brakeman 4.5.0 → 4.5.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of brakeman might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGES.md +15 -0
- data/README.md +6 -6
- data/bundle/load.rb +3 -3
- data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/AUTHORS +0 -0
- data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/COPYING +0 -0
- data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/Changelog.md +211 -15
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/Gemfile +22 -0
- data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/LICENSE +0 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/README.md +202 -0
- data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/TODO +0 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/appveyor.yml +37 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/highline.gemspec +35 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline.rb +650 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/builtin_styles.rb +129 -0
- data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/color_scheme.rb +49 -32
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/compatibility.rb +23 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/custom_errors.rb +57 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/import.rb +48 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/io_console_compatible.rb +37 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/list.rb +177 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/list_renderer.rb +261 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/menu.rb +576 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/menu/item.rb +32 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/paginator.rb +52 -0
- data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/question.rb +281 -131
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question/answer_converter.rb +103 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question_asker.rb +150 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/simulate.rb +59 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/statement.rb +88 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/string.rb +36 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/string_extensions.rb +130 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/style.rb +325 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/template_renderer.rb +62 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal.rb +190 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/io_console.rb +36 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/ncurses.rb +38 -0
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/unix_stty.rb +51 -0
- data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/version.rb +3 -1
- data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/wrapper.rb +53 -0
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/History.rdoc +32 -0
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/Manifest.txt +0 -0
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/README.rdoc +0 -0
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/compare/normalize.rb +0 -0
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/debugging.md +0 -0
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/rp_extensions.rb +1 -1
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/rp_stringscanner.rb +0 -0
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby20_parser.rb +2427 -2432
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby20_parser.y +32 -29
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby21_parser.rb +2101 -2109
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby21_parser.y +32 -29
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby22_parser.rb +2080 -2095
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby22_parser.y +32 -29
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0/lib/ruby25_parser.rb → ruby_parser-3.13.1/lib/ruby23_parser.rb} +2339 -2333
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby23_parser.y +32 -29
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby24_parser.rb +2347 -2335
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby24_parser.y +32 -23
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0/lib/ruby23_parser.rb → ruby_parser-3.13.1/lib/ruby25_parser.rb} +2349 -2337
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby25_parser.y +32 -23
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby26_parser.rb +2351 -2338
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby26_parser.y +32 -23
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rb +253 -161
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rex +25 -25
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rex.rb +68 -26
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser.rb +3 -1
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser.yy +34 -23
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser_extras.rb +64 -43
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/tools/munge.rb +2 -1
- data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/tools/ripper.rb +6 -1
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/CHANGELOG.md +4 -0
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/MIT-LICENSE.txt +0 -0
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/README.md +1 -1
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/data/display_width.marshal.gz +0 -0
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width.rb +0 -0
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/constants.rb +2 -2
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/index.rb +0 -0
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
- data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/string_ext.rb +0 -0
- data/lib/brakeman.rb +7 -0
- data/lib/brakeman/app_tree.rb +34 -22
- data/lib/brakeman/checks.rb +7 -7
- data/lib/brakeman/checks/base_check.rb +9 -9
- data/lib/brakeman/checks/check_cross_site_scripting.rb +5 -0
- data/lib/brakeman/checks/check_default_routes.rb +5 -0
- data/lib/brakeman/checks/check_deserialize.rb +52 -0
- data/lib/brakeman/checks/check_dynamic_finders.rb +1 -1
- data/lib/brakeman/checks/check_force_ssl.rb +27 -0
- data/lib/brakeman/checks/check_json_parsing.rb +5 -0
- data/lib/brakeman/checks/check_link_to_href.rb +6 -1
- data/lib/brakeman/checks/check_mail_to.rb +1 -1
- data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
- data/lib/brakeman/checks/check_model_attributes.rb +12 -50
- data/lib/brakeman/checks/check_model_serialize.rb +1 -1
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +3 -3
- data/lib/brakeman/checks/check_secrets.rb +1 -1
- data/lib/brakeman/checks/check_session_settings.rb +10 -10
- data/lib/brakeman/checks/check_simple_format.rb +5 -0
- data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
- data/lib/brakeman/checks/check_sql.rb +15 -17
- data/lib/brakeman/checks/check_validation_regex.rb +1 -1
- data/lib/brakeman/file_parser.rb +6 -8
- data/lib/brakeman/file_path.rb +71 -0
- data/lib/brakeman/options.rb +7 -0
- data/lib/brakeman/parsers/template_parser.rb +3 -3
- data/lib/brakeman/processor.rb +3 -4
- data/lib/brakeman/processors/alias_processor.rb +12 -6
- data/lib/brakeman/processors/base_processor.rb +8 -7
- data/lib/brakeman/processors/controller_alias_processor.rb +10 -7
- data/lib/brakeman/processors/controller_processor.rb +5 -9
- data/lib/brakeman/processors/haml_template_processor.rb +5 -0
- data/lib/brakeman/processors/lib/module_helper.rb +8 -8
- data/lib/brakeman/processors/lib/processor_helper.rb +3 -3
- data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -3
- data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -2
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +3 -3
- data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -2
- data/lib/brakeman/processors/lib/render_helper.rb +2 -2
- data/lib/brakeman/processors/lib/render_path.rb +18 -1
- data/lib/brakeman/processors/library_processor.rb +5 -5
- data/lib/brakeman/processors/model_processor.rb +4 -5
- data/lib/brakeman/processors/output_processor.rb +5 -0
- data/lib/brakeman/processors/template_alias_processor.rb +4 -5
- data/lib/brakeman/processors/template_processor.rb +4 -4
- data/lib/brakeman/report.rb +3 -3
- data/lib/brakeman/report/ignore/config.rb +2 -3
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/report/pager.rb +1 -0
- data/lib/brakeman/report/report_base.rb +51 -6
- data/lib/brakeman/report/report_codeclimate.rb +3 -3
- data/lib/brakeman/report/report_hash.rb +1 -1
- data/lib/brakeman/report/report_html.rb +2 -2
- data/lib/brakeman/report/report_json.rb +1 -24
- data/lib/brakeman/report/report_table.rb +20 -4
- data/lib/brakeman/report/report_tabs.rb +1 -1
- data/lib/brakeman/report/report_text.rb +2 -2
- data/lib/brakeman/rescanner.rb +9 -12
- data/lib/brakeman/scanner.rb +19 -14
- data/lib/brakeman/tracker.rb +4 -4
- data/lib/brakeman/tracker/collection.rb +4 -3
- data/lib/brakeman/tracker/config.rb +6 -0
- data/lib/brakeman/util.rb +1 -147
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +23 -13
- data/lib/brakeman/warning_codes.rb +1 -0
- data/lib/ruby_parser/bm_sexp_processor.rb +1 -0
- metadata +78 -61
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/Gemfile +0 -11
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/INSTALL +0 -59
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/README.rdoc +0 -74
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/highline.gemspec +0 -37
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline.rb +0 -1048
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/compatibility.rb +0 -16
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/import.rb +0 -41
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/menu.rb +0 -381
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/simulate.rb +0 -48
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/string_extensions.rb +0 -111
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/style.rb +0 -192
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/system_extensions.rb +0 -254
- data/bundle/ruby/2.5.0/gems/highline-1.7.10/setup.rb +0 -1360
data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser_extras.rb
RENAMED
|
@@ -7,7 +7,7 @@ require "rp_extensions"
|
|
|
7
7
|
require "rp_stringscanner"
|
|
8
8
|
|
|
9
9
|
module RubyParserStuff
|
|
10
|
-
VERSION = "3.13.
|
|
10
|
+
VERSION = "3.13.1"
|
|
11
11
|
|
|
12
12
|
attr_accessor :lexer, :in_def, :in_single, :file
|
|
13
13
|
attr_accessor :in_kwarg
|
|
@@ -698,6 +698,22 @@ module RubyParserStuff
|
|
|
698
698
|
result
|
|
699
699
|
end
|
|
700
700
|
|
|
701
|
+
def new_const_op_asgn val
|
|
702
|
+
lhs, asgn_op, rhs = val[0], val[1].to_sym, val[2]
|
|
703
|
+
|
|
704
|
+
result = case asgn_op
|
|
705
|
+
when :"||" then
|
|
706
|
+
s(:op_asgn_or, lhs, rhs)
|
|
707
|
+
when :"&&" then
|
|
708
|
+
s(:op_asgn_and, lhs, rhs)
|
|
709
|
+
else
|
|
710
|
+
s(:op_asgn, lhs, asgn_op, rhs)
|
|
711
|
+
end
|
|
712
|
+
|
|
713
|
+
result.line = lhs.line
|
|
714
|
+
result
|
|
715
|
+
end
|
|
716
|
+
|
|
701
717
|
def new_op_asgn2 val
|
|
702
718
|
recv, call_op, meth, op, arg = val
|
|
703
719
|
meth = :"#{meth}="
|
|
@@ -804,6 +820,7 @@ module RubyParserStuff
|
|
|
804
820
|
|
|
805
821
|
def new_string val
|
|
806
822
|
str = val[0]
|
|
823
|
+
str.force_encoding("UTF-8")
|
|
807
824
|
str.force_encoding("ASCII-8BIT") unless str.valid_encoding?
|
|
808
825
|
result = s(:str, str)
|
|
809
826
|
self.lexer.fixup_lineno str.count("\n")
|
|
@@ -1168,6 +1185,8 @@ module RubyParserStuff
|
|
|
1168
1185
|
end
|
|
1169
1186
|
|
|
1170
1187
|
class Keyword
|
|
1188
|
+
include RubyLexer::State::Values
|
|
1189
|
+
|
|
1171
1190
|
class KWtable
|
|
1172
1191
|
attr_accessor :name, :state, :id0, :id1
|
|
1173
1192
|
def initialize(name, id=[], state=nil)
|
|
@@ -1196,48 +1215,50 @@ module RubyParserStuff
|
|
|
1196
1215
|
# :expr_value = :expr_beg -- work to remove. Need multi-state support.
|
|
1197
1216
|
|
|
1198
1217
|
wordlist = [
|
|
1199
|
-
["alias", [:kALIAS, :kALIAS ],
|
|
1200
|
-
["and", [:kAND, :kAND ],
|
|
1201
|
-
["begin", [:kBEGIN, :kBEGIN ],
|
|
1202
|
-
["break", [:kBREAK, :kBREAK ],
|
|
1203
|
-
["case", [:kCASE, :kCASE ],
|
|
1204
|
-
["class", [:kCLASS, :kCLASS ],
|
|
1205
|
-
["def", [:kDEF, :kDEF ],
|
|
1206
|
-
["defined?", [:kDEFINED, :kDEFINED ],
|
|
1207
|
-
["do", [:kDO, :kDO ],
|
|
1208
|
-
["else", [:kELSE, :kELSE ],
|
|
1209
|
-
["elsif", [:kELSIF, :kELSIF ],
|
|
1210
|
-
["end", [:kEND, :kEND ],
|
|
1211
|
-
["ensure", [:kENSURE, :kENSURE ],
|
|
1212
|
-
["false", [:kFALSE, :kFALSE ],
|
|
1213
|
-
["for", [:kFOR, :kFOR ],
|
|
1214
|
-
["if", [:kIF, :kIF_MOD ],
|
|
1215
|
-
["in", [:kIN, :kIN ],
|
|
1216
|
-
["module", [:kMODULE, :kMODULE ],
|
|
1217
|
-
["next", [:kNEXT, :kNEXT ],
|
|
1218
|
-
["nil", [:kNIL, :kNIL ],
|
|
1219
|
-
["not", [:kNOT, :kNOT ],
|
|
1220
|
-
["or", [:kOR, :kOR ],
|
|
1221
|
-
["redo", [:kREDO, :kREDO ],
|
|
1222
|
-
["rescue", [:kRESCUE, :kRESCUE_MOD ],
|
|
1223
|
-
["retry", [:kRETRY, :kRETRY ],
|
|
1224
|
-
["return", [:kRETURN, :kRETURN ],
|
|
1225
|
-
["self", [:kSELF, :kSELF ],
|
|
1226
|
-
["super", [:kSUPER, :kSUPER ],
|
|
1227
|
-
["then", [:kTHEN, :kTHEN ],
|
|
1228
|
-
["true", [:kTRUE, :kTRUE ],
|
|
1229
|
-
["undef", [:kUNDEF, :kUNDEF ],
|
|
1230
|
-
["unless", [:kUNLESS, :kUNLESS_MOD ],
|
|
1231
|
-
["until", [:kUNTIL, :kUNTIL_MOD ],
|
|
1232
|
-
["when", [:kWHEN, :kWHEN ],
|
|
1233
|
-
["while", [:kWHILE, :kWHILE_MOD ],
|
|
1234
|
-
["yield", [:kYIELD, :kYIELD ],
|
|
1235
|
-
["BEGIN", [:klBEGIN, :klBEGIN ],
|
|
1236
|
-
["END", [:klEND, :klEND ],
|
|
1237
|
-
["__FILE__", [:k__FILE__, :k__FILE__ ],
|
|
1238
|
-
["__LINE__", [:k__LINE__, :k__LINE__ ],
|
|
1239
|
-
["__ENCODING__", [:k__ENCODING__, :k__ENCODING__],
|
|
1240
|
-
].map { |args|
|
|
1218
|
+
["alias", [:kALIAS, :kALIAS ], EXPR_FNAME|EXPR_FITEM],
|
|
1219
|
+
["and", [:kAND, :kAND ], EXPR_BEG ],
|
|
1220
|
+
["begin", [:kBEGIN, :kBEGIN ], EXPR_BEG ],
|
|
1221
|
+
["break", [:kBREAK, :kBREAK ], EXPR_MID ],
|
|
1222
|
+
["case", [:kCASE, :kCASE ], EXPR_BEG ],
|
|
1223
|
+
["class", [:kCLASS, :kCLASS ], EXPR_CLASS ],
|
|
1224
|
+
["def", [:kDEF, :kDEF ], EXPR_FNAME ],
|
|
1225
|
+
["defined?", [:kDEFINED, :kDEFINED ], EXPR_ARG ],
|
|
1226
|
+
["do", [:kDO, :kDO ], EXPR_BEG ],
|
|
1227
|
+
["else", [:kELSE, :kELSE ], EXPR_BEG ],
|
|
1228
|
+
["elsif", [:kELSIF, :kELSIF ], EXPR_BEG ],
|
|
1229
|
+
["end", [:kEND, :kEND ], EXPR_END ],
|
|
1230
|
+
["ensure", [:kENSURE, :kENSURE ], EXPR_BEG ],
|
|
1231
|
+
["false", [:kFALSE, :kFALSE ], EXPR_END ],
|
|
1232
|
+
["for", [:kFOR, :kFOR ], EXPR_BEG ],
|
|
1233
|
+
["if", [:kIF, :kIF_MOD ], EXPR_BEG ],
|
|
1234
|
+
["in", [:kIN, :kIN ], EXPR_BEG ],
|
|
1235
|
+
["module", [:kMODULE, :kMODULE ], EXPR_BEG ],
|
|
1236
|
+
["next", [:kNEXT, :kNEXT ], EXPR_MID ],
|
|
1237
|
+
["nil", [:kNIL, :kNIL ], EXPR_END ],
|
|
1238
|
+
["not", [:kNOT, :kNOT ], EXPR_ARG ],
|
|
1239
|
+
["or", [:kOR, :kOR ], EXPR_BEG ],
|
|
1240
|
+
["redo", [:kREDO, :kREDO ], EXPR_END ],
|
|
1241
|
+
["rescue", [:kRESCUE, :kRESCUE_MOD ], EXPR_MID ],
|
|
1242
|
+
["retry", [:kRETRY, :kRETRY ], EXPR_END ],
|
|
1243
|
+
["return", [:kRETURN, :kRETURN ], EXPR_MID ],
|
|
1244
|
+
["self", [:kSELF, :kSELF ], EXPR_END ],
|
|
1245
|
+
["super", [:kSUPER, :kSUPER ], EXPR_ARG ],
|
|
1246
|
+
["then", [:kTHEN, :kTHEN ], EXPR_BEG ],
|
|
1247
|
+
["true", [:kTRUE, :kTRUE ], EXPR_END ],
|
|
1248
|
+
["undef", [:kUNDEF, :kUNDEF ], EXPR_FNAME|EXPR_FITEM],
|
|
1249
|
+
["unless", [:kUNLESS, :kUNLESS_MOD ], EXPR_BEG ],
|
|
1250
|
+
["until", [:kUNTIL, :kUNTIL_MOD ], EXPR_BEG ],
|
|
1251
|
+
["when", [:kWHEN, :kWHEN ], EXPR_BEG ],
|
|
1252
|
+
["while", [:kWHILE, :kWHILE_MOD ], EXPR_BEG ],
|
|
1253
|
+
["yield", [:kYIELD, :kYIELD ], EXPR_ARG ],
|
|
1254
|
+
["BEGIN", [:klBEGIN, :klBEGIN ], EXPR_END ],
|
|
1255
|
+
["END", [:klEND, :klEND ], EXPR_END ],
|
|
1256
|
+
["__FILE__", [:k__FILE__, :k__FILE__ ], EXPR_END ],
|
|
1257
|
+
["__LINE__", [:k__LINE__, :k__LINE__ ], EXPR_END ],
|
|
1258
|
+
["__ENCODING__", [:k__ENCODING__, :k__ENCODING__], EXPR_END],
|
|
1259
|
+
].map { |args|
|
|
1260
|
+
KWtable.new(*args)
|
|
1261
|
+
}
|
|
1241
1262
|
|
|
1242
1263
|
# :startdoc:
|
|
1243
1264
|
|
|
@@ -107,6 +107,7 @@ def munge s
|
|
|
107
107
|
|
|
108
108
|
'"defined?"', "kDEFINED",
|
|
109
109
|
|
|
110
|
+
"<none>", "none",
|
|
110
111
|
|
|
111
112
|
'"do (for condition)"', "kDO_COND",
|
|
112
113
|
'"do (for lambda)"', "kDO_LAMBDA",
|
|
@@ -167,7 +168,7 @@ ARGF.each_line do |line|
|
|
|
167
168
|
item = $1
|
|
168
169
|
stack << munge(item)
|
|
169
170
|
when /^-> \$\$ = (?:token|nterm) (.+) \(.*\)/ then
|
|
170
|
-
stack << "
|
|
171
|
+
stack << "none" if stack.empty?
|
|
171
172
|
item = munge $1
|
|
172
173
|
x = stack.map { |s| s.strip }.join " "
|
|
173
174
|
if x != item then # prevent kdef -> kdef
|
|
@@ -6,8 +6,13 @@ $p ||= false
|
|
|
6
6
|
require "ripper/sexp"
|
|
7
7
|
require "pp" if $p
|
|
8
8
|
|
|
9
|
+
if ARGV.empty? then
|
|
10
|
+
warn "reading from stdin"
|
|
11
|
+
ARGV << "-"
|
|
12
|
+
end
|
|
13
|
+
|
|
9
14
|
ARGV.each do |path|
|
|
10
|
-
src = File.read
|
|
15
|
+
src = path == "-" ? $stdin.read : File.read(path)
|
|
11
16
|
rip = Ripper::SexpBuilderPP.new src
|
|
12
17
|
rip.yydebug = $d
|
|
13
18
|
|
|
File without changes
|
data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/README.md
RENAMED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Determines the monospace display width of a string in Ruby. Implementation based on [EastAsianWidth.txt](https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt) and other data, 100% in Ruby. Other than [wcwidth()](https://github.com/janlelis/wcswidth-ruby), which fulfills a similar purpose, it does not rely on the OS vendor to provide an up-to-date method for measuring string width.
|
|
4
4
|
|
|
5
|
-
Unicode version: **12.
|
|
5
|
+
Unicode version: **12.1.0** (May 2019)
|
|
6
6
|
|
|
7
7
|
Supported Rubies: **2.6**, **2.5**, **2.4**
|
|
8
8
|
|
|
Binary file
|
|
File without changes
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module Unicode
|
|
2
2
|
module DisplayWidth
|
|
3
|
-
VERSION = '1.
|
|
4
|
-
UNICODE_VERSION = "12.
|
|
3
|
+
VERSION = '1.6.0'
|
|
4
|
+
UNICODE_VERSION = "12.1.0".freeze
|
|
5
5
|
DATA_DIRECTORY = File.expand_path(File.dirname(__FILE__) + '/../../../data/').freeze
|
|
6
6
|
INDEX_FILENAME = (DATA_DIRECTORY + '/display_width.marshal.gz').freeze
|
|
7
7
|
end
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/lib/brakeman.rb
CHANGED
|
@@ -55,6 +55,9 @@ module Brakeman
|
|
|
55
55
|
# * :print_report - if no output file specified, print to stdout (default: false)
|
|
56
56
|
# * :quiet - suppress most messages (default: true)
|
|
57
57
|
# * :rails3 - force Rails 3 mode (automatic)
|
|
58
|
+
# * :rails4 - force Rails 4 mode (automatic)
|
|
59
|
+
# * :rails5 - force Rails 5 mode (automatic)
|
|
60
|
+
# * :rails6 - force Rails 6 mode (automatic)
|
|
58
61
|
# * :report_routes - show found routes on controllers (default: false)
|
|
59
62
|
# * :run_checks - array of checks to run (run all if not specified)
|
|
60
63
|
# * :safe_methods - array of methods to consider safe
|
|
@@ -99,6 +102,10 @@ module Brakeman
|
|
|
99
102
|
elsif options[:rails5]
|
|
100
103
|
options[:rails3] = true
|
|
101
104
|
options[:rails4] = true
|
|
105
|
+
elsif options[:rails6]
|
|
106
|
+
options[:rails3] = true
|
|
107
|
+
options[:rails4] = true
|
|
108
|
+
options[:rails5] = true
|
|
102
109
|
end
|
|
103
110
|
|
|
104
111
|
options[:output_formats] = get_output_formats options
|
data/lib/brakeman/app_tree.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'pathname'
|
|
2
|
+
require 'brakeman/file_path'
|
|
2
3
|
|
|
3
4
|
module Brakeman
|
|
4
5
|
class AppTree
|
|
@@ -62,31 +63,37 @@ module Brakeman
|
|
|
62
63
|
@absolute_engine_paths = @engine_paths.select { |path| path.start_with?(File::SEPARATOR) }
|
|
63
64
|
@relative_engine_paths = @engine_paths - @absolute_engine_paths
|
|
64
65
|
@gemspec = nil
|
|
66
|
+
@root_search_pattern = nil
|
|
65
67
|
end
|
|
66
68
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
+
# Create a new Brakeman::FilePath
|
|
70
|
+
def file_path(path)
|
|
71
|
+
Brakeman::FilePath.from_app_tree(self, path)
|
|
69
72
|
end
|
|
70
73
|
|
|
71
|
-
|
|
72
|
-
|
|
74
|
+
# Should only be used by Brakeman::FilePath.
|
|
75
|
+
# Use AppTree#file_path(path).absolute instead.
|
|
76
|
+
def expand_path(path)
|
|
77
|
+
File.expand_path(path, @root)
|
|
73
78
|
end
|
|
74
79
|
|
|
75
|
-
#
|
|
76
|
-
#
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
80
|
+
# Should only be used by Brakeman::FilePath
|
|
81
|
+
# Use AppTree#file_path(path).relative instead.
|
|
82
|
+
def relative_path(path)
|
|
83
|
+
pname = Pathname.new path
|
|
84
|
+
if path and not path.empty? and pname.absolute?
|
|
85
|
+
pname.relative_path_from(Pathname.new(self.root)).to_s
|
|
86
|
+
else
|
|
87
|
+
path
|
|
88
|
+
end
|
|
81
89
|
end
|
|
82
90
|
|
|
83
91
|
def exists?(path)
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
File.exist?(path)
|
|
92
|
+
if path.is_a? Brakeman::FilePath
|
|
93
|
+
path.exists?
|
|
94
|
+
else
|
|
95
|
+
File.exist?(File.join(@root, path))
|
|
96
|
+
end
|
|
90
97
|
end
|
|
91
98
|
|
|
92
99
|
def initializer_paths
|
|
@@ -111,7 +118,7 @@ module Brakeman
|
|
|
111
118
|
end
|
|
112
119
|
|
|
113
120
|
def lib_paths
|
|
114
|
-
@lib_files ||= find_paths("lib").reject { |path| path.include? "/generators/" or path.include? "lib/tasks/" or path.include? "lib/templates/" } +
|
|
121
|
+
@lib_files ||= find_paths("lib").reject { |path| path.relative.include? "/generators/" or path.relative.include? "lib/tasks/" or path.relative.include? "lib/templates/" } +
|
|
115
122
|
find_additional_lib_paths +
|
|
116
123
|
find_helper_paths +
|
|
117
124
|
find_job_paths
|
|
@@ -125,7 +132,7 @@ module Brakeman
|
|
|
125
132
|
if gemspecs.length > 1 or gemspecs.empty?
|
|
126
133
|
@gemspec = false
|
|
127
134
|
else
|
|
128
|
-
@gemspec = File.basename(gemspecs.first)
|
|
135
|
+
@gemspec = file_path(File.basename(gemspecs.first))
|
|
129
136
|
end
|
|
130
137
|
end
|
|
131
138
|
|
|
@@ -155,7 +162,8 @@ module Brakeman
|
|
|
155
162
|
|
|
156
163
|
def select_files(paths)
|
|
157
164
|
paths = select_only_files(paths)
|
|
158
|
-
reject_skipped_files(paths)
|
|
165
|
+
paths = reject_skipped_files(paths)
|
|
166
|
+
convert_to_file_paths(paths)
|
|
159
167
|
end
|
|
160
168
|
|
|
161
169
|
def select_only_files(paths)
|
|
@@ -190,8 +198,8 @@ module Brakeman
|
|
|
190
198
|
def root_search_pattern
|
|
191
199
|
return @root_search_pattern if @root_search_pattern
|
|
192
200
|
|
|
193
|
-
abs = @absolute_engine_paths.to_a.map { |path| path.gsub
|
|
194
|
-
rel = @relative_engine_paths.to_a.map { |path| path.gsub
|
|
201
|
+
abs = @absolute_engine_paths.to_a.map { |path| path.gsub(/#{File::SEPARATOR}+$/, '') }
|
|
202
|
+
rel = @relative_engine_paths.to_a.map { |path| path.gsub(/#{File::SEPARATOR}+$/, '') }
|
|
195
203
|
|
|
196
204
|
roots = ([@root] + abs).join(",")
|
|
197
205
|
rel_engines = (rel + [""]).join("/,")
|
|
@@ -199,7 +207,11 @@ module Brakeman
|
|
|
199
207
|
end
|
|
200
208
|
|
|
201
209
|
def prioritize_concerns paths
|
|
202
|
-
paths.partition { |path| path.include? "concerns" }.flatten
|
|
210
|
+
paths.partition { |path| path.relative.include? "concerns" }.flatten
|
|
211
|
+
end
|
|
212
|
+
|
|
213
|
+
def convert_to_file_paths paths
|
|
214
|
+
paths.map { |path| file_path(path) }
|
|
203
215
|
end
|
|
204
216
|
end
|
|
205
217
|
end
|
data/lib/brakeman/checks.rb
CHANGED
|
@@ -109,13 +109,13 @@ class Brakeman::Checks
|
|
|
109
109
|
|
|
110
110
|
#Run all the checks on the given Tracker.
|
|
111
111
|
#Returns a new instance of Checks with the results.
|
|
112
|
-
def self.run_checks(
|
|
112
|
+
def self.run_checks(tracker)
|
|
113
113
|
checks = self.checks_to_run(tracker)
|
|
114
114
|
check_runner = self.new :min_confidence => tracker.options[:min_confidence]
|
|
115
|
-
self.actually_run_checks(checks, check_runner,
|
|
115
|
+
self.actually_run_checks(checks, check_runner, tracker)
|
|
116
116
|
end
|
|
117
117
|
|
|
118
|
-
def self.actually_run_checks(checks, check_runner,
|
|
118
|
+
def self.actually_run_checks(checks, check_runner, tracker)
|
|
119
119
|
threads = [] # Results for parallel
|
|
120
120
|
results = [] # Results for sequential
|
|
121
121
|
parallel = tracker.options[:parallel_checks]
|
|
@@ -127,10 +127,10 @@ class Brakeman::Checks
|
|
|
127
127
|
|
|
128
128
|
if parallel
|
|
129
129
|
threads << Thread.new do
|
|
130
|
-
self.run_a_check(c, error_mutex,
|
|
130
|
+
self.run_a_check(c, error_mutex, tracker)
|
|
131
131
|
end
|
|
132
132
|
else
|
|
133
|
-
results << self.run_a_check(c, error_mutex,
|
|
133
|
+
results << self.run_a_check(c, error_mutex, tracker)
|
|
134
134
|
end
|
|
135
135
|
|
|
136
136
|
#Maintain list of which checks were run
|
|
@@ -196,8 +196,8 @@ class Brakeman::Checks
|
|
|
196
196
|
end
|
|
197
197
|
end
|
|
198
198
|
|
|
199
|
-
def self.run_a_check klass, mutex,
|
|
200
|
-
check = klass.new(
|
|
199
|
+
def self.run_a_check klass, mutex, tracker
|
|
200
|
+
check = klass.new(tracker)
|
|
201
201
|
|
|
202
202
|
begin
|
|
203
203
|
check.run_check
|
|
@@ -27,9 +27,9 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
#Initialize Check with Checks.
|
|
30
|
-
def initialize(
|
|
30
|
+
def initialize(tracker)
|
|
31
31
|
super()
|
|
32
|
-
@app_tree = app_tree
|
|
32
|
+
@app_tree = tracker.app_tree
|
|
33
33
|
@results = [] #only to check for duplicates
|
|
34
34
|
@warnings = []
|
|
35
35
|
@tracker = tracker
|
|
@@ -143,11 +143,11 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
|
143
143
|
def warn options
|
|
144
144
|
extra_opts = { :check => self.class.to_s }
|
|
145
145
|
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
146
|
+
if options[:file]
|
|
147
|
+
options[:file] = @app_tree.file_path(options[:file])
|
|
148
|
+
end
|
|
149
149
|
|
|
150
|
-
@warnings <<
|
|
150
|
+
@warnings << Brakeman::Warning.new(options.merge(extra_opts))
|
|
151
151
|
end
|
|
152
152
|
|
|
153
153
|
#Run _exp_ through OutputProcessor to get a nice String.
|
|
@@ -476,11 +476,11 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
|
476
476
|
if gem_name and info = tracker.config.get_gem(gem_name)
|
|
477
477
|
info
|
|
478
478
|
elsif @app_tree.exists?("Gemfile")
|
|
479
|
-
"Gemfile"
|
|
479
|
+
@app_tree.file_path "Gemfile"
|
|
480
480
|
elsif @app_tree.exists?("gems.rb")
|
|
481
|
-
"gems.rb"
|
|
481
|
+
@app_tree.file_path "gems.rb"
|
|
482
482
|
else
|
|
483
|
-
"config/environment.rb"
|
|
483
|
+
@app_tree.file_path "config/environment.rb"
|
|
484
484
|
end
|
|
485
485
|
end
|
|
486
486
|
|