brakeman 4.10.1 → 5.0.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +9 -7
- data/README.md +1 -1
- data/bundle/load.rb +8 -9
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/CHANGELOG.md +1 -8
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/FAQ.md +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/Gemfile +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/MIT-LICENSE +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/README.md +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/REFERENCE.md +5 -9
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/TODO +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/haml.gemspec +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/attribute_builder.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/attribute_compiler.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/attribute_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/buffer.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/compiler.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/error.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/escapable.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/exec.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/filters.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/generator.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/action_view_extensions.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/action_view_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/safe_erubi_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/safe_erubis_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/parser.rb +3 -31
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/plugin.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/railtie.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/sass_rails_filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/template/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/temple_engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/temple_line_counter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/util.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/version.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/yard/default/fulldoc/html/css/common.sass +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/yard/default/layout/html/footer.erb +0 -0
- data/lib/brakeman.rb +6 -0
- data/lib/brakeman/app_tree.rb +36 -3
- data/lib/brakeman/checks/check_execute.rb +1 -1
- data/lib/brakeman/checks/check_regex_dos.rb +1 -1
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +68 -0
- data/lib/brakeman/checks/check_verb_confusion.rb +75 -0
- data/lib/brakeman/file_parser.rb +19 -23
- data/lib/brakeman/options.rb +5 -1
- data/lib/brakeman/parsers/template_parser.rb +2 -3
- data/lib/brakeman/processors/alias_processor.rb +2 -2
- data/lib/brakeman/processors/controller_processor.rb +1 -1
- data/lib/brakeman/processors/lib/file_type_detector.rb +64 -0
- data/lib/brakeman/processors/output_processor.rb +1 -1
- data/lib/brakeman/processors/template_alias_processor.rb +0 -5
- data/lib/brakeman/report.rb +8 -0
- data/lib/brakeman/report/report_sonar.rb +38 -0
- data/lib/brakeman/rescanner.rb +7 -5
- data/lib/brakeman/scanner.rb +42 -18
- data/lib/brakeman/tracker.rb +6 -0
- data/lib/brakeman/tracker/controller.rb +1 -1
- data/lib/brakeman/util.rb +9 -4
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning_codes.rb +2 -0
- data/lib/ruby_parser/bm_sexp.rb +9 -9
- metadata +49 -99
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile +0 -6
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt +0 -22
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md +0 -141
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/README.md +0 -60
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attlistdecl.rb +0 -63
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attribute.rb +0 -205
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/cdata.rb +0 -68
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/child.rb +0 -97
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/comment.rb +0 -80
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/doctype.rb +0 -287
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/document.rb +0 -291
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/attlistdecl.rb +0 -11
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/dtd.rb +0 -47
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/elementdecl.rb +0 -18
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/entitydecl.rb +0 -57
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/notationdecl.rb +0 -40
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/element.rb +0 -1269
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/encoding.rb +0 -51
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/entity.rb +0 -171
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/default.rb +0 -116
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/pretty.rb +0 -142
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/transitive.rb +0 -58
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/functions.rb +0 -447
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/instruction.rb +0 -79
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/light/node.rb +0 -196
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/namespace.rb +0 -59
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/node.rb +0 -76
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/output.rb +0 -30
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parent.rb +0 -166
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parseexception.rb +0 -52
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/baseparser.rb +0 -594
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/lightparser.rb +0 -59
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/pullparser.rb +0 -197
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/sax2parser.rb +0 -273
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/streamparser.rb +0 -61
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/treeparser.rb +0 -101
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/ultralightparser.rb +0 -57
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/xpathparser.rb +0 -675
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb +0 -266
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb +0 -32
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb +0 -98
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb +0 -28
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb +0 -298
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/streamlistener.rb +0 -93
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/text.rb +0 -424
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/undefinednamespaceexception.rb +0 -9
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/relaxng.rb +0 -539
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validation.rb +0 -144
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validationexception.rb +0 -10
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmldecl.rb +0 -130
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmltokens.rb +0 -85
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath.rb +0 -81
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath_parser.rb +0 -968
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/rexml.gemspec +0 -84
data/lib/brakeman/tracker.rb
CHANGED
data/lib/brakeman/util.rb
CHANGED
@@ -321,7 +321,7 @@ module Brakeman::Util
|
|
321
321
|
if node_type? current, :class
|
322
322
|
return true
|
323
323
|
elsif sexp? current
|
324
|
-
todo = current.
|
324
|
+
todo = current[1..-1].concat todo
|
325
325
|
end
|
326
326
|
end
|
327
327
|
|
@@ -334,7 +334,7 @@ module Brakeman::Util
|
|
334
334
|
if args.empty? or args.first.empty?
|
335
335
|
#nothing to do
|
336
336
|
elsif node_type? args.first, :arglist
|
337
|
-
call.concat args.first
|
337
|
+
call.concat args.first[1..-1]
|
338
338
|
elsif args.first.node_type.is_a? Sexp #just a list of args
|
339
339
|
call.concat args.first
|
340
340
|
else
|
@@ -368,8 +368,13 @@ module Brakeman::Util
|
|
368
368
|
#
|
369
369
|
# views/test/something.html.erb -> test/something
|
370
370
|
def template_path_to_name path
|
371
|
-
names = path.relative.split(
|
371
|
+
names = path.relative.split('/')
|
372
372
|
names.last.gsub!(/(\.(html|js)\..*|\.(rhtml|haml|erb|slim))$/, '')
|
373
|
-
|
373
|
+
|
374
|
+
if names.include? 'views'
|
375
|
+
names[(names.index('views') + 1)..-1]
|
376
|
+
else
|
377
|
+
names
|
378
|
+
end.join('/').to_sym
|
374
379
|
end
|
375
380
|
end
|
data/lib/brakeman/version.rb
CHANGED
data/lib/ruby_parser/bm_sexp.rb
CHANGED
@@ -175,7 +175,7 @@ class Sexp
|
|
175
175
|
start_index = 3
|
176
176
|
|
177
177
|
if exp.is_a? Sexp and exp.node_type == :arglist
|
178
|
-
exp = exp
|
178
|
+
exp = exp[1..-1]
|
179
179
|
end
|
180
180
|
|
181
181
|
exp.each_with_index do |e, i|
|
@@ -198,10 +198,10 @@ class Sexp
|
|
198
198
|
|
199
199
|
case self.node_type
|
200
200
|
when :call, :attrasgn, :safe_call, :safe_attrasgn
|
201
|
-
self
|
201
|
+
self[3..-1].unshift :arglist
|
202
202
|
when :super, :zsuper
|
203
203
|
if self[1]
|
204
|
-
self.
|
204
|
+
self[1..-1].unshift :arglist
|
205
205
|
else
|
206
206
|
Sexp.new(:arglist)
|
207
207
|
end
|
@@ -218,13 +218,13 @@ class Sexp
|
|
218
218
|
case self.node_type
|
219
219
|
when :call, :attrasgn, :safe_call, :safe_attrasgn
|
220
220
|
if self[3]
|
221
|
-
self
|
221
|
+
self[3..-1]
|
222
222
|
else
|
223
223
|
Sexp.new
|
224
224
|
end
|
225
225
|
when :super, :zsuper
|
226
226
|
if self[1]
|
227
|
-
self
|
227
|
+
self[1..-1]
|
228
228
|
else
|
229
229
|
Sexp.new
|
230
230
|
end
|
@@ -512,7 +512,7 @@ class Sexp
|
|
512
512
|
self.slice!(index..-1) #Remove old body
|
513
513
|
|
514
514
|
if exp.first == :rlist
|
515
|
-
exp = exp
|
515
|
+
exp = exp[1..-1]
|
516
516
|
end
|
517
517
|
|
518
518
|
#Insert new body
|
@@ -529,11 +529,11 @@ class Sexp
|
|
529
529
|
|
530
530
|
case self.node_type
|
531
531
|
when :defn, :class
|
532
|
-
self
|
532
|
+
self[3..-1]
|
533
533
|
when :defs
|
534
|
-
self
|
534
|
+
self[4..-1]
|
535
535
|
when :module
|
536
|
-
self
|
536
|
+
self[2..-1]
|
537
537
|
end
|
538
538
|
end
|
539
539
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 5.0.0.pre1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-11-18 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
14
14
|
via static analysis.
|
@@ -56,46 +56,46 @@ files:
|
|
56
56
|
- bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/tiny.rb
|
57
57
|
- bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/util.rb
|
58
58
|
- bundle/ruby/2.7.0/gems/erubis-2.7.0/setup.rb
|
59
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
60
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
61
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
62
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
63
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
64
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
65
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
66
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
67
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
68
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
69
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
70
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
71
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
72
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
73
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
74
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
75
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
76
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
77
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
78
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
79
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
80
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
81
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
82
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
83
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
84
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
85
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
86
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
87
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
88
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
89
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
90
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
91
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
92
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
93
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
94
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
95
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
96
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
97
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
98
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
59
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/CHANGELOG.md
|
60
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/FAQ.md
|
61
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/Gemfile
|
62
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/MIT-LICENSE
|
63
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/README.md
|
64
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/REFERENCE.md
|
65
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/TODO
|
66
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/haml.gemspec
|
67
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml.rb
|
68
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_builder.rb
|
69
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_compiler.rb
|
70
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_parser.rb
|
71
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/buffer.rb
|
72
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/compiler.rb
|
73
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/engine.rb
|
74
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/error.rb
|
75
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/escapable.rb
|
76
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/exec.rb
|
77
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/filters.rb
|
78
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/generator.rb
|
79
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers.rb
|
80
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_extensions.rb
|
81
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_mods.rb
|
82
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_xss_mods.rb
|
83
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/safe_erubi_template.rb
|
84
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/safe_erubis_template.rb
|
85
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/xss_mods.rb
|
86
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/options.rb
|
87
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/parser.rb
|
88
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/plugin.rb
|
89
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/railtie.rb
|
90
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/sass_rails_filter.rb
|
91
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/template.rb
|
92
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/template/options.rb
|
93
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/temple_engine.rb
|
94
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/temple_line_counter.rb
|
95
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/util.rb
|
96
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/version.rb
|
97
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/yard/default/fulldoc/html/css/common.sass
|
98
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.0/yard/default/layout/html/footer.erb
|
99
99
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/AUTHORS
|
100
100
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/COPYING
|
101
101
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/Changelog.md
|
@@ -132,60 +132,6 @@ files:
|
|
132
132
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb
|
133
133
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/version.rb
|
134
134
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb
|
135
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile
|
136
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt
|
137
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md
|
138
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/README.md
|
139
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attlistdecl.rb
|
140
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attribute.rb
|
141
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/cdata.rb
|
142
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/child.rb
|
143
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/comment.rb
|
144
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/doctype.rb
|
145
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/document.rb
|
146
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/attlistdecl.rb
|
147
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/dtd.rb
|
148
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/elementdecl.rb
|
149
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/entitydecl.rb
|
150
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/notationdecl.rb
|
151
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/element.rb
|
152
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/encoding.rb
|
153
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/entity.rb
|
154
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/default.rb
|
155
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/pretty.rb
|
156
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/transitive.rb
|
157
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/functions.rb
|
158
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/instruction.rb
|
159
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/light/node.rb
|
160
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/namespace.rb
|
161
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/node.rb
|
162
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/output.rb
|
163
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parent.rb
|
164
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parseexception.rb
|
165
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/baseparser.rb
|
166
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/lightparser.rb
|
167
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/pullparser.rb
|
168
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/sax2parser.rb
|
169
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/streamparser.rb
|
170
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/treeparser.rb
|
171
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/ultralightparser.rb
|
172
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/xpathparser.rb
|
173
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb
|
174
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb
|
175
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb
|
176
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb
|
177
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb
|
178
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/streamlistener.rb
|
179
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/text.rb
|
180
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/undefinednamespaceexception.rb
|
181
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/relaxng.rb
|
182
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validation.rb
|
183
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validationexception.rb
|
184
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmldecl.rb
|
185
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmltokens.rb
|
186
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath.rb
|
187
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath_parser.rb
|
188
|
-
- bundle/ruby/2.7.0/gems/rexml-3.2.4/rexml.gemspec
|
189
135
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/History.rdoc
|
190
136
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
|
191
137
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
|
@@ -502,8 +448,10 @@ files:
|
|
502
448
|
- lib/brakeman/checks/check_template_injection.rb
|
503
449
|
- lib/brakeman/checks/check_translate_bug.rb
|
504
450
|
- lib/brakeman/checks/check_unsafe_reflection.rb
|
451
|
+
- lib/brakeman/checks/check_unsafe_reflection_methods.rb
|
505
452
|
- lib/brakeman/checks/check_unscoped_find.rb
|
506
453
|
- lib/brakeman/checks/check_validation_regex.rb
|
454
|
+
- lib/brakeman/checks/check_verb_confusion.rb
|
507
455
|
- lib/brakeman/checks/check_weak_hash.rb
|
508
456
|
- lib/brakeman/checks/check_without_protection.rb
|
509
457
|
- lib/brakeman/checks/check_xml_dos.rb
|
@@ -534,6 +482,7 @@ files:
|
|
534
482
|
- lib/brakeman/processors/haml_template_processor.rb
|
535
483
|
- lib/brakeman/processors/lib/basic_processor.rb
|
536
484
|
- lib/brakeman/processors/lib/call_conversion_helper.rb
|
485
|
+
- lib/brakeman/processors/lib/file_type_detector.rb
|
537
486
|
- lib/brakeman/processors/lib/find_all_calls.rb
|
538
487
|
- lib/brakeman/processors/lib/find_call.rb
|
539
488
|
- lib/brakeman/processors/lib/find_return_value.rb
|
@@ -570,6 +519,7 @@ files:
|
|
570
519
|
- lib/brakeman/report/report_junit.rb
|
571
520
|
- lib/brakeman/report/report_markdown.rb
|
572
521
|
- lib/brakeman/report/report_sarif.rb
|
522
|
+
- lib/brakeman/report/report_sonar.rb
|
573
523
|
- lib/brakeman/report/report_table.rb
|
574
524
|
- lib/brakeman/report/report_tabs.rb
|
575
525
|
- lib/brakeman/report/report_text.rb
|
@@ -619,12 +569,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
619
569
|
requirements:
|
620
570
|
- - ">="
|
621
571
|
- !ruby/object:Gem::Version
|
622
|
-
version: 2.
|
572
|
+
version: 2.4.0
|
623
573
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
624
574
|
requirements:
|
625
|
-
- - "
|
575
|
+
- - ">"
|
626
576
|
- !ruby/object:Gem::Version
|
627
|
-
version:
|
577
|
+
version: 1.3.1
|
628
578
|
requirements: []
|
629
579
|
rubygems_version: 3.1.2
|
630
580
|
signing_key:
|
@@ -1,22 +0,0 @@
|
|
1
|
-
Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
|
2
|
-
|
3
|
-
Redistribution and use in source and binary forms, with or without
|
4
|
-
modification, are permitted provided that the following conditions
|
5
|
-
are met:
|
6
|
-
1. Redistributions of source code must retain the above copyright
|
7
|
-
notice, this list of conditions and the following disclaimer.
|
8
|
-
2. Redistributions in binary form must reproduce the above copyright
|
9
|
-
notice, this list of conditions and the following disclaimer in the
|
10
|
-
documentation and/or other materials provided with the distribution.
|
11
|
-
|
12
|
-
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
13
|
-
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
14
|
-
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
15
|
-
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
16
|
-
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
17
|
-
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
18
|
-
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
19
|
-
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
20
|
-
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
21
|
-
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
22
|
-
SUCH DAMAGE.
|
@@ -1,141 +0,0 @@
|
|
1
|
-
# News
|
2
|
-
|
3
|
-
## 3.2.4 - 2020-01-31 {#version-3-2-4}
|
4
|
-
|
5
|
-
### Improvements
|
6
|
-
|
7
|
-
* Don't use `taint` with Ruby 2.7 or later.
|
8
|
-
[GitHub#21][Patch by Jeremy Evans]
|
9
|
-
|
10
|
-
### Fixes
|
11
|
-
|
12
|
-
* Fixed a `elsif` typo.
|
13
|
-
[GitHub#22][Patch by Nobuyoshi Nakada]
|
14
|
-
|
15
|
-
### Thanks
|
16
|
-
|
17
|
-
* Jeremy Evans
|
18
|
-
|
19
|
-
* Nobuyoshi Nakada
|
20
|
-
|
21
|
-
## 3.2.3 - 2019-10-12 {#version-3-2-3}
|
22
|
-
|
23
|
-
### Fixes
|
24
|
-
|
25
|
-
* Fixed a bug that `REXML::XMLDecl#close` doesn't copy `@writethis`.
|
26
|
-
[GitHub#20][Patch by hirura]
|
27
|
-
|
28
|
-
### Thanks
|
29
|
-
|
30
|
-
* hirura
|
31
|
-
|
32
|
-
## 3.2.2 - 2019-06-03 {#version-3-2-2}
|
33
|
-
|
34
|
-
### Fixes
|
35
|
-
|
36
|
-
* xpath: Fixed a bug for equality and relational expressions.
|
37
|
-
[GitHub#17][Reported by Mirko Budszuhn]
|
38
|
-
|
39
|
-
* xpath: Fixed `boolean()` implementation.
|
40
|
-
|
41
|
-
* xpath: Fixed `local_name()` with nonexistent node.
|
42
|
-
|
43
|
-
* xpath: Fixed `number()` implementation with node set.
|
44
|
-
[GitHub#18][Reported by Mirko Budszuhn]
|
45
|
-
|
46
|
-
### Thanks
|
47
|
-
|
48
|
-
* Mirko Budszuhn
|
49
|
-
|
50
|
-
## 3.2.1 - 2019-05-04 {#version-3-2-1}
|
51
|
-
|
52
|
-
### Improvements
|
53
|
-
|
54
|
-
* Improved error message.
|
55
|
-
[GitHub#12][Patch by FUJI Goro]
|
56
|
-
|
57
|
-
* Improved error message.
|
58
|
-
[GitHub#16][Patch by ujihisa]
|
59
|
-
|
60
|
-
* Improved documentation markup.
|
61
|
-
[GitHub#14][Patch by Alyssa Ross]
|
62
|
-
|
63
|
-
### Fixes
|
64
|
-
|
65
|
-
* Fixed a bug that `nil` variable value raises an unexpected exception.
|
66
|
-
[GitHub#13][Patch by Alyssa Ross]
|
67
|
-
|
68
|
-
### Thanks
|
69
|
-
|
70
|
-
* FUJI Goro
|
71
|
-
|
72
|
-
* Alyssa Ross
|
73
|
-
|
74
|
-
* ujihisa
|
75
|
-
|
76
|
-
## 3.2.0 - 2019-01-01 {#version-3-2-0}
|
77
|
-
|
78
|
-
### Fixes
|
79
|
-
|
80
|
-
* Fixed a bug that no namespace attribute isn't matched with prefix.
|
81
|
-
|
82
|
-
[ruby-list:50731][Reported by Yasuhiro KIMURA]
|
83
|
-
|
84
|
-
* Fixed a bug that the default namespace is applied to attribute names.
|
85
|
-
|
86
|
-
NOTE: It's a backward incompatible change. If your program has any
|
87
|
-
problem with this change, please report it. We may revert this fix.
|
88
|
-
|
89
|
-
* `REXML::Attribute#prefix` returns `""` for no namespace attribute.
|
90
|
-
|
91
|
-
* `REXML::Attribute#namespace` returns `""` for no namespace attribute.
|
92
|
-
|
93
|
-
### Thanks
|
94
|
-
|
95
|
-
* Yasuhiro KIMURA
|
96
|
-
|
97
|
-
## 3.1.9 - 2018-12-20 {#version-3-1-9}
|
98
|
-
|
99
|
-
### Improvements
|
100
|
-
|
101
|
-
* Improved backward compatibility.
|
102
|
-
|
103
|
-
Restored `REXML::Parsers::BaseParser::UNQME_STR` because it's used
|
104
|
-
by kramdown.
|
105
|
-
|
106
|
-
## 3.1.8 - 2018-12-20 {#version-3-1-8}
|
107
|
-
|
108
|
-
### Improvements
|
109
|
-
|
110
|
-
* Added support for customizing quote character in prologue.
|
111
|
-
[GitHub#8][Bug #9367][Reported by Takashi Oguma]
|
112
|
-
|
113
|
-
* You can use `"` as quote character by specifying `:quote` to
|
114
|
-
`REXML::Document#context[:prologue_quote]`.
|
115
|
-
|
116
|
-
* You can use `'` as quote character by specifying `:apostrophe`
|
117
|
-
to `REXML::Document#context[:prologue_quote]`.
|
118
|
-
|
119
|
-
* Added processing instruction target check. The target must not nil.
|
120
|
-
[GitHub#7][Reported by Ariel Zelivansky]
|
121
|
-
|
122
|
-
* Added name check for element and attribute.
|
123
|
-
[GitHub#7][Reported by Ariel Zelivansky]
|
124
|
-
|
125
|
-
* Stopped to use `Exception`.
|
126
|
-
[GitHub#9][Patch by Jean Boussier]
|
127
|
-
|
128
|
-
### Fixes
|
129
|
-
|
130
|
-
* Fixed a bug that `REXML::Text#clone` escapes value twice.
|
131
|
-
[ruby-dev:50626][Bug #15058][Reported by Ryosuke Nanba]
|
132
|
-
|
133
|
-
### Thanks
|
134
|
-
|
135
|
-
* Takashi Oguma
|
136
|
-
|
137
|
-
* Ariel Zelivansky
|
138
|
-
|
139
|
-
* Jean Boussier
|
140
|
-
|
141
|
-
* Ryosuke Nanba
|