brakeman 3.6.2 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES +9 -0
  3. data/bundle/load.rb +1 -1
  4. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/rp_extensions.rb +5 -1
  5. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby18_parser.rb +1617 -1613
  6. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby18_parser.y +15 -9
  7. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby19_parser.rb +1572 -1570
  8. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby19_parser.y +19 -15
  9. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby20_parser.rb +2415 -2413
  10. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby20_parser.y +34 -23
  11. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby21_parser.rb +2535 -2515
  12. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby21_parser.y +34 -23
  13. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby22_parser.rb +2558 -2543
  14. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby22_parser.y +35 -24
  15. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby23_parser.rb +2504 -2483
  16. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby23_parser.y +35 -24
  17. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby24_parser.rb +2504 -2483
  18. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby24_parser.y +35 -24
  19. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby_lexer.rb +84 -11
  20. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby_parser.yy +35 -24
  21. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby_parser_extras.rb +112 -89
  22. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/test/test_ruby_lexer.rb +67 -0
  23. data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/test/test_ruby_parser.rb +32 -1
  24. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/CHANGELOG.md +4 -0
  25. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/MIT-LICENSE.txt +0 -0
  26. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/README.md +1 -1
  27. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/Rakefile +0 -0
  28. data/bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/data/display_width.marshal.gz +0 -0
  29. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width.rb +0 -0
  30. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width/constants.rb +2 -2
  31. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width/index.rb +0 -0
  32. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
  33. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width/string_ext.rb +0 -0
  34. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/spec/display_width_spec.rb +0 -0
  35. data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/unicode-display_width.gemspec +0 -0
  36. data/lib/brakeman.rb +7 -0
  37. data/lib/brakeman/checks/check_redirect.rb +26 -3
  38. data/lib/brakeman/processors/alias_processor.rb +91 -3
  39. data/lib/brakeman/processors/base_processor.rb +9 -1
  40. data/lib/brakeman/report/ignore/interactive.rb +9 -4
  41. data/lib/brakeman/tracker/constants.rb +11 -2
  42. data/lib/brakeman/version.rb +1 -1
  43. data/lib/ruby_parser/bm_sexp.rb +0 -8
  44. metadata +14 -14
  45. data/bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/data/display_width.marshal.gz +0 -0
data/lib/brakeman/tracker/constants.rb CHANGED
@@ -2,14 +2,18 @@ require 'brakeman/processors/output_processor'
2
2
 
3
3
  module Brakeman
4
4
  class Constant
5
- attr_reader :name, :name_array, :file, :value
5
+ attr_reader :name, :name_array, :file, :value, :context
6
6
 
7
- def initialize name, value = nil, context = nil
7
+ def initialize name, value, context = {}
8
8
  set_name name, context
9
9
  @value = value
10
10
  @context = context
11
11
 
12
12
  if @context
13
+ if @context[:class].is_a? Brakeman::Controller
14
+ @context[:class] = @context[:class].name
15
+ end
16
+
13
17
  @file = @context[:file]
14
18
  end
15
19
  end
@@ -88,6 +92,11 @@ module Brakeman
88
92
  nil
89
93
  end
90
94
 
95
+ def find_all exp
96
+ base_name = Constants.get_constant_base_name(exp)
97
+ @constants[base_name]
98
+ end
99
+
91
100
  def add name, value, context = nil
92
101
  if call? value and value.method == :freeze
93
102
  value = value.target
data/lib/brakeman/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "3.6.2"
2
+ Version = "3.7.0"
3
3
  end
data/lib/ruby_parser/bm_sexp.rb CHANGED
@@ -120,14 +120,6 @@ class Sexp
120
120
  old_find_node(*args)
121
121
  end
122
122
 
123
- #Iterates over the Sexps in an Sexp, skipping values that are not
124
- #an Sexp.
125
- def each_sexp
126
- self.each do |e|
127
- yield e if Sexp === e
128
- end
129
- end
130
-
131
123
  #Raise a WrongSexpError if the nodes type does not match one of the expected
132
124
  #types.
133
125
  def expect *types
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.6.2
4
+ version: 3.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain:
11
11
  - brakeman-public_cert.pem
12
- date: 2017-05-19 00:00:00.000000000 Z
12
+ date: 2017-06-30 00:00:00.000000000 Z
13
13
  dependencies: []
14
14
  description: Brakeman detects security vulnerabilities in Ruby on Rails applications
15
15
  via static analysis.
@@ -1216,18 +1216,18 @@ files:
1216
1216
  - bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_wikiclothtemplate_test.rb
1217
1217
  - bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_yajltemplate_test.rb
1218
1218
  - bundle/ruby/2.3.0/gems/tilt-2.0.7/tilt.gemspec
1219
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/CHANGELOG.md
1220
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/MIT-LICENSE.txt
1221
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/README.md
1222
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/Rakefile
1223
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/data/display_width.marshal.gz
1224
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/lib/unicode/display_width.rb
1225
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/lib/unicode/display_width/constants.rb
1226
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/lib/unicode/display_width/index.rb
1227
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/lib/unicode/display_width/no_string_ext.rb
1228
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/lib/unicode/display_width/string_ext.rb
1229
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/spec/display_width_spec.rb
1230
- - bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/unicode-display_width.gemspec
1219
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/CHANGELOG.md
1220
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/MIT-LICENSE.txt
1221
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/README.md
1222
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/Rakefile
1223
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/data/display_width.marshal.gz
1224
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width.rb
1225
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width/constants.rb
1226
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width/index.rb
1227
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width/no_string_ext.rb
1228
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width/string_ext.rb
1229
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/spec/display_width_spec.rb
1230
+ - bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/unicode-display_width.gemspec
1231
1231
  - lib/brakeman.rb
1232
1232
  - lib/brakeman/app_tree.rb
1233
1233
  - lib/brakeman/call_index.rb