brakeman 4.10.0 → 5.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (197) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +46 -0
  3. data/README.md +11 -2
  4. data/bundle/load.rb +5 -3
  5. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/CHANGELOG.md +16 -0
  6. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/FAQ.md +0 -0
  7. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/Gemfile +1 -4
  8. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/MIT-LICENSE +0 -0
  9. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/README.md +2 -3
  10. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/REFERENCE.md +29 -7
  11. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/TODO +0 -0
  12. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/haml.gemspec +2 -1
  13. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml.rb +0 -0
  14. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/attribute_builder.rb +3 -3
  15. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/attribute_compiler.rb +42 -31
  16. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/attribute_parser.rb +0 -0
  17. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/buffer.rb +0 -0
  18. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/compiler.rb +0 -0
  19. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/engine.rb +0 -0
  20. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/error.rb +0 -0
  21. data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/escapable.rb +77 -0
  22. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/exec.rb +0 -0
  23. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/filters.rb +0 -0
  24. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/generator.rb +0 -0
  25. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers.rb +7 -1
  26. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/action_view_extensions.rb +0 -0
  27. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/action_view_mods.rb +0 -0
  28. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
  29. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/safe_erubi_template.rb +0 -0
  30. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/safe_erubis_template.rb +0 -0
  31. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/xss_mods.rb +6 -3
  32. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/options.rb +0 -0
  33. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/parser.rb +32 -4
  34. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/plugin.rb +0 -0
  35. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/railtie.rb +0 -0
  36. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/sass_rails_filter.rb +0 -0
  37. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/template.rb +0 -0
  38. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/template/options.rb +0 -0
  39. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/temple_engine.rb +0 -0
  40. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/temple_line_counter.rb +0 -0
  41. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/util.rb +1 -1
  42. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/version.rb +1 -1
  43. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/yard/default/fulldoc/html/css/common.sass +0 -0
  44. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/yard/default/layout/html/footer.erb +0 -0
  45. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/MIT-LICENSE.txt +20 -0
  46. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel.rb +523 -0
  47. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/processor_count.rb +42 -0
  48. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/version.rb +3 -0
  49. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/LICENSE.txt +22 -0
  50. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/NEWS.md +178 -0
  51. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/README.md +48 -0
  52. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml.rb +3 -0
  53. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/attlistdecl.rb +63 -0
  54. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/attribute.rb +205 -0
  55. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/cdata.rb +68 -0
  56. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/child.rb +97 -0
  57. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/comment.rb +80 -0
  58. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/doctype.rb +311 -0
  59. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/document.rb +451 -0
  60. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/attlistdecl.rb +11 -0
  61. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/dtd.rb +47 -0
  62. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/elementdecl.rb +18 -0
  63. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/entitydecl.rb +57 -0
  64. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/notationdecl.rb +40 -0
  65. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/element.rb +2599 -0
  66. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/encoding.rb +51 -0
  67. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/entity.rb +171 -0
  68. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/default.rb +116 -0
  69. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb +142 -0
  70. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/transitive.rb +58 -0
  71. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/functions.rb +447 -0
  72. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/instruction.rb +79 -0
  73. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/light/node.rb +188 -0
  74. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/namespace.rb +59 -0
  75. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/node.rb +76 -0
  76. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/output.rb +30 -0
  77. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parent.rb +166 -0
  78. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parseexception.rb +52 -0
  79. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +694 -0
  80. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/lightparser.rb +59 -0
  81. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb +197 -0
  82. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb +273 -0
  83. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb +61 -0
  84. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb +101 -0
  85. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/ultralightparser.rb +57 -0
  86. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/xpathparser.rb +689 -0
  87. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/quickpath.rb +266 -0
  88. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/rexml.rb +37 -0
  89. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/sax2listener.rb +98 -0
  90. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/security.rb +28 -0
  91. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/source.rb +298 -0
  92. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/streamlistener.rb +93 -0
  93. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/text.rb +424 -0
  94. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/undefinednamespaceexception.rb +9 -0
  95. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/relaxng.rb +539 -0
  96. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/validation.rb +144 -0
  97. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/validationexception.rb +10 -0
  98. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xmldecl.rb +130 -0
  99. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xmltokens.rb +85 -0
  100. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xpath.rb +81 -0
  101. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xpath_parser.rb +974 -0
  102. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/History.rdoc +25 -0
  103. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/Manifest.txt +2 -0
  104. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/README.rdoc +0 -0
  105. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/compare/normalize.rb +2 -2
  106. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/debugging.md +190 -0
  107. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/rp_extensions.rb +0 -0
  108. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/rp_stringscanner.rb +0 -0
  109. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby20_parser.rb +2392 -2384
  110. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby20_parser.y +6 -1
  111. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby21_parser.rb +2553 -2550
  112. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby21_parser.y +6 -1
  113. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby22_parser.rb +2491 -2471
  114. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby22_parser.y +6 -1
  115. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby23_parser.rb +2422 -2403
  116. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby23_parser.y +6 -1
  117. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby24_parser.rb +2460 -2450
  118. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby24_parser.y +6 -1
  119. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby25_parser.rb +2450 -2441
  120. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby25_parser.y +6 -1
  121. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby26_parser.rb +2444 -2433
  122. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby26_parser.y +7 -1
  123. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby27_parser.rb +7310 -0
  124. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby27_parser.y +21 -1
  125. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.rb +7310 -0
  126. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.y +2677 -0
  127. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_lexer.rb +19 -0
  128. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_lexer.rex +1 -1
  129. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_lexer.rex.rb +1 -1
  130. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_parser.rb +2 -0
  131. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_parser.yy +27 -1
  132. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_parser_extras.rb +2 -2
  133. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/tools/munge.rb +2 -2
  134. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/tools/ripper.rb +0 -0
  135. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/History.rdoc +12 -0
  136. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/Manifest.txt +0 -0
  137. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/README.rdoc +0 -0
  138. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/composite_sexp_processor.rb +0 -0
  139. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/pt_testcase.rb +2 -2
  140. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/sexp.rb +0 -0
  141. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/sexp_matcher.rb +0 -0
  142. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/sexp_processor.rb +1 -1
  143. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/strict_sexp.rb +0 -0
  144. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/unique.rb +0 -0
  145. data/lib/brakeman.rb +21 -4
  146. data/lib/brakeman/app_tree.rb +36 -3
  147. data/lib/brakeman/checks/base_check.rb +7 -1
  148. data/lib/brakeman/checks/check_detailed_exceptions.rb +1 -1
  149. data/lib/brakeman/checks/check_evaluation.rb +1 -1
  150. data/lib/brakeman/checks/check_execute.rb +2 -1
  151. data/lib/brakeman/checks/check_mass_assignment.rb +4 -6
  152. data/lib/brakeman/checks/check_regex_dos.rb +1 -1
  153. data/lib/brakeman/checks/check_sanitize_methods.rb +2 -1
  154. data/lib/brakeman/checks/check_sql.rb +16 -3
  155. data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +68 -0
  156. data/lib/brakeman/checks/check_verb_confusion.rb +75 -0
  157. data/lib/brakeman/file_parser.rb +50 -22
  158. data/lib/brakeman/options.rb +5 -1
  159. data/lib/brakeman/parsers/template_parser.rb +26 -3
  160. data/lib/brakeman/processors/alias_processor.rb +91 -19
  161. data/lib/brakeman/processors/base_processor.rb +4 -4
  162. data/lib/brakeman/processors/controller_alias_processor.rb +6 -43
  163. data/lib/brakeman/processors/controller_processor.rb +1 -1
  164. data/lib/brakeman/processors/haml_template_processor.rb +8 -1
  165. data/lib/brakeman/processors/lib/call_conversion_helper.rb +10 -0
  166. data/lib/brakeman/processors/lib/file_type_detector.rb +64 -0
  167. data/lib/brakeman/processors/lib/rails3_config_processor.rb +16 -16
  168. data/lib/brakeman/processors/lib/rails4_config_processor.rb +2 -1
  169. data/lib/brakeman/processors/library_processor.rb +9 -0
  170. data/lib/brakeman/processors/output_processor.rb +1 -1
  171. data/lib/brakeman/processors/template_alias_processor.rb +5 -0
  172. data/lib/brakeman/report.rb +12 -1
  173. data/lib/brakeman/report/ignore/interactive.rb +1 -1
  174. data/lib/brakeman/report/report_base.rb +0 -2
  175. data/lib/brakeman/report/report_csv.rb +37 -60
  176. data/lib/brakeman/report/report_github.rb +31 -0
  177. data/lib/brakeman/report/report_junit.rb +2 -2
  178. data/lib/brakeman/report/report_sarif.rb +1 -1
  179. data/lib/brakeman/report/report_sonar.rb +38 -0
  180. data/lib/brakeman/report/report_tabs.rb +1 -1
  181. data/lib/brakeman/report/report_text.rb +1 -1
  182. data/lib/brakeman/rescanner.rb +7 -5
  183. data/lib/brakeman/scanner.rb +47 -18
  184. data/lib/brakeman/tracker.rb +39 -4
  185. data/lib/brakeman/tracker/collection.rb +27 -5
  186. data/lib/brakeman/tracker/config.rb +73 -0
  187. data/lib/brakeman/tracker/controller.rb +1 -1
  188. data/lib/brakeman/tracker/method_info.rb +29 -0
  189. data/lib/brakeman/util.rb +17 -4
  190. data/lib/brakeman/version.rb +1 -1
  191. data/lib/brakeman/warning.rb +10 -2
  192. data/lib/brakeman/warning_codes.rb +2 -0
  193. data/lib/ruby_parser/bm_sexp.rb +9 -9
  194. metadata +149 -84
  195. data/bundle/ruby/2.7.0/gems/haml-5.1.2/lib/haml/escapable.rb +0 -50
  196. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/debugging.md +0 -57
  197. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby27_parser.rb +0 -7224
@@ -0,0 +1,42 @@
1
+ require 'etc'
2
+
3
+ module Parallel
4
+ # TODO: inline this method into parallel.rb and kill physical_processor_count in next major release
5
+ module ProcessorCount
6
+ # Number of processors seen by the OS, used for process scheduling
7
+ def processor_count
8
+ @processor_count ||= Integer(ENV['PARALLEL_PROCESSOR_COUNT'] || Etc.nprocessors)
9
+ end
10
+
11
+ # Number of physical processor cores on the current system.
12
+ def physical_processor_count
13
+ @physical_processor_count ||= begin
14
+ ppc = case RbConfig::CONFIG["target_os"]
15
+ when /darwin1/
16
+ IO.popen("/usr/sbin/sysctl -n hw.physicalcpu").read.to_i
17
+ when /linux/
18
+ cores = {} # unique physical ID / core ID combinations
19
+ phy = 0
20
+ IO.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
21
+ if ln.start_with?("physical")
22
+ phy = ln[/\d+/]
23
+ elsif ln.start_with?("core")
24
+ cid = phy + ":" + ln[/\d+/]
25
+ cores[cid] = true if not cores[cid]
26
+ end
27
+ end
28
+ cores.count
29
+ when /mswin|mingw/
30
+ require 'win32ole'
31
+ result_set = WIN32OLE.connect("winmgmts://").ExecQuery(
32
+ "select NumberOfCores from Win32_Processor")
33
+ result_set.to_enum.collect(&:NumberOfCores).reduce(:+)
34
+ else
35
+ processor_count
36
+ end
37
+ # fall back to logical count if physical info is invalid
38
+ ppc > 0 ? ppc : processor_count
39
+ end
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,3 @@
1
+ module Parallel
2
+ VERSION = Version = '1.20.1'
3
+ end
@@ -0,0 +1,22 @@
1
+ Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
2
+
3
+ Redistribution and use in source and binary forms, with or without
4
+ modification, are permitted provided that the following conditions
5
+ are met:
6
+ 1. Redistributions of source code must retain the above copyright
7
+ notice, this list of conditions and the following disclaimer.
8
+ 2. Redistributions in binary form must reproduce the above copyright
9
+ notice, this list of conditions and the following disclaimer in the
10
+ documentation and/or other materials provided with the distribution.
11
+
12
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
13
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
19
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
20
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
21
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
22
+ SUCH DAMAGE.
@@ -0,0 +1,178 @@
1
+ # News
2
+
3
+ ## 3.2.5 - 2021-04-05 {#version-3-2-5}
4
+
5
+ ### Improvements
6
+
7
+ * Add more validations to XPath parser.
8
+
9
+ * `require "rexml/docuemnt"` by default.
10
+ [GitHub#36][Patch by Koichi ITO]
11
+
12
+ * Don't add `#dcloe` method to core classes globally.
13
+ [GitHub#37][Patch by Akira Matsuda]
14
+
15
+ * Add more documentations.
16
+ [Patch by Burdette Lamar]
17
+
18
+ * Added `REXML::Elements#parent`.
19
+ [GitHub#52][Patch by Burdette Lamar]
20
+
21
+ ### Fixes
22
+
23
+ * Fixed a bug that `REXML::DocType#clone` doesn't copy external ID
24
+ information.
25
+
26
+ * Fixed round-trip vulnerability bugs.
27
+ See also: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
28
+ [HackerOne#1104077][CVE-2021-28965][Reported by Juho Nurminen]
29
+
30
+ ### Thanks
31
+
32
+ * Koichi ITO
33
+
34
+ * Akira Matsuda
35
+
36
+ * Burdette Lamar
37
+
38
+ * Juho Nurminen
39
+
40
+ ## 3.2.4 - 2020-01-31 {#version-3-2-4}
41
+
42
+ ### Improvements
43
+
44
+ * Don't use `taint` with Ruby 2.7 or later.
45
+ [GitHub#21][Patch by Jeremy Evans]
46
+
47
+ ### Fixes
48
+
49
+ * Fixed a `elsif` typo.
50
+ [GitHub#22][Patch by Nobuyoshi Nakada]
51
+
52
+ ### Thanks
53
+
54
+ * Jeremy Evans
55
+
56
+ * Nobuyoshi Nakada
57
+
58
+ ## 3.2.3 - 2019-10-12 {#version-3-2-3}
59
+
60
+ ### Fixes
61
+
62
+ * Fixed a bug that `REXML::XMLDecl#close` doesn't copy `@writethis`.
63
+ [GitHub#20][Patch by hirura]
64
+
65
+ ### Thanks
66
+
67
+ * hirura
68
+
69
+ ## 3.2.2 - 2019-06-03 {#version-3-2-2}
70
+
71
+ ### Fixes
72
+
73
+ * xpath: Fixed a bug for equality and relational expressions.
74
+ [GitHub#17][Reported by Mirko Budszuhn]
75
+
76
+ * xpath: Fixed `boolean()` implementation.
77
+
78
+ * xpath: Fixed `local_name()` with nonexistent node.
79
+
80
+ * xpath: Fixed `number()` implementation with node set.
81
+ [GitHub#18][Reported by Mirko Budszuhn]
82
+
83
+ ### Thanks
84
+
85
+ * Mirko Budszuhn
86
+
87
+ ## 3.2.1 - 2019-05-04 {#version-3-2-1}
88
+
89
+ ### Improvements
90
+
91
+ * Improved error message.
92
+ [GitHub#12][Patch by FUJI Goro]
93
+
94
+ * Improved error message.
95
+ [GitHub#16][Patch by ujihisa]
96
+
97
+ * Improved documentation markup.
98
+ [GitHub#14][Patch by Alyssa Ross]
99
+
100
+ ### Fixes
101
+
102
+ * Fixed a bug that `nil` variable value raises an unexpected exception.
103
+ [GitHub#13][Patch by Alyssa Ross]
104
+
105
+ ### Thanks
106
+
107
+ * FUJI Goro
108
+
109
+ * Alyssa Ross
110
+
111
+ * ujihisa
112
+
113
+ ## 3.2.0 - 2019-01-01 {#version-3-2-0}
114
+
115
+ ### Fixes
116
+
117
+ * Fixed a bug that no namespace attribute isn't matched with prefix.
118
+
119
+ [ruby-list:50731][Reported by Yasuhiro KIMURA]
120
+
121
+ * Fixed a bug that the default namespace is applied to attribute names.
122
+
123
+ NOTE: It's a backward incompatible change. If your program has any
124
+ problem with this change, please report it. We may revert this fix.
125
+
126
+ * `REXML::Attribute#prefix` returns `""` for no namespace attribute.
127
+
128
+ * `REXML::Attribute#namespace` returns `""` for no namespace attribute.
129
+
130
+ ### Thanks
131
+
132
+ * Yasuhiro KIMURA
133
+
134
+ ## 3.1.9 - 2018-12-20 {#version-3-1-9}
135
+
136
+ ### Improvements
137
+
138
+ * Improved backward compatibility.
139
+
140
+ Restored `REXML::Parsers::BaseParser::UNQME_STR` because it's used
141
+ by kramdown.
142
+
143
+ ## 3.1.8 - 2018-12-20 {#version-3-1-8}
144
+
145
+ ### Improvements
146
+
147
+ * Added support for customizing quote character in prologue.
148
+ [GitHub#8][Bug #9367][Reported by Takashi Oguma]
149
+
150
+ * You can use `"` as quote character by specifying `:quote` to
151
+ `REXML::Document#context[:prologue_quote]`.
152
+
153
+ * You can use `'` as quote character by specifying `:apostrophe`
154
+ to `REXML::Document#context[:prologue_quote]`.
155
+
156
+ * Added processing instruction target check. The target must not nil.
157
+ [GitHub#7][Reported by Ariel Zelivansky]
158
+
159
+ * Added name check for element and attribute.
160
+ [GitHub#7][Reported by Ariel Zelivansky]
161
+
162
+ * Stopped to use `Exception`.
163
+ [GitHub#9][Patch by Jean Boussier]
164
+
165
+ ### Fixes
166
+
167
+ * Fixed a bug that `REXML::Text#clone` escapes value twice.
168
+ [ruby-dev:50626][Bug #15058][Reported by Ryosuke Nanba]
169
+
170
+ ### Thanks
171
+
172
+ * Takashi Oguma
173
+
174
+ * Ariel Zelivansky
175
+
176
+ * Jean Boussier
177
+
178
+ * Ryosuke Nanba
@@ -0,0 +1,48 @@
1
+ # REXML
2
+
3
+ REXML was inspired by the Electric XML library for Java, which features an easy-to-use API, small size, and speed. Hopefully, REXML, designed with the same philosophy, has these same features. I've tried to keep the API as intuitive as possible, and have followed the Ruby methodology for method naming and code flow, rather than mirroring the Java API.
4
+
5
+ REXML supports both tree and stream document parsing. Stream parsing is faster (about 1.5 times as fast). However, with stream parsing, you don't get access to features such as XPath.
6
+
7
+ ## API
8
+
9
+ See the {API documentation}[https://ruby.github.io/rexml/]
10
+
11
+ ## Usage
12
+
13
+ We'll start with parsing an XML document
14
+
15
+ ```ruby
16
+ require "rexml/document"
17
+ file = File.new( "mydoc.xml" )
18
+ doc = REXML::Document.new file
19
+ ```
20
+
21
+ Line 3 creates a new document and parses the supplied file. You can also do the following
22
+
23
+ ```ruby
24
+ require "rexml/document"
25
+ include REXML # so that we don't have to prefix everything with REXML::...
26
+ string = <<EOF
27
+ <mydoc>
28
+ <someelement attribute="nanoo">Text, text, text</someelement>
29
+ </mydoc>
30
+ EOF
31
+ doc = Document.new string
32
+ ```
33
+
34
+ So parsing a string is just as easy as parsing a file.
35
+
36
+ ## Development
37
+
38
+ After checking out the repo, run `rake test` to run the tests.
39
+
40
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
41
+
42
+ ## Contributing
43
+
44
+ Bug reports and pull requests are welcome on GitHub at https://github.com/ruby/rexml.
45
+
46
+ ## License
47
+
48
+ The gem is available as open source under the terms of the [BSD-2-Clause](LICENSE.txt).
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "rexml/document"
@@ -0,0 +1,63 @@
1
+ # frozen_string_literal: false
2
+ #vim:ts=2 sw=2 noexpandtab:
3
+ require_relative 'child'
4
+ require_relative 'source'
5
+
6
+ module REXML
7
+ # This class needs:
8
+ # * Documentation
9
+ # * Work! Not all types of attlists are intelligently parsed, so we just
10
+ # spew back out what we get in. This works, but it would be better if
11
+ # we formatted the output ourselves.
12
+ #
13
+ # AttlistDecls provide *just* enough support to allow namespace
14
+ # declarations. If you need some sort of generalized support, or have an
15
+ # interesting idea about how to map the hideous, terrible design of DTD
16
+ # AttlistDecls onto an intuitive Ruby interface, let me know. I'm desperate
17
+ # for anything to make DTDs more palateable.
18
+ class AttlistDecl < Child
19
+ include Enumerable
20
+
21
+ # What is this? Got me.
22
+ attr_reader :element_name
23
+
24
+ # Create an AttlistDecl, pulling the information from a Source. Notice
25
+ # that this isn't very convenient; to create an AttlistDecl, you basically
26
+ # have to format it yourself, and then have the initializer parse it.
27
+ # Sorry, but for the foreseeable future, DTD support in REXML is pretty
28
+ # weak on convenience. Have I mentioned how much I hate DTDs?
29
+ def initialize(source)
30
+ super()
31
+ if (source.kind_of? Array)
32
+ @element_name, @pairs, @contents = *source
33
+ end
34
+ end
35
+
36
+ # Access the attlist attribute/value pairs.
37
+ # value = attlist_decl[ attribute_name ]
38
+ def [](key)
39
+ @pairs[key]
40
+ end
41
+
42
+ # Whether an attlist declaration includes the given attribute definition
43
+ # if attlist_decl.include? "xmlns:foobar"
44
+ def include?(key)
45
+ @pairs.keys.include? key
46
+ end
47
+
48
+ # Iterate over the key/value pairs:
49
+ # attlist_decl.each { |attribute_name, attribute_value| ... }
50
+ def each(&block)
51
+ @pairs.each(&block)
52
+ end
53
+
54
+ # Write out exactly what we got in.
55
+ def write out, indent=-1
56
+ out << @contents
57
+ end
58
+
59
+ def node_type
60
+ :attlistdecl
61
+ end
62
+ end
63
+ end
@@ -0,0 +1,205 @@
1
+ # frozen_string_literal: false
2
+ require_relative "namespace"
3
+ require_relative 'text'
4
+
5
+ module REXML
6
+ # Defines an Element Attribute; IE, a attribute=value pair, as in:
7
+ # <element attribute="value"/>. Attributes can be in their own
8
+ # namespaces. General users of REXML will not interact with the
9
+ # Attribute class much.
10
+ class Attribute
11
+ include Node
12
+ include Namespace
13
+
14
+ # The element to which this attribute belongs
15
+ attr_reader :element
16
+ # The normalized value of this attribute. That is, the attribute with
17
+ # entities intact.
18
+ attr_writer :normalized
19
+ PATTERN = /\s*(#{NAME_STR})\s*=\s*(["'])(.*?)\2/um
20
+
21
+ NEEDS_A_SECOND_CHECK = /(<|&((#{Entity::NAME});|(#0*((?:\d+)|(?:x[a-fA-F0-9]+)));)?)/um
22
+
23
+ # Constructor.
24
+ # FIXME: The parser doesn't catch illegal characters in attributes
25
+ #
26
+ # first::
27
+ # Either: an Attribute, which this new attribute will become a
28
+ # clone of; or a String, which is the name of this attribute
29
+ # second::
30
+ # If +first+ is an Attribute, then this may be an Element, or nil.
31
+ # If nil, then the Element parent of this attribute is the parent
32
+ # of the +first+ Attribute. If the first argument is a String,
33
+ # then this must also be a String, and is the content of the attribute.
34
+ # If this is the content, it must be fully normalized (contain no
35
+ # illegal characters).
36
+ # parent::
37
+ # Ignored unless +first+ is a String; otherwise, may be the Element
38
+ # parent of this attribute, or nil.
39
+ #
40
+ #
41
+ # Attribute.new( attribute_to_clone )
42
+ # Attribute.new( attribute_to_clone, parent_element )
43
+ # Attribute.new( "attr", "attr_value" )
44
+ # Attribute.new( "attr", "attr_value", parent_element )
45
+ def initialize( first, second=nil, parent=nil )
46
+ @normalized = @unnormalized = @element = nil
47
+ if first.kind_of? Attribute
48
+ self.name = first.expanded_name
49
+ @unnormalized = first.value
50
+ if second.kind_of? Element
51
+ @element = second
52
+ else
53
+ @element = first.element
54
+ end
55
+ elsif first.kind_of? String
56
+ @element = parent
57
+ self.name = first
58
+ @normalized = second.to_s
59
+ else
60
+ raise "illegal argument #{first.class.name} to Attribute constructor"
61
+ end
62
+ end
63
+
64
+ # Returns the namespace of the attribute.
65
+ #
66
+ # e = Element.new( "elns:myelement" )
67
+ # e.add_attribute( "nsa:a", "aval" )
68
+ # e.add_attribute( "b", "bval" )
69
+ # e.attributes.get_attribute( "a" ).prefix # -> "nsa"
70
+ # e.attributes.get_attribute( "b" ).prefix # -> ""
71
+ # a = Attribute.new( "x", "y" )
72
+ # a.prefix # -> ""
73
+ def prefix
74
+ super
75
+ end
76
+
77
+ # Returns the namespace URL, if defined, or nil otherwise
78
+ #
79
+ # e = Element.new("el")
80
+ # e.add_namespace("ns", "http://url")
81
+ # e.add_attribute("ns:a", "b")
82
+ # e.add_attribute("nsx:a", "c")
83
+ # e.attribute("ns:a").namespace # => "http://url"
84
+ # e.attribute("nsx:a").namespace # => nil
85
+ #
86
+ # This method always returns "" for no namespace attribute. Because
87
+ # the default namespace doesn't apply to attribute names.
88
+ #
89
+ # From https://www.w3.org/TR/xml-names/#uniqAttrs
90
+ #
91
+ # > the default namespace does not apply to attribute names
92
+ #
93
+ # e = REXML::Element.new("el")
94
+ # e.add_namespace("", "http://example.com/")
95
+ # e.namespace # => "http://example.com/"
96
+ # e.add_attribute("a", "b")
97
+ # e.attribute("a").namespace # => ""
98
+ def namespace arg=nil
99
+ arg = prefix if arg.nil?
100
+ if arg == ""
101
+ ""
102
+ else
103
+ @element.namespace(arg)
104
+ end
105
+ end
106
+
107
+ # Returns true if other is an Attribute and has the same name and value,
108
+ # false otherwise.
109
+ def ==( other )
110
+ other.kind_of?(Attribute) and other.name==name and other.value==value
111
+ end
112
+
113
+ # Creates (and returns) a hash from both the name and value
114
+ def hash
115
+ name.hash + value.hash
116
+ end
117
+
118
+ # Returns this attribute out as XML source, expanding the name
119
+ #
120
+ # a = Attribute.new( "x", "y" )
121
+ # a.to_string # -> "x='y'"
122
+ # b = Attribute.new( "ns:x", "y" )
123
+ # b.to_string # -> "ns:x='y'"
124
+ def to_string
125
+ if @element and @element.context and @element.context[:attribute_quote] == :quote
126
+ %Q^#@expanded_name="#{to_s().gsub(/"/, '&quot;')}"^
127
+ else
128
+ "#@expanded_name='#{to_s().gsub(/'/, '&apos;')}'"
129
+ end
130
+ end
131
+
132
+ def doctype
133
+ if @element
134
+ doc = @element.document
135
+ doc.doctype if doc
136
+ end
137
+ end
138
+
139
+ # Returns the attribute value, with entities replaced
140
+ def to_s
141
+ return @normalized if @normalized
142
+
143
+ @normalized = Text::normalize( @unnormalized, doctype )
144
+ @unnormalized = nil
145
+ @normalized
146
+ end
147
+
148
+ # Returns the UNNORMALIZED value of this attribute. That is, entities
149
+ # have been expanded to their values
150
+ def value
151
+ return @unnormalized if @unnormalized
152
+ @unnormalized = Text::unnormalize( @normalized, doctype )
153
+ @normalized = nil
154
+ @unnormalized
155
+ end
156
+
157
+ # Returns a copy of this attribute
158
+ def clone
159
+ Attribute.new self
160
+ end
161
+
162
+ # Sets the element of which this object is an attribute. Normally, this
163
+ # is not directly called.
164
+ #
165
+ # Returns this attribute
166
+ def element=( element )
167
+ @element = element
168
+
169
+ if @normalized
170
+ Text.check( @normalized, NEEDS_A_SECOND_CHECK, doctype )
171
+ end
172
+
173
+ self
174
+ end
175
+
176
+ # Removes this Attribute from the tree, and returns true if successful
177
+ #
178
+ # This method is usually not called directly.
179
+ def remove
180
+ @element.attributes.delete self.name unless @element.nil?
181
+ end
182
+
183
+ # Writes this attribute (EG, puts 'key="value"' to the output)
184
+ def write( output, indent=-1 )
185
+ output << to_string
186
+ end
187
+
188
+ def node_type
189
+ :attribute
190
+ end
191
+
192
+ def inspect
193
+ rv = ""
194
+ write( rv )
195
+ rv
196
+ end
197
+
198
+ def xpath
199
+ path = @element.xpath
200
+ path += "/@#{self.expanded_name}"
201
+ return path
202
+ end
203
+ end
204
+ end
205
+ #vim:ts=2 sw=2 noexpandtab: