brakeman 4.5.0 → 4.5.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of brakeman might be problematic. Click here for more details.

Files changed (159) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +15 -0
  3. data/README.md +6 -6
  4. data/bundle/load.rb +3 -3
  5. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/AUTHORS +0 -0
  6. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/COPYING +0 -0
  7. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/Changelog.md +211 -15
  8. data/bundle/ruby/2.5.0/gems/highline-2.0.2/Gemfile +22 -0
  9. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/LICENSE +0 -0
  10. data/bundle/ruby/2.5.0/gems/highline-2.0.2/README.md +202 -0
  11. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/TODO +0 -0
  12. data/bundle/ruby/2.5.0/gems/highline-2.0.2/appveyor.yml +37 -0
  13. data/bundle/ruby/2.5.0/gems/highline-2.0.2/highline.gemspec +35 -0
  14. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline.rb +650 -0
  15. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/builtin_styles.rb +129 -0
  16. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/color_scheme.rb +49 -32
  17. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/compatibility.rb +23 -0
  18. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/custom_errors.rb +57 -0
  19. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/import.rb +48 -0
  20. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/io_console_compatible.rb +37 -0
  21. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/list.rb +177 -0
  22. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/list_renderer.rb +261 -0
  23. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/menu.rb +576 -0
  24. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/menu/item.rb +32 -0
  25. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/paginator.rb +52 -0
  26. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/question.rb +281 -131
  27. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question/answer_converter.rb +103 -0
  28. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question_asker.rb +150 -0
  29. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/simulate.rb +59 -0
  30. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/statement.rb +88 -0
  31. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/string.rb +36 -0
  32. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/string_extensions.rb +130 -0
  33. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/style.rb +325 -0
  34. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/template_renderer.rb +62 -0
  35. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal.rb +190 -0
  36. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/io_console.rb +36 -0
  37. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/ncurses.rb +38 -0
  38. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/unix_stty.rb +51 -0
  39. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/version.rb +3 -1
  40. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/wrapper.rb +53 -0
  41. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/History.rdoc +32 -0
  42. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/Manifest.txt +0 -0
  43. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/README.rdoc +0 -0
  44. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/compare/normalize.rb +0 -0
  45. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/debugging.md +0 -0
  46. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/rp_extensions.rb +1 -1
  47. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/rp_stringscanner.rb +0 -0
  48. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby20_parser.rb +2427 -2432
  49. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby20_parser.y +32 -29
  50. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby21_parser.rb +2101 -2109
  51. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby21_parser.y +32 -29
  52. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby22_parser.rb +2080 -2095
  53. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby22_parser.y +32 -29
  54. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0/lib/ruby25_parser.rb → ruby_parser-3.13.1/lib/ruby23_parser.rb} +2339 -2333
  55. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby23_parser.y +32 -29
  56. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby24_parser.rb +2347 -2335
  57. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby24_parser.y +32 -23
  58. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0/lib/ruby23_parser.rb → ruby_parser-3.13.1/lib/ruby25_parser.rb} +2349 -2337
  59. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby25_parser.y +32 -23
  60. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby26_parser.rb +2351 -2338
  61. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby26_parser.y +32 -23
  62. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rb +253 -161
  63. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rex +25 -25
  64. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rex.rb +68 -26
  65. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser.rb +3 -1
  66. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser.yy +34 -23
  67. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser_extras.rb +64 -43
  68. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/tools/munge.rb +2 -1
  69. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/tools/ripper.rb +6 -1
  70. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/CHANGELOG.md +4 -0
  71. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/MIT-LICENSE.txt +0 -0
  72. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/README.md +1 -1
  73. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/data/display_width.marshal.gz +0 -0
  74. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width.rb +0 -0
  75. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/constants.rb +2 -2
  76. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/index.rb +0 -0
  77. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
  78. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/string_ext.rb +0 -0
  79. data/lib/brakeman.rb +7 -0
  80. data/lib/brakeman/app_tree.rb +34 -22
  81. data/lib/brakeman/checks.rb +7 -7
  82. data/lib/brakeman/checks/base_check.rb +9 -9
  83. data/lib/brakeman/checks/check_cross_site_scripting.rb +5 -0
  84. data/lib/brakeman/checks/check_default_routes.rb +5 -0
  85. data/lib/brakeman/checks/check_deserialize.rb +52 -0
  86. data/lib/brakeman/checks/check_dynamic_finders.rb +1 -1
  87. data/lib/brakeman/checks/check_force_ssl.rb +27 -0
  88. data/lib/brakeman/checks/check_json_parsing.rb +5 -0
  89. data/lib/brakeman/checks/check_link_to_href.rb +6 -1
  90. data/lib/brakeman/checks/check_mail_to.rb +1 -1
  91. data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
  92. data/lib/brakeman/checks/check_model_attributes.rb +12 -50
  93. data/lib/brakeman/checks/check_model_serialize.rb +1 -1
  94. data/lib/brakeman/checks/check_nested_attributes_bypass.rb +3 -3
  95. data/lib/brakeman/checks/check_secrets.rb +1 -1
  96. data/lib/brakeman/checks/check_session_settings.rb +10 -10
  97. data/lib/brakeman/checks/check_simple_format.rb +5 -0
  98. data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
  99. data/lib/brakeman/checks/check_sql.rb +15 -17
  100. data/lib/brakeman/checks/check_validation_regex.rb +1 -1
  101. data/lib/brakeman/file_parser.rb +6 -8
  102. data/lib/brakeman/file_path.rb +71 -0
  103. data/lib/brakeman/options.rb +7 -0
  104. data/lib/brakeman/parsers/template_parser.rb +3 -3
  105. data/lib/brakeman/processor.rb +3 -4
  106. data/lib/brakeman/processors/alias_processor.rb +12 -6
  107. data/lib/brakeman/processors/base_processor.rb +8 -7
  108. data/lib/brakeman/processors/controller_alias_processor.rb +10 -7
  109. data/lib/brakeman/processors/controller_processor.rb +5 -9
  110. data/lib/brakeman/processors/haml_template_processor.rb +5 -0
  111. data/lib/brakeman/processors/lib/module_helper.rb +8 -8
  112. data/lib/brakeman/processors/lib/processor_helper.rb +3 -3
  113. data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -3
  114. data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -2
  115. data/lib/brakeman/processors/lib/rails3_config_processor.rb +3 -3
  116. data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -2
  117. data/lib/brakeman/processors/lib/render_helper.rb +2 -2
  118. data/lib/brakeman/processors/lib/render_path.rb +18 -1
  119. data/lib/brakeman/processors/library_processor.rb +5 -5
  120. data/lib/brakeman/processors/model_processor.rb +4 -5
  121. data/lib/brakeman/processors/output_processor.rb +5 -0
  122. data/lib/brakeman/processors/template_alias_processor.rb +4 -5
  123. data/lib/brakeman/processors/template_processor.rb +4 -4
  124. data/lib/brakeman/report.rb +3 -3
  125. data/lib/brakeman/report/ignore/config.rb +2 -3
  126. data/lib/brakeman/report/ignore/interactive.rb +2 -2
  127. data/lib/brakeman/report/pager.rb +1 -0
  128. data/lib/brakeman/report/report_base.rb +51 -6
  129. data/lib/brakeman/report/report_codeclimate.rb +3 -3
  130. data/lib/brakeman/report/report_hash.rb +1 -1
  131. data/lib/brakeman/report/report_html.rb +2 -2
  132. data/lib/brakeman/report/report_json.rb +1 -24
  133. data/lib/brakeman/report/report_table.rb +20 -4
  134. data/lib/brakeman/report/report_tabs.rb +1 -1
  135. data/lib/brakeman/report/report_text.rb +2 -2
  136. data/lib/brakeman/rescanner.rb +9 -12
  137. data/lib/brakeman/scanner.rb +19 -14
  138. data/lib/brakeman/tracker.rb +4 -4
  139. data/lib/brakeman/tracker/collection.rb +4 -3
  140. data/lib/brakeman/tracker/config.rb +6 -0
  141. data/lib/brakeman/util.rb +1 -147
  142. data/lib/brakeman/version.rb +1 -1
  143. data/lib/brakeman/warning.rb +23 -13
  144. data/lib/brakeman/warning_codes.rb +1 -0
  145. data/lib/ruby_parser/bm_sexp_processor.rb +1 -0
  146. metadata +78 -61
  147. data/bundle/ruby/2.5.0/gems/highline-1.7.10/Gemfile +0 -11
  148. data/bundle/ruby/2.5.0/gems/highline-1.7.10/INSTALL +0 -59
  149. data/bundle/ruby/2.5.0/gems/highline-1.7.10/README.rdoc +0 -74
  150. data/bundle/ruby/2.5.0/gems/highline-1.7.10/highline.gemspec +0 -37
  151. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline.rb +0 -1048
  152. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/compatibility.rb +0 -16
  153. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/import.rb +0 -41
  154. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/menu.rb +0 -381
  155. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/simulate.rb +0 -48
  156. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/string_extensions.rb +0 -111
  157. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/style.rb +0 -192
  158. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/system_extensions.rb +0 -254
  159. data/bundle/ruby/2.5.0/gems/highline-1.7.10/setup.rb +0 -1360

There are too many changes on this page to be displayed.

The amount of changes on this page would crash your brower.

You can still verify the content by downloading the gem file manually.