brakeman 4.5.0 → 4.5.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of brakeman might be problematic. Click here for more details.

Files changed (159) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +15 -0
  3. data/README.md +6 -6
  4. data/bundle/load.rb +3 -3
  5. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/AUTHORS +0 -0
  6. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/COPYING +0 -0
  7. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/Changelog.md +211 -15
  8. data/bundle/ruby/2.5.0/gems/highline-2.0.2/Gemfile +22 -0
  9. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/LICENSE +0 -0
  10. data/bundle/ruby/2.5.0/gems/highline-2.0.2/README.md +202 -0
  11. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/TODO +0 -0
  12. data/bundle/ruby/2.5.0/gems/highline-2.0.2/appveyor.yml +37 -0
  13. data/bundle/ruby/2.5.0/gems/highline-2.0.2/highline.gemspec +35 -0
  14. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline.rb +650 -0
  15. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/builtin_styles.rb +129 -0
  16. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/color_scheme.rb +49 -32
  17. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/compatibility.rb +23 -0
  18. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/custom_errors.rb +57 -0
  19. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/import.rb +48 -0
  20. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/io_console_compatible.rb +37 -0
  21. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/list.rb +177 -0
  22. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/list_renderer.rb +261 -0
  23. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/menu.rb +576 -0
  24. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/menu/item.rb +32 -0
  25. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/paginator.rb +52 -0
  26. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/question.rb +281 -131
  27. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question/answer_converter.rb +103 -0
  28. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question_asker.rb +150 -0
  29. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/simulate.rb +59 -0
  30. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/statement.rb +88 -0
  31. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/string.rb +36 -0
  32. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/string_extensions.rb +130 -0
  33. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/style.rb +325 -0
  34. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/template_renderer.rb +62 -0
  35. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal.rb +190 -0
  36. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/io_console.rb +36 -0
  37. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/ncurses.rb +38 -0
  38. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/unix_stty.rb +51 -0
  39. data/bundle/ruby/2.5.0/gems/{highline-1.7.10 → highline-2.0.2}/lib/highline/version.rb +3 -1
  40. data/bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/wrapper.rb +53 -0
  41. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/History.rdoc +32 -0
  42. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/Manifest.txt +0 -0
  43. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/README.rdoc +0 -0
  44. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/compare/normalize.rb +0 -0
  45. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/debugging.md +0 -0
  46. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/rp_extensions.rb +1 -1
  47. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/rp_stringscanner.rb +0 -0
  48. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby20_parser.rb +2427 -2432
  49. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby20_parser.y +32 -29
  50. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby21_parser.rb +2101 -2109
  51. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby21_parser.y +32 -29
  52. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby22_parser.rb +2080 -2095
  53. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby22_parser.y +32 -29
  54. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0/lib/ruby25_parser.rb → ruby_parser-3.13.1/lib/ruby23_parser.rb} +2339 -2333
  55. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby23_parser.y +32 -29
  56. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby24_parser.rb +2347 -2335
  57. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby24_parser.y +32 -23
  58. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0/lib/ruby23_parser.rb → ruby_parser-3.13.1/lib/ruby25_parser.rb} +2349 -2337
  59. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby25_parser.y +32 -23
  60. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby26_parser.rb +2351 -2338
  61. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby26_parser.y +32 -23
  62. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rb +253 -161
  63. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rex +25 -25
  64. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_lexer.rex.rb +68 -26
  65. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser.rb +3 -1
  66. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser.yy +34 -23
  67. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/lib/ruby_parser_extras.rb +64 -43
  68. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/tools/munge.rb +2 -1
  69. data/bundle/ruby/2.5.0/gems/{ruby_parser-3.13.0 → ruby_parser-3.13.1}/tools/ripper.rb +6 -1
  70. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/CHANGELOG.md +4 -0
  71. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/MIT-LICENSE.txt +0 -0
  72. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/README.md +1 -1
  73. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/data/display_width.marshal.gz +0 -0
  74. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width.rb +0 -0
  75. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/constants.rb +2 -2
  76. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/index.rb +0 -0
  77. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
  78. data/bundle/ruby/2.5.0/gems/{unicode-display_width-1.5.0 → unicode-display_width-1.6.0}/lib/unicode/display_width/string_ext.rb +0 -0
  79. data/lib/brakeman.rb +7 -0
  80. data/lib/brakeman/app_tree.rb +34 -22
  81. data/lib/brakeman/checks.rb +7 -7
  82. data/lib/brakeman/checks/base_check.rb +9 -9
  83. data/lib/brakeman/checks/check_cross_site_scripting.rb +5 -0
  84. data/lib/brakeman/checks/check_default_routes.rb +5 -0
  85. data/lib/brakeman/checks/check_deserialize.rb +52 -0
  86. data/lib/brakeman/checks/check_dynamic_finders.rb +1 -1
  87. data/lib/brakeman/checks/check_force_ssl.rb +27 -0
  88. data/lib/brakeman/checks/check_json_parsing.rb +5 -0
  89. data/lib/brakeman/checks/check_link_to_href.rb +6 -1
  90. data/lib/brakeman/checks/check_mail_to.rb +1 -1
  91. data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
  92. data/lib/brakeman/checks/check_model_attributes.rb +12 -50
  93. data/lib/brakeman/checks/check_model_serialize.rb +1 -1
  94. data/lib/brakeman/checks/check_nested_attributes_bypass.rb +3 -3
  95. data/lib/brakeman/checks/check_secrets.rb +1 -1
  96. data/lib/brakeman/checks/check_session_settings.rb +10 -10
  97. data/lib/brakeman/checks/check_simple_format.rb +5 -0
  98. data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
  99. data/lib/brakeman/checks/check_sql.rb +15 -17
  100. data/lib/brakeman/checks/check_validation_regex.rb +1 -1
  101. data/lib/brakeman/file_parser.rb +6 -8
  102. data/lib/brakeman/file_path.rb +71 -0
  103. data/lib/brakeman/options.rb +7 -0
  104. data/lib/brakeman/parsers/template_parser.rb +3 -3
  105. data/lib/brakeman/processor.rb +3 -4
  106. data/lib/brakeman/processors/alias_processor.rb +12 -6
  107. data/lib/brakeman/processors/base_processor.rb +8 -7
  108. data/lib/brakeman/processors/controller_alias_processor.rb +10 -7
  109. data/lib/brakeman/processors/controller_processor.rb +5 -9
  110. data/lib/brakeman/processors/haml_template_processor.rb +5 -0
  111. data/lib/brakeman/processors/lib/module_helper.rb +8 -8
  112. data/lib/brakeman/processors/lib/processor_helper.rb +3 -3
  113. data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -3
  114. data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -2
  115. data/lib/brakeman/processors/lib/rails3_config_processor.rb +3 -3
  116. data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -2
  117. data/lib/brakeman/processors/lib/render_helper.rb +2 -2
  118. data/lib/brakeman/processors/lib/render_path.rb +18 -1
  119. data/lib/brakeman/processors/library_processor.rb +5 -5
  120. data/lib/brakeman/processors/model_processor.rb +4 -5
  121. data/lib/brakeman/processors/output_processor.rb +5 -0
  122. data/lib/brakeman/processors/template_alias_processor.rb +4 -5
  123. data/lib/brakeman/processors/template_processor.rb +4 -4
  124. data/lib/brakeman/report.rb +3 -3
  125. data/lib/brakeman/report/ignore/config.rb +2 -3
  126. data/lib/brakeman/report/ignore/interactive.rb +2 -2
  127. data/lib/brakeman/report/pager.rb +1 -0
  128. data/lib/brakeman/report/report_base.rb +51 -6
  129. data/lib/brakeman/report/report_codeclimate.rb +3 -3
  130. data/lib/brakeman/report/report_hash.rb +1 -1
  131. data/lib/brakeman/report/report_html.rb +2 -2
  132. data/lib/brakeman/report/report_json.rb +1 -24
  133. data/lib/brakeman/report/report_table.rb +20 -4
  134. data/lib/brakeman/report/report_tabs.rb +1 -1
  135. data/lib/brakeman/report/report_text.rb +2 -2
  136. data/lib/brakeman/rescanner.rb +9 -12
  137. data/lib/brakeman/scanner.rb +19 -14
  138. data/lib/brakeman/tracker.rb +4 -4
  139. data/lib/brakeman/tracker/collection.rb +4 -3
  140. data/lib/brakeman/tracker/config.rb +6 -0
  141. data/lib/brakeman/util.rb +1 -147
  142. data/lib/brakeman/version.rb +1 -1
  143. data/lib/brakeman/warning.rb +23 -13
  144. data/lib/brakeman/warning_codes.rb +1 -0
  145. data/lib/ruby_parser/bm_sexp_processor.rb +1 -0
  146. metadata +78 -61
  147. data/bundle/ruby/2.5.0/gems/highline-1.7.10/Gemfile +0 -11
  148. data/bundle/ruby/2.5.0/gems/highline-1.7.10/INSTALL +0 -59
  149. data/bundle/ruby/2.5.0/gems/highline-1.7.10/README.rdoc +0 -74
  150. data/bundle/ruby/2.5.0/gems/highline-1.7.10/highline.gemspec +0 -37
  151. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline.rb +0 -1048
  152. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/compatibility.rb +0 -16
  153. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/import.rb +0 -41
  154. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/menu.rb +0 -381
  155. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/simulate.rb +0 -48
  156. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/string_extensions.rb +0 -111
  157. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/style.rb +0 -192
  158. data/bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/system_extensions.rb +0 -254
  159. data/bundle/ruby/2.5.0/gems/highline-1.7.10/setup.rb +0 -1360
data/lib/brakeman/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "4.5.0"
2
+ Version = "4.5.1"
3
3
  end
data/lib/brakeman/warning.rb CHANGED
@@ -9,7 +9,7 @@ class Brakeman::Warning
9
9
  :line, :method, :model, :template, :user_input, :user_input_type,
10
10
  :warning_code, :warning_set, :warning_type
11
11
 
12
- attr_accessor :code, :context, :file, :message, :relative_path
12
+ attr_accessor :code, :context, :file, :message
13
13
 
14
14
  TEXT_CONFIDENCE = {
15
15
  0 => "High",
@@ -34,11 +34,11 @@ class Brakeman::Warning
34
34
  :file => :@file,
35
35
  :gem_info => :@gem_info,
36
36
  :line => :@line,
37
+ :link => :@link,
37
38
  :link_path => :@link_path,
38
39
  :message => :@message,
39
40
  :method => :@method,
40
41
  :model => :@model,
41
- :relative_path => :@relative_path,
42
42
  :template => :@template,
43
43
  :user_input => :@user_input,
44
44
  :warning_set => :@warning_set,
@@ -100,9 +100,11 @@ class Brakeman::Warning
100
100
  unless @warning_set
101
101
  if self.model
102
102
  @warning_set = :model
103
+ @file ||= self.model.file
103
104
  elsif self.template
104
105
  @warning_set = :template
105
106
  @called_from = self.template.render_path
107
+ @file ||= self.template.file
106
108
  elsif self.controller
107
109
  @warning_set = :controller
108
110
  else
@@ -112,6 +114,8 @@ class Brakeman::Warning
112
114
 
113
115
  if options[:warning_code]
114
116
  @warning_code = Brakeman::WarningCodes.code options[:warning_code]
117
+ else
118
+ @warning_code = nil
115
119
  end
116
120
 
117
121
  Brakeman.debug("Warning created without warning code: #{options[:warning_code]}") unless @warning_code
@@ -221,7 +225,7 @@ class Brakeman::Warning
221
225
  when :template
222
226
  @row["Template"] = self.view_name.to_s
223
227
  when :model
224
- @row["Model"] = self.model.to_s
228
+ @row["Model"] = self.model.name.to_s
225
229
  when :controller
226
230
  @row["Controller"] = self.controller.to_s
227
231
  when :warning
@@ -235,7 +239,7 @@ class Brakeman::Warning
235
239
  def to_s
236
240
  output = "(#{TEXT_CONFIDENCE[self.confidence]}) #{self.warning_type} - #{self.message}"
237
241
  output << " near line #{self.line}" if self.line
238
- output << " in #{self.file}" if self.file
242
+ output << " in #{self.file.relative}" if self.file
239
243
  output << ": #{self.format_code}" if self.code
240
244
 
241
245
  output
@@ -247,37 +251,43 @@ class Brakeman::Warning
247
251
  warning_code_string = sprintf("%03d", @warning_code)
248
252
  code_string = @code.inspect
249
253
 
250
- Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{@relative_path}#{self.confidence}").to_s
254
+ Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{self.file.relative}#{self.confidence}").to_s
251
255
  end
252
256
 
253
257
  def location include_renderer = true
254
258
  case @warning_set
255
259
  when :template
256
- location = { :type => :template, :template => self.view_name(include_renderer) }
260
+ { :type => :template, :template => self.view_name(include_renderer) }
257
261
  when :model
258
- location = { :type => :model, :model => self.model }
262
+ { :type => :model, :model => self.model.name }
259
263
  when :controller
260
- location = { :type => :controller, :controller => self.controller }
264
+ { :type => :controller, :controller => self.controller }
261
265
  when :warning
262
266
  if self.class
263
- location = { :type => :method, :class => self.class, :method => self.method }
267
+ { :type => :method, :class => self.class, :method => self.method }
264
268
  else
265
- location = nil
269
+ nil
266
270
  end
267
271
  end
268
272
  end
269
273
 
270
- def to_hash
274
+ def to_hash absolute_paths: true
275
+ if self.called_from and not absolute_paths
276
+ render_path = self.called_from.with_relative_paths
277
+ else
278
+ render_path = self.called_from
279
+ end
280
+
271
281
  { :warning_type => self.warning_type,
272
282
  :warning_code => @warning_code,
273
283
  :fingerprint => self.fingerprint,
274
284
  :check_name => self.check.gsub(/^Brakeman::Check/, ''),
275
285
  :message => self.message.to_s,
276
- :file => self.file,
286
+ :file => (absolute_paths ? self.file.absolute : self.file.relative),
277
287
  :line => self.line,
278
288
  :link => self.link,
279
289
  :code => (@code && self.format_code(false)),
280
- :render_path => self.called_from,
290
+ :render_path => render_path,
281
291
  :location => self.location(false),
282
292
  :user_input => (@user_input && self.format_user_input(false)),
283
293
  :confidence => TEXT_CONFIDENCE[self.confidence]
data/lib/brakeman/warning_codes.rb CHANGED
@@ -110,6 +110,7 @@ module Brakeman::WarningCodes
110
110
  :CVE_2018_8048 => 106,
111
111
  :CVE_2018_3741 => 107,
112
112
  :CVE_2018_3760 => 108,
113
+ :force_ssl_disabled => 109,
113
114
  }
114
115
 
115
116
  def self.code name
data/lib/ruby_parser/bm_sexp_processor.rb CHANGED
@@ -45,6 +45,7 @@ class Brakeman::SexpProcessor
45
45
  @expected = Sexp
46
46
  @processors = self.class.processors
47
47
  @context = []
48
+ @current_class = @current_module = @current_method = @visibility = nil
48
49
 
49
50
  if @processors.empty?
50
51
  public_methods.each do |name|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.5.0
4
+ version: 4.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-16 00:00:00.000000000 Z
11
+ date: 2019-05-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Brakeman detects security vulnerabilities in Ruby on Rails applications
14
14
  via static analysis.
@@ -83,60 +83,75 @@ files:
83
83
  - bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/template/plugin.rb
84
84
  - bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/util.rb
85
85
  - bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/version.rb
86
- - bundle/ruby/2.5.0/gems/highline-1.7.10/AUTHORS
87
- - bundle/ruby/2.5.0/gems/highline-1.7.10/COPYING
88
- - bundle/ruby/2.5.0/gems/highline-1.7.10/Changelog.md
89
- - bundle/ruby/2.5.0/gems/highline-1.7.10/Gemfile
90
- - bundle/ruby/2.5.0/gems/highline-1.7.10/INSTALL
91
- - bundle/ruby/2.5.0/gems/highline-1.7.10/LICENSE
92
- - bundle/ruby/2.5.0/gems/highline-1.7.10/README.rdoc
93
- - bundle/ruby/2.5.0/gems/highline-1.7.10/TODO
94
- - bundle/ruby/2.5.0/gems/highline-1.7.10/highline.gemspec
95
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline.rb
96
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/color_scheme.rb
97
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/compatibility.rb
98
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/import.rb
99
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/menu.rb
100
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/question.rb
101
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/simulate.rb
102
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/string_extensions.rb
103
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/style.rb
104
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/system_extensions.rb
105
- - bundle/ruby/2.5.0/gems/highline-1.7.10/lib/highline/version.rb
106
- - bundle/ruby/2.5.0/gems/highline-1.7.10/setup.rb
86
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/AUTHORS
87
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/COPYING
88
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/Changelog.md
89
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/Gemfile
90
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/LICENSE
91
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/README.md
92
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/TODO
93
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/appveyor.yml
94
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/highline.gemspec
95
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline.rb
96
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/builtin_styles.rb
97
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/color_scheme.rb
98
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/compatibility.rb
99
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/custom_errors.rb
100
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/import.rb
101
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/io_console_compatible.rb
102
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/list.rb
103
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/list_renderer.rb
104
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/menu.rb
105
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/menu/item.rb
106
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/paginator.rb
107
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question.rb
108
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question/answer_converter.rb
109
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/question_asker.rb
110
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/simulate.rb
111
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/statement.rb
112
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/string.rb
113
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/string_extensions.rb
114
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/style.rb
115
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/template_renderer.rb
116
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal.rb
117
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/io_console.rb
118
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/ncurses.rb
119
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/terminal/unix_stty.rb
120
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/version.rb
121
+ - bundle/ruby/2.5.0/gems/highline-2.0.2/lib/highline/wrapper.rb
107
122
  - bundle/ruby/2.5.0/gems/ruby2ruby-2.4.2/History.rdoc
108
123
  - bundle/ruby/2.5.0/gems/ruby2ruby-2.4.2/Manifest.txt
109
124
  - bundle/ruby/2.5.0/gems/ruby2ruby-2.4.2/README.rdoc
110
125
  - bundle/ruby/2.5.0/gems/ruby2ruby-2.4.2/lib/ruby2ruby.rb
111
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/History.rdoc
112
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/Manifest.txt
113
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/README.rdoc
114
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/compare/normalize.rb
115
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/debugging.md
116
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/rp_extensions.rb
117
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/rp_stringscanner.rb
118
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby20_parser.rb
119
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby20_parser.y
120
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby21_parser.rb
121
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby21_parser.y
122
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby22_parser.rb
123
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby22_parser.y
124
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby23_parser.rb
125
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby23_parser.y
126
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby24_parser.rb
127
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby24_parser.y
128
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby25_parser.rb
129
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby25_parser.y
130
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby26_parser.rb
131
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby26_parser.y
132
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby_lexer.rb
133
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby_lexer.rex
134
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby_lexer.rex.rb
135
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby_parser.rb
136
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby_parser.yy
137
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/lib/ruby_parser_extras.rb
138
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/tools/munge.rb
139
- - bundle/ruby/2.5.0/gems/ruby_parser-3.13.0/tools/ripper.rb
126
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/History.rdoc
127
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/Manifest.txt
128
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/README.rdoc
129
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/compare/normalize.rb
130
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/debugging.md
131
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/rp_extensions.rb
132
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/rp_stringscanner.rb
133
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby20_parser.rb
134
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby20_parser.y
135
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby21_parser.rb
136
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby21_parser.y
137
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby22_parser.rb
138
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby22_parser.y
139
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby23_parser.rb
140
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby23_parser.y
141
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby24_parser.rb
142
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby24_parser.y
143
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby25_parser.rb
144
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby25_parser.y
145
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby26_parser.rb
146
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby26_parser.y
147
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby_lexer.rb
148
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby_lexer.rex
149
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby_lexer.rex.rb
150
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby_parser.rb
151
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby_parser.yy
152
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby_parser_extras.rb
153
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/tools/munge.rb
154
+ - bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/tools/ripper.rb
140
155
  - bundle/ruby/2.5.0/gems/ruby_parser-legacy-1.0.0/History.rdoc
141
156
  - bundle/ruby/2.5.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt
142
157
  - bundle/ruby/2.5.0/gems/ruby_parser-legacy-1.0.0/README.rdoc
@@ -337,15 +352,15 @@ files:
337
352
  - bundle/ruby/2.5.0/gems/tilt-2.0.9/lib/tilt/wikicloth.rb
338
353
  - bundle/ruby/2.5.0/gems/tilt-2.0.9/lib/tilt/yajl.rb
339
354
  - bundle/ruby/2.5.0/gems/tilt-2.0.9/tilt.gemspec
340
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/CHANGELOG.md
341
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/MIT-LICENSE.txt
342
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/README.md
343
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/data/display_width.marshal.gz
344
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/lib/unicode/display_width.rb
345
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/lib/unicode/display_width/constants.rb
346
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/lib/unicode/display_width/index.rb
347
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/lib/unicode/display_width/no_string_ext.rb
348
- - bundle/ruby/2.5.0/gems/unicode-display_width-1.5.0/lib/unicode/display_width/string_ext.rb
355
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/CHANGELOG.md
356
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/MIT-LICENSE.txt
357
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/README.md
358
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/data/display_width.marshal.gz
359
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/lib/unicode/display_width.rb
360
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/lib/unicode/display_width/constants.rb
361
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/lib/unicode/display_width/index.rb
362
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/lib/unicode/display_width/no_string_ext.rb
363
+ - bundle/ruby/2.5.0/gems/unicode-display_width-1.6.0/lib/unicode/display_width/string_ext.rb
349
364
  - lib/brakeman.rb
350
365
  - lib/brakeman/app_tree.rb
351
366
  - lib/brakeman/call_index.rb
@@ -368,6 +383,7 @@ files:
368
383
  - lib/brakeman/checks/check_file_access.rb
369
384
  - lib/brakeman/checks/check_file_disclosure.rb
370
385
  - lib/brakeman/checks/check_filter_skipping.rb
386
+ - lib/brakeman/checks/check_force_ssl.rb
371
387
  - lib/brakeman/checks/check_forgery_setting.rb
372
388
  - lib/brakeman/checks/check_header_dos.rb
373
389
  - lib/brakeman/checks/check_i18n_xss.rb
@@ -425,6 +441,7 @@ files:
425
441
  - lib/brakeman/commandline.rb
426
442
  - lib/brakeman/differ.rb
427
443
  - lib/brakeman/file_parser.rb
444
+ - lib/brakeman/file_path.rb
428
445
  - lib/brakeman/format/style.css
429
446
  - lib/brakeman/messages.rb
430
447
  - lib/brakeman/options.rb
data/bundle/ruby/2.5.0/gems/highline-1.7.10/Gemfile DELETED
@@ -1,11 +0,0 @@
1
- source "https://rubygems.org"
2
-
3
- gemspec
4
-
5
- gem "rake", :require => false
6
- gem "rdoc", :require => false
7
-
8
- group(:development, :tests) do
9
- gem "code_statistics", :require => false
10
- gem "test-unit", :require => false
11
- end
data/bundle/ruby/2.5.0/gems/highline-1.7.10/INSTALL DELETED
@@ -1,59 +0,0 @@
1
- = Installing HighLine
2
-
3
- RubyGems is the preferred easy install method for HighLine. However, you can
4
- install HighLine manually as described below.
5
-
6
- == Requirements
7
-
8
- HighLine from version >= 1.7.0 requires ruby >= 1.9.3
9
-
10
- == Installing the Gem
11
-
12
- HighLine is intended to be installed via the
13
- RubyGems[http://rubyforge.org/projects/rubygems/] system. To get the latest
14
- version, simply enter the following into your command prompt:
15
-
16
- $ sudo gem install highline
17
-
18
- You must have RubyGems[http://rubyforge.org/projects/rubygems/] installed for
19
- the above to work.
20
-
21
- If you want to build the gem locally, make sure you have
22
- Rake[http://rubyforge.org/projects/rake/] installed then run the following
23
- command:
24
-
25
- $ rake package
26
-
27
- == Installing Manually
28
-
29
- Download the latest version of HighLine from the
30
- {RubyForge project page}[http://rubyforge.org/frs/?group_id=683]. Navigate to
31
- the root project directory and enter:
32
-
33
- $ sudo ruby setup.rb
34
-
35
- == Installing HighLine on JRuby
36
-
37
- If you are using HighLine on JRuby, many features will not work properly
38
- without a working ncurses installation. First, ensure that you have
39
- ncurses installed and then install the ffi-ncurses gem.
40
-
41
- If ffi-ncurses fails to find your ncurses library, you may need to set the
42
- RUBY_FFI_NCURSES envirionment variable, i.e:
43
-
44
- RUBY_FFI_NCURSES_LIB=ncursesw ruby examples/hello.rb
45
-
46
- For details, see the ffi-ncurses documentation at:
47
- http://github.com/seanohalpin/ffi-ncurses
48
-
49
- == Using termios
50
-
51
- While not a requirement, HighLine will take advantage of the termios library if
52
- installed (on Unix). This slightly improves HighLine's character reading
53
- capabilities and thus is recommended for all Unix users.
54
-
55
- If using the HighLine gem, you should be able to add termios as easily as:
56
-
57
- $ sudo gem install termios
58
-
59
- For manual installs, consult the termios documentation.
data/bundle/ruby/2.5.0/gems/highline-1.7.10/README.rdoc DELETED
@@ -1,74 +0,0 @@
1
- = HighLine
2
-
3
- by James Edward Gray II
4
-
5
- {<img src="https://travis-ci.org/JEG2/highline.svg" alt="Build Status" />}[https://travis-ci.org/JEG2/highline]
6
- {<img src="https://img.shields.io/gem/v/highline.svg?style=flat" />}[http://rubygems.org/gems/highline]
7
-
8
- == Description
9
-
10
- Welcome to HighLine.
11
-
12
- HighLine was designed to ease the tedious tasks of doing console input and
13
- output with low-level methods like gets() and puts(). HighLine provides a
14
- robust system for requesting data from a user, without needing to code all the
15
- error checking and validation rules and without needing to convert the typed
16
- Strings into what your program really needs. Just tell HighLine what you're
17
- after, and let it do all the work.
18
-
19
- == Documentation
20
-
21
- See HighLine and HighLine::Question for documentation.
22
-
23
- Start hacking in your code with HighLine with:
24
-
25
- require 'highline/import'
26
-
27
- == Examples
28
-
29
- Basic usage:
30
-
31
- ask("Company? ") { |q| q.default = "none" }
32
-
33
- Validation:
34
-
35
- ask("Age? ", Integer) { |q| q.in = 0..105 }
36
- ask("Name? (last, first) ") { |q| q.validate = /\A\w+, ?\w+\Z/ }
37
-
38
- Type conversion for answers:
39
-
40
- ask("Birthday? ", Date)
41
- ask("Interests? (comma sep list) ", lambda { |str| str.split(/,\s*/) })
42
-
43
- Reading passwords:
44
-
45
- ask("Enter your password: ") { |q| q.echo = false }
46
- ask("Enter your password: ") { |q| q.echo = "x" }
47
-
48
- ERb based output (with HighLine's ANSI color tools):
49
-
50
- say("This should be <%= color('bold', BOLD) %>!")
51
-
52
- Menus:
53
-
54
- choose do |menu|
55
- menu.prompt = "Please choose your favorite programming language? "
56
-
57
- menu.choice(:ruby) { say("Good choice!") }
58
- menu.choices(:python, :perl) { say("Not from around here, are you?") }
59
- end
60
-
61
- For more examples see the examples/ directory of this project.
62
-
63
- == Requirements
64
-
65
- HighLine from version >= 1.7.0 requires ruby >= 1.9.3
66
-
67
- == Installing
68
-
69
- See the INSTALL file for instructions.
70
-
71
- == Questions and/or Comments
72
-
73
- Feel free to email {James Edward Gray II}[mailto:james@grayproductions.net] or
74
- {Gregory Brown}[mailto:gregory.t.brown@gmail.com] with any questions.