == :text
@@ -158,7 +158,7 @@ module Brakeman::Options
         end
 
         opts.on "-I", "--interactive-ignore", "Interactively ignore warnings" do
-          options[:interactive_ignore] = true 
+          options[:interactive_ignore] = true
         end
 
         opts.on "-l", "--[no-]combine-locations", "Combine warning locations (Default)" do |combine|
@@ -198,6 +198,10 @@ module Brakeman::Options
           options[:absolute_paths] = true
         end
 
+        opts.on "--github-repo USER/REPO[/PATH][@REF]", "Output links to GitHub in markdown and HTML reports using specified repo" do |repo|
+          options[:github_repo] = repo
+        end
+
         opts.on "-w",
           "--confidence-level LEVEL",
           ["1", "2", "3"],

data/lib/brakeman/processors/controller_processor.rb

@@ -116,9 +116,9 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
         case method
         when :include
           @controller[:includes] << class_name(first_arg) if @controller
-        when :before_filter, :append_before_filter
+        when :before_filter, :append_before_filter, :before_action, :append_before_action
           @controller[:options][:before_filters] << exp.args
-        when :prepend_before_filter
+        when :prepend_before_filter, :prepend_before_action
           @controller[:options][:before_filters].unshift exp.args
         when :layout
           if string? last_arg
@@ -196,7 +196,8 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
 
   #Look for before_filters and add fake ones if necessary
   def process_iter exp
-    if exp.block_call.method == :before_filter
+    block_call_name = exp.block_call.method
+    if block_call_name == :before_filter  or block_call_name == :before_action
       add_fake_filter exp
     else
       super

data/lib/brakeman/processors/lib/find_all_calls.rb

@@ -106,6 +106,19 @@ class Brakeman::FindAllCalls < Brakeman::BaseProcessor
     exp
   end
 
+  # Process a dynamic regex like a call
+  def process_dregx exp
+    exp.each { |arg| process arg if sexp? arg }
+
+    @calls << { :target => nil,
+                :method => :brakeman_regex_interp,
+                :call => exp,
+                :nested => false,
+                :location => make_location }
+
+    exp
+  end
+
   #Process an assignment like a call
   def process_attrasgn exp
     process_call exp

data/lib/brakeman/processors/lib/rails3_route_processor.rb

@@ -58,7 +58,10 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BaseProcessor
   end
 
   def process_namespace exp
-    name = exp.block_call.first_arg.value
+    arg = exp.block_call.first_arg
+    return exp unless symbol? arg or string? arg 
+
+    name = arg.value
     block = exp.block
 
     @prefix << camelize(name)
@@ -197,6 +200,8 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BaseProcessor
     first_arg = exp.first_arg
     second_arg = exp.second_arg
 
+    return exp unless symbol? first_arg or string? first_arg
+
     if second_arg and second_arg.node_type == :hash
       self.current_controller = first_arg.value
       #handle hash

data/lib/brakeman/processors/output_processor.rb

@@ -1,3 +1,10 @@
+#Temporary fix for https://github.com/seattlerb/ruby_parser/issues/154
+class Regexp
+  [:ENC_NONE, :ENC_EUC, :ENC_SJIS, :ENC_UTF8].each do |enc|
+    remove_const enc if const_defined? enc
+  end
+end
+
 require 'ruby2ruby'
 require 'brakeman/util'
 

data/lib/brakeman/report.rb

@@ -6,7 +6,7 @@ require 'brakeman/report/report_base'
 class Brakeman::Report
   attr_reader :tracker
 
-  VALID_FORMATS = [:to_html, :to_pdf, :to_csv, :to_json, :to_tabs, :to_hash, :to_s]
+  VALID_FORMATS = [:to_html, :to_pdf, :to_csv, :to_json, :to_tabs, :to_hash, :to_s, :to_markdown]
 
   def initialize app_tree, tracker
     @app_tree = app_tree
@@ -29,6 +29,8 @@ class Brakeman::Report
     when :to_hash
       require_report 'hash'
       Brakeman::Report::Hash
+    when :to_markdown
+      return self.to_markdown
     when :to_s
       return self.to_s
     when :to_pdf
@@ -62,6 +64,11 @@ class Brakeman::Report
     generate Brakeman::Report::Table
   end
 
+  def to_markdown
+    require_report 'markdown'
+    generate Brakeman::Report::Markdown
+  end
+
   def generate reporter
     reporter.new(@app_tree, @tracker).generate_report
   end

data/lib/brakeman/report/report_html.rb

@@ -139,7 +139,7 @@ class Brakeman::Report::HTML < Brakeman::Report::Base
       message
     end <<
     "<table id='#{code_id}' class='context' style='display:none'>" <<
-    "<caption>#{warning_file(warning) || ''}</caption>"
+    "<caption>#{CGI.escapeHTML warning_file(warning) || ''}</caption>"
 
     unless context.empty?
       if warning.line - 1 == 1 or warning.line + 1 == 1
@@ -193,6 +193,11 @@ class Brakeman::Report::HTML < Brakeman::Report::Base
   def html_message warning, message
     message = CGI.escapeHTML(message)
 
+    if warning.file
+      github_url = github_url warning.file, warning.line
+      message.gsub!(/(near line \d+)/, "<a href='#{URI.escape github_url, /'/}' target='_blank'>\\1</a>") if github_url
+    end
+
     if @highlight_user_input and warning.user_input
       user_input = CGI.escapeHTML(warning.format_user_input)
       message.gsub!(user_input, "<span class=\"user_input\">#{user_input}</span>")

data/lib/brakeman/report/report_markdown.rb

@@ -0,0 +1,158 @@
+Brakeman.load_brakeman_dependency 'terminal-table'
+
+class Brakeman::Report::Markdown < Brakeman::Report::Base
+
+  class MarkdownTable < Terminal::Table
+
+    def initialize options = {}, &block
+      options[:style] ||= {}
+      options[:style].merge!({
+          :border_x => '-',
+          :border_y => '|',
+          :border_i => '|'
+      })
+      super options, &block
+    end
+
+    def render
+      super.split("\n")[1...-1].join("\n")
+    end
+    alias :to_s :render
+
+  end
+
+  def generate_report
+    out = "# BRAKEMAN REPORT\n\n" <<
+    generate_metadata.to_s << "\n\n" <<
+    generate_checks.to_s << "\n\n" <<
+    "### SUMMARY\n\n" <<
+    generate_overview.to_s << "\n\n" <<
+    generate_warning_overview.to_s << "\n\n"
+
+    #Return output early if only summarizing
+    return out if tracker.options[:summary_only]
+
+    if tracker.options[:report_routes] or tracker.options[:debug]
+      out << "### CONTROLLERS"  << "\n\n" <<
+      generate_controllers.to_s << "\n\n"
+    end
+
+    if tracker.options[:debug]
+      out << "### TEMPLATES\n\n" <<
+      generate_templates.to_s << "\n\n"
+    end
+
+    res = generate_errors
+    out << "### Errors\n\n" << res.to_s << "\n\n" if res
+
+    res = generate_warnings
+    out << "### SECURITY WARNINGS\n\n" << res.to_s << "\n\n" if res
+
+    res = generate_controller_warnings
+    out << "### Controller Warnings:\n\n" << res.to_s << "\n\n" if res
+
+    res = generate_model_warnings
+    out << "### Model Warnings:\n\n" << res.to_s << "\n\n" if res
+
+    res = generate_template_warnings
+    out << "### View Warnings:\n\n" << res.to_s << "\n\n" if res
+
+    out
+  end
+
+  def generate_metadata
+    MarkdownTable.new(
+      :headings =>
+        ['Application path', 'Rails version', 'Brakeman version', 'Started at', 'Duration']
+    ) do |t|
+      t.add_row([
+        File.expand_path(tracker.options[:app_path]),
+        rails_version,
+        Brakeman::Version,
+        tracker.start_time,
+        "#{tracker.duration} seconds",
+      ])
+    end
+  end
+
+  def generate_checks
+    MarkdownTable.new(:headings => ['Checks performed']) do |t|
+      t.add_row([checks.checks_run.sort.join(", ")])
+    end
+  end
+
+  def generate_overview
+    num_warnings = all_warnings.length
+
+    MarkdownTable.new(:headings => ['Scanned/Reported', 'Total']) do |t|
+      t.add_row ['Controllers', tracker.controllers.length]
+      t.add_row ['Models', tracker.models.length - 1]
+      t.add_row ['Templates', number_of_templates(@tracker)]
+      t.add_row ['Errors', tracker.errors.length]
+      t.add_row ['Security Warnings', "#{num_warnings} (#{warnings_summary[:high_confidence]})"]
+      t.add_row ['Ignored Warnings', ignored_warnings.length] unless ignored_warnings.empty?
+    end
+  end
+
+  #Generate listings of templates and their output
+  def generate_templates
+    out_processor = Brakeman::OutputProcessor.new
+    template_rows = {}
+    tracker.templates.each do |name, template|
+      unless template[:outputs].empty?
+        template[:outputs].each do |out|
+          out = out_processor.format out
+          template_rows[name] ||= []
+          template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
+        end
+      end
+    end
+
+    template_rows = template_rows.sort_by{|name, value| name.to_s}
+
+    output = ''
+    template_rows.each do |template|
+      output << template.first.to_s << "\n\n"
+      table = MarkdownTable.new(:headings => ['Output']) do |t|
+        # template[1] is an array of calls
+        template[1].each do |v|
+          t.add_row [v]
+        end
+      end
+
+      output << table.to_s << "\n\n"
+    end
+
+    output
+  end
+
+  def render_array template, headings, value_array, locals
+    return if value_array.empty?
+
+    MarkdownTable.new(:headings => headings) do |t|
+      value_array.each { |value_row| t.add_row value_row }
+    end
+  end
+
+  def convert_warning warning, original
+    warning["Confidence"] = TEXT_CONFIDENCE[warning["Confidence"]]
+    warning["Message"] = markdown_message original, warning["Message"]
+    warning["Warning Type"] = "[#{warning['Warning Type']}](#{original.link})" if original.link
+    warning
+  end
+
+  # Escape and code format warning message
+  def markdown_message warning, message
+    if warning.file
+      github_url = github_url warning.file, warning.line
+      message.gsub!(/(near line \d+)/, "[\\1](#{github_url})") if github_url
+    end
+    if warning.code
+      code = warning.format_code
+      message.gsub(code, "`#{code.gsub('`','``').gsub(/\A``|``\z/, '` `')}`")
+    else
+      message
+    end
+  end
+
+end

data/lib/brakeman/util.rb

@@ -383,6 +383,15 @@ module Brakeman::Util
     end
   end
 
+  def github_url file, line=nil
+    if repo_url = @tracker.options[:github_url] and file and not file.empty? and file.start_with? '/'
+      url = "#{repo_url}/#{relative_path(file)}"
+      url << "#L#{line}" if line
+    else
+      nil
+    end
+  end
+
   def truncate_table str
     @terminal_width ||= if @tracker.options[:table_width]
                           @tracker.options[:table_width]

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "2.4.3"
+  Version = "2.5.0"
 end

data/lib/brakeman/warning_codes.rb

@@ -76,6 +76,7 @@ module Brakeman::WarningCodes
     :CVE_2014_0081 => 73,
     :CVE_2014_0081_call => 74,
     :CVE_2014_0082 => 75,
+    :regex_dos => 76
   }
 
   def self.code name

metadata

@@ -1,228 +1,212 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: brakeman
-version: !ruby/object:Gem::Version 
-  hash: 25
-  prerelease: 
-  segments: 
-  - 2
-  - 4
-  - 3
-  version: 2.4.3
+version: !ruby/object:Gem::Version
+  version: 2.5.0
 platform: ruby
-authors: 
+authors:
 - Justin Collins
 autorequire: 
 bindir: bin
-cert_chain: 
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIDLjCCAhagAwIBAgIBADANBgkqhkiG9w0BAQUFADA9MQwwCgYDVQQDDANnZW0x
-  GDAWBgoJkiaJk/IsZAEZFghicmFrZW1hbjETMBEGCgmSJomT8ixkARkWA29yZzAe
-  Fw0xMzEyMTIwMDMxNTdaFw0xNDEyMTIwMDMxNTdaMD0xDDAKBgNVBAMMA2dlbTEY
-  MBYGCgmSJomT8ixkARkWCGJyYWtlbWFuMRMwEQYKCZImiZPyLGQBGRYDb3JnMIIB
-  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCHmXCaAcZ4bVjijKoyQFx4N
-  dyN7B7bqY8wOXy6f/UZ6mdC8IRAj82KaWQjNE2LT/ObFUWpCRyLdrwjkDjdFDyOT
-  mZCZkiOeEy2ZxYGfxXMI/xg24c8r5Xmh16ErsYuprRcg+/KZ6s4UjseBNTARmBK4
-  IHcqIdnoWbYa3BWHoflJPaJUIaU+/yTclzFQHpswU7ka8ftIAWeoDQo22gasP/4N
-  HtJvAIyg1DcWPLcn0qbZmdehg8HZv8C+2MuLKX/2qZG9eseegMqMlHHabwwEy9Vv
-  f/t/+ltLjC0CRa2TqZ2EuQ5EEzbOsqAftaZJFmwv9Ut1UhjmdvR5RfN6dWMQ5QID
-  AQABozkwNzALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFPyEKeRy09i8qSr+9KFbeTqw
-  kMCSMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBALEk8/Wnl2VAqchxWlbg
-  RN0MkVUWMf8L0xxUiVKo5QeL4NBViALMBrU6IS4y6zyn+FoULAMEawUjZlZf4Hcg
-  S9unev3p+RTWUyksAnA27wHZs/NRIkW34s1ZI5NNE/xyu4ULOQjfh1wOjlWzyHu9
-  0t41/CtpgNPM2uAjG3RIqlp7QKXlby50cQqWJQCgTH3JNjMhmROEhTsI6COoApvd
-  Ce7Br39yjeoarvekq0wCXBYakUBw/DdZCG7mFZ6xgh01eqnZUsNd8vM+6V6v23Vu
-  jk2tMjFT4L1dA3MEsz3+MP144PDhPCh7tPe6yy81BOvyYTVkKzrAkgKwHD1CuvsH
-  bdw=
-  -----END CERTIFICATE-----
-
-date: 2014-03-23 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+cert_chain:
+- !binary |-
+  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhhZ0F3SUJB
+  Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREE5TVF3d0NnWURWUVFEREFOblpX
+  MHgKR0RBV0Jnb0praWFKay9Jc1pBRVpGZ2hpY21GclpXMWhiakVUTUJFR0Nn
+  bVNKb21UOGl4a0FSa1dBMjl5WnpBZQpGdzB4TXpFeU1USXdNRE14TlRkYUZ3
+  MHhOREV5TVRJd01ETXhOVGRhTUQweEREQUtCZ05WQkFNTUEyZGxiVEVZCk1C
+  WUdDZ21TSm9tVDhpeGtBUmtXQ0dKeVlXdGxiV0Z1TVJNd0VRWUtDWkltaVpQ
+  eUxHUUJHUllEYjNKbk1JSUIKSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4
+  QU1JSUJDZ0tDQVFFQXhDSG1YQ2FBY1o0YlZqaWpLb3lRRng0TgpkeU43Qjdi
+  cVk4d09YeTZmL1VaNm1kQzhJUkFqODJLYVdRak5FMkxUL09iRlVXcENSeUxk
+  cndqa0RqZEZEeU9UCm1aQ1praU9lRXkyWnhZR2Z4WE1JL3hnMjRjOHI1WG1o
+  MTZFcnNZdXByUmNnKy9LWjZzNFVqc2VCTlRBUm1CSzQKSUhjcUlkbm9XYllh
+  M0JXSG9mbEpQYUpVSWFVKy95VGNsekZRSHBzd1U3a2E4ZnRJQVdlb0RRbzIy
+  Z2FzUC80TgpIdEp2QUl5ZzFEY1dQTGNuMHFiWm1kZWhnOEhadjhDKzJNdUxL
+  WC8ycVpHOWVzZWVnTXFNbEhIYWJ3d0V5OVZ2CmYvdC8rbHRMakMwQ1JhMlRx
+  WjJFdVE1RUV6Yk9zcUFmdGFaSkZtd3Y5VXQxVWhqbWR2UjVSZk42ZFdNUTVR
+  SUQKQVFBQm96a3dOekFMQmdOVkhROEVCQU1DQkxBd0hRWURWUjBPQkJZRUZQ
+  eUVLZVJ5MDlpOHFTcis5S0ZiZVRxdwprTUNTTUFrR0ExVWRFd1FDTUFBd0RR
+  WUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFMRWs4L1dubDJWQXFjaHhXbGJnClJO
+  ME1rVlVXTWY4TDB4eFVpVktvNVFlTDROQlZpQUxNQnJVNklTNHk2enluK0Zv
+  VUxBTUVhd1VqWmxaZjRIY2cKUzl1bmV2M3ArUlRXVXlrc0FuQTI3d0hacy9O
+  UklrVzM0czFaSTVOTkUveHl1NFVMT1FqZmgxd09qbFd6eUh1OQowdDQxL0N0
+  cGdOUE0ydUFqRzNSSXFscDdRS1hsYnk1MGNRcVdKUUNnVEgzSk5qTWhtUk9F
+  aFRzSTZDT29BcHZkCkNlN0JyMzl5amVvYXJ2ZWtxMHdDWEJZYWtVQncvRGRa
+  Q0c3bUZaNnhnaDAxZXFuWlVzTmQ4dk0rNlY2djIzVnUKamsydE1qRlQ0TDFk
+  QTNNRXN6MytNUDE0NFBEaFBDaDd0UGU2eXk4MUJPdnlZVFZrS3pyQWtnS3dI
+  RDFDdXZzSApiZHc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+date: 2014-04-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: ruby_parser
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 3
-        - 4
-        - 0
+      - !ruby/object:Gem::Version
         version: 3.4.0
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: ruby2ruby
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+- !ruby/object:Gem::Dependency
+  name: ruby2ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 2
-        - 0
-        - 5
+      - !ruby/object:Gem::Version
         version: 2.0.5
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: terminal-table
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 1
-        - 4
-        version: "1.4"
+      - !ruby/object:Gem::Version
+        version: 2.0.5
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.4'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: fastercsv
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: fastercsv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 1
-        - 5
-        version: "1.5"
+      - !ruby/object:Gem::Version
+        version: '1.5'
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: highline
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 39
-        segments: 
-        - 1
-        - 6
-        - 20
+      - !ruby/object:Gem::Version
         version: 1.6.20
   type: :runtime
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: erubis
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 2
-        - 6
-        version: "2.6"
+      - !ruby/object:Gem::Version
+        version: 1.6.20
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.6'
   type: :runtime
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: haml
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: haml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
     - - <
-      - !ruby/object:Gem::Version 
-        hash: 31
-        segments: 
-        - 5
-        - 0
-        version: "5.0"
+      - !ruby/object:Gem::Version
+        version: '5.0'
   type: :runtime
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: sass
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - <
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: sass
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency 
-  name: slim
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 3
-        - 6
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: slim
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.3.6
     - - <
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency 
-  name: multi_json
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+    - - <
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id010
-description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+description: Brakeman detects security vulnerabilities in Ruby on Rails applications
+  via static analysis.
 email: gem@brakeman.org
-executables: 
+executables:
 - brakeman
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
-- bin/brakeman
+files:
 - CHANGES
-- WARNING_TYPES
 - FEATURES
 - README.md
+- WARNING_TYPES
+- bin/brakeman
+- lib/brakeman.rb
 - lib/brakeman/app_tree.rb
 - lib/brakeman/brakeman.rake
 - lib/brakeman/call_index.rb
+- lib/brakeman/checks.rb
 - lib/brakeman/checks/base_check.rb
 - lib/brakeman/checks/check_basic_auth.rb
 - lib/brakeman/checks/check_content_tag.rb
@@ -252,6 +236,7 @@ files:
 - lib/brakeman/checks/check_number_to_currency.rb
 - lib/brakeman/checks/check_quote_table_name.rb
 - lib/brakeman/checks/check_redirect.rb
+- lib/brakeman/checks/check_regex_dos.rb
 - lib/brakeman/checks/check_render.rb
 - lib/brakeman/checks/check_render_dos.rb
 - lib/brakeman/checks/check_response_splitting.rb
@@ -266,6 +251,7 @@ files:
 - lib/brakeman/checks/check_single_quotes.rb
 - lib/brakeman/checks/check_skip_before_filter.rb
 - lib/brakeman/checks/check_sql.rb
+- lib/brakeman/checks/check_sql_cves.rb
 - lib/brakeman/checks/check_ssl_verify.rb
 - lib/brakeman/checks/check_strip_tags.rb
 - lib/brakeman/checks/check_symbol_dos.rb
@@ -274,7 +260,6 @@ files:
 - lib/brakeman/checks/check_validation_regex.rb
 - lib/brakeman/checks/check_without_protection.rb
 - lib/brakeman/checks/check_yaml_parsing.rb
-- lib/brakeman/checks.rb
 - lib/brakeman/differ.rb
 - lib/brakeman/format/style.css
 - lib/brakeman/options.rb
@@ -308,6 +293,7 @@ files:
 - lib/brakeman/processors/slim_template_processor.rb
 - lib/brakeman/processors/template_alias_processor.rb
 - lib/brakeman/processors/template_processor.rb
+- lib/brakeman/report.rb
 - lib/brakeman/report/ignore/config.rb
 - lib/brakeman/report/ignore/interactive.rb
 - lib/brakeman/report/initializers/faster_csv.rb
@@ -318,6 +304,7 @@ files:
 - lib/brakeman/report/report_hash.rb
 - lib/brakeman/report/report_html.rb
 - lib/brakeman/report/report_json.rb
+- lib/brakeman/report/report_markdown.rb
 - lib/brakeman/report/report_table.rb
 - lib/brakeman/report/report_tabs.rb
 - lib/brakeman/report/templates/controller_overview.html.erb
@@ -331,7 +318,6 @@ files:
 - lib/brakeman/report/templates/template_overview.html.erb
 - lib/brakeman/report/templates/view_warnings.html.erb
 - lib/brakeman/report/templates/warning_overview.html.erb
-- lib/brakeman/report.rb
 - lib/brakeman/rescanner.rb
 - lib/brakeman/scanner.rb
 - lib/brakeman/tracker.rb
@@ -339,41 +325,30 @@ files:
 - lib/brakeman/version.rb
 - lib/brakeman/warning.rb
 - lib/brakeman/warning_codes.rb
-- lib/brakeman.rb
 - lib/ruby_parser/bm_sexp.rb
 - lib/ruby_parser/bm_sexp_processor.rb
 homepage: http://brakemanscanner.org
-licenses: 
+licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.8.15
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Security vulnerability scanner for Ruby on Rails.
 test_files: []
-