brakeman 3.5.0 → 3.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (156) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES +15 -4
  3. data/bin/brakeman +6 -1
  4. data/bundle/load.rb +2 -2
  5. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/Manifest.txt +5 -0
  6. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/README.rdoc +12 -0
  7. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/Rakefile +127 -70
  8. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/compare/normalize.rb +146 -0
  9. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/rp_extensions.rb +77 -0
  10. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/rp_stringscanner.rb +64 -0
  11. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby18_parser.rb +1637 -1646
  12. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby18_parser.y +11 -11
  13. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby19_parser.rb +1602 -1603
  14. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby19_parser.y +12 -12
  15. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby20_parser.rb +2507 -2524
  16. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby20_parser.y +12 -26
  17. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby21_parser.rb +1872 -1868
  18. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby21_parser.y +12 -21
  19. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby22_parser.rb +1758 -1754
  20. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby22_parser.y +12 -21
  21. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby23_parser.rb +1844 -1847
  22. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby23_parser.y +12 -21
  23. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby24_parser.rb +6790 -0
  24. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby24_parser.y +2364 -0
  25. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby_lexer.rb +12 -16
  26. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby_lexer.rex.rb +6 -12
  27. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby_parser.rb +86 -7
  28. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby_parser.yy +51 -50
  29. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby_parser_extras.rb +30 -237
  30. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/test/test_ruby_lexer.rb +54 -41
  31. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/test/test_ruby_parser.rb +775 -700
  32. data/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/test/test_ruby_parser_extras.rb +4 -6
  33. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/History.txt +7 -0
  34. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/Manifest.txt +0 -0
  35. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/README.txt +0 -0
  36. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/Rakefile +0 -0
  37. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/lib/composite_sexp_processor.rb +0 -0
  38. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/lib/pt_testcase.rb +3 -1
  39. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/lib/sexp.rb +7 -0
  40. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/lib/sexp_processor.rb +7 -5
  41. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/lib/unique.rb +0 -0
  42. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/test/test_composite_sexp_processor.rb +0 -0
  43. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/test/test_environment.rb +0 -0
  44. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/test/test_sexp.rb +21 -2
  45. data/bundle/ruby/2.3.0/gems/{sexp_processor-4.7.0 → sexp_processor-4.8.0}/test/test_sexp_processor.rb +13 -0
  46. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/CHANGELOG.md +4 -0
  47. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/COPYING +0 -0
  48. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/Gemfile +1 -1
  49. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/HACKING +0 -0
  50. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/README.md +0 -0
  51. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/Rakefile +0 -0
  52. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/bin/tilt +0 -0
  53. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/docs/TEMPLATES.md +0 -0
  54. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/docs/common.css +0 -0
  55. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt.rb +1 -1
  56. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/asciidoc.rb +0 -0
  57. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/babel.rb +0 -0
  58. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/bluecloth.rb +0 -0
  59. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/builder.rb +0 -0
  60. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/coffee.rb +0 -0
  61. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/commonmarker.rb +0 -0
  62. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/creole.rb +0 -0
  63. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/csv.rb +0 -0
  64. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/dummy.rb +0 -0
  65. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/erb.rb +0 -0
  66. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/erubi.rb +0 -0
  67. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/erubis.rb +0 -0
  68. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/etanni.rb +0 -0
  69. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/haml.rb +0 -0
  70. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/kramdown.rb +0 -0
  71. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/less.rb +0 -0
  72. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/liquid.rb +0 -0
  73. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/livescript.rb +0 -0
  74. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/mapping.rb +0 -0
  75. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/markaby.rb +0 -0
  76. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/maruku.rb +0 -0
  77. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/nokogiri.rb +0 -0
  78. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/pandoc.rb +0 -0
  79. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/plain.rb +0 -0
  80. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/prawn.rb +0 -0
  81. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/radius.rb +0 -0
  82. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/rdiscount.rb +0 -0
  83. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/rdoc.rb +0 -0
  84. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/redcarpet.rb +0 -0
  85. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/redcloth.rb +0 -0
  86. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/rst-pandoc.rb +0 -0
  87. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/sass.rb +0 -0
  88. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/sigil.rb +0 -0
  89. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/string.rb +0 -0
  90. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/template.rb +10 -1
  91. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/typescript.rb +0 -0
  92. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/wikicloth.rb +0 -0
  93. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/lib/tilt/yajl.rb +0 -0
  94. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/man/index.txt +0 -0
  95. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/man/tilt.1.ronn +0 -0
  96. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/markaby/locals.mab +0 -0
  97. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/markaby/markaby.mab +0 -0
  98. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/markaby/markaby_other_static.mab +0 -0
  99. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/markaby/render_twice.mab +0 -0
  100. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/markaby/scope.mab +0 -0
  101. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/markaby/yielding.mab +0 -0
  102. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/mytemplate.rb +0 -0
  103. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/test_helper.rb +0 -0
  104. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_asciidoctor_test.rb +0 -0
  105. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_babeltemplate.rb +0 -0
  106. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_blueclothtemplate_test.rb +0 -0
  107. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_buildertemplate_test.rb +0 -0
  108. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_cache_test.rb +0 -0
  109. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_coffeescripttemplate_test.rb +0 -0
  110. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_commonmarkertemplate_test.rb +0 -0
  111. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_compilesite_test.rb +0 -0
  112. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_creoletemplate_test.rb +0 -0
  113. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_csv_test.rb +0 -0
  114. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_erbtemplate_test.rb +0 -0
  115. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_erubistemplate_test.rb +0 -0
  116. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_erubitemplate_test.rb +0 -0
  117. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_etannitemplate_test.rb +0 -0
  118. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_hamltemplate_test.rb +0 -0
  119. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_kramdown_test.rb +0 -0
  120. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_lesstemplate_test.less +0 -0
  121. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_lesstemplate_test.rb +0 -0
  122. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_liquidtemplate_test.rb +0 -0
  123. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_livescripttemplate_test.rb +0 -0
  124. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_mapping_test.rb +0 -0
  125. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_markaby_test.rb +0 -0
  126. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_markdown_test.rb +0 -0
  127. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_marukutemplate_test.rb +0 -0
  128. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_metadata_test.rb +0 -0
  129. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_nokogiritemplate_test.rb +0 -0
  130. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_pandoctemplate_test.rb +0 -0
  131. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_prawntemplate.prawn +0 -0
  132. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_prawntemplate_test.rb +0 -0
  133. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_radiustemplate_test.rb +0 -0
  134. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_rdiscounttemplate_test.rb +0 -0
  135. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_rdoctemplate_test.rb +0 -0
  136. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_redcarpettemplate_test.rb +0 -0
  137. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_redclothtemplate_test.rb +0 -0
  138. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_rstpandoctemplate_test.rb +0 -0
  139. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_sasstemplate_test.rb +0 -0
  140. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_sigil_test.rb +0 -0
  141. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_stringtemplate_test.rb +0 -0
  142. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_template_test.rb +0 -0
  143. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_test.rb +0 -0
  144. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_typescript_test.rb +0 -0
  145. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_wikiclothtemplate_test.rb +0 -0
  146. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/test/tilt_yajltemplate_test.rb +0 -0
  147. data/bundle/ruby/2.3.0/gems/{tilt-2.0.6 → tilt-2.0.7}/tilt.gemspec +2 -2
  148. data/lib/brakeman.rb +4 -0
  149. data/lib/brakeman/checks/check_sql.rb +2 -2
  150. data/lib/brakeman/checks/check_xml_dos.rb +0 -6
  151. data/lib/brakeman/options.rb +4 -0
  152. data/lib/brakeman/parsers/rails3_erubis.rb +7 -0
  153. data/lib/brakeman/processors/alias_processor.rb +101 -0
  154. data/lib/brakeman/processors/controller_processor.rb +3 -1
  155. data/lib/brakeman/version.rb +1 -1
  156. metadata +125 -118
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9c676c07132a5e5df3d4cf679ecc55ee25d27f8f
4
- data.tar.gz: 637b645d451d50af8b7538962dfd807b6c8e71ef
3
+ metadata.gz: c832b4e3f033e2c7c2c73069ac1a84e3099b4d7f
4
+ data.tar.gz: 9e476ed98544b16559d8d141ac271a43eff9d217
5
5
  SHA512:
6
- metadata.gz: cdcdfec84f0d1de46bb4b15ca356107eb64252b00462dc38a123582dacb528ed05a5d1097958ff49700be1b6ab41cfe952a59835840e924b9430c225d14ffa2d
7
- data.tar.gz: 40ee357bdc5b71bac031cdc694819be263e79b21855f632aa1f8183e7d9276b1197fe9e6f928a67b3f4ba9535c8f4492dd7ff11af7fd2cf9a47442238b468290
6
+ metadata.gz: 204fc41adbb75f0f0f67f2a0d888c72e188cd907a2a3a4f11ecafefd690c150163d7271313e2eb6c08d9f68db15655d5412a7633e61270ad6e16b5c3b509008d
7
+ data.tar.gz: b81536ff00f0b5665069aa8528f6f77ef3b20bc1027fb213b6fb386c2376958b21745bbca49102af865cb6b72d95d754798f0ed330c66cc5def6898e54ed8132
data/CHANGES CHANGED
@@ -1,3 +1,14 @@
1
+ # 3.6.0
2
+
3
+ * Avoid recursive Concerns
4
+ * Branch inside of `case` expressions
5
+ * Print command line option errors without modification
6
+ * Fix issue with nested interpolation inside SQL strings
7
+ * Ignore GraphQL tags inside ERB templates
8
+ * Add `--exit-on-error` (Michael Grosser)
9
+ * Only report CVE-2015-3227 when exact version is known
10
+ * Check targetless SQL calls outside of known models
11
+
1
12
  # 3.5.0
2
13
 
3
14
  * Allow `-t None`
@@ -102,7 +113,7 @@
102
113
  * Update ruby_parser dependency to 3.8.1
103
114
  * Remove `fastercsv` dependency
104
115
  * Fix finding calls with `targets: nil`
105
- * Remove `multi_json` dependecy
116
+ * Remove `multi_json` dependency
106
117
  * Handle CoffeeScript in HAML
107
118
  * Avoid render warnings about params[:action]/params[:controller]
108
119
  * Index calls in class bodies but outside methods
@@ -118,7 +129,7 @@
118
129
  * Add check for mime-type denial of service (CVE-2016-0751)
119
130
  * Add check for basic auth timing attack (CVE-2015-7576)
120
131
  * Add initial Rails 5 support
121
- * Check for implict integer comparison in dynamic finders
132
+ * Check for implicit integer comparison in dynamic finders
122
133
  * Support directories better in --only-files and --skip-files (Patrick Toomey)
123
134
  * Avoid warning about `permit` in SQL
124
135
  * Handle guards using `detect`
@@ -235,7 +246,7 @@
235
246
  * Remove formatting newlines in HAML template output
236
247
  * Ignore case value in XSS checks
237
248
  * Fix CSV output when there are no warnings
238
- * Handle processing of explictly shadowed block arguments
249
+ * Handle processing of explicitly shadowed block arguments
239
250
 
240
251
  # 3.0.1
241
252
 
@@ -285,7 +296,7 @@
285
296
  * Add `-4` option to force Rails 4 mode
286
297
  * Check entire call for `send`
287
298
  * Check for .gitignore of secrets in subdirectories
288
- * Fix block statment endings in Erubis
299
+ * Fix block statement endings in Erubis
289
300
  * Fix undefined variable in controller processing error (Jason Barnabe)
290
301
 
291
302
  # 2.6.1
@@ -10,7 +10,7 @@ require 'brakeman/version'
10
10
  begin
11
11
  options, parser = Brakeman::Options.parse! ARGV
12
12
  rescue OptionParser::ParseError => e
13
- $stderr.puts e.message.capitalize
13
+ $stderr.puts e.message
14
14
  $stderr.puts "Please see `brakeman --help` for valid options"
15
15
  exit(-1)
16
16
  end
@@ -90,6 +90,11 @@ begin
90
90
  exit Brakeman::Warnings_Found_Exit_Code
91
91
  end
92
92
  end
93
+
94
+ #Return error code if --exit-on-error is used and errors were found
95
+ if tracker.options[:exit_on_error] and tracker.errors.any?
96
+ exit Brakeman::Errors_Found_Exit_Code
97
+ end
93
98
  rescue Brakeman::NoApplication => e
94
99
  warn e.message
95
100
  exit Brakeman::No_App_Found_Exit_Code
@@ -1,4 +1,5 @@
1
1
  path = File.expand_path('../..', __FILE__)
2
+ $:.unshift "#{path}/bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/lib"
2
3
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/sass-3.4.23/lib"
3
4
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/sass-3.4.23/vendor/listen/lib"
4
5
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/haml-4.0.7/lib"
@@ -6,8 +7,7 @@ $:.unshift "#{path}/bundle/ruby/2.3.0/gems/highline-1.7.8/lib"
6
7
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/terminal-table-1.7.3/lib"
7
8
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/temple-0.7.7/lib"
8
9
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/ruby2ruby-2.3.2/lib"
9
- $:.unshift "#{path}/bundle/ruby/2.3.0/gems/tilt-2.0.6/lib"
10
- $:.unshift "#{path}/bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/lib"
10
+ $:.unshift "#{path}/bundle/ruby/2.3.0/gems/tilt-2.0.7/lib"
11
11
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/slim-3.0.7/lib"
12
12
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib"
13
13
  $:.unshift "#{path}/bundle/ruby/2.3.0/gems/unicode-display_width-1.1.3/lib"
@@ -5,7 +5,10 @@ README.rdoc
5
5
  Rakefile
6
6
  bin/ruby_parse
7
7
  bin/ruby_parse_extract_error
8
+ compare/normalize.rb
8
9
  lib/.document
10
+ lib/rp_extensions.rb
11
+ lib/rp_stringscanner.rb
9
12
  lib/ruby18_parser.rb
10
13
  lib/ruby18_parser.y
11
14
  lib/ruby19_parser.rb
@@ -18,6 +21,8 @@ lib/ruby22_parser.rb
18
21
  lib/ruby22_parser.y
19
22
  lib/ruby23_parser.rb
20
23
  lib/ruby23_parser.y
24
+ lib/ruby24_parser.rb
25
+ lib/ruby24_parser.y
21
26
  lib/ruby_lexer.rb
22
27
  lib/ruby_lexer.rex
23
28
  lib/ruby_lexer.rex.rb
@@ -57,6 +57,18 @@ You can also use Ruby19Parser, Ruby18Parser, or RubyParser.for_current_ruby:
57
57
  RubyParser.for_current_ruby.parse "1+1"
58
58
  # => s(:call, s(:lit, 1), :+, s(:lit, 1))
59
59
 
60
+ == DEVELOPER NOTES:
61
+
62
+ To add a new version:
63
+
64
+ * New parser should be generated from lib/ruby_parser.yy.
65
+ * Extend lib/ruby_parser.yy with new class name.
66
+ * Add new version number to Rakefile for rule creation.
67
+ * Require generated parser in lib/ruby_parser.rb.
68
+ * Add empty TestRubyParserShared##Plus module and TestRubyParserV## to test/test_ruby_parser.rb.
69
+ * Extend Manifest.txt with generated file names.
70
+ * Extend sexp_processor's pt_testcase.rb to match version
71
+
60
72
  == REQUIREMENTS:
61
73
 
62
74
  * ruby. woot.
@@ -14,6 +14,10 @@ Hoe.add_include_dirs "../../sexp_processor/dev/lib"
14
14
  Hoe.add_include_dirs "../../minitest/dev/lib"
15
15
  Hoe.add_include_dirs "../../oedipus_lex/dev/lib"
16
16
 
17
+ V1 = %w[18 19]
18
+ V2 = %w[20 21 22 23 24]
19
+ V1_2 = V1 + V2
20
+
17
21
  Hoe.spec "ruby_parser" do
18
22
  developer "Ryan Davis", "ryand-ruby@zenspider.com"
19
23
 
@@ -24,45 +28,33 @@ Hoe.spec "ruby_parser" do
24
28
  dependency "oedipus_lex", "~> 2.1", :developer
25
29
 
26
30
  if plugin? :perforce then # generated files
27
- self.perforce_ignore << "lib/ruby18_parser.rb"
28
- self.perforce_ignore << "lib/ruby19_parser.rb"
29
- self.perforce_ignore << "lib/ruby20_parser.rb"
30
- self.perforce_ignore << "lib/ruby20_parser.y"
31
- self.perforce_ignore << "lib/ruby21_parser.rb"
32
- self.perforce_ignore << "lib/ruby21_parser.y"
33
- self.perforce_ignore << "lib/ruby22_parser.rb"
34
- self.perforce_ignore << "lib/ruby22_parser.y"
35
- self.perforce_ignore << "lib/ruby23_parser.rb"
36
- self.perforce_ignore << "lib/ruby23_parser.y"
37
- self.perforce_ignore << "lib/ruby_lexer.rex.rb"
38
- end
31
+ V1_2.each do |n|
32
+ self.perforce_ignore << "lib/ruby#{n}_parser.rb"
33
+ end
39
34
 
40
- self.racc_flags << " -t" if plugin?(:racc) && ENV["DEBUG"]
41
- end
42
-
43
- file "lib/ruby20_parser.y" => "lib/ruby_parser.yy" do |t|
44
- sh "unifdef -tk -DRUBY20 -URUBY21 -URUBY22 -URUBY23 -UDEAD #{t.source} > #{t.name} || true"
45
- end
35
+ V2.each do |n|
36
+ self.perforce_ignore << "lib/ruby#{n}_parser.y"
37
+ end
38
+ end
46
39
 
47
- file "lib/ruby21_parser.y" => "lib/ruby_parser.yy" do |t|
48
- sh "unifdef -tk -URUBY20 -DRUBY21 -URUBY22 -URUBY23 -UDEAD #{t.source} > #{t.name} || true"
40
+ if plugin?(:racc)
41
+ self.racc_flags << " -t" if ENV["DEBUG"]
42
+ self.racc_flags << " --superclass RubyParser::Parser"
43
+ # self.racc_flags << " --runtime ruby_parser" # TODO: broken in racc
44
+ end
49
45
  end
50
46
 
51
- file "lib/ruby22_parser.y" => "lib/ruby_parser.yy" do |t|
52
- sh "unifdef -tk -URUBY20 -URUBY21 -DRUBY22 -URUBY23 -UDEAD #{t.source} > #{t.name} || true"
47
+ V2.each do |n|
48
+ file "lib/ruby#{n}_parser.y" => "lib/ruby_parser.yy" do |t|
49
+ cmd = 'unifdef -tk -DV=%s -UDEAD %s > %s || true' % [n, t.source, t.name]
50
+ sh cmd
51
+ end
53
52
  end
54
53
 
55
- file "lib/ruby23_parser.y" => "lib/ruby_parser.yy" do |t|
56
- sh "unifdef -tk -URUBY20 -URUBY21 -URUBY22 -DRUBY23 -UDEAD #{t.source} > #{t.name} || true"
54
+ V1_2.each do |n|
55
+ file "lib/ruby#{n}_parser.rb" => "lib/ruby#{n}_parser.y"
57
56
  end
58
57
 
59
-
60
- file "lib/ruby18_parser.rb" => "lib/ruby18_parser.y"
61
- file "lib/ruby19_parser.rb" => "lib/ruby19_parser.y"
62
- file "lib/ruby20_parser.rb" => "lib/ruby20_parser.y"
63
- file "lib/ruby21_parser.rb" => "lib/ruby21_parser.y"
64
- file "lib/ruby22_parser.rb" => "lib/ruby22_parser.y"
65
- file "lib/ruby23_parser.rb" => "lib/ruby23_parser.y"
66
58
  file "lib/ruby_lexer.rex.rb" => "lib/ruby_lexer.rex"
67
59
 
68
60
  task :clean do
@@ -94,32 +86,110 @@ end
94
86
 
95
87
  task :isolate => :phony
96
88
 
97
- # to create parseXX.output:
98
- #
99
- # 1) check out the XX version of ruby
100
- # 2) Edit uncommon.mk, find the ".y.c" rule and remove the RM lines
101
- # 3) run `rm -f parse.c; make parse.c`
102
- # 4) run `bison -r all parse.tmp.y`
103
- # 5) mv parse.tmp.output parseXX.output
104
-
105
- # possibly new instructions:
106
- #
107
- # 1) check out the XX version of ruby
108
- # 2) YFLAGS="-r all" make parse.c
109
- # 3) mv y.output parseXX.output
110
-
111
- %w[18 19 20 21 22 23].each do |v|
112
- task "compare#{v}" do
113
- sh "./yack.rb lib/ruby#{v}_parser.output > racc#{v}.txt"
114
- sh "./yack.rb parse#{v}.output > yacc#{v}.txt"
115
- sh "diff -du racc#{v}.txt yacc#{v}.txt || true"
116
- puts
117
- sh "diff -du racc#{v}.txt yacc#{v}.txt | wc -l"
89
+ def in_compare
90
+ Dir.chdir "compare" do
91
+ yield
118
92
  end
119
93
  end
120
94
 
95
+ def dl v
96
+ dir = v[/^\d+\.\d+/]
97
+ url = "https://cache.ruby-lang.org/pub/ruby/#{dir}/ruby-#{v}.tar.bz2"
98
+ path = File.basename url
99
+ unless File.exist? path then
100
+ system "curl -O #{url}"
101
+ end
102
+ end
103
+
104
+ def ruby_parse version
105
+ v = version[/^\d+\.\d+/].delete "."
106
+ rp_txt = "rp#{v}.txt"
107
+ mri_txt = "mri#{v}.txt"
108
+ parse_y = "parse#{v}.y"
109
+ tarball = "ruby-#{version}.tar.bz2"
110
+ ruby_dir = "ruby-#{version}"
111
+ diff = "diff#{v}.diff"
112
+ rp_out = "lib/ruby#{v}_parser.output"
113
+
114
+ c_diff = "compare/#{diff}"
115
+ c_rp_txt = "compare/#{rp_txt}"
116
+ c_mri_txt = "compare/#{mri_txt}"
117
+ c_parse_y = "compare/#{parse_y}"
118
+ c_tarball = "compare/#{tarball}"
119
+
120
+ file tarball do
121
+ in_compare do
122
+ dl version
123
+ end
124
+ end
125
+
126
+ file c_parse_y => c_tarball do
127
+ in_compare do
128
+ system "tar yxf #{tarball} #{ruby_dir}/{id.h,parse.y,tool/{id2token.rb,vpath.rb}}"
129
+ Dir.chdir ruby_dir do
130
+ if File.exist? "tool/id2token.rb" then
131
+ sh "ruby tool/id2token.rb --path-separator=.:./ id.h parse.y > ../#{parse_y}"
132
+ else
133
+ cp "parse.y", "../#{parse_y}"
134
+ end
135
+ end
136
+ sh "rm -rf #{ruby_dir}"
137
+ end
138
+ end
139
+
140
+ file c_mri_txt => c_parse_y do
141
+ in_compare do
142
+ sh "bison -r all #{parse_y}"
143
+ sh "./normalize.rb parse#{v}.output > #{mri_txt}"
144
+ rm ["parse#{v}.output", "parse#{v}.tab.c"]
145
+ end
146
+ end
147
+
148
+ file rp_out => :parser
149
+
150
+ file c_rp_txt => rp_out do
151
+ in_compare do
152
+ sh "./normalize.rb ../#{rp_out} > #{rp_txt}"
153
+ end
154
+ end
155
+
156
+ compare = "compare#{v}"
157
+
158
+ desc "Compare all grammars to MRI"
159
+ task :compare => compare
160
+
161
+ task c_diff => [c_mri_txt, c_rp_txt] do
162
+ in_compare do
163
+ system "diff -du #{mri_txt} #{rp_txt} > #{diff}"
164
+ end
165
+ end
166
+
167
+ desc "Compare #{v} grammar to MRI #{version}"
168
+ task compare => c_diff do
169
+ in_compare do
170
+ system "wc -l #{diff}"
171
+ end
172
+ end
173
+
174
+ task :clean do
175
+ rm_f Dir[c_parse_y, c_mri_txt, c_rp_txt]
176
+ end
177
+
178
+ task :realclean do
179
+ rm_f Dir[tarball]
180
+ end
181
+ end
182
+
183
+ ruby_parse "1.8.7-p374"
184
+ ruby_parse "1.9.3-p551"
185
+ ruby_parse "2.0.0-p648"
186
+ ruby_parse "2.1.9"
187
+ ruby_parse "2.2.6"
188
+ ruby_parse "2.3.3"
189
+ # TODO ruby_parse "2.4.0"
190
+
121
191
  task :debug => :isolate do
122
- ENV["V"] ||= "23"
192
+ ENV["V"] ||= V1_2.last
123
193
  Rake.application[:parser].invoke # this way we can have DEBUG set
124
194
  Rake.application[:lexer].invoke # this way we can have DEBUG set
125
195
 
@@ -127,22 +197,9 @@ task :debug => :isolate do
127
197
  require "ruby_parser"
128
198
  require "pp"
129
199
 
130
- parser = case ENV["V"]
131
- when "18" then
132
- Ruby18Parser.new
133
- when "19" then
134
- Ruby19Parser.new
135
- when "20" then
136
- Ruby20Parser.new
137
- when "21" then
138
- Ruby21Parser.new
139
- when "22" then
140
- Ruby22Parser.new
141
- when "23" then
142
- Ruby23Parser.new
143
- else
144
- raise "Unsupported version #{ENV["V"]}"
145
- end
200
+ klass = Object.const_get("Ruby#{ENV["V"]}Parser") rescue nil
201
+ raise "Unsupported version #{ENV["V"]}" unless klass
202
+ parser = klass.new
146
203
 
147
204
  time = (ENV["RP_TIMEOUT"] || 10).to_i
148
205
 
@@ -173,7 +230,7 @@ task :debug_ruby do
173
230
  end
174
231
 
175
232
  task :extract => :isolate do
176
- ENV["V"] ||= "19"
233
+ ENV["V"] ||= V1_2.last
177
234
  Rake.application[:parser].invoke # this way we can have DEBUG set
178
235
 
179
236
  file = ENV["F"] || ENV["FILE"]
@@ -0,0 +1,146 @@
1
+ #!/usr/bin/ruby -w
2
+
3
+ good = false
4
+
5
+ rules = Hash.new { |h,k| h[k] = [] }
6
+ rule = nil
7
+ order = []
8
+
9
+ def munge s
10
+ renames = [
11
+ "'='", "tEQL",
12
+ "'!'", "tBANG",
13
+ "'%'", "tPERCENT",
14
+ "'&'", "tAMPER2",
15
+ "'('", "tLPAREN2",
16
+ "')'", "tRPAREN",
17
+ "'*'", "tSTAR2",
18
+ "'+'", "tPLUS",
19
+ "','", "tCOMMA",
20
+ "'-'", "tMINUS",
21
+ "'.'", "tDOT",
22
+ "'/'", "tDIVIDE",
23
+ "';'", "tSEMI",
24
+ "':'", "tCOLON",
25
+ "'<'", "tLT",
26
+ "'>'", "tGT",
27
+ "'?'", "tEH",
28
+ "'['", "tLBRACK",
29
+ "'\\n'", "tNL",
30
+ "']'", "tRBRACK",
31
+ "'^'", "tCARET",
32
+ "'`'", "tBACK_REF2",
33
+ "'{'", "tLCURLY",
34
+ "'|'", "tPIPE",
35
+ "'}'", "tRCURLY",
36
+ "'~'", "tTILDE",
37
+ '"["', "tLBRACK",
38
+
39
+ # 2.0 changes?
40
+ '"<=>"', "tCMP",
41
+ '"=="', "tEQ",
42
+ '"==="', "tEQQ",
43
+ '"!~"', "tNMATCH",
44
+ '"=~"', "tMATCH",
45
+ '">="', "tGEQ",
46
+ '"<="', "tLEQ",
47
+ '"!="', "tNEQ",
48
+ '"<<"', "tLSHFT",
49
+ '">>"', "tRSHFT",
50
+ '"*"', "tSTAR",
51
+
52
+ '".."', "tDOT2",
53
+
54
+ '"&"', "tAMPER",
55
+ '"&&"', "tANDOP",
56
+ '"||"', "tOROP",
57
+
58
+ '"..."', "tDOT3",
59
+ '"**"', "tPOW",
60
+ '"unary+"', "tUPLUS",
61
+ '"unary-"', "tUMINUS",
62
+ '"[]"', "tAREF",
63
+ '"[]="', "tASET",
64
+ '"::"', "tCOLON2",
65
+ '"{ arg"', "tLBRACE_ARG",
66
+ '"( arg"', "tLPAREN_ARG",
67
+ '"("', "tLPAREN",
68
+ 'rparen', "tRPAREN",
69
+ '"{"', "tLBRACE",
70
+ '"=>"', "tASSOC",
71
+ '"->"', "tLAMBDA",
72
+ '":: at EXPR_BEG"', "tCOLON3",
73
+ '"**arg"', "tDSTAR",
74
+ '","', "tCOMMA",
75
+
76
+ # other
77
+
78
+ 'tLBRACK2', "tLBRACK", # HACK
79
+
80
+ "' '", "tSPACE", # needs to be later to avoid bad hits
81
+
82
+ "/* empty */", "none",
83
+ /^\s*$/, "none",
84
+ "keyword_BEGIN", "klBEGIN",
85
+ "keyword_END", "klEND",
86
+ /keyword_(\w+)/, proc { "k#{$1.upcase}" },
87
+ /\bk_([a-z_]+)/, proc { "k#{$1.upcase}" },
88
+ /modifier_(\w+)/, proc { "k#{$1.upcase}_MOD" },
89
+ "kVARIABLE", "keyword_variable", # ugh
90
+
91
+ /@(\d+)\s+/, "",
92
+ ]
93
+
94
+ renames.each_slice(2) do |(a, b)|
95
+ if Proc === b then
96
+ s.gsub!(a, &b)
97
+ else
98
+ s.gsub!(a, b)
99
+ end
100
+ end
101
+
102
+ s.strip
103
+ end
104
+
105
+ ARGF.each_line do |line|
106
+ next unless good or line =~ /^-* ?Grammar|\$accept : /
107
+
108
+ case line.strip
109
+ when /^$/ then
110
+ when /^(\d+) (\$?\w+): (.*)/ then # yacc
111
+ rule = $2
112
+ order << rule unless rules.has_key? rule
113
+ rules[rule] << munge($3)
114
+ when /^(\d+) \s+\| (.*)/ then # yacc
115
+ rules[rule] << munge($2)
116
+ when /^(\d+) (@\d+): (.*)/ then # yacc
117
+ rule = $2
118
+ order << rule unless rules.has_key? rule
119
+ rules[rule] << munge($3)
120
+ when /^rule (\d+) (@?\w+):(.*)/ then # racc
121
+ rule = $2
122
+ order << rule unless rules.has_key? rule
123
+ rules[rule] << munge($3)
124
+ when /\$accept/ then # byacc?
125
+ good = true
126
+ when /Grammar/ then # both
127
+ good = true
128
+ when /^-+ Symbols/ then # racc
129
+ break
130
+ when /^Terminals/ then # yacc
131
+ break
132
+ when /^\cL/ then # byacc
133
+ break
134
+ else
135
+ warn "unparsed: #{$.}: #{line.chomp}"
136
+ end
137
+ end
138
+
139
+ require 'yaml'
140
+
141
+ order.each do |k|
142
+ next if k =~ /@/
143
+ puts
144
+ puts "#{k}:"
145
+ puts rules[k].map { |r| " #{r}" }.join "\n"
146
+ end