brakeman 3.5.0 → 3.6.0

data/lib/brakeman.rb

@@ -15,6 +15,10 @@ module Brakeman
   #Exit code returned when user requests non-existent checks
   Missing_Checks_Exit_Code = 6
 
+  #Exit code returned when errors were found and the --exit-on-error
+  #option is set
+  Errors_Found_Exit_Code = 7
+
   @debug = false
   @quiet = false
   @loaded_dependencies = []

data/lib/brakeman/checks/check_sql.rb

@@ -157,8 +157,6 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
   #
   def process_result result
     return if duplicate?(result) or result[:call].original_line
-    return if result[:target].nil? && !active_record_models.include?(result[:location][:class])
-
 
     call = result[:call]
     method = call.method
@@ -596,6 +594,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
       safe_value? exp.last
     when :or
       safe_value? exp.lhs and safe_value? exp.rhs
+    when :dstr
+      not unsafe_string_interp? exp
     else
       false
     end

data/lib/brakeman/checks/check_xml_dos.rb

@@ -17,12 +17,6 @@ class Brakeman::CheckXMLDoS < Brakeman::BaseCheck
                     "4.2.2"
                   when version_between?("4.0.0", "4.0.99")
                     "4.2.2"
-                  when (version.nil? and tracker.options[:rails3])
-                    version = "3.x"
-                    "3.2.22"
-                  when (version.nil? and tracker.options[:rails4])
-                    version = "4.x"
-                    "4.2.2"
                   else
                     return
                   end

data/lib/brakeman/options.rb

@@ -43,6 +43,10 @@ module Brakeman::Options
           options[:exit_on_warn] = exit_on_warn
         end
 
+        opts.on "--[no-]exit-on-error", "Exit code is non-zero if errors found" do |exit_on_error|
+          options[:exit_on_error] = exit_on_error
+        end
+
         opts.on "--ensure-latest", "Fail when Brakeman is outdated" do
           options[:ensure_latest] = true
         end

data/lib/brakeman/parsers/rails3_erubis.rb

@@ -71,4 +71,11 @@ class Brakeman::Rails3Erubis < ::Erubis::Eruby
       @newline_pending = 0
     end
   end
+
+  # This is borrowed from graphql's erb plugin:
+  # https://github.com/github/graphql-client/blob/51e76bd8d8b2ac0021d8fef7468b9a294e4bd6e8/lib/graphql/client/erubis.rb#L33-L38
+  def convert_input(src, input)
+    input = input.gsub(/<%graphql/, "<%#")
+    super(src, input)
+  end
 end

data/lib/brakeman/processors/alias_processor.rb

@@ -616,6 +616,75 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     exp
   end
 
+  def simple_when? exp
+    node_type? exp[1], :array and
+      not node_type? exp[1][1], :splat, :array and
+      (exp[1].length == 2 or
+       exp[1].all? { |e| e.is_a? Symbol or node_type? e, :lit, :str })
+  end
+
+  def process_case exp
+    if @ignore_ifs.nil?
+      @ignore_ifs = @tracker && @tracker.options[:ignore_ifs]
+    end
+
+    if @ignore_ifs
+      process_default exp
+      return exp
+    end
+
+    branch_scopes = []
+    was_inside = @inside_if
+    @inside_if = true
+
+    exp[1] = process exp[1] if exp[1]
+
+    case_value = if node_type? exp[1], :lvar, :ivar, :call
+      exp[1].deep_clone
+    end
+
+    exp.each_sexp do |e|
+      if node_type? e, :when
+        scope do
+          @branch_env = env.current
+
+          # set value of case var if possible
+          if case_value and simple_when? e
+            @branch_env[case_value] = e[1][1]
+          end
+
+          # when blocks aren't blocks, they are lists of expressions
+          process_default e
+
+          branch_scopes << env.current
+
+          @branch_env = nil
+        end
+      end
+    end
+
+    # else clause
+    if sexp? exp.last
+      scope do
+        @branch_env = env.current
+
+        process_default exp[-1]
+
+        branch_scopes << env.current
+
+        @branch_env = nil
+      end
+    end
+
+    @inside_if = was_inside
+
+    branch_scopes.each do |s|
+      merge_if_branch s
+    end
+
+    exp
+  end
+
   def process_if_branch exp
     if sexp? exp
       if block? exp
@@ -934,6 +1003,36 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     end
   end
 
+  def value_from_case exp
+    result = []
+
+    exp.each do |e|
+      if node_type? e, :when
+        result << e.last
+      end
+    end
+
+    result << exp.last if exp.last # else
+
+    result.reduce do |c, e|
+      if c.nil?
+        e
+      elsif node_type? e, :if
+        c.combine(value_from_if e)
+      elsif raise? e
+        c # ignore exceptions
+      elsif e
+        c.combine e
+      else # when e is nil
+        c
+      end
+    end
+  end
+
+  def raise? exp
+    call? exp and exp.method == :raise
+  end
+
   #Set variable to given value.
   #Creates "branched" versions of values when appropriate.
   #Avoids creating multiple branched versions inside same
@@ -941,6 +1040,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
   def set_value var, value
     if node_type? value, :if
       value = value_from_if(value)
+    elsif node_type? value, :case
+      value = value_from_case(value)
     end
 
     if @ignore_ifs or not @inside_if

data/lib/brakeman/processors/controller_processor.rb

@@ -16,6 +16,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
     @current_module = nil
     @visibility = :public
     @file_name = nil
+    @concerns = Set.new
   end
 
   #Use this method to process a Controller
@@ -65,7 +66,8 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
     return unless @current_class
 
     if mod = @tracker.find_class(concern_name)
-      if mod.options[:included]
+      if mod.options[:included] and not @concerns.include? concern_name
+        @concerns << concern_name
         process mod.options[:included].deep_clone
       end
     end

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "3.5.0"
+  Version = "3.6.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: brakeman
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.6.0
 platform: ruby
 authors:
 - Justin Collins
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain:
 - brakeman-public_cert.pem
-date: 2017-02-01 00:00:00.000000000 Z
+date: 2017-03-22 00:00:00.000000000 Z
 dependencies: []
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications
   via static analysis.
@@ -504,6 +504,9 @@ files:
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/Rakefile
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/bin/ruby_parse
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/bin/ruby_parse_extract_error
+- bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/compare/normalize.rb
+- bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/rp_extensions.rb
+- bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/rp_stringscanner.rb
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby18_parser.rb
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby18_parser.y
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby19_parser.rb
@@ -516,6 +519,8 @@ files:
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby22_parser.y
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby23_parser.rb
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby23_parser.y
+- bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby24_parser.rb
+- bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby24_parser.y
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby_lexer.rb
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby_lexer.rex
 - bundle/ruby/2.3.0/gems/ruby_parser-3.8.4/lib/ruby_lexer.rex.rb
@@ -882,19 +887,19 @@ files:
 - bundle/ruby/2.3.0/gems/sass-3.4.23/vendor/listen/spec/support/fixtures_helper.rb
 - bundle/ruby/2.3.0/gems/sass-3.4.23/vendor/listen/spec/support/listeners_helper.rb
 - bundle/ruby/2.3.0/gems/sass-3.4.23/vendor/listen/spec/support/platform_helper.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/History.txt
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/Manifest.txt
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/README.txt
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/Rakefile
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/lib/composite_sexp_processor.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/lib/pt_testcase.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/lib/sexp.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/lib/sexp_processor.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/lib/unique.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/test/test_composite_sexp_processor.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/test/test_environment.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/test/test_sexp.rb
-- bundle/ruby/2.3.0/gems/sexp_processor-4.7.0/test/test_sexp_processor.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/History.txt
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/Manifest.txt
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/README.txt
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/Rakefile
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/lib/composite_sexp_processor.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/lib/pt_testcase.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/lib/sexp.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/lib/sexp_processor.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/lib/unique.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/test/test_composite_sexp_processor.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/test/test_environment.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/test/test_sexp.rb
+- bundle/ruby/2.3.0/gems/sexp_processor-4.8.0/test/test_sexp_processor.rb
 - bundle/ruby/2.3.0/gems/slim-3.0.7/CHANGES
 - bundle/ruby/2.3.0/gems/slim-3.0.7/Gemfile
 - bundle/ruby/2.3.0/gems/slim-3.0.7/LICENSE
@@ -1108,108 +1113,108 @@ files:
 - bundle/ruby/2.3.0/gems/terminal-table-1.7.3/lib/terminal-table/table_helper.rb
 - bundle/ruby/2.3.0/gems/terminal-table-1.7.3/lib/terminal-table/version.rb
 - bundle/ruby/2.3.0/gems/terminal-table-1.7.3/terminal-table.gemspec
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/CHANGELOG.md
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/COPYING
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/Gemfile
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/HACKING
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/README.md
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/Rakefile
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/bin/tilt
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/docs/TEMPLATES.md
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/docs/common.css
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/asciidoc.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/babel.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/bluecloth.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/builder.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/coffee.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/commonmarker.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/creole.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/csv.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/dummy.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/erb.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/erubi.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/erubis.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/etanni.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/haml.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/kramdown.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/less.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/liquid.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/livescript.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/mapping.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/markaby.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/maruku.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/nokogiri.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/pandoc.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/plain.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/prawn.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/radius.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/rdiscount.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/rdoc.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/redcarpet.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/redcloth.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/rst-pandoc.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/sass.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/sigil.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/string.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/template.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/typescript.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/wikicloth.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/lib/tilt/yajl.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/man/index.txt
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/man/tilt.1.ronn
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/markaby/locals.mab
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/markaby/markaby.mab
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/markaby/markaby_other_static.mab
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/markaby/render_twice.mab
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/markaby/scope.mab
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/markaby/yielding.mab
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/mytemplate.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/test_helper.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_asciidoctor_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_babeltemplate.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_blueclothtemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_buildertemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_cache_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_coffeescripttemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_commonmarkertemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_compilesite_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_creoletemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_csv_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_erbtemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_erubistemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_erubitemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_etannitemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_hamltemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_kramdown_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_lesstemplate_test.less
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_lesstemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_liquidtemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_livescripttemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_mapping_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_markaby_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_markdown_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_marukutemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_metadata_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_nokogiritemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_pandoctemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_prawntemplate.prawn
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_prawntemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_radiustemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_rdiscounttemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_rdoctemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_redcarpettemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_redclothtemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_rstpandoctemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_sasstemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_sigil_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_stringtemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_template_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_typescript_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_wikiclothtemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/test/tilt_yajltemplate_test.rb
-- bundle/ruby/2.3.0/gems/tilt-2.0.6/tilt.gemspec
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/CHANGELOG.md
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/COPYING
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/Gemfile
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/HACKING
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/README.md
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/Rakefile
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/bin/tilt
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/docs/TEMPLATES.md
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/docs/common.css
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/asciidoc.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/babel.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/bluecloth.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/builder.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/coffee.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/commonmarker.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/creole.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/csv.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/dummy.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/erb.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/erubi.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/erubis.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/etanni.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/haml.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/kramdown.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/less.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/liquid.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/livescript.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/mapping.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/markaby.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/maruku.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/nokogiri.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/pandoc.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/plain.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/prawn.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/radius.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/rdiscount.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/rdoc.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/redcarpet.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/redcloth.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/rst-pandoc.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/sass.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/sigil.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/string.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/template.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/typescript.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/wikicloth.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/lib/tilt/yajl.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/man/index.txt
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/man/tilt.1.ronn
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/markaby/locals.mab
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/markaby/markaby.mab
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/markaby/markaby_other_static.mab
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/markaby/render_twice.mab
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/markaby/scope.mab
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/markaby/yielding.mab
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/mytemplate.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/test_helper.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_asciidoctor_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_babeltemplate.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_blueclothtemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_buildertemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_cache_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_coffeescripttemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_commonmarkertemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_compilesite_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_creoletemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_csv_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_erbtemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_erubistemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_erubitemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_etannitemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_hamltemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_kramdown_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_lesstemplate_test.less
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_lesstemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_liquidtemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_livescripttemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_mapping_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_markaby_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_markdown_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_marukutemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_metadata_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_nokogiritemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_pandoctemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_prawntemplate.prawn
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_prawntemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_radiustemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_rdiscounttemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_rdoctemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_redcarpettemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_redclothtemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_rstpandoctemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_sasstemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_sigil_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_stringtemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_template_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_typescript_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_wikiclothtemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_yajltemplate_test.rb
+- bundle/ruby/2.3.0/gems/tilt-2.0.7/tilt.gemspec
 - bundle/ruby/2.3.0/gems/unicode-display_width-1.1.3/CHANGELOG.txt
 - bundle/ruby/2.3.0/gems/unicode-display_width-1.1.3/MIT-LICENSE.txt
 - bundle/ruby/2.3.0/gems/unicode-display_width-1.1.3/README.md
@@ -1380,7 +1385,9 @@ homepage: http://brakemanscanner.org
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message: |-
+  Thank you for using Brakeman!
+  Please consider supporting future development with Brakeman Pro: https://brakemanpro.com/
 rdoc_options: []
 require_paths:
 - lib