brakeman 4.4.0 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +271 -107
- data/README.md +19 -12
- data/bundle/load.rb +14 -14
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/CHANGES.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/MIT-LICENSE +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/README.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/contrib/erubis +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/contrib/erubis-run.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/contrib/inline-require +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/context.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/converter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/ec.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/ecpp.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/ejava.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/ejavascript.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/enhanced.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/eperl.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/ephp.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/eruby.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/escheme.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/engine/optimized.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/enhancer.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/error.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/evaluator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/generator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_form_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/local-setting.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/main.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/preprocessing.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/tiny.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/lib/erubis/util.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/erubis-2.7.0/setup.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/CHANGELOG.md +138 -4
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/FAQ.md +4 -14
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/Gemfile +16 -0
- data/bundle/ruby/{2.5.0/gems/sass-3.4.25/vendor/listen/LICENSE → 2.7.0/gems/haml-5.2.1/MIT-LICENSE} +1 -1
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/README.md +79 -42
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/REFERENCE.md +150 -71
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/TODO +24 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/haml.gemspec +45 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml.rb +2 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_builder.rb +164 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_compiler.rb +235 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_parser.rb +150 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/buffer.rb +25 -132
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/compiler.rb +330 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/engine.rb +34 -41
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/error.rb +65 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/escapable.rb +77 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/exec.rb +38 -20
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/filters.rb +22 -27
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/generator.rb +42 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/helpers.rb +134 -89
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/helpers/action_view_extensions.rb +4 -2
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/helpers/action_view_mods.rb +45 -60
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/helpers/action_view_xss_mods.rb +2 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/safe_erubi_template.rb +20 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/helpers/safe_erubis_template.rb +5 -1
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/helpers/xss_mods.rb +23 -13
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/options.rb +63 -69
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/parser.rb +319 -227
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/plugin.rb +37 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/railtie.rb +48 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/sass_rails_filter.rb +18 -4
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/template.rb +13 -6
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.7.0/gems/haml-5.2.1}/lib/haml/template/options.rb +13 -2
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/temple_engine.rb +123 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/temple_line_counter.rb +30 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/util.rb +258 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/version.rb +5 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/yard/default/fulldoc/html/css/common.sass +15 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.1/yard/default/layout/html/footer.erb +12 -0
- data/bundle/ruby/{2.5.0/gems/highline-1.7.10 → 2.7.0/gems/highline-2.0.3}/AUTHORS +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-1.7.10 → 2.7.0/gems/highline-2.0.3}/COPYING +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-1.7.10 → 2.7.0/gems/highline-2.0.3}/Changelog.md +214 -15
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/Gemfile +22 -0
- data/bundle/ruby/{2.5.0/gems/highline-1.7.10 → 2.7.0/gems/highline-2.0.3}/LICENSE +0 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/README.md +202 -0
- data/bundle/ruby/{2.5.0/gems/highline-1.7.10 → 2.7.0/gems/highline-2.0.3}/TODO +0 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/appveyor.yml +37 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/highline.gemspec +35 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline.rb +650 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/builtin_styles.rb +129 -0
- data/bundle/ruby/{2.5.0/gems/highline-1.7.10 → 2.7.0/gems/highline-2.0.3}/lib/highline/color_scheme.rb +49 -32
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/compatibility.rb +23 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/custom_errors.rb +57 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/import.rb +48 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/io_console_compatible.rb +37 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/list.rb +177 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/list_renderer.rb +261 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/menu.rb +576 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/menu/item.rb +32 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/paginator.rb +52 -0
- data/bundle/ruby/{2.5.0/gems/highline-1.7.10 → 2.7.0/gems/highline-2.0.3}/lib/highline/question.rb +281 -131
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/question/answer_converter.rb +103 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/question_asker.rb +150 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/simulate.rb +59 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/statement.rb +88 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/string.rb +36 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/string_extensions.rb +130 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/style.rb +325 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/template_renderer.rb +62 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal.rb +190 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/io_console.rb +36 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/ncurses.rb +38 -0
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb +51 -0
- data/bundle/ruby/{2.5.0/gems/highline-1.7.10 → 2.7.0/gems/highline-2.0.3}/lib/highline/version.rb +3 -1
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb +53 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile +6 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt +22 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md +141 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/README.md +60 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attlistdecl.rb +63 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attribute.rb +205 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/cdata.rb +68 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/child.rb +97 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/comment.rb +80 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/doctype.rb +287 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/document.rb +291 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/attlistdecl.rb +11 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/dtd.rb +47 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/elementdecl.rb +18 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/entitydecl.rb +57 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/notationdecl.rb +40 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/element.rb +1269 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/encoding.rb +51 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/entity.rb +171 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/default.rb +116 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/pretty.rb +142 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/transitive.rb +58 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/functions.rb +447 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/instruction.rb +79 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/light/node.rb +196 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/namespace.rb +59 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/node.rb +76 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/output.rb +30 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parent.rb +166 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parseexception.rb +52 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/baseparser.rb +594 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/lightparser.rb +59 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/pullparser.rb +197 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/sax2parser.rb +273 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/streamparser.rb +61 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/treeparser.rb +101 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/ultralightparser.rb +57 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/xpathparser.rb +675 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb +266 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb +32 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb +98 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb +28 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb +298 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/streamlistener.rb +93 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/text.rb +424 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/undefinednamespaceexception.rb +9 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/relaxng.rb +539 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validation.rb +144 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validationexception.rb +10 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmldecl.rb +130 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmltokens.rb +85 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath.rb +81 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath_parser.rb +968 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/rexml.gemspec +84 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.1 → 2.7.0/gems/ruby2ruby-2.4.4}/History.rdoc +22 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.1 → 2.7.0/gems/ruby2ruby-2.4.4}/Manifest.txt +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.1 → 2.7.0/gems/ruby2ruby-2.4.4}/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.1 → 2.7.0/gems/ruby2ruby-2.4.4}/lib/ruby2ruby.rb +118 -110
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/History.rdoc +176 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/Manifest.txt +7 -4
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/README.rdoc +3 -3
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/compare/normalize.rb +69 -2
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/debugging.md +57 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/lib/rp_extensions.rb +1 -8
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/lib/rp_stringscanner.rb +0 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby20_parser.rb +7062 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib/ruby_parser.yy → 2.7.0/gems/ruby_parser-3.15.1/lib/ruby20_parser.y} +728 -604
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby21_parser.rb +7140 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/lib/ruby21_parser.y +734 -472
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby22_parser.rb +7160 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/lib/ruby22_parser.y +735 -478
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby23_parser.rb +7175 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/lib/ruby23_parser.y +736 -479
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby24_parser.rb +7204 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/lib/ruby24_parser.y +742 -477
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby25_parser.rb +7204 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/lib/ruby25_parser.y +742 -477
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby26_parser.rb +7224 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby26_parser.y +2657 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby27_parser.rb +7224 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby27_parser.y +2657 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_lexer.rb +1473 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_lexer.rex +178 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_lexer.rex.rb +363 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0 → 2.7.0/gems/ruby_parser-3.15.1}/lib/ruby_parser.rb +36 -34
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_parser.yy +2764 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_parser_extras.rb +1631 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/tools/munge.rb +222 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/tools/ripper.rb +39 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/History.rdoc +6 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt +19 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/README.rdoc +54 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy.rb +5 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib → 2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy}/ruby18_parser.rb +7 -6
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib → 2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy}/ruby18_parser.y +5 -4
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib → 2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy}/ruby19_parser.rb +7 -6
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib → 2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy}/ruby19_parser.y +5 -4
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib → 2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy}/ruby_lexer.rb +117 -64
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib → 2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy}/ruby_lexer.rex +11 -9
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib → 2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy}/ruby_lexer.rex.rb +10 -10
- data/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb +30 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.12.0/lib → 2.7.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy}/ruby_parser_extras.rb +43 -33
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/CHANGES.md +5 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/Gemfile +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/LICENSE.txt +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/README.md +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/bundle_install_all_ruby_versions.sh +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/deep.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/libyaml_checker.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/load.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/parse/date.rb +2 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/parse/hexadecimal.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/parse/sexagesimal.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/psych_handler.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/psych_resolver.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/resolver.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/safe_to_ruby_visitor.rb +0 -0
- data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb +39 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/syck_hack.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/syck_node_monkeypatch.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/syck_resolver.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/transform.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/transform/to_boolean.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/transform/to_date.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/transform/to_float.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/transform/to_integer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/transform/to_nil.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/transform/to_symbol.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/transform/transformation_map.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/lib/safe_yaml/version.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/run_specs_all_ruby_versions.sh +0 -0
- data/bundle/ruby/{2.5.0/gems/safe_yaml-1.0.4 → 2.7.0/gems/safe_yaml-1.0.5}/safe_yaml.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0 → 2.7.0/gems/sexp_processor-4.15.2}/History.rdoc +67 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0 → 2.7.0/gems/sexp_processor-4.15.2}/Manifest.txt +1 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0 → 2.7.0/gems/sexp_processor-4.15.2}/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0 → 2.7.0/gems/sexp_processor-4.15.2}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0 → 2.7.0/gems/sexp_processor-4.15.2}/lib/pt_testcase.rb +15 -17
- data/bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/lib/sexp.rb +381 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0/lib/sexp.rb → 2.7.0/gems/sexp_processor-4.15.2/lib/sexp_matcher.rb} +67 -387
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0 → 2.7.0/gems/sexp_processor-4.15.2}/lib/sexp_processor.rb +2 -2
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0 → 2.7.0/gems/sexp_processor-4.15.2}/lib/strict_sexp.rb +3 -3
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.11.0 → 2.7.0/gems/sexp_processor-4.15.2}/lib/unique.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/CHANGES +4 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/Gemfile +12 -13
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/LICENSE +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/README.jp.md +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/README.md +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/code_attributes.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/command.rb +13 -13
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/controls.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/do_inserter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/embedded.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/end_inserter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/engine.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/erb_converter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/grammar.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/include.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/interpolation.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/logic_less.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/logic_less/context.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/logic_less/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/parser.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/smart.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/smart/escaper.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/smart/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/smart/parser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/splat/builder.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/splat/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/template.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/translator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/lib/slim/version.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/slim-4.0.1 → 2.7.0/gems/slim-4.1.0}/slim.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/CHANGES +11 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/EXPRESSIONS.md +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/Gemfile +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/LICENSE +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/README.md +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/engine.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/erb/engine.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/erb/parser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/erb/template.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/erb/trimming.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/exceptions.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/code_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/control_flow.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/dynamic_inliner.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/encoding.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/eraser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/escapable.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/multi_flattener.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/remove_bom.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/static_analyzer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/static_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/string_splitter.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/filters/validator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/generator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/generators/array.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/generators/array_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/generators/erb.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/generators/rails_output_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/generators/string_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/grammar.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/html/attribute_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/html/attribute_remover.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/html/attribute_sorter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/html/dispatcher.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/html/fast.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/html/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/html/pretty.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/html/safe.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/map.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/mixins/dispatcher.rb +2 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/mixins/engine_dsl.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/mixins/grammar_dsl.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/mixins/options.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/mixins/template.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/parser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/static_analyzer.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/templates.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/templates/rails.rb +2 -2
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/templates/tilt.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/lib/temple/utils.rb +0 -0
- data/bundle/ruby/2.7.0/gems/temple-0.8.2/lib/temple/version.rb +3 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.0 → 2.7.0/gems/temple-0.8.2}/temple.gemspec +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/Gemfile +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/History.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/LICENSE.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/Manifest +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/Todo.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table/cell.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table/import.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table/row.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table/separator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table/style.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table/table.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/lib/terminal-table/version.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.7.0}/gems/terminal-table-1.8.0/terminal-table.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/COPYING +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/asciidoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/babel.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/bluecloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/builder.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/coffee.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/commonmarker.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/creole.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/csv.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/dummy.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/erb.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/erubi.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/erubis.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/etanni.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/haml.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/kramdown.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/less.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/liquid.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/livescript.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/mapping.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/markaby.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/maruku.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/nokogiri.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/pandoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/plain.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/prawn.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/radius.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/rdiscount.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/rdoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/redcarpet.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/redcloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/rst-pandoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/sass.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/sigil.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/string.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/template.rb +7 -12
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/typescript.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/wikicloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.7.0/gems/tilt-2.0.10}/lib/tilt/yajl.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/unicode-display_width-1.4.1 → 2.7.0/gems/unicode-display_width-1.7.0}/CHANGELOG.md +16 -0
- data/bundle/ruby/{2.5.0/gems/unicode-display_width-1.4.1 → 2.7.0/gems/unicode-display_width-1.7.0}/MIT-LICENSE.txt +1 -1
- data/bundle/ruby/{2.5.0/gems/unicode-display_width-1.4.1 → 2.7.0/gems/unicode-display_width-1.7.0}/README.md +10 -10
- data/bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/data/display_width.marshal.gz +0 -0
- data/bundle/ruby/{2.5.0/gems/unicode-display_width-1.4.1 → 2.7.0/gems/unicode-display_width-1.7.0}/lib/unicode/display_width.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/unicode-display_width-1.4.1 → 2.7.0/gems/unicode-display_width-1.7.0}/lib/unicode/display_width/constants.rb +2 -2
- data/bundle/ruby/{2.5.0/gems/unicode-display_width-1.4.1 → 2.7.0/gems/unicode-display_width-1.7.0}/lib/unicode/display_width/index.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/unicode-display_width-1.4.1 → 2.7.0/gems/unicode-display_width-1.7.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/unicode-display_width-1.4.1 → 2.7.0/gems/unicode-display_width-1.7.0}/lib/unicode/display_width/string_ext.rb +0 -0
- data/lib/brakeman.rb +37 -0
- data/lib/brakeman/app_tree.rb +67 -22
- data/lib/brakeman/call_index.rb +54 -15
- data/lib/brakeman/checks.rb +7 -7
- data/lib/brakeman/checks/base_check.rb +94 -66
- data/lib/brakeman/checks/check_basic_auth.rb +2 -0
- data/lib/brakeman/checks/check_content_tag.rb +12 -1
- data/lib/brakeman/checks/check_cookie_serialization.rb +22 -0
- data/lib/brakeman/checks/check_cross_site_scripting.rb +15 -10
- data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +28 -0
- data/lib/brakeman/checks/check_default_routes.rb +5 -0
- data/lib/brakeman/checks/check_deserialize.rb +70 -1
- data/lib/brakeman/checks/check_dynamic_finders.rb +1 -1
- data/lib/brakeman/checks/check_evaluation.rb +0 -1
- data/lib/brakeman/checks/check_execute.rb +84 -5
- data/lib/brakeman/checks/check_file_access.rb +7 -1
- data/lib/brakeman/checks/check_force_ssl.rb +27 -0
- data/lib/brakeman/checks/check_header_dos.rb +2 -2
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -2
- data/lib/brakeman/checks/check_jruby_xml.rb +2 -2
- data/lib/brakeman/checks/check_json_entity_escape.rb +38 -0
- data/lib/brakeman/checks/check_json_parsing.rb +7 -2
- data/lib/brakeman/checks/check_link_to.rb +1 -1
- data/lib/brakeman/checks/check_link_to_href.rb +7 -4
- data/lib/brakeman/checks/check_mail_to.rb +1 -1
- data/lib/brakeman/checks/check_mass_assignment.rb +34 -4
- data/lib/brakeman/checks/check_mime_type_dos.rb +2 -2
- data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -2
- data/lib/brakeman/checks/check_model_attributes.rb +13 -51
- data/lib/brakeman/checks/check_model_serialize.rb +1 -1
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +4 -4
- data/lib/brakeman/checks/check_page_caching_cve.rb +37 -0
- data/lib/brakeman/checks/check_permit_attributes.rb +1 -1
- data/lib/brakeman/checks/check_regex_dos.rb +1 -1
- data/lib/brakeman/checks/check_reverse_tabnabbing.rb +58 -0
- data/lib/brakeman/checks/check_sanitize_methods.rb +2 -2
- data/lib/brakeman/checks/check_secrets.rb +1 -1
- data/lib/brakeman/checks/check_send.rb +0 -1
- data/lib/brakeman/checks/check_session_manipulation.rb +0 -1
- data/lib/brakeman/checks/check_session_settings.rb +15 -12
- data/lib/brakeman/checks/check_simple_format.rb +5 -0
- data/lib/brakeman/checks/check_skip_before_filter.rb +5 -5
- data/lib/brakeman/checks/check_sql.rb +46 -48
- data/lib/brakeman/checks/check_template_injection.rb +32 -0
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +68 -0
- data/lib/brakeman/checks/check_validation_regex.rb +1 -1
- data/lib/brakeman/checks/check_verb_confusion.rb +75 -0
- data/lib/brakeman/checks/check_xml_dos.rb +2 -2
- data/lib/brakeman/checks/check_yaml_parsing.rb +10 -18
- data/lib/brakeman/commandline.rb +25 -1
- data/lib/brakeman/differ.rb +16 -33
- data/lib/brakeman/file_parser.rb +25 -21
- data/lib/brakeman/file_path.rb +85 -0
- data/lib/brakeman/options.rb +32 -1
- data/lib/brakeman/parsers/haml_embedded.rb +44 -0
- data/lib/brakeman/parsers/slim_embedded.rb +44 -0
- data/lib/brakeman/parsers/template_parser.rb +9 -10
- data/lib/brakeman/processor.rb +5 -6
- data/lib/brakeman/processors/alias_processor.rb +71 -14
- data/lib/brakeman/processors/base_processor.rb +10 -7
- data/lib/brakeman/processors/controller_alias_processor.rb +10 -7
- data/lib/brakeman/processors/controller_processor.rb +10 -14
- data/lib/brakeman/processors/gem_processor.rb +10 -2
- data/lib/brakeman/processors/haml_template_processor.rb +99 -123
- data/lib/brakeman/processors/lib/call_conversion_helper.rb +10 -5
- data/lib/brakeman/processors/lib/file_type_detector.rb +64 -0
- data/lib/brakeman/processors/lib/find_all_calls.rb +57 -18
- data/lib/brakeman/processors/lib/find_call.rb +3 -64
- data/lib/brakeman/processors/lib/module_helper.rb +8 -8
- data/lib/brakeman/processors/lib/processor_helper.rb +3 -3
- data/lib/brakeman/processors/lib/rails2_config_processor.rb +4 -4
- data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -2
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +19 -19
- data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -2
- data/lib/brakeman/processors/lib/render_helper.rb +5 -3
- data/lib/brakeman/processors/lib/render_path.rb +18 -1
- data/lib/brakeman/processors/library_processor.rb +5 -5
- data/lib/brakeman/processors/model_processor.rb +4 -5
- data/lib/brakeman/processors/output_processor.rb +6 -1
- data/lib/brakeman/processors/slim_template_processor.rb +16 -0
- data/lib/brakeman/processors/template_alias_processor.rb +36 -4
- data/lib/brakeman/processors/template_processor.rb +14 -10
- data/lib/brakeman/report.rb +22 -4
- data/lib/brakeman/report/ignore/config.rb +12 -5
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/report/pager.rb +1 -0
- data/lib/brakeman/report/report_base.rb +51 -8
- data/lib/brakeman/report/report_codeclimate.rb +3 -3
- data/lib/brakeman/report/report_csv.rb +37 -60
- data/lib/brakeman/report/report_hash.rb +1 -1
- data/lib/brakeman/report/report_html.rb +2 -2
- data/lib/brakeman/report/report_json.rb +1 -24
- data/lib/brakeman/report/report_junit.rb +104 -0
- data/lib/brakeman/report/report_markdown.rb +0 -1
- data/lib/brakeman/report/report_sarif.rb +114 -0
- data/lib/brakeman/report/report_sonar.rb +38 -0
- data/lib/brakeman/report/report_table.rb +20 -4
- data/lib/brakeman/report/report_tabs.rb +1 -1
- data/lib/brakeman/report/report_text.rb +43 -23
- data/lib/brakeman/rescanner.rb +18 -15
- data/lib/brakeman/scanner.rb +70 -35
- data/lib/brakeman/tracker.rb +44 -8
- data/lib/brakeman/tracker/collection.rb +4 -3
- data/lib/brakeman/tracker/config.rb +119 -47
- data/lib/brakeman/tracker/constants.rb +10 -8
- data/lib/brakeman/tracker/controller.rb +1 -1
- data/lib/brakeman/util.rb +45 -151
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +37 -15
- data/lib/brakeman/warning_codes.rb +13 -0
- data/lib/ruby_parser/bm_sexp.rb +16 -11
- data/lib/ruby_parser/bm_sexp_processor.rb +1 -0
- metadata +434 -497
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/MIT-LICENSE +0 -20
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/compiler.rb +0 -540
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/error.rb +0 -61
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/railtie.rb +0 -22
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/template/plugin.rb +0 -41
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/util.rb +0 -377
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/version.rb +0 -3
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/Gemfile +0 -11
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/INSTALL +0 -59
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/README.rdoc +0 -74
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/highline.gemspec +0 -37
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline.rb +0 -1048
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/compatibility.rb +0 -16
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/import.rb +0 -41
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/menu.rb +0 -381
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/simulate.rb +0 -48
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/string_extensions.rb +0 -111
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/style.rb +0 -192
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/system_extensions.rb +0 -254
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/setup.rb +0 -1360
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.12.0/lib/ruby20_parser.rb +0 -6687
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.12.0/lib/ruby20_parser.y +0 -2345
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.12.0/lib/ruby21_parser.rb +0 -6767
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.12.0/lib/ruby22_parser.rb +0 -6803
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.12.0/lib/ruby23_parser.rb +0 -6818
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.12.0/lib/ruby24_parser.rb +0 -6818
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.12.0/lib/ruby25_parser.rb +0 -6818
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/CODE_OF_CONDUCT.md +0 -10
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/CONTRIBUTING.md +0 -148
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/MIT-LICENSE +0 -20
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/README.md +0 -227
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/REVISION +0 -1
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/VERSION +0 -1
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/VERSION_DATE +0 -1
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/VERSION_NAME +0 -1
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/extra/sass-spec-ref.sh +0 -32
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/extra/update_watch.rb +0 -13
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/init.rb +0 -18
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass.rb +0 -109
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/cache_stores.rb +0 -15
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/cache_stores/base.rb +0 -88
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/cache_stores/chain.rb +0 -34
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/cache_stores/filesystem.rb +0 -60
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/cache_stores/memory.rb +0 -46
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/cache_stores/null.rb +0 -25
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/callbacks.rb +0 -67
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/css.rb +0 -408
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/deprecation.rb +0 -55
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/engine.rb +0 -1226
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/environment.rb +0 -215
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/error.rb +0 -198
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/exec.rb +0 -9
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/exec/base.rb +0 -199
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/exec/sass_convert.rb +0 -283
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/exec/sass_scss.rb +0 -440
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/features.rb +0 -47
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/importers.rb +0 -23
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/importers/base.rb +0 -182
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/importers/deprecated_path.rb +0 -51
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/importers/filesystem.rb +0 -219
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/logger.rb +0 -17
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/logger/base.rb +0 -36
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/logger/delayed.rb +0 -50
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/logger/log_level.rb +0 -45
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/media.rb +0 -210
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/plugin.rb +0 -134
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/plugin/compiler.rb +0 -582
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/plugin/configuration.rb +0 -134
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/plugin/generic.rb +0 -15
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/plugin/merb.rb +0 -48
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/plugin/rack.rb +0 -60
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/plugin/rails.rb +0 -47
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/plugin/staleness_checker.rb +0 -199
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/railtie.rb +0 -10
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/repl.rb +0 -57
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/root.rb +0 -7
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script.rb +0 -66
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/css_lexer.rb +0 -33
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/css_parser.rb +0 -33
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/css_variable_warning.rb +0 -52
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/functions.rb +0 -2693
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/lexer.rb +0 -464
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/parser.rb +0 -832
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree.rb +0 -16
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/funcall.rb +0 -313
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/interpolation.rb +0 -223
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/list_literal.rb +0 -104
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/literal.rb +0 -49
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/map_literal.rb +0 -64
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/node.rb +0 -127
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/operation.rb +0 -156
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/selector.rb +0 -26
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/string_interpolation.rb +0 -125
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/unary_operation.rb +0 -69
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/tree/variable.rb +0 -57
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value.rb +0 -11
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/arg_list.rb +0 -36
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/base.rb +0 -241
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/bool.rb +0 -35
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/color.rb +0 -698
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/helpers.rb +0 -272
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/list.rb +0 -113
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/map.rb +0 -70
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/null.rb +0 -44
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/number.rb +0 -563
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/script/value/string.rb +0 -138
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/scss.rb +0 -14
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/scss/css_parser.rb +0 -56
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/scss/parser.rb +0 -1254
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/scss/rx.rb +0 -140
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/scss/static_parser.rb +0 -373
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/selector.rb +0 -323
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/selector/abstract_sequence.rb +0 -111
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/selector/comma_sequence.rb +0 -191
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/selector/pseudo.rb +0 -266
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/selector/sequence.rb +0 -636
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/selector/simple.rb +0 -117
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/selector/simple_sequence.rb +0 -344
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/shared.rb +0 -76
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/source/map.rb +0 -213
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/source/position.rb +0 -39
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/source/range.rb +0 -41
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/stack.rb +0 -120
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/supports.rb +0 -225
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/at_root_node.rb +0 -83
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/charset_node.rb +0 -22
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/comment_node.rb +0 -82
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/content_node.rb +0 -9
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/css_import_node.rb +0 -68
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/debug_node.rb +0 -18
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/directive_node.rb +0 -59
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/each_node.rb +0 -24
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/error_node.rb +0 -18
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/extend_node.rb +0 -43
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/for_node.rb +0 -36
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/function_node.rb +0 -44
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/if_node.rb +0 -52
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/import_node.rb +0 -75
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/keyframe_rule_node.rb +0 -15
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/media_node.rb +0 -48
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/mixin_def_node.rb +0 -38
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/mixin_node.rb +0 -52
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/node.rb +0 -240
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/prop_node.rb +0 -170
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/return_node.rb +0 -19
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/root_node.rb +0 -44
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/rule_node.rb +0 -155
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/supports_node.rb +0 -38
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/trace_node.rb +0 -33
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/variable_node.rb +0 -36
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/base.rb +0 -72
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/check_nesting.rb +0 -173
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/convert.rb +0 -351
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/cssize.rb +0 -373
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/deep_copy.rb +0 -107
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/extend.rb +0 -70
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/perform.rb +0 -564
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/set_options.rb +0 -139
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/visitors/to_css.rb +0 -409
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/warn_node.rb +0 -18
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/tree/while_node.rb +0 -18
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/util.rb +0 -1375
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/util/cross_platform_random.rb +0 -19
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/util/multibyte_string_scanner.rb +0 -155
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/util/normalized_map.rb +0 -129
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/util/ordered_hash.rb +0 -192
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/util/subset_map.rb +0 -109
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/util/test.rb +0 -9
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/lib/sass/version.rb +0 -124
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/rails/init.rb +0 -1
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/CHANGELOG.md +0 -1
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/CONTRIBUTING.md +0 -38
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/Gemfile +0 -20
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/Guardfile +0 -8
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/README.md +0 -349
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/Rakefile +0 -5
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/Vagrantfile +0 -96
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen.rb +0 -54
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/adapter.rb +0 -327
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/adapters/bsd.rb +0 -75
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/adapters/darwin.rb +0 -48
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/adapters/linux.rb +0 -81
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/adapters/polling.rb +0 -58
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/adapters/windows.rb +0 -91
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/directory_record.rb +0 -406
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/listener.rb +0 -323
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/turnstile.rb +0 -32
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/lib/listen/version.rb +0 -3
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/listen.gemspec +0 -28
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/adapter_spec.rb +0 -149
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/adapters/bsd_spec.rb +0 -36
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/adapters/darwin_spec.rb +0 -37
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/adapters/linux_spec.rb +0 -47
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/adapters/polling_spec.rb +0 -68
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/adapters/windows_spec.rb +0 -30
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/directory_record_spec.rb +0 -1250
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/listener_spec.rb +0 -258
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen/turnstile_spec.rb +0 -56
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/listen_spec.rb +0 -67
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/spec_helper.rb +0 -25
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/support/adapter_helper.rb +0 -666
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/support/directory_record_helper.rb +0 -57
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/support/fixtures_helper.rb +0 -29
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/support/listeners_helper.rb +0 -179
- data/bundle/ruby/2.5.0/gems/sass-3.4.25/vendor/listen/spec/support/platform_helper.rb +0 -15
- data/bundle/ruby/2.5.0/gems/temple-0.8.0/lib/temple/version.rb +0 -3
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/CHANGELOG.md +0 -132
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/Gemfile +0 -70
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/HACKING +0 -16
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/README.md +0 -233
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/tilt.gemspec +0 -130
- data/bundle/ruby/2.5.0/gems/unicode-display_width-1.4.1/data/display_width.marshal.gz +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1d660b98db2252a6aa69d39bb56c6950aa7d9713f10831807d6ab837df54657d
|
4
|
+
data.tar.gz: 6999959ba9f8380f36c1d999e04b0d79e48ea9536fd9820485c4960bce769d60
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b6738f567478a47fd36de992706968c1c42a237dd97d4527434a60fa9ddea5b7a7acb54d8b72e6bc282fd1805126953a358e399a19dab4c0c5e7fd92b4a857ed
|
7
|
+
data.tar.gz: 43f16437835dabb65a7b73981779460e7648e1fa2ba772320132e7500af55c8861effda46f3b181310bdd753dbf1c59af12b3ecdfed5844505e2cf5cbff866fa
|
data/CHANGES.md
CHANGED
@@ -1,4 +1,168 @@
|
|
1
|
-
#
|
1
|
+
# 5.0.0 - 2021-01-26
|
2
|
+
|
3
|
+
* Ignore `uuid` as a safe attribute
|
4
|
+
* Collapse `__send__` calls
|
5
|
+
* Ignore `Tempfile#path` in shell commands
|
6
|
+
* Ignore development environment
|
7
|
+
* Revamp CSV report to a CSV list of warnings
|
8
|
+
* Set Rails configuration defaults based on `load_defaults` version
|
9
|
+
* Add check for (more) unsafe method reflection
|
10
|
+
* Suggest using `--force` if no Rails application is detected
|
11
|
+
* Add Sonarqube report format (Adam England)
|
12
|
+
* Add check for potential HTTP verb confusion
|
13
|
+
* Add `--[no-]skip-vendor` option
|
14
|
+
* Scan (almost) all Ruby files in project
|
15
|
+
|
16
|
+
# 4.10.1 - 2020-12-24
|
17
|
+
|
18
|
+
* Declare REXML as a dependency (Ruby 3.0 compatibility)
|
19
|
+
* Use `Sexp#sexp_body` instead of `Sexp#[..]` (Ruby 3.0 compatibility)
|
20
|
+
* Prevent render loops when template names are absolute paths
|
21
|
+
* Ensure RubyParser is passed file path as a String
|
22
|
+
* Support new Haml 5.2.0 escaping method
|
23
|
+
|
24
|
+
# 5.0.0.pre1 - 2020-11-17
|
25
|
+
|
26
|
+
* Add check for (more) unsafe method reflection
|
27
|
+
* Suggest using `--force` if no Rails application is detected
|
28
|
+
* Add Sonarqube report format (Adam England)
|
29
|
+
* Add check for potential HTTP verb confusion
|
30
|
+
* Add `--[no-]skip-vendor` option
|
31
|
+
* Scan (almost) all Ruby files in project
|
32
|
+
* Add support for Haml 5.2.0
|
33
|
+
|
34
|
+
# 4.10.0 - 2020-09-28
|
35
|
+
|
36
|
+
* Add SARIF report format (Steve Winton)
|
37
|
+
|
38
|
+
# 4.9.1 - 2020-09-04
|
39
|
+
|
40
|
+
* Check `chomp`ed strings for SQL injection
|
41
|
+
* Use version from `active_record` for non-Rails apps (Ulysse Buonomo)
|
42
|
+
* Always set line number for joined arrays
|
43
|
+
* Avoid warning about missing `attr_accessible` if `protected_attributes` gem is used
|
44
|
+
|
45
|
+
# 4.9.0 - 2020-08-04
|
46
|
+
|
47
|
+
* Add check for CVE-2020-8166 (Jamie Finnigan)
|
48
|
+
* Avoid warning when `safe_yaml` is used via `YAML.load(..., safe: true)`
|
49
|
+
* Add check for user input in `ERB.new` (Matt Hickman)
|
50
|
+
* Add `--ensure-ignore-notes` (Eli Block)
|
51
|
+
* Remove whitelist/blacklist language, add clarifications
|
52
|
+
* Do not warn about mass assignment with `params.permit!.slice`
|
53
|
+
* Add "full call" information to call index results
|
54
|
+
* Ignore `params.permit!` in path helpers
|
55
|
+
* Treat `Dir.glob` as safe source of values in guards
|
56
|
+
* Always scan `environment.rb`
|
57
|
+
|
58
|
+
# 4.8.2 - 2020-05-12
|
59
|
+
|
60
|
+
* Add check for CVE-2020-8159
|
61
|
+
* Fix `authenticate_or_request_with_http_basic` check for passed blocks (Hugo Corbucci)
|
62
|
+
* Add `--text-fields` option
|
63
|
+
* Add check for escaping HTML entities in JSON configuration
|
64
|
+
|
65
|
+
# 4.8.1 - 2020-04-06
|
66
|
+
|
67
|
+
* Check SQL query strings using `String#strip` or `String.squish`
|
68
|
+
* Handle non-symbol keys in locals hash for render()
|
69
|
+
* Warn about global(!) mass assignment
|
70
|
+
* Index calls in render arguments
|
71
|
+
|
72
|
+
# 4.8.0 - 2020-02-18
|
73
|
+
|
74
|
+
* Add JUnit-XML report format (Naoki Kimura)
|
75
|
+
* Sort ignore files by fingerprint and line (Ngan Pham)
|
76
|
+
* Freeze call index results
|
77
|
+
* Fix output test when using newer Minitest
|
78
|
+
* Properly render confidence in Markdown report
|
79
|
+
* Report old warnings as fixed if zero warnings reported
|
80
|
+
* Catch dangerous concatenation in `CheckExecute` (Jacob Evelyn)
|
81
|
+
* Show user-friendly message when ignore config file has invalid JSON (D. Hicks)
|
82
|
+
* Initialize Rails version with `nil` (Carsten Wirth)
|
83
|
+
|
84
|
+
# 4.7.2 - 2019-11-25
|
85
|
+
|
86
|
+
* Remove version guard for `named_scope` vs. `scope`
|
87
|
+
* Find SQL injection in `String#strip_heredoc` target
|
88
|
+
* Handle more `permit!` cases
|
89
|
+
* Ensure file name is set when processing model
|
90
|
+
* Add `request.params` as query parameters
|
91
|
+
|
92
|
+
# 4.7.1 - 2019-10-29
|
93
|
+
|
94
|
+
* Check string length against limit before joining
|
95
|
+
* Fix errors from frozen `Symbol#to_s` in Ruby 2.7
|
96
|
+
* Fix flaky rails4 test (Adam Kiczula)
|
97
|
+
* Added release dates to each version in CHANGES (TheSpartan1980)
|
98
|
+
* Catch reverse tabnabbing with `:_blank` symbol (Jacob Evelyn)
|
99
|
+
* Convert `s(:lambda)` to `s(:call)` in `Sexp#block_call`
|
100
|
+
* Sort text report by file and line (Jacob Evelyn)
|
101
|
+
|
102
|
+
# 4.7.0 - 2019-10-16
|
103
|
+
|
104
|
+
* Refactor `Brakeman::Differ#second_pass` (Benoit Côté-Jodoin)
|
105
|
+
* Ignore interpolation in `%W[]`
|
106
|
+
* Fix `version_between?` (Andrey Glushkov)
|
107
|
+
* Add support for `ruby_parser` 3.14.0
|
108
|
+
* Ignore `form_for` for XSS check
|
109
|
+
* Update Haml support to Haml 5.x
|
110
|
+
* Catch shell injection from `-c` shell commands (Jacob Evelyn)
|
111
|
+
* Correctly handle non-symbols in `CheckCookieSerialization` (Phil Turnbull)
|
112
|
+
|
113
|
+
# 4.6.1 - 2019-07-24
|
114
|
+
|
115
|
+
* Fix Reverse Tabnabbing warning message (Steffen Schildknecht / Jörg Schiller)
|
116
|
+
|
117
|
+
# 4.6.0 - 2019-07-23
|
118
|
+
|
119
|
+
* Skip calls to `dup`
|
120
|
+
* Add reverse tabnabbing check (Linos Giannopoulos)
|
121
|
+
* Better handling of gems with no version declared
|
122
|
+
* Warn people that Haml 5 is not fully supported (Jared Beck)
|
123
|
+
* Avoid warning about file access with `ActiveStorage::Filename#sanitized` (Tejas Bubane)
|
124
|
+
* Update loofah version for fixing CVE-2018-8048 (Markus Nölle)
|
125
|
+
* Restore `Warning#relative_path`
|
126
|
+
* Add check for cookie serialization with Marshal
|
127
|
+
* Index calls in initializers
|
128
|
+
* Improve template output handling in conditional branches
|
129
|
+
* Avoid assigning `nil` line numbers to `Sexp`s
|
130
|
+
* Add special warning code for custom checks
|
131
|
+
* Add call matching by regular expression
|
132
|
+
|
133
|
+
# 4.5.1 - 2019-05-11
|
134
|
+
|
135
|
+
* Add `Brakeman::FilePath` to represent file paths
|
136
|
+
* Handle trailing comma in block args
|
137
|
+
* Properly handle empty partial name
|
138
|
+
* Use relative paths for `__FILE__`
|
139
|
+
* Convert `!!` calls to boolean value
|
140
|
+
* Add optional check for `config.force_ssl`
|
141
|
+
* Remove code for Ruby versions prior to 1.9
|
142
|
+
* Check `link_to` with block for href XSS
|
143
|
+
* Add SQL injection checks for `find_or_create_by` and friends
|
144
|
+
* Add deserialization warning for `Oj.load/object_load`
|
145
|
+
* Add initial Rails 6 support
|
146
|
+
* Add SQL injection checks for `destroy_by`/`delete_by`
|
147
|
+
|
148
|
+
# 4.5.0 - 2019-03-16
|
149
|
+
|
150
|
+
* Update `ruby_parser`, use `ruby_parser-legacy`
|
151
|
+
* More thoroughly handle `Shellwords` escaping
|
152
|
+
* Handle non-integer version number comparisons
|
153
|
+
* Use `FileParser` in `Scanner` to parse files
|
154
|
+
* Add original exception to `Tracker#errors` list
|
155
|
+
* Add support for CoffeeScript in Slim templates
|
156
|
+
* Improve support for embedded template "filters"
|
157
|
+
* Remove Sass dependency
|
158
|
+
* Set location information in `CheckContentTag`
|
159
|
+
* Stop swallowing exceptions in `AliasProcessor`
|
160
|
+
* Avoid joining strings with different encodings
|
161
|
+
* Handle `**` inside Hash literals
|
162
|
+
* Better handling of splat/kwsplat arguments
|
163
|
+
* Improve "user input" reported for SQL injection
|
164
|
+
|
165
|
+
# 4.4.0 - 2019-01-17
|
2
166
|
|
3
167
|
* Set default encoding to UTF-8
|
4
168
|
* Update to Slim 4.0.1 (Jake Peterson)
|
@@ -21,7 +185,7 @@
|
|
21
185
|
* Complete overhaul of warning message construction
|
22
186
|
* Deadcode and typo fixes found via Coverity
|
23
187
|
|
24
|
-
# 4.3.1
|
188
|
+
# 4.3.1 - 2018-06-07
|
25
189
|
|
26
190
|
* Ignore `Object#freeze`, use the target instead
|
27
191
|
* Ignore `foreign_key` calls in SQL
|
@@ -34,7 +198,7 @@
|
|
34
198
|
* Improve handling of conditionals in shell commands (Jacob Evelyn)
|
35
199
|
* Fix error when setting line number in implicit renders
|
36
200
|
|
37
|
-
# 4.3.0
|
201
|
+
# 4.3.0 - 2018-05-11
|
38
202
|
|
39
203
|
* Check exec-type calls even if they are targets
|
40
204
|
* Convert `Array#join` to string interpolation
|
@@ -50,14 +214,14 @@
|
|
50
214
|
* `--color` can be used to force color output
|
51
215
|
* Fix reported line numbers for CVE-2018-3741 and CVE-2018-8048
|
52
216
|
|
53
|
-
# 4.2.1
|
217
|
+
# 4.2.1 - 2018-03-24
|
54
218
|
|
55
219
|
* Add warning for CVE-2018-3741
|
56
220
|
* Add warning for CVE-2018-8048
|
57
221
|
* Scan `app/jobs/` directory
|
58
222
|
* Handle `template_exists?` in controllers
|
59
223
|
|
60
|
-
# 4.2.0
|
224
|
+
# 4.2.0 - 2018-02-22
|
61
225
|
|
62
226
|
* Avoid warning about symbol DoS on `Model#attributes`
|
63
227
|
* Avoid warning about open redirects with model methods ending with `_path`
|
@@ -70,12 +234,12 @@
|
|
70
234
|
* Exclude template folders in `lib/` (kru0096)
|
71
235
|
* Handle ERb use of `String#<<` method for Ruby 2.5 (Pocke)
|
72
236
|
|
73
|
-
# 4.1.1
|
237
|
+
# 4.1.1 - 2017-12-19
|
74
238
|
|
75
239
|
* Remove check for use of `permit` with `*_id` keys
|
76
240
|
* Avoid duplicate warnings about permitted attributes
|
77
241
|
|
78
|
-
# 4.1.0
|
242
|
+
# 4.1.0 - 2017-12-14
|
79
243
|
|
80
244
|
* Process models as root sexp instead of each sexp
|
81
245
|
* Avoid CSRF warning in Rails 5.2 default config
|
@@ -98,12 +262,12 @@
|
|
98
262
|
* Refactor Code Climate engine options parsing (Noah Davis)
|
99
263
|
* Fix upgrade version for CVE-2016-6316
|
100
264
|
|
101
|
-
# 4.0.1
|
265
|
+
# 4.0.1 - 2017-09-25
|
102
266
|
|
103
267
|
* Disable pager when `CI` environment variable is set
|
104
268
|
* Fix output when pager fails
|
105
269
|
|
106
|
-
# 4.0.0
|
270
|
+
# 4.0.0 - 2017-09-25
|
107
271
|
|
108
272
|
* Add simple pager for reports output to terminal
|
109
273
|
* Rename "Cross Site Scripting" to "Cross-Site Scripting" (Paul Tetreau)
|
@@ -117,11 +281,11 @@
|
|
117
281
|
* --exit-on-error and --exit-on-warn are now the default
|
118
282
|
* Fix --exit-on-error and --exit-on-warn in config files
|
119
283
|
|
120
|
-
# 3.7.2
|
284
|
+
# 3.7.2 - 2017-08-16
|
121
285
|
|
122
286
|
* Fix --ensure-latest (David Guyon)
|
123
287
|
|
124
|
-
# 3.7.1
|
288
|
+
# 3.7.1 - 2017-08-16
|
125
289
|
|
126
290
|
* Handle simple guard with return at end of branch
|
127
291
|
* Modularize bin/brakeman
|
@@ -129,7 +293,7 @@
|
|
129
293
|
* Add more collection methods for iteration detection
|
130
294
|
* Update ruby2ruby and ruby_parser
|
131
295
|
|
132
|
-
# 3.7.0
|
296
|
+
# 3.7.0 - 2017-06-30
|
133
297
|
|
134
298
|
* Improve support for rails4/rails5 options in config file
|
135
299
|
* Track more information about constant assignments
|
@@ -138,7 +302,7 @@
|
|
138
302
|
* Fix false positive for redirect_to in Rails 4 (Mário Areias)
|
139
303
|
* Avoid interpolating hashes/arrays on failed access
|
140
304
|
|
141
|
-
# 3.6.2
|
305
|
+
# 3.6.2 - 2017-05-19
|
142
306
|
|
143
307
|
* Handle safe call operator in checks
|
144
308
|
* Better handling of `if` expressions in HAML rendering
|
@@ -153,11 +317,11 @@
|
|
153
317
|
* Handle empty `if` expressions when finding return values
|
154
318
|
* Fix finding return value from empty `if`
|
155
319
|
|
156
|
-
# 3.6.1
|
320
|
+
# 3.6.1 - 2017-03-24
|
157
321
|
|
158
322
|
* Fix error when using `--compare` (Sean Gransee)
|
159
323
|
|
160
|
-
# 3.6.0
|
324
|
+
# 3.6.0 - 2017-03-23
|
161
325
|
|
162
326
|
* Avoid recursive Concerns
|
163
327
|
* Branch inside of `case` expressions
|
@@ -168,7 +332,7 @@
|
|
168
332
|
* Only report CVE-2015-3227 when exact version is known
|
169
333
|
* Check targetless SQL calls outside of known models
|
170
334
|
|
171
|
-
# 3.5.0
|
335
|
+
# 3.5.0 - 2017-02-01
|
172
336
|
|
173
337
|
* Allow `-t None`
|
174
338
|
* Fail on invalid checks specified by `-x` or `-t`
|
@@ -183,7 +347,7 @@
|
|
183
347
|
* Handle `included` block in concerns
|
184
348
|
* Process concerns before controllers
|
185
349
|
|
186
|
-
# 3.4.1
|
350
|
+
# 3.4.1 - 2016-11-02
|
187
351
|
|
188
352
|
* Show action help at start of interactive ignore
|
189
353
|
* Check CSRF setting in direct subclasses of `ActionController::Base` (Jason Yeo)
|
@@ -193,7 +357,7 @@
|
|
193
357
|
* Avoid warning about `where_values_hash` in SQLi
|
194
358
|
* Fix ignoring link interpolation not at beginning of string
|
195
359
|
|
196
|
-
# 3.4.0
|
360
|
+
# 3.4.0 - 2016-09-08
|
197
361
|
|
198
362
|
* Add new `plain` report format
|
199
363
|
* Add option to prune ignore file with `-I`
|
@@ -202,18 +366,18 @@
|
|
202
366
|
* Support creating reports in non-existent paths
|
203
367
|
* Add `--no-exit-warn`
|
204
368
|
|
205
|
-
# 3.3.5
|
369
|
+
# 3.3.5 - 2016-08-12
|
206
370
|
|
207
371
|
* Fix bug in reports when using --debug option
|
208
372
|
|
209
|
-
# 3.3.4
|
373
|
+
# 3.3.4 - 2016-08-12
|
210
374
|
|
211
375
|
* Add generic warning for CVE-2016-6316
|
212
376
|
* Warn about dangerous use of `content_tag` with CVE-2016-6316
|
213
377
|
* Add warning for CVE-2016-6317
|
214
378
|
* Use Minitest
|
215
379
|
|
216
|
-
# 3.3.3
|
380
|
+
# 3.3.3 - 2016-07-21
|
217
381
|
|
218
382
|
* Show path when no Rails app found (Neil Matatall)
|
219
383
|
* Index calls in view helpers
|
@@ -226,11 +390,11 @@
|
|
226
390
|
* Sexp#value returns nil when there is no value
|
227
391
|
* Improve return value estimation
|
228
392
|
|
229
|
-
# 3.3.2
|
393
|
+
# 3.3.2 - 2016-06-10
|
230
394
|
|
231
395
|
* Fix serious performance regression with global constant tracking
|
232
396
|
|
233
|
-
# 3.3.1
|
397
|
+
# 3.3.1 - 2016-06-03
|
234
398
|
|
235
399
|
* Delay loading vendored gems and modifying load path
|
236
400
|
* Avoid warning about SQL injection with `quoted_primary_key`
|
@@ -241,7 +405,7 @@
|
|
241
405
|
* Add `--force-scan` option (Neil Matatall)
|
242
406
|
* Improved line number accuracy in ERB templates (Patrick Toomey)
|
243
407
|
|
244
|
-
# 3.3.0
|
408
|
+
# 3.3.0 - 2016-05-05
|
245
409
|
|
246
410
|
* Skip processing obviously false if branches (more broadly)
|
247
411
|
* Skip if branches with `Rails.env.test?`
|
@@ -259,11 +423,11 @@
|
|
259
423
|
* [Code Climate engine] Remove nil entries from include_paths (Gordon Diggs)
|
260
424
|
* [Code Climate engine] Report end lines for issues (Gordon Diggs)
|
261
425
|
|
262
|
-
# 3.2.1
|
426
|
+
# 3.2.1 - 2016-02-25
|
263
427
|
|
264
428
|
* Remove `multi_json` dependency from `bin/brakeman`
|
265
429
|
|
266
|
-
# 3.2.0
|
430
|
+
# 3.2.0 - 2016-02-25
|
267
431
|
|
268
432
|
* Skip Symbol DoS check on Rails 5
|
269
433
|
* Only update ignore config file on changes
|
@@ -277,7 +441,7 @@
|
|
277
441
|
* Avoid render warnings about params[:action]/params[:controller]
|
278
442
|
* Index calls in class bodies but outside methods
|
279
443
|
|
280
|
-
# 3.1.5
|
444
|
+
# 3.1.5 - 2016-01-28
|
281
445
|
|
282
446
|
* Fix CodeClimate construction of --only-files (Will Fleming)
|
283
447
|
* Add check for denial of service via routes (CVE-2015-7581)
|
@@ -296,7 +460,7 @@
|
|
296
460
|
* Handle module names with self methods
|
297
461
|
* Add session manipulation documentation
|
298
462
|
|
299
|
-
# 3.1.4
|
463
|
+
# 3.1.4 - 2015-12-22
|
300
464
|
|
301
465
|
* Emit brakeman's native fingerprints for Code Climate engine (Noah Davis)
|
302
466
|
* Ignore secrets.yml if in .gitignore
|
@@ -304,7 +468,7 @@
|
|
304
468
|
* Increase test coverage for option parsing (Zander Mackie)
|
305
469
|
* Work around safe_yaml error
|
306
470
|
|
307
|
-
# 3.1.3
|
471
|
+
# 3.1.3 - 2015-12-03
|
308
472
|
|
309
473
|
* Check for session secret in secrets.yml
|
310
474
|
* Respect `exit_on_warn` in config file
|
@@ -318,7 +482,7 @@
|
|
318
482
|
* Depend on safe_yaml 1.0 or later
|
319
483
|
* Test coverage improvements for Brakema module (Bethany Rentz)
|
320
484
|
|
321
|
-
# 3.1.2
|
485
|
+
# 3.1.2 - 2015-10-28
|
322
486
|
|
323
487
|
* Treat `current_user` like a model
|
324
488
|
* Set user input value for inline renders
|
@@ -336,7 +500,7 @@
|
|
336
500
|
* Sortable tables in HTML report (David Lanner)
|
337
501
|
* Search for config file relative to application root
|
338
502
|
|
339
|
-
# 3.1.1
|
503
|
+
# 3.1.1 - 2015-09-23
|
340
504
|
|
341
505
|
* Add optional check for use of MD5 and SHA1
|
342
506
|
* Avoid warning when linking to decorated models
|
@@ -350,7 +514,7 @@
|
|
350
514
|
* Support newer terminal-table releases
|
351
515
|
* Allow searching call index methods by regex (Alex Ianus)
|
352
516
|
|
353
|
-
# 3.1.0
|
517
|
+
# 3.1.0 - 2015-08-31
|
354
518
|
|
355
519
|
* Add support for gems.rb/gems.locked
|
356
520
|
* Update render path information in JSON reports
|
@@ -369,18 +533,18 @@
|
|
369
533
|
* Expand safe methods to match methods with targets
|
370
534
|
* Avoid duplicate eval() warnings
|
371
535
|
|
372
|
-
# 3.0.5
|
536
|
+
# 3.0.5 - 2015-06-20
|
373
537
|
|
374
538
|
* Fix check for CVE-2015-3227
|
375
539
|
|
376
|
-
# 3.0.4
|
540
|
+
# 3.0.4 - 2015-06-18
|
377
541
|
|
378
542
|
* Add check for CVE-2015-3226 (XSS via JSON keys)
|
379
543
|
* Add check for CVE-2015-3227 (XML DoS)
|
380
544
|
* Treat `<%==` as unescaped output
|
381
545
|
* Update `ruby_parser` dependency to 3.7.0
|
382
546
|
|
383
|
-
# 3.0.3
|
547
|
+
# 3.0.3 - 2015-04-20
|
384
548
|
|
385
549
|
* Ignore more Arel methods in SQL
|
386
550
|
* Warn about protect_from_forgery without exceptions (Neil Matatall)
|
@@ -391,7 +555,7 @@
|
|
391
555
|
* Do not ignore targets of `to_s` in SQL
|
392
556
|
* Add Rake task to exit with error code on warnings (masarakki)
|
393
557
|
|
394
|
-
# 3.0.2
|
558
|
+
# 3.0.2 - 2015-03-09
|
395
559
|
|
396
560
|
* Alias process methods called in class scope on models
|
397
561
|
* Treat primary_key, table_name_prefix, table_name_suffix as safe in SQL
|
@@ -407,7 +571,7 @@
|
|
407
571
|
* Fix CSV output when there are no warnings
|
408
572
|
* Handle processing of explicitly shadowed block arguments
|
409
573
|
|
410
|
-
# 3.0.1
|
574
|
+
# 3.0.1 - 2015-01-23
|
411
575
|
|
412
576
|
* Avoid protect_from_forgery warning unless ApplicationController inherits from ActionController::Base
|
413
577
|
* Properly format command interpolation (again)
|
@@ -416,7 +580,7 @@
|
|
416
580
|
* Add `--add-libs-path` for additional libraries (Patrick Toomey)
|
417
581
|
* Properly process libraries (Patrick Toomey)
|
418
582
|
|
419
|
-
# 3.0.0
|
583
|
+
# 3.0.0 - 2015-01-03
|
420
584
|
|
421
585
|
* Add check for CVE-2014-7829
|
422
586
|
* Add check for cross-site scripting via inline renders
|
@@ -435,7 +599,7 @@
|
|
435
599
|
* CVEs report correct line and file name (Gemfile/Gemfile.lock) (Rob Fletcher)
|
436
600
|
* Change `--separate-models` to be the default
|
437
601
|
|
438
|
-
# 2.6.3
|
602
|
+
# 2.6.3 - 2014-10-14
|
439
603
|
|
440
604
|
* Whitelist `exists` arel method from SQL injection check
|
441
605
|
* Avoid warning about Symbol DoS on safe parameters as method targets
|
@@ -444,7 +608,7 @@
|
|
444
608
|
* Add framework for optional checks
|
445
609
|
* Fix stack overflow for cycles in class ancestors (Jeff Rafter)
|
446
610
|
|
447
|
-
# 2.6.2
|
611
|
+
# 2.6.2 - 2014-08-18
|
448
612
|
|
449
613
|
* Add check for CVE-2014-3415
|
450
614
|
* Avoid warning about symbolizing safe parameters
|
@@ -458,13 +622,13 @@
|
|
458
622
|
* Fix block statement endings in Erubis
|
459
623
|
* Fix undefined variable in controller processing error (Jason Barnabe)
|
460
624
|
|
461
|
-
# 2.6.1
|
625
|
+
# 2.6.1 - 2014-07-02
|
462
626
|
|
463
627
|
* Add check for CVE-2014-3482 and CVE-2014-3483
|
464
628
|
* Add support for keyword arguments in blocks
|
465
629
|
* Remove unused warning codes (Bill Fischer)
|
466
630
|
|
467
|
-
# 2.6.0
|
631
|
+
# 2.6.0 - 2014-06-06
|
468
632
|
|
469
633
|
* Fix detection of `:host` setting in redirects with chained calls
|
470
634
|
* Add check for CVE-2014-0130
|
@@ -478,7 +642,7 @@
|
|
478
642
|
* Ignore more model methods in redirects
|
479
643
|
* Fix CheckRender with nested render calls
|
480
644
|
|
481
|
-
# 2.5.0
|
645
|
+
# 2.5.0 - 2014-04-30
|
482
646
|
|
483
647
|
* Add support for RailsLTS 2.3.18.7 and 2.3.18.8
|
484
648
|
* Add support for Rails 4 `before_actions` and friends
|
@@ -493,11 +657,11 @@
|
|
493
657
|
* Handle more non-literals in routes
|
494
658
|
* Add check for regex denial of service (Ben Toews)
|
495
659
|
|
496
|
-
# 2.4.3
|
660
|
+
# 2.4.3 - 2014-03-23
|
497
661
|
|
498
662
|
No changes. 2.4.2 gem release was unsigned, 2.4.3 is signed.
|
499
663
|
|
500
|
-
# 2.4.2
|
664
|
+
# 2.4.2 - 2014-03-21
|
501
665
|
|
502
666
|
* Remove `rescue Exception`
|
503
667
|
* Fix duplicate warnings about sanitize CVE
|
@@ -506,13 +670,13 @@
|
|
506
670
|
* Skip identically rendered templates
|
507
671
|
* Fix HAML template processing
|
508
672
|
|
509
|
-
# 2.4.1
|
673
|
+
# 2.4.1 - 2014-02-19
|
510
674
|
|
511
675
|
* Add check for CVE-2014-0082
|
512
676
|
* Add check for CVE-2014-0081, replaces CVE-2013-6415
|
513
677
|
* Add check for CVE-2014-0080
|
514
678
|
|
515
|
-
# 2.4.0
|
679
|
+
# 2.4.0 - 2014-02-05
|
516
680
|
|
517
681
|
* Detect Rails LTS versions
|
518
682
|
* Reduce false positives for SQL injection in string building
|
@@ -527,12 +691,12 @@
|
|
527
691
|
* No longer raise exceptions if a class name cannot be determined
|
528
692
|
* Fingerprint attribute warnings individually (Case Taintor)
|
529
693
|
|
530
|
-
# 2.3.1
|
694
|
+
# 2.3.1 - 2013-12-13
|
531
695
|
|
532
696
|
* Fix check for CVE-2013-4491 (i18n XSS) to detect workaround
|
533
697
|
* Fix link for CVE-2013-6415 (number_to_currency)
|
534
698
|
|
535
|
-
# 2.3.0
|
699
|
+
# 2.3.0 - 2013-12-12
|
536
700
|
|
537
701
|
* Add check for Parameters#permit!
|
538
702
|
* Add check for CVE-2013-4491 (i18n XSS)
|
@@ -546,7 +710,7 @@
|
|
546
710
|
* Whitelist `Model#create` for redirects
|
547
711
|
* Fix scoping issues with instance variables and blocks
|
548
712
|
|
549
|
-
# 2.2.0
|
713
|
+
# 2.2.0 - 2013-10-28
|
550
714
|
|
551
715
|
* Reduce command injection false positives
|
552
716
|
* Use Rails version from Gemfile if it is available
|
@@ -555,14 +719,14 @@
|
|
555
719
|
* Support scanning Rails engines (Geoffrey Hichborn)
|
556
720
|
* Add check for detailed exceptions in production
|
557
721
|
|
558
|
-
# 2.1.2
|
722
|
+
# 2.1.2 - 2013-09-18
|
559
723
|
|
560
724
|
* Do not attempt to load custom Haml filters
|
561
725
|
* Do not warn about `to_json` XSS in Rails 4
|
562
726
|
* Add --table-width option to set width of text reports (ssendev)
|
563
727
|
* Remove fuzzy matching on dangerous attr_accessible values
|
564
728
|
|
565
|
-
# 2.1.1
|
729
|
+
# 2.1.1 - 2013-08-21
|
566
730
|
|
567
731
|
* New warning code for dangerous attributes in attr_accessible
|
568
732
|
* Do not warn on attr_accessible using roles
|
@@ -573,7 +737,7 @@
|
|
573
737
|
* Fix infinite loop when run as rake task (Matthew Shanley)
|
574
738
|
* Respect ignored warnings in tabs format reports
|
575
739
|
|
576
|
-
# 2.1.0
|
740
|
+
# 2.1.0 - 2013-07-17
|
577
741
|
|
578
742
|
* Support non-native line endings in Gemfile.lock (Paul Deardorff)
|
579
743
|
* Support for ignoring warnings
|
@@ -593,7 +757,7 @@
|
|
593
757
|
* Fix output format detection to be more strict again
|
594
758
|
* Allow empty Brakeman configuration file
|
595
759
|
|
596
|
-
# 2.0.0
|
760
|
+
# 2.0.0 - 2013-05-20
|
597
761
|
|
598
762
|
* Add `--only-files` option to specify files/paths to scan (Ian Ehlert)
|
599
763
|
* Add Marshal/CSV deserialization check
|
@@ -623,7 +787,7 @@
|
|
623
787
|
* Use exceptions instead of abort in brakeman lib
|
624
788
|
* Update to Ruby2Ruby 2.0.5
|
625
789
|
|
626
|
-
# 1.9.5
|
790
|
+
# 1.9.5 - 2013-04-05
|
627
791
|
|
628
792
|
* Add check for unsafe symbol creation
|
629
793
|
* Do not warn on mass assignment with `slice`/`only`
|
@@ -638,7 +802,7 @@
|
|
638
802
|
* More fixes for assignments inside branches
|
639
803
|
* Pin to ruby2ruby version 2.0.3
|
640
804
|
|
641
|
-
# 1.9.4
|
805
|
+
# 1.9.4 - 2013-03-19
|
642
806
|
|
643
807
|
* Add check for CVE-2013-1854
|
644
808
|
* Add check for CVE-2013-1855
|
@@ -650,7 +814,7 @@
|
|
650
814
|
* Slightly faster cloning of Sexps
|
651
815
|
* Detect another way to add `strong_parameters`
|
652
816
|
|
653
|
-
# 1.9.3
|
817
|
+
# 1.9.3 - 2013-03-01
|
654
818
|
|
655
819
|
* Add render path to JSON report
|
656
820
|
* Add warning fingerprints
|
@@ -665,7 +829,7 @@
|
|
665
829
|
* Expand HAML dependency to include 4.0
|
666
830
|
* Scroll errors into view when expanding in HTML report
|
667
831
|
|
668
|
-
# 1.9.2
|
832
|
+
# 1.9.2 - 2013-02-14
|
669
833
|
|
670
834
|
* Add check for CVE-2013-0269
|
671
835
|
* Add check for CVE-2013-0276
|
@@ -676,7 +840,7 @@
|
|
676
840
|
* Check for more dangerous YAML methods
|
677
841
|
* Support MultiJSON 1.2 for Rails 3.0 and 3.1
|
678
842
|
|
679
|
-
# 1.9.1
|
843
|
+
# 1.9.1 - 2013-01-19
|
680
844
|
|
681
845
|
* Update to RubyParser 3.1.1 (neersighted)
|
682
846
|
* Remove ActiveSupport dependency (Neil Matatall)
|
@@ -688,7 +852,7 @@
|
|
688
852
|
* Add check for CVE-2013-0156
|
689
853
|
* Add check for unsafe `YAML.load`
|
690
854
|
|
691
|
-
# 1.9.0
|
855
|
+
# 1.9.0 - 2012-12-25
|
692
856
|
|
693
857
|
* Update to RubyParser 3
|
694
858
|
* Ignore route information by default
|
@@ -708,7 +872,7 @@
|
|
708
872
|
* Handle empty model files
|
709
873
|
* Remove "find by regex" feature from `CallIndex`
|
710
874
|
|
711
|
-
# 1.8.3
|
875
|
+
# 1.8.3 - 2012-11-13
|
712
876
|
|
713
877
|
* Use `multi_json` gem for better harmony
|
714
878
|
* Performance improvement for call indexing
|
@@ -724,7 +888,7 @@
|
|
724
888
|
* Fix error in rescan of mixins with symbols in method name
|
725
889
|
* Do not rescan non-Ruby files in config/
|
726
890
|
|
727
|
-
# 1.8.2
|
891
|
+
# 1.8.2 - 2012-10-17
|
728
892
|
|
729
893
|
* Fixed rescanning problems caused by 1.8.0 changes
|
730
894
|
* Fix scope calls with single argument
|
@@ -733,7 +897,7 @@
|
|
733
897
|
* Much improved test coverage
|
734
898
|
* Add CHANGES to gemspec
|
735
899
|
|
736
|
-
# 1.8.1
|
900
|
+
# 1.8.1 - 2012-09-24
|
737
901
|
|
738
902
|
* Recover from errors in output formatting
|
739
903
|
* Fix false positive in redirect_to (Neil Matatall)
|
@@ -745,7 +909,7 @@
|
|
745
909
|
* Handle super calls with blocks
|
746
910
|
* Respect `-q` flag for "Rails 3 detected" message
|
747
911
|
|
748
|
-
# 1.8.0
|
912
|
+
# 1.8.0 - 2012-09-05
|
749
913
|
|
750
914
|
* Support relative paths in reports (fsword)
|
751
915
|
* Allow Brakeman to be run without tty (fsword)
|
@@ -761,7 +925,7 @@
|
|
761
925
|
* Treat model attributes in `or` expressions as immediate values
|
762
926
|
* Switch to method access for Sexp nodes
|
763
927
|
|
764
|
-
# 1.7.1
|
928
|
+
# 1.7.1 - 2012-08-13
|
765
929
|
|
766
930
|
* Add check for CVE-2012-3463
|
767
931
|
* Add check for CVE-2012-3464
|
@@ -769,7 +933,7 @@
|
|
769
933
|
* Add charset to HTML report (hooopo)
|
770
934
|
* Report XSS in select() for Rails 2
|
771
935
|
|
772
|
-
# 1.7.0
|
936
|
+
# 1.7.0 - 2012-07-31
|
773
937
|
|
774
938
|
* Add check for CVE-2012-3424
|
775
939
|
* Link report types to descriptions on website
|
@@ -784,7 +948,7 @@
|
|
784
948
|
* Fix processing of negative array indexes
|
785
949
|
* Add line breaks to truncated table rows
|
786
950
|
|
787
|
-
# 1.6.2
|
951
|
+
# 1.6.2 - 2012-06-13
|
788
952
|
|
789
953
|
* Add checks for CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695 (Dave Worth)
|
790
954
|
* Avoid warning when redirecting to a model instance
|
@@ -796,7 +960,7 @@
|
|
796
960
|
* Cache before_filter lookups
|
797
961
|
* Turn off quiet mode by default for `--compare`
|
798
962
|
|
799
|
-
# 1.6.1
|
963
|
+
# 1.6.1 - 2012-05-23
|
800
964
|
|
801
965
|
* Major rewrite of CheckSQL
|
802
966
|
* Fix rescanning of deleted templates
|
@@ -806,7 +970,7 @@
|
|
806
970
|
* Fix highlighting of HTML escaped values in HTML report
|
807
971
|
* Report line number of highlighted value, if available
|
808
972
|
|
809
|
-
# 1.6.0
|
973
|
+
# 1.6.0 - 2012-04-20
|
810
974
|
|
811
975
|
* Remove the Ruport dependency (Neil Matatall)
|
812
976
|
* Add more informational JSON output (Neil Matatall)
|
@@ -818,7 +982,7 @@
|
|
818
982
|
* Fix rescanning of deleted files
|
819
983
|
* Properly check for rails_xss in Gemfile
|
820
984
|
|
821
|
-
# 1.5.3
|
985
|
+
# 1.5.3 - 2012-04-10
|
822
986
|
|
823
987
|
* Add check for user input in Object#send (Neil Matatall)
|
824
988
|
* Handle render :layout in views
|
@@ -832,7 +996,7 @@
|
|
832
996
|
* Improve handling of modules and nesting
|
833
997
|
* Test for zero errors in test reports
|
834
998
|
|
835
|
-
# 1.5.2
|
999
|
+
# 1.5.2 - 2012-03-22
|
836
1000
|
|
837
1001
|
* Fix link_to checks for Rails 2.0 and 2.3
|
838
1002
|
* Fix rescanning of lib files (Neil Matatall)
|
@@ -843,7 +1007,7 @@
|
|
843
1007
|
* Fix handling of views when using rails_xss
|
844
1008
|
* Revert to ruby_parser 2.3.1 for Ruby 1.8 parsing
|
845
1009
|
|
846
|
-
# 1.5.1
|
1010
|
+
# 1.5.1- 2012-03-06
|
847
1011
|
|
848
1012
|
* Fix detection of global mass assignment setting
|
849
1013
|
* Fix partial rendering in Rails 3
|
@@ -853,7 +1017,7 @@
|
|
853
1017
|
* Add tracking of module and class to Brakeman::BaseProcessor
|
854
1018
|
* Report module when using Brakeman::FindCall
|
855
1019
|
|
856
|
-
# 1.5.0
|
1020
|
+
# 1.5.0 - 2012-03-02
|
857
1021
|
|
858
1022
|
* Add version check for SafeBuffer vulnerability
|
859
1023
|
* Add check for select vulnerability in Rails 3
|
@@ -864,7 +1028,7 @@
|
|
864
1028
|
* Standardize methods to check for SQL injection
|
865
1029
|
* Fix Rails 2 route parsing issue with nested routes
|
866
1030
|
|
867
|
-
# 1.4.0
|
1031
|
+
# 1.4.0 - 2012-02-24
|
868
1032
|
|
869
1033
|
* Add check for user input in link_to href parameter
|
870
1034
|
* Match ERB processing to rails_xss plugin when plugin used
|
@@ -872,7 +1036,7 @@
|
|
872
1036
|
* Warnings below minimum confidence are dropped completely
|
873
1037
|
* Brakeman.run always returns a Tracker
|
874
1038
|
|
875
|
-
# 1.3.0
|
1039
|
+
# 1.3.0 - 2012-02-09
|
876
1040
|
|
877
1041
|
* Add file paths to HTML report
|
878
1042
|
* Add caching of filters
|
@@ -885,7 +1049,7 @@
|
|
885
1049
|
* Better variable substitution
|
886
1050
|
* Table output option for rescan reports
|
887
1051
|
|
888
|
-
# 1.2.2
|
1052
|
+
# 1.2.2 - 2012-01-26
|
889
1053
|
|
890
1054
|
* --no-progress works again
|
891
1055
|
* Make CheckLinkTo a separate check
|
@@ -893,7 +1057,7 @@
|
|
893
1057
|
* Handle empty resource(s) blocks
|
894
1058
|
* Add RescanReport#existing_warnings
|
895
1059
|
|
896
|
-
## 1.2.1
|
1060
|
+
## 1.2.1 - 2012-01-20
|
897
1061
|
|
898
1062
|
* Remove link_to warning for Rails 3.x or when using rails_xss
|
899
1063
|
* Don't warn if first argument to link_to is escaped
|
@@ -905,7 +1069,7 @@
|
|
905
1069
|
* Add Brakeman::RescanReport#to_s
|
906
1070
|
* Add Brakeman::Warning#to_s
|
907
1071
|
|
908
|
-
## 1.2.0
|
1072
|
+
## 1.2.0 - 2012-01-14
|
909
1073
|
|
910
1074
|
* Speed improvements for CheckExecute and CheckRender
|
911
1075
|
* Check named_scope() and scope() for SQL injection
|
@@ -914,7 +1078,7 @@
|
|
914
1078
|
* Add --summary option to only output summary
|
915
1079
|
* Fix a problem with Rails 3 routes
|
916
1080
|
|
917
|
-
## 1.1.0
|
1081
|
+
## 1.1.0 - 2011-12-22
|
918
1082
|
|
919
1083
|
* Relax required versions for dependencies
|
920
1084
|
* Performance improvements for source processing
|
@@ -924,14 +1088,14 @@
|
|
924
1088
|
* Compatibility with newer Haml versions
|
925
1089
|
* Fix some warnings
|
926
1090
|
|
927
|
-
## 1.0.0
|
1091
|
+
## 1.0.0 - 2011-12-08
|
928
1092
|
|
929
1093
|
* Better handling of assignments inside ifs
|
930
1094
|
* Check more expressions for SQL injection
|
931
1095
|
* Use latest ruby_parser for better 1.9 syntax support
|
932
1096
|
* Better behavior for Brakeman as a library
|
933
1097
|
|
934
|
-
## 1.0.0rc1
|
1098
|
+
## 1.0.0rc1 - 2011-12-06
|
935
1099
|
|
936
1100
|
* Brakeman can now be used as a library
|
937
1101
|
* Faster call search
|
@@ -944,23 +1108,23 @@
|
|
944
1108
|
* Ignore mass assignment using all literal arguments
|
945
1109
|
* Keep expanded context in view with HTML output
|
946
1110
|
|
947
|
-
## 0.9.2
|
1111
|
+
## 0.9.2 - 2011-11-22
|
948
1112
|
|
949
1113
|
* Fix Rails 3 configuration parsing
|
950
1114
|
* Add t() helper to check for translate XSS bug
|
951
1115
|
|
952
|
-
## 0.9.1
|
1116
|
+
## 0.9.1 - 2011-11-18
|
953
1117
|
|
954
1118
|
* Add warning for translator helper XSS vulnerability
|
955
1119
|
|
956
|
-
## 0.9.0
|
1120
|
+
## 0.9.0 - 2011-11-17
|
957
1121
|
|
958
1122
|
* Process Rails 3 configuration files
|
959
1123
|
* Fix CSV output
|
960
1124
|
* Check for config.active_record.whitelist_attributes = true
|
961
1125
|
* Always produce a warning for without_protection => true
|
962
1126
|
|
963
|
-
## 0.8.4
|
1127
|
+
## 0.8.4 - 2011-11-04
|
964
1128
|
|
965
1129
|
* Option for separate attr_accessible warnings
|
966
1130
|
* Option to set CSS file for HTML output
|
@@ -969,23 +1133,23 @@
|
|
969
1133
|
* Fix hash_insert()
|
970
1134
|
* Remove use of Queue from threaded checks
|
971
1135
|
|
972
|
-
## 0.8.3
|
1136
|
+
## 0.8.3 - 2011-10-25
|
973
1137
|
|
974
1138
|
* Respect -w flag in .tabs format (tw-ngreen)
|
975
1139
|
* Escape HTML output of error messages
|
976
1140
|
* Add --skip-libs option
|
977
1141
|
|
978
|
-
## 0.8.2
|
1142
|
+
## 0.8.2 - 2011-10-01
|
979
1143
|
|
980
1144
|
* Run checks in parallel threads by default
|
981
1145
|
* Fix compatibility with ruby_parser 2.3.1
|
982
1146
|
|
983
|
-
## 0.8.1
|
1147
|
+
## 0.8.1 - 2011-09-28
|
984
1148
|
|
985
1149
|
* Add option to assume all controller methods are actions
|
986
1150
|
* Recover from errors when parsing routes
|
987
1151
|
|
988
|
-
## 0.8.0
|
1152
|
+
## 0.8.0 - 2011-09-15
|
989
1153
|
|
990
1154
|
* Add check for mass assignment using without_protection
|
991
1155
|
* Add check for password in http_basic_authenticate_with
|
@@ -996,30 +1160,30 @@
|
|
996
1160
|
* Add ruby_parser hack for Ruby 1.9 hash syntax
|
997
1161
|
* Add a few Rails 3.1 tests
|
998
1162
|
|
999
|
-
## 0.7.2
|
1163
|
+
## 0.7.2 - 2011-08-27
|
1000
1164
|
|
1001
1165
|
* Fix handling of params and cookies with nested access
|
1002
1166
|
* Add CVEs for checks added in 0.7.0
|
1003
1167
|
|
1004
|
-
## 0.7.1
|
1168
|
+
## 0.7.1 - 2011-08-18
|
1005
1169
|
|
1006
1170
|
* Require BaseProcessor for GemProcessor
|
1007
1171
|
|
1008
|
-
## 0.7.0
|
1172
|
+
## 0.7.0 - 2011-08-17
|
1009
1173
|
|
1010
1174
|
* Allow local variable as a class name
|
1011
1175
|
* Add checks for vulnerabilities fixed in Rails 2.3.14 and 3.0.10
|
1012
1176
|
* Check for default routes in Rails 3 apps
|
1013
1177
|
* Look in Gemfile or Gemfile.lock for Rails version
|
1014
1178
|
|
1015
|
-
## 0.6.1
|
1179
|
+
## 0.6.1 - 2011-07-29
|
1016
1180
|
|
1017
1181
|
* Fix XSS check for cookies as parameters in output
|
1018
1182
|
* Don't bother calling super in CheckSessionSettings
|
1019
1183
|
* Add escape_once as a safe method
|
1020
1184
|
* Accept '\Z' or '\z' in model validations
|
1021
1185
|
|
1022
|
-
## 0.6.0
|
1186
|
+
## 0.6.0 - 2011-07-20
|
1023
1187
|
|
1024
1188
|
* Tests are in place and fully functional
|
1025
1189
|
* Hide errors by default in HTML output
|
@@ -1032,17 +1196,17 @@
|
|
1032
1196
|
* Fixes to escaped output scanning
|
1033
1197
|
* Update CSRF CVE-2011-0447 message to be less assertive
|
1034
1198
|
|
1035
|
-
## 0.5.2
|
1199
|
+
## 0.5.2 - 2011-06-29
|
1036
1200
|
|
1037
1201
|
* Output report file name when finished
|
1038
1202
|
* Add initial tests for Rails 2.x
|
1039
1203
|
* Fix ERB line numbers when using Ruby 1.9
|
1040
1204
|
|
1041
|
-
## 0.5.1
|
1205
|
+
## 0.5.1 - 2011-06-17
|
1042
1206
|
|
1043
1207
|
* Fix issue with 'has_one' => in routes
|
1044
1208
|
|
1045
|
-
## 0.5.0
|
1209
|
+
## 0.5.0 - 2011-06-08
|
1046
1210
|
|
1047
1211
|
* Add support for routes like get 'x/y', :to => 'ctrlr#whatever'
|
1048
1212
|
* Allow empty blocks in Rails 3 routes
|
@@ -1050,52 +1214,52 @@
|
|
1050
1214
|
* Add line numbers to session setting warnings
|
1051
1215
|
* Add --checks option to list checks
|
1052
1216
|
|
1053
|
-
## 0.4.1
|
1217
|
+
## 0.4.1 - 2011-05-23
|
1054
1218
|
|
1055
1219
|
* Fix reported line numbers when using new Erubis parser
|
1056
1220
|
(Mostly affects Rails 3 apps)
|
1057
1221
|
|
1058
|
-
## 0.4.0
|
1222
|
+
## 0.4.0 - 2011-05-19
|
1059
1223
|
|
1060
1224
|
* Handle Rails XSS protection properly
|
1061
1225
|
* More detection options for rails_xss
|
1062
1226
|
* Add --escape-html option
|
1063
1227
|
|
1064
|
-
## 0.3.2
|
1228
|
+
## 0.3.2 - 2011-05-12
|
1065
1229
|
|
1066
1230
|
* Autodetect Rails 3 applications
|
1067
1231
|
* Turn on auto-escaping for Rails 3 apps
|
1068
1232
|
* Check Model.create() for mass assignment
|
1069
1233
|
|
1070
|
-
## 0.3.1
|
1234
|
+
## 0.3.1 - 2011-05-03
|
1071
1235
|
|
1072
1236
|
* Always output a line number in tabbed output format
|
1073
1237
|
* Restrict characters in category name in tabbed output format to
|
1074
1238
|
word characters and spaces, for Hudson/Jenkins plugin
|
1075
1239
|
|
1076
|
-
## 0.3.0
|
1240
|
+
## 0.3.0 - 2011-03-21
|
1077
1241
|
|
1078
1242
|
* Check for SQL injection in calls using constantize()
|
1079
1243
|
* Check for SQL injection in calls to count_by_sql()
|
1080
1244
|
|
1081
|
-
## 0.2.2
|
1245
|
+
## 0.2.2 - 2011-02-22
|
1082
1246
|
|
1083
1247
|
* Fix version_between? when no Rails version is specified
|
1084
1248
|
|
1085
|
-
## 0.2.1
|
1249
|
+
## 0.2.1 - 2011-02-18
|
1086
1250
|
|
1087
1251
|
* Add code snippet to tab output messages
|
1088
1252
|
|
1089
|
-
## 0.2.0
|
1253
|
+
## 0.2.0 - 2011-02-16
|
1090
1254
|
|
1091
1255
|
* Add check for mail_to vulnerability - CVE-2011-0446
|
1092
1256
|
* Add check for CSRF weakness - CVE-2011-0447
|
1093
1257
|
|
1094
|
-
## 0.1.1
|
1258
|
+
## 0.1.1 - 2011-01-25
|
1095
1259
|
|
1096
1260
|
* Be more permissive with ActiveSupport version
|
1097
1261
|
|
1098
|
-
## 0.1.0
|
1262
|
+
## 0.1.0 - 2011-01-18
|
1099
1263
|
|
1100
1264
|
* Check link_to for XSS (because arguments are not escaped)
|
1101
1265
|
* Process layouts better (although not perfectly yet)
|