brakeman 4.5.1 → 4.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +150 -109
- data/README.md +0 -1
- data/bundle/load.rb +13 -13
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/CHANGES.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/MIT-LICENSE +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/README.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/contrib/erubis +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/contrib/erubis-run.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/contrib/inline-require +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/context.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/converter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ec.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ecpp.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ejava.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ejavascript.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/enhanced.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/eperl.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ephp.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/eruby.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/escheme.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/optimized.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/enhancer.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/error.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/evaluator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/generator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_form_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/local-setting.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/main.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/preprocessing.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/tiny.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/util.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/setup.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/CHANGELOG.md +122 -4
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/FAQ.md +4 -14
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/Gemfile +19 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/MIT-LICENSE +20 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/README.md +80 -42
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/REFERENCE.md +121 -64
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/TODO +24 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/haml.gemspec +44 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml.rb +2 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_builder.rb +164 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_compiler.rb +224 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_parser.rb +150 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/buffer.rb +25 -132
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/compiler.rb +330 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/engine.rb +34 -41
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/error.rb +65 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/escapable.rb +50 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/exec.rb +38 -20
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/filters.rb +22 -27
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/generator.rb +42 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers.rb +129 -90
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/action_view_extensions.rb +4 -2
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/action_view_mods.rb +45 -60
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/action_view_xss_mods.rb +2 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/helpers/safe_erubi_template.rb +20 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/safe_erubis_template.rb +5 -1
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/xss_mods.rb +19 -12
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/options.rb +63 -69
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/parser.rb +292 -228
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/plugin.rb +37 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/railtie.rb +48 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/sass_rails_filter.rb +18 -4
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/template.rb +13 -6
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/template/options.rb +13 -2
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/temple_engine.rb +123 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/temple_line_counter.rb +30 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/util.rb +258 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/version.rb +5 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/yard/default/fulldoc/html/css/common.sass +15 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/yard/default/layout/html/footer.erb +12 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/AUTHORS +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/COPYING +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/Changelog.md +3 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/Gemfile +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/LICENSE +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/README.md +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/TODO +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/appveyor.yml +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/highline.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/builtin_styles.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/color_scheme.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/compatibility.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/custom_errors.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/import.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/io_console_compatible.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/list.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/list_renderer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/menu.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/menu/item.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/paginator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/question.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/question/answer_converter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/question_asker.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/simulate.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/statement.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/string.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/string_extensions.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/style.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/template_renderer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/terminal.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/terminal/io_console.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/terminal/ncurses.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/terminal/unix_stty.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/version.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/wrapper.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.2 → 2.6.0/gems/ruby2ruby-2.4.4}/History.rdoc +19 -5
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.2 → 2.6.0/gems/ruby2ruby-2.4.4}/Manifest.txt +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.2 → 2.6.0/gems/ruby2ruby-2.4.4}/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.2 → 2.6.0/gems/ruby2ruby-2.4.4}/lib/ruby2ruby.rb +122 -112
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/History.rdoc +38 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/Manifest.txt +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/README.rdoc +3 -3
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/compare/normalize.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/debugging.md +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/rp_extensions.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/rp_stringscanner.rb +0 -0
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby20_parser.rb +7045 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1/lib/ruby_parser.yy → 2.6.0/gems/ruby_parser-3.14.0/lib/ruby20_parser.y} +390 -397
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby21_parser.rb +7116 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby21_parser.y +399 -254
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby22_parser.rb +7149 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby22_parser.y +400 -255
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby23_parser.rb +7166 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby23_parser.y +400 -255
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby24_parser.rb +7178 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby24_parser.y +404 -257
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby25_parser.rb +7178 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby25_parser.y +404 -257
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby26_parser.rb +7198 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby26_parser.y +410 -261
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_lexer.rb +424 -432
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_lexer.rex +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_lexer.rex.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_parser.rb +27 -27
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby_parser.yy +2732 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_parser_extras.rb +627 -406
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/tools/munge.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/tools/ripper.rb +13 -2
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/History.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/Manifest.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.y +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.y +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser_extras.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/CHANGES.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/Gemfile +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/LICENSE.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/README.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/bundle_install_all_ruby_versions.sh +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/deep.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/libyaml_checker.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/load.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/date.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/hexadecimal.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/sexagesimal.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_handler.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_resolver.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/resolver.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/safe_to_ruby_visitor.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_hack.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_node_monkeypatch.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_resolver.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_boolean.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_date.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_float.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_integer.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_nil.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_symbol.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/transformation_map.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/safe_yaml.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/History.rdoc +25 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/Manifest.txt +1 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/pt_testcase.rb +13 -15
- data/bundle/ruby/2.6.0/gems/sexp_processor-4.13.0/lib/sexp.rb +381 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0/lib/sexp.rb → 2.6.0/gems/sexp_processor-4.13.0/lib/sexp_matcher.rb} +25 -382
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/sexp_processor.rb +2 -2
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/strict_sexp.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/unique.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/CHANGES +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/Gemfile +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/LICENSE +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/README.jp.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/README.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/code_attributes.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/command.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/controls.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/do_inserter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/embedded.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/end_inserter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/engine.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/erb_converter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/filter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/grammar.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/include.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/interpolation.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/logic_less.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/logic_less/context.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/logic_less/filter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/smart.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/smart/escaper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/smart/filter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/smart/parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/splat/builder.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/splat/filter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/template.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/translator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/version.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/slim.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/CHANGES +5 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/EXPRESSIONS.md +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/Gemfile +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/LICENSE +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/README.md +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/engine.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/erb/engine.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/erb/parser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/erb/template.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/erb/trimming.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/exceptions.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/code_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/control_flow.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/dynamic_inliner.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/encoding.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/eraser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/escapable.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/multi_flattener.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/remove_bom.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/static_analyzer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/static_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/string_splitter.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/validator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/array.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/array_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/erb.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/rails_output_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/string_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/grammar.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/attribute_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/attribute_remover.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/attribute_sorter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/dispatcher.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/fast.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/pretty.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/safe.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/map.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/dispatcher.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/engine_dsl.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/grammar_dsl.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/options.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/template.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/parser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/static_analyzer.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/templates.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/templates/rails.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/templates/tilt.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/utils.rb +0 -0
- data/bundle/ruby/2.6.0/gems/temple-0.8.2/lib/temple/version.rb +3 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/temple.gemspec +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/Gemfile +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/History.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/LICENSE.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/Manifest +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/Todo.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/cell.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/import.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/row.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/separator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/style.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/table.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/version.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/terminal-table.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/COPYING +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/asciidoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/babel.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/bluecloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/builder.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/coffee.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/commonmarker.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/creole.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/csv.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/dummy.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/erb.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/erubi.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/erubis.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/etanni.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/haml.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/kramdown.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/less.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/liquid.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/livescript.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/mapping.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/markaby.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/maruku.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/nokogiri.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/pandoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/plain.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/prawn.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/radius.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/rdiscount.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/rdoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/redcarpet.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/redcloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/rst-pandoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/sass.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/sigil.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/string.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/template.rb +7 -12
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/typescript.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/wikicloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/yajl.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/CHANGELOG.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/MIT-LICENSE.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/README.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/data/display_width.marshal.gz +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/constants.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/index.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/no_string_ext.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/string_ext.rb +0 -0
- data/lib/brakeman/call_index.rb +54 -15
- data/lib/brakeman/checks/base_check.rb +50 -47
- data/lib/brakeman/checks/check_cookie_serialization.rb +22 -0
- data/lib/brakeman/checks/check_cross_site_scripting.rb +4 -4
- data/lib/brakeman/checks/check_deserialize.rb +3 -6
- data/lib/brakeman/checks/check_execute.rb +26 -1
- data/lib/brakeman/checks/check_file_access.rb +7 -1
- data/lib/brakeman/checks/check_header_dos.rb +2 -2
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -2
- data/lib/brakeman/checks/check_jruby_xml.rb +2 -2
- data/lib/brakeman/checks/check_json_parsing.rb +2 -2
- data/lib/brakeman/checks/check_mime_type_dos.rb +2 -2
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +1 -1
- data/lib/brakeman/checks/check_reverse_tabnabbing.rb +58 -0
- data/lib/brakeman/checks/check_sanitize_methods.rb +2 -2
- data/lib/brakeman/checks/check_session_settings.rb +5 -2
- data/lib/brakeman/checks/check_xml_dos.rb +2 -2
- data/lib/brakeman/checks/check_yaml_parsing.rb +10 -18
- data/lib/brakeman/differ.rb +16 -28
- data/lib/brakeman/file_parser.rb +4 -8
- data/lib/brakeman/file_path.rb +14 -0
- data/lib/brakeman/parsers/haml_embedded.rb +1 -1
- data/lib/brakeman/parsers/template_parser.rb +3 -1
- data/lib/brakeman/processor.rb +1 -1
- data/lib/brakeman/processors/alias_processor.rb +15 -1
- data/lib/brakeman/processors/base_processor.rb +2 -0
- data/lib/brakeman/processors/controller_processor.rb +4 -4
- data/lib/brakeman/processors/gem_processor.rb +10 -2
- data/lib/brakeman/processors/haml_template_processor.rb +87 -123
- data/lib/brakeman/processors/lib/call_conversion_helper.rb +5 -4
- data/lib/brakeman/processors/lib/find_all_calls.rb +27 -4
- data/lib/brakeman/processors/lib/find_call.rb +3 -64
- data/lib/brakeman/processors/lib/rails2_config_processor.rb +1 -1
- data/lib/brakeman/processors/template_alias_processor.rb +28 -0
- data/lib/brakeman/processors/template_processor.rb +10 -6
- data/lib/brakeman/report/report_text.rb +4 -5
- data/lib/brakeman/rescanner.rb +4 -0
- data/lib/brakeman/tracker.rb +26 -2
- data/lib/brakeman/tracker/config.rb +38 -73
- data/lib/brakeman/tracker/constants.rb +2 -1
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +4 -0
- data/lib/brakeman/warning_codes.rb +3 -0
- data/lib/ruby_parser/bm_sexp.rb +7 -2
- metadata +352 -342
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/MIT-LICENSE +0 -20
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/compiler.rb +0 -540
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/error.rb +0 -61
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/railtie.rb +0 -22
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/template/plugin.rb +0 -41
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/util.rb +0 -377
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/version.rb +0 -3
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby20_parser.rb +0 -6869
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby20_parser.y +0 -2431
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby21_parser.rb +0 -6944
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby22_parser.rb +0 -6968
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby23_parser.rb +0 -6987
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby24_parser.rb +0 -6994
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby25_parser.rb +0 -6994
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby26_parser.rb +0 -7012
- data/bundle/ruby/2.5.0/gems/temple-0.8.1/lib/temple/version.rb +0 -3
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/CHANGELOG.md +0 -132
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/Gemfile +0 -70
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/HACKING +0 -16
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/README.md +0 -233
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/tilt.gemspec +0 -130
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cb1a6279fa089c035c1e284d078ba0af21b8a19de58e489dcdc7c3a167d52e43
|
4
|
+
data.tar.gz: 4d163ff4a319363126e9626f8d0d841b1b55abf48fca01f1b5e0581bbda8f69f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7decb5b6745e654b6e2d7b06503fedad0e9a1c1b89d40ee380e37c23092420e34425357091f47a623508b1cf7e91a114a786f25d5441efe1cd7db80d7d15cc72
|
7
|
+
data.tar.gz: 81651d8ba5958201234b84576a691e5281b3f3af3cbb66500fb847e1873406c8956f8746c062de965b95c76e5c3c9f6810b81ebe73abbfc454cafbd2e93b9c31
|
data/CHANGES.md
CHANGED
@@ -1,4 +1,45 @@
|
|
1
|
-
# 4.
|
1
|
+
# 4.7.1 - 2019-10-29
|
2
|
+
|
3
|
+
* Check string length against limit before joining
|
4
|
+
* Fix errors from frozen `Symbol#to_s` in Ruby 2.7
|
5
|
+
* Fix flaky rails4 test (Adam Kiczula)
|
6
|
+
* Added release dates to each version in CHANGES (TheSpartan1980)
|
7
|
+
* Catch reverse tabnabbing with `:_blank` symbol (Jacob Evelyn)
|
8
|
+
* Convert `s(:lambda)` to `s(:call)` in `Sexp#block_call`
|
9
|
+
* Sort text report by file and line (Jacob Evelyn)
|
10
|
+
|
11
|
+
# 4.7.0 - 2019-10-16
|
12
|
+
|
13
|
+
* Refactor `Brakeman::Differ#second_pass` (Benoit Côté-Jodoin)
|
14
|
+
* Ignore interpolation in `%W[]`
|
15
|
+
* Fix `version_between?` (Andrey Glushkov)
|
16
|
+
* Add support for `ruby_parser` 3.14.0
|
17
|
+
* Ignore `form_for` for XSS check
|
18
|
+
* Update Haml support to Haml 5.x
|
19
|
+
* Catch shell injection from `-c` shell commands (Jacob Evelyn)
|
20
|
+
* Correctly handle non-symbols in `CheckCookieSerialization` (Phil Turnbull)
|
21
|
+
|
22
|
+
# 4.6.1 - 2019-07-24
|
23
|
+
|
24
|
+
* Fix Reverse Tabnabbing warning message (Steffen Schildknecht / Jörg Schiller)
|
25
|
+
|
26
|
+
# 4.6.0 - 2019-07-23
|
27
|
+
|
28
|
+
* Skip calls to `dup`
|
29
|
+
* Add reverse tabnabbing check (Linos Giannopoulos)
|
30
|
+
* Better handling of gems with no version declared
|
31
|
+
* Warn people that Haml 5 is not fully supported (Jared Beck)
|
32
|
+
* Avoid warning about file access with `ActiveStorage::Filename#sanitized` (Tejas Bubane)
|
33
|
+
* Update loofah version for fixing CVE-2018-8048 (Markus Nölle)
|
34
|
+
* Restore `Warning#relative_path`
|
35
|
+
* Add check for cookie serialization with Marshal
|
36
|
+
* Index calls in initializers
|
37
|
+
* Improve template output handling in conditional branches
|
38
|
+
* Avoid assigning `nil` line numbers to `Sexp`s
|
39
|
+
* Add special warning code for custom checks
|
40
|
+
* Add call matching by regular expression
|
41
|
+
|
42
|
+
# 4.5.1 - 2019-05-11
|
2
43
|
|
3
44
|
* Add `Brakeman::FilePath` to represent file paths
|
4
45
|
* Handle trailing comma in block args
|
@@ -13,7 +54,7 @@
|
|
13
54
|
* Add initial Rails 6 support
|
14
55
|
* Add SQL injection checks for `destroy_by`/`delete_by`
|
15
56
|
|
16
|
-
# 4.5.0
|
57
|
+
# 4.5.0 - 2019-03-16
|
17
58
|
|
18
59
|
* Update `ruby_parser`, use `ruby_parser-legacy`
|
19
60
|
* More thoroughly handle `Shellwords` escaping
|
@@ -30,7 +71,7 @@
|
|
30
71
|
* Better handling of splat/kwsplat arguments
|
31
72
|
* Improve "user input" reported for SQL injection
|
32
73
|
|
33
|
-
# 4.4.0
|
74
|
+
# 4.4.0 - 2019-01-17
|
34
75
|
|
35
76
|
* Set default encoding to UTF-8
|
36
77
|
* Update to Slim 4.0.1 (Jake Peterson)
|
@@ -53,7 +94,7 @@
|
|
53
94
|
* Complete overhaul of warning message construction
|
54
95
|
* Deadcode and typo fixes found via Coverity
|
55
96
|
|
56
|
-
# 4.3.1
|
97
|
+
# 4.3.1 - 2018-06-07
|
57
98
|
|
58
99
|
* Ignore `Object#freeze`, use the target instead
|
59
100
|
* Ignore `foreign_key` calls in SQL
|
@@ -66,7 +107,7 @@
|
|
66
107
|
* Improve handling of conditionals in shell commands (Jacob Evelyn)
|
67
108
|
* Fix error when setting line number in implicit renders
|
68
109
|
|
69
|
-
# 4.3.0
|
110
|
+
# 4.3.0 - 2018-05-11
|
70
111
|
|
71
112
|
* Check exec-type calls even if they are targets
|
72
113
|
* Convert `Array#join` to string interpolation
|
@@ -82,14 +123,14 @@
|
|
82
123
|
* `--color` can be used to force color output
|
83
124
|
* Fix reported line numbers for CVE-2018-3741 and CVE-2018-8048
|
84
125
|
|
85
|
-
# 4.2.1
|
126
|
+
# 4.2.1 - 2018-03-24
|
86
127
|
|
87
128
|
* Add warning for CVE-2018-3741
|
88
129
|
* Add warning for CVE-2018-8048
|
89
130
|
* Scan `app/jobs/` directory
|
90
131
|
* Handle `template_exists?` in controllers
|
91
132
|
|
92
|
-
# 4.2.0
|
133
|
+
# 4.2.0 - 2018-02-22
|
93
134
|
|
94
135
|
* Avoid warning about symbol DoS on `Model#attributes`
|
95
136
|
* Avoid warning about open redirects with model methods ending with `_path`
|
@@ -102,12 +143,12 @@
|
|
102
143
|
* Exclude template folders in `lib/` (kru0096)
|
103
144
|
* Handle ERb use of `String#<<` method for Ruby 2.5 (Pocke)
|
104
145
|
|
105
|
-
# 4.1.1
|
146
|
+
# 4.1.1 - 2017-12-19
|
106
147
|
|
107
148
|
* Remove check for use of `permit` with `*_id` keys
|
108
149
|
* Avoid duplicate warnings about permitted attributes
|
109
150
|
|
110
|
-
# 4.1.0
|
151
|
+
# 4.1.0 - 2017-12-14
|
111
152
|
|
112
153
|
* Process models as root sexp instead of each sexp
|
113
154
|
* Avoid CSRF warning in Rails 5.2 default config
|
@@ -130,12 +171,12 @@
|
|
130
171
|
* Refactor Code Climate engine options parsing (Noah Davis)
|
131
172
|
* Fix upgrade version for CVE-2016-6316
|
132
173
|
|
133
|
-
# 4.0.1
|
174
|
+
# 4.0.1 - 2017-09-25
|
134
175
|
|
135
176
|
* Disable pager when `CI` environment variable is set
|
136
177
|
* Fix output when pager fails
|
137
178
|
|
138
|
-
# 4.0.0
|
179
|
+
# 4.0.0 - 2017-09-25
|
139
180
|
|
140
181
|
* Add simple pager for reports output to terminal
|
141
182
|
* Rename "Cross Site Scripting" to "Cross-Site Scripting" (Paul Tetreau)
|
@@ -149,11 +190,11 @@
|
|
149
190
|
* --exit-on-error and --exit-on-warn are now the default
|
150
191
|
* Fix --exit-on-error and --exit-on-warn in config files
|
151
192
|
|
152
|
-
# 3.7.2
|
193
|
+
# 3.7.2 - 2017-08-16
|
153
194
|
|
154
195
|
* Fix --ensure-latest (David Guyon)
|
155
196
|
|
156
|
-
# 3.7.1
|
197
|
+
# 3.7.1 - 2017-08-16
|
157
198
|
|
158
199
|
* Handle simple guard with return at end of branch
|
159
200
|
* Modularize bin/brakeman
|
@@ -161,7 +202,7 @@
|
|
161
202
|
* Add more collection methods for iteration detection
|
162
203
|
* Update ruby2ruby and ruby_parser
|
163
204
|
|
164
|
-
# 3.7.0
|
205
|
+
# 3.7.0 - 2017-06-30
|
165
206
|
|
166
207
|
* Improve support for rails4/rails5 options in config file
|
167
208
|
* Track more information about constant assignments
|
@@ -170,7 +211,7 @@
|
|
170
211
|
* Fix false positive for redirect_to in Rails 4 (Mário Areias)
|
171
212
|
* Avoid interpolating hashes/arrays on failed access
|
172
213
|
|
173
|
-
# 3.6.2
|
214
|
+
# 3.6.2 - 2017-05-19
|
174
215
|
|
175
216
|
* Handle safe call operator in checks
|
176
217
|
* Better handling of `if` expressions in HAML rendering
|
@@ -185,11 +226,11 @@
|
|
185
226
|
* Handle empty `if` expressions when finding return values
|
186
227
|
* Fix finding return value from empty `if`
|
187
228
|
|
188
|
-
# 3.6.1
|
229
|
+
# 3.6.1 - 2017-03-24
|
189
230
|
|
190
231
|
* Fix error when using `--compare` (Sean Gransee)
|
191
232
|
|
192
|
-
# 3.6.0
|
233
|
+
# 3.6.0 - 2017-03-23
|
193
234
|
|
194
235
|
* Avoid recursive Concerns
|
195
236
|
* Branch inside of `case` expressions
|
@@ -200,7 +241,7 @@
|
|
200
241
|
* Only report CVE-2015-3227 when exact version is known
|
201
242
|
* Check targetless SQL calls outside of known models
|
202
243
|
|
203
|
-
# 3.5.0
|
244
|
+
# 3.5.0 - 2017-02-01
|
204
245
|
|
205
246
|
* Allow `-t None`
|
206
247
|
* Fail on invalid checks specified by `-x` or `-t`
|
@@ -215,7 +256,7 @@
|
|
215
256
|
* Handle `included` block in concerns
|
216
257
|
* Process concerns before controllers
|
217
258
|
|
218
|
-
# 3.4.1
|
259
|
+
# 3.4.1 - 2016-11-02
|
219
260
|
|
220
261
|
* Show action help at start of interactive ignore
|
221
262
|
* Check CSRF setting in direct subclasses of `ActionController::Base` (Jason Yeo)
|
@@ -225,7 +266,7 @@
|
|
225
266
|
* Avoid warning about `where_values_hash` in SQLi
|
226
267
|
* Fix ignoring link interpolation not at beginning of string
|
227
268
|
|
228
|
-
# 3.4.0
|
269
|
+
# 3.4.0 - 2016-09-08
|
229
270
|
|
230
271
|
* Add new `plain` report format
|
231
272
|
* Add option to prune ignore file with `-I`
|
@@ -234,18 +275,18 @@
|
|
234
275
|
* Support creating reports in non-existent paths
|
235
276
|
* Add `--no-exit-warn`
|
236
277
|
|
237
|
-
# 3.3.5
|
278
|
+
# 3.3.5 - 2016-08-12
|
238
279
|
|
239
280
|
* Fix bug in reports when using --debug option
|
240
281
|
|
241
|
-
# 3.3.4
|
282
|
+
# 3.3.4 - 2016-08-12
|
242
283
|
|
243
284
|
* Add generic warning for CVE-2016-6316
|
244
285
|
* Warn about dangerous use of `content_tag` with CVE-2016-6316
|
245
286
|
* Add warning for CVE-2016-6317
|
246
287
|
* Use Minitest
|
247
288
|
|
248
|
-
# 3.3.3
|
289
|
+
# 3.3.3 - 2016-07-21
|
249
290
|
|
250
291
|
* Show path when no Rails app found (Neil Matatall)
|
251
292
|
* Index calls in view helpers
|
@@ -258,11 +299,11 @@
|
|
258
299
|
* Sexp#value returns nil when there is no value
|
259
300
|
* Improve return value estimation
|
260
301
|
|
261
|
-
# 3.3.2
|
302
|
+
# 3.3.2 - 2016-06-10
|
262
303
|
|
263
304
|
* Fix serious performance regression with global constant tracking
|
264
305
|
|
265
|
-
# 3.3.1
|
306
|
+
# 3.3.1 - 2016-06-03
|
266
307
|
|
267
308
|
* Delay loading vendored gems and modifying load path
|
268
309
|
* Avoid warning about SQL injection with `quoted_primary_key`
|
@@ -273,7 +314,7 @@
|
|
273
314
|
* Add `--force-scan` option (Neil Matatall)
|
274
315
|
* Improved line number accuracy in ERB templates (Patrick Toomey)
|
275
316
|
|
276
|
-
# 3.3.0
|
317
|
+
# 3.3.0 - 2016-05-05
|
277
318
|
|
278
319
|
* Skip processing obviously false if branches (more broadly)
|
279
320
|
* Skip if branches with `Rails.env.test?`
|
@@ -291,11 +332,11 @@
|
|
291
332
|
* [Code Climate engine] Remove nil entries from include_paths (Gordon Diggs)
|
292
333
|
* [Code Climate engine] Report end lines for issues (Gordon Diggs)
|
293
334
|
|
294
|
-
# 3.2.1
|
335
|
+
# 3.2.1 - 2016-02-25
|
295
336
|
|
296
337
|
* Remove `multi_json` dependency from `bin/brakeman`
|
297
338
|
|
298
|
-
# 3.2.0
|
339
|
+
# 3.2.0 - 2016-02-25
|
299
340
|
|
300
341
|
* Skip Symbol DoS check on Rails 5
|
301
342
|
* Only update ignore config file on changes
|
@@ -309,7 +350,7 @@
|
|
309
350
|
* Avoid render warnings about params[:action]/params[:controller]
|
310
351
|
* Index calls in class bodies but outside methods
|
311
352
|
|
312
|
-
# 3.1.5
|
353
|
+
# 3.1.5 - 2016-01-28
|
313
354
|
|
314
355
|
* Fix CodeClimate construction of --only-files (Will Fleming)
|
315
356
|
* Add check for denial of service via routes (CVE-2015-7581)
|
@@ -328,7 +369,7 @@
|
|
328
369
|
* Handle module names with self methods
|
329
370
|
* Add session manipulation documentation
|
330
371
|
|
331
|
-
# 3.1.4
|
372
|
+
# 3.1.4 - 2015-12-22
|
332
373
|
|
333
374
|
* Emit brakeman's native fingerprints for Code Climate engine (Noah Davis)
|
334
375
|
* Ignore secrets.yml if in .gitignore
|
@@ -336,7 +377,7 @@
|
|
336
377
|
* Increase test coverage for option parsing (Zander Mackie)
|
337
378
|
* Work around safe_yaml error
|
338
379
|
|
339
|
-
# 3.1.3
|
380
|
+
# 3.1.3 - 2015-12-03
|
340
381
|
|
341
382
|
* Check for session secret in secrets.yml
|
342
383
|
* Respect `exit_on_warn` in config file
|
@@ -350,7 +391,7 @@
|
|
350
391
|
* Depend on safe_yaml 1.0 or later
|
351
392
|
* Test coverage improvements for Brakema module (Bethany Rentz)
|
352
393
|
|
353
|
-
# 3.1.2
|
394
|
+
# 3.1.2 - 2015-10-28
|
354
395
|
|
355
396
|
* Treat `current_user` like a model
|
356
397
|
* Set user input value for inline renders
|
@@ -368,7 +409,7 @@
|
|
368
409
|
* Sortable tables in HTML report (David Lanner)
|
369
410
|
* Search for config file relative to application root
|
370
411
|
|
371
|
-
# 3.1.1
|
412
|
+
# 3.1.1 - 2015-09-23
|
372
413
|
|
373
414
|
* Add optional check for use of MD5 and SHA1
|
374
415
|
* Avoid warning when linking to decorated models
|
@@ -382,7 +423,7 @@
|
|
382
423
|
* Support newer terminal-table releases
|
383
424
|
* Allow searching call index methods by regex (Alex Ianus)
|
384
425
|
|
385
|
-
# 3.1.0
|
426
|
+
# 3.1.0 - 2015-08-31
|
386
427
|
|
387
428
|
* Add support for gems.rb/gems.locked
|
388
429
|
* Update render path information in JSON reports
|
@@ -401,18 +442,18 @@
|
|
401
442
|
* Expand safe methods to match methods with targets
|
402
443
|
* Avoid duplicate eval() warnings
|
403
444
|
|
404
|
-
# 3.0.5
|
445
|
+
# 3.0.5 - 2015-06-20
|
405
446
|
|
406
447
|
* Fix check for CVE-2015-3227
|
407
448
|
|
408
|
-
# 3.0.4
|
449
|
+
# 3.0.4 - 2015-06-18
|
409
450
|
|
410
451
|
* Add check for CVE-2015-3226 (XSS via JSON keys)
|
411
452
|
* Add check for CVE-2015-3227 (XML DoS)
|
412
453
|
* Treat `<%==` as unescaped output
|
413
454
|
* Update `ruby_parser` dependency to 3.7.0
|
414
455
|
|
415
|
-
# 3.0.3
|
456
|
+
# 3.0.3 - 2015-04-20
|
416
457
|
|
417
458
|
* Ignore more Arel methods in SQL
|
418
459
|
* Warn about protect_from_forgery without exceptions (Neil Matatall)
|
@@ -423,7 +464,7 @@
|
|
423
464
|
* Do not ignore targets of `to_s` in SQL
|
424
465
|
* Add Rake task to exit with error code on warnings (masarakki)
|
425
466
|
|
426
|
-
# 3.0.2
|
467
|
+
# 3.0.2 - 2015-03-09
|
427
468
|
|
428
469
|
* Alias process methods called in class scope on models
|
429
470
|
* Treat primary_key, table_name_prefix, table_name_suffix as safe in SQL
|
@@ -439,7 +480,7 @@
|
|
439
480
|
* Fix CSV output when there are no warnings
|
440
481
|
* Handle processing of explicitly shadowed block arguments
|
441
482
|
|
442
|
-
# 3.0.1
|
483
|
+
# 3.0.1 - 2015-01-23
|
443
484
|
|
444
485
|
* Avoid protect_from_forgery warning unless ApplicationController inherits from ActionController::Base
|
445
486
|
* Properly format command interpolation (again)
|
@@ -448,7 +489,7 @@
|
|
448
489
|
* Add `--add-libs-path` for additional libraries (Patrick Toomey)
|
449
490
|
* Properly process libraries (Patrick Toomey)
|
450
491
|
|
451
|
-
# 3.0.0
|
492
|
+
# 3.0.0 - 2015-01-03
|
452
493
|
|
453
494
|
* Add check for CVE-2014-7829
|
454
495
|
* Add check for cross-site scripting via inline renders
|
@@ -467,7 +508,7 @@
|
|
467
508
|
* CVEs report correct line and file name (Gemfile/Gemfile.lock) (Rob Fletcher)
|
468
509
|
* Change `--separate-models` to be the default
|
469
510
|
|
470
|
-
# 2.6.3
|
511
|
+
# 2.6.3 - 2014-10-14
|
471
512
|
|
472
513
|
* Whitelist `exists` arel method from SQL injection check
|
473
514
|
* Avoid warning about Symbol DoS on safe parameters as method targets
|
@@ -476,7 +517,7 @@
|
|
476
517
|
* Add framework for optional checks
|
477
518
|
* Fix stack overflow for cycles in class ancestors (Jeff Rafter)
|
478
519
|
|
479
|
-
# 2.6.2
|
520
|
+
# 2.6.2 - 2014-08-18
|
480
521
|
|
481
522
|
* Add check for CVE-2014-3415
|
482
523
|
* Avoid warning about symbolizing safe parameters
|
@@ -490,13 +531,13 @@
|
|
490
531
|
* Fix block statement endings in Erubis
|
491
532
|
* Fix undefined variable in controller processing error (Jason Barnabe)
|
492
533
|
|
493
|
-
# 2.6.1
|
534
|
+
# 2.6.1 - 2014-07-02
|
494
535
|
|
495
536
|
* Add check for CVE-2014-3482 and CVE-2014-3483
|
496
537
|
* Add support for keyword arguments in blocks
|
497
538
|
* Remove unused warning codes (Bill Fischer)
|
498
539
|
|
499
|
-
# 2.6.0
|
540
|
+
# 2.6.0 - 2014-06-06
|
500
541
|
|
501
542
|
* Fix detection of `:host` setting in redirects with chained calls
|
502
543
|
* Add check for CVE-2014-0130
|
@@ -510,7 +551,7 @@
|
|
510
551
|
* Ignore more model methods in redirects
|
511
552
|
* Fix CheckRender with nested render calls
|
512
553
|
|
513
|
-
# 2.5.0
|
554
|
+
# 2.5.0 - 2014-04-30
|
514
555
|
|
515
556
|
* Add support for RailsLTS 2.3.18.7 and 2.3.18.8
|
516
557
|
* Add support for Rails 4 `before_actions` and friends
|
@@ -525,11 +566,11 @@
|
|
525
566
|
* Handle more non-literals in routes
|
526
567
|
* Add check for regex denial of service (Ben Toews)
|
527
568
|
|
528
|
-
# 2.4.3
|
569
|
+
# 2.4.3 - 2014-03-23
|
529
570
|
|
530
571
|
No changes. 2.4.2 gem release was unsigned, 2.4.3 is signed.
|
531
572
|
|
532
|
-
# 2.4.2
|
573
|
+
# 2.4.2 - 2014-03-21
|
533
574
|
|
534
575
|
* Remove `rescue Exception`
|
535
576
|
* Fix duplicate warnings about sanitize CVE
|
@@ -538,13 +579,13 @@
|
|
538
579
|
* Skip identically rendered templates
|
539
580
|
* Fix HAML template processing
|
540
581
|
|
541
|
-
# 2.4.1
|
582
|
+
# 2.4.1 - 2014-02-19
|
542
583
|
|
543
584
|
* Add check for CVE-2014-0082
|
544
585
|
* Add check for CVE-2014-0081, replaces CVE-2013-6415
|
545
586
|
* Add check for CVE-2014-0080
|
546
587
|
|
547
|
-
# 2.4.0
|
588
|
+
# 2.4.0 - 2014-02-05
|
548
589
|
|
549
590
|
* Detect Rails LTS versions
|
550
591
|
* Reduce false positives for SQL injection in string building
|
@@ -559,12 +600,12 @@
|
|
559
600
|
* No longer raise exceptions if a class name cannot be determined
|
560
601
|
* Fingerprint attribute warnings individually (Case Taintor)
|
561
602
|
|
562
|
-
# 2.3.1
|
603
|
+
# 2.3.1 - 2013-12-13
|
563
604
|
|
564
605
|
* Fix check for CVE-2013-4491 (i18n XSS) to detect workaround
|
565
606
|
* Fix link for CVE-2013-6415 (number_to_currency)
|
566
607
|
|
567
|
-
# 2.3.0
|
608
|
+
# 2.3.0 - 2013-12-12
|
568
609
|
|
569
610
|
* Add check for Parameters#permit!
|
570
611
|
* Add check for CVE-2013-4491 (i18n XSS)
|
@@ -578,7 +619,7 @@
|
|
578
619
|
* Whitelist `Model#create` for redirects
|
579
620
|
* Fix scoping issues with instance variables and blocks
|
580
621
|
|
581
|
-
# 2.2.0
|
622
|
+
# 2.2.0 - 2013-10-28
|
582
623
|
|
583
624
|
* Reduce command injection false positives
|
584
625
|
* Use Rails version from Gemfile if it is available
|
@@ -587,14 +628,14 @@
|
|
587
628
|
* Support scanning Rails engines (Geoffrey Hichborn)
|
588
629
|
* Add check for detailed exceptions in production
|
589
630
|
|
590
|
-
# 2.1.2
|
631
|
+
# 2.1.2 - 2013-09-18
|
591
632
|
|
592
633
|
* Do not attempt to load custom Haml filters
|
593
634
|
* Do not warn about `to_json` XSS in Rails 4
|
594
635
|
* Add --table-width option to set width of text reports (ssendev)
|
595
636
|
* Remove fuzzy matching on dangerous attr_accessible values
|
596
637
|
|
597
|
-
# 2.1.1
|
638
|
+
# 2.1.1 - 2013-08-21
|
598
639
|
|
599
640
|
* New warning code for dangerous attributes in attr_accessible
|
600
641
|
* Do not warn on attr_accessible using roles
|
@@ -605,7 +646,7 @@
|
|
605
646
|
* Fix infinite loop when run as rake task (Matthew Shanley)
|
606
647
|
* Respect ignored warnings in tabs format reports
|
607
648
|
|
608
|
-
# 2.1.0
|
649
|
+
# 2.1.0 - 2013-07-17
|
609
650
|
|
610
651
|
* Support non-native line endings in Gemfile.lock (Paul Deardorff)
|
611
652
|
* Support for ignoring warnings
|
@@ -625,7 +666,7 @@
|
|
625
666
|
* Fix output format detection to be more strict again
|
626
667
|
* Allow empty Brakeman configuration file
|
627
668
|
|
628
|
-
# 2.0.0
|
669
|
+
# 2.0.0 - 2013-05-20
|
629
670
|
|
630
671
|
* Add `--only-files` option to specify files/paths to scan (Ian Ehlert)
|
631
672
|
* Add Marshal/CSV deserialization check
|
@@ -655,7 +696,7 @@
|
|
655
696
|
* Use exceptions instead of abort in brakeman lib
|
656
697
|
* Update to Ruby2Ruby 2.0.5
|
657
698
|
|
658
|
-
# 1.9.5
|
699
|
+
# 1.9.5 - 2013-04-05
|
659
700
|
|
660
701
|
* Add check for unsafe symbol creation
|
661
702
|
* Do not warn on mass assignment with `slice`/`only`
|
@@ -670,7 +711,7 @@
|
|
670
711
|
* More fixes for assignments inside branches
|
671
712
|
* Pin to ruby2ruby version 2.0.3
|
672
713
|
|
673
|
-
# 1.9.4
|
714
|
+
# 1.9.4 - 2013-03-19
|
674
715
|
|
675
716
|
* Add check for CVE-2013-1854
|
676
717
|
* Add check for CVE-2013-1855
|
@@ -682,7 +723,7 @@
|
|
682
723
|
* Slightly faster cloning of Sexps
|
683
724
|
* Detect another way to add `strong_parameters`
|
684
725
|
|
685
|
-
# 1.9.3
|
726
|
+
# 1.9.3 - 2013-03-01
|
686
727
|
|
687
728
|
* Add render path to JSON report
|
688
729
|
* Add warning fingerprints
|
@@ -697,7 +738,7 @@
|
|
697
738
|
* Expand HAML dependency to include 4.0
|
698
739
|
* Scroll errors into view when expanding in HTML report
|
699
740
|
|
700
|
-
# 1.9.2
|
741
|
+
# 1.9.2 - 2013-02-14
|
701
742
|
|
702
743
|
* Add check for CVE-2013-0269
|
703
744
|
* Add check for CVE-2013-0276
|
@@ -708,7 +749,7 @@
|
|
708
749
|
* Check for more dangerous YAML methods
|
709
750
|
* Support MultiJSON 1.2 for Rails 3.0 and 3.1
|
710
751
|
|
711
|
-
# 1.9.1
|
752
|
+
# 1.9.1 - 2013-01-19
|
712
753
|
|
713
754
|
* Update to RubyParser 3.1.1 (neersighted)
|
714
755
|
* Remove ActiveSupport dependency (Neil Matatall)
|
@@ -720,7 +761,7 @@
|
|
720
761
|
* Add check for CVE-2013-0156
|
721
762
|
* Add check for unsafe `YAML.load`
|
722
763
|
|
723
|
-
# 1.9.0
|
764
|
+
# 1.9.0 - 2012-12-25
|
724
765
|
|
725
766
|
* Update to RubyParser 3
|
726
767
|
* Ignore route information by default
|
@@ -740,7 +781,7 @@
|
|
740
781
|
* Handle empty model files
|
741
782
|
* Remove "find by regex" feature from `CallIndex`
|
742
783
|
|
743
|
-
# 1.8.3
|
784
|
+
# 1.8.3 - 2012-11-13
|
744
785
|
|
745
786
|
* Use `multi_json` gem for better harmony
|
746
787
|
* Performance improvement for call indexing
|
@@ -756,7 +797,7 @@
|
|
756
797
|
* Fix error in rescan of mixins with symbols in method name
|
757
798
|
* Do not rescan non-Ruby files in config/
|
758
799
|
|
759
|
-
# 1.8.2
|
800
|
+
# 1.8.2 - 2012-10-17
|
760
801
|
|
761
802
|
* Fixed rescanning problems caused by 1.8.0 changes
|
762
803
|
* Fix scope calls with single argument
|
@@ -765,7 +806,7 @@
|
|
765
806
|
* Much improved test coverage
|
766
807
|
* Add CHANGES to gemspec
|
767
808
|
|
768
|
-
# 1.8.1
|
809
|
+
# 1.8.1 - 2012-09-24
|
769
810
|
|
770
811
|
* Recover from errors in output formatting
|
771
812
|
* Fix false positive in redirect_to (Neil Matatall)
|
@@ -777,7 +818,7 @@
|
|
777
818
|
* Handle super calls with blocks
|
778
819
|
* Respect `-q` flag for "Rails 3 detected" message
|
779
820
|
|
780
|
-
# 1.8.0
|
821
|
+
# 1.8.0 - 2012-09-05
|
781
822
|
|
782
823
|
* Support relative paths in reports (fsword)
|
783
824
|
* Allow Brakeman to be run without tty (fsword)
|
@@ -793,7 +834,7 @@
|
|
793
834
|
* Treat model attributes in `or` expressions as immediate values
|
794
835
|
* Switch to method access for Sexp nodes
|
795
836
|
|
796
|
-
# 1.7.1
|
837
|
+
# 1.7.1 - 2012-08-13
|
797
838
|
|
798
839
|
* Add check for CVE-2012-3463
|
799
840
|
* Add check for CVE-2012-3464
|
@@ -801,7 +842,7 @@
|
|
801
842
|
* Add charset to HTML report (hooopo)
|
802
843
|
* Report XSS in select() for Rails 2
|
803
844
|
|
804
|
-
# 1.7.0
|
845
|
+
# 1.7.0 - 2012-07-31
|
805
846
|
|
806
847
|
* Add check for CVE-2012-3424
|
807
848
|
* Link report types to descriptions on website
|
@@ -816,7 +857,7 @@
|
|
816
857
|
* Fix processing of negative array indexes
|
817
858
|
* Add line breaks to truncated table rows
|
818
859
|
|
819
|
-
# 1.6.2
|
860
|
+
# 1.6.2 - 2012-06-13
|
820
861
|
|
821
862
|
* Add checks for CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695 (Dave Worth)
|
822
863
|
* Avoid warning when redirecting to a model instance
|
@@ -828,7 +869,7 @@
|
|
828
869
|
* Cache before_filter lookups
|
829
870
|
* Turn off quiet mode by default for `--compare`
|
830
871
|
|
831
|
-
# 1.6.1
|
872
|
+
# 1.6.1 - 2012-05-23
|
832
873
|
|
833
874
|
* Major rewrite of CheckSQL
|
834
875
|
* Fix rescanning of deleted templates
|
@@ -838,7 +879,7 @@
|
|
838
879
|
* Fix highlighting of HTML escaped values in HTML report
|
839
880
|
* Report line number of highlighted value, if available
|
840
881
|
|
841
|
-
# 1.6.0
|
882
|
+
# 1.6.0 - 2012-04-20
|
842
883
|
|
843
884
|
* Remove the Ruport dependency (Neil Matatall)
|
844
885
|
* Add more informational JSON output (Neil Matatall)
|
@@ -850,7 +891,7 @@
|
|
850
891
|
* Fix rescanning of deleted files
|
851
892
|
* Properly check for rails_xss in Gemfile
|
852
893
|
|
853
|
-
# 1.5.3
|
894
|
+
# 1.5.3 - 2012-04-10
|
854
895
|
|
855
896
|
* Add check for user input in Object#send (Neil Matatall)
|
856
897
|
* Handle render :layout in views
|
@@ -864,7 +905,7 @@
|
|
864
905
|
* Improve handling of modules and nesting
|
865
906
|
* Test for zero errors in test reports
|
866
907
|
|
867
|
-
# 1.5.2
|
908
|
+
# 1.5.2 - 2012-03-22
|
868
909
|
|
869
910
|
* Fix link_to checks for Rails 2.0 and 2.3
|
870
911
|
* Fix rescanning of lib files (Neil Matatall)
|
@@ -875,7 +916,7 @@
|
|
875
916
|
* Fix handling of views when using rails_xss
|
876
917
|
* Revert to ruby_parser 2.3.1 for Ruby 1.8 parsing
|
877
918
|
|
878
|
-
# 1.5.1
|
919
|
+
# 1.5.1- 2012-03-06
|
879
920
|
|
880
921
|
* Fix detection of global mass assignment setting
|
881
922
|
* Fix partial rendering in Rails 3
|
@@ -885,7 +926,7 @@
|
|
885
926
|
* Add tracking of module and class to Brakeman::BaseProcessor
|
886
927
|
* Report module when using Brakeman::FindCall
|
887
928
|
|
888
|
-
# 1.5.0
|
929
|
+
# 1.5.0 - 2012-03-02
|
889
930
|
|
890
931
|
* Add version check for SafeBuffer vulnerability
|
891
932
|
* Add check for select vulnerability in Rails 3
|
@@ -896,7 +937,7 @@
|
|
896
937
|
* Standardize methods to check for SQL injection
|
897
938
|
* Fix Rails 2 route parsing issue with nested routes
|
898
939
|
|
899
|
-
# 1.4.0
|
940
|
+
# 1.4.0 - 2012-02-24
|
900
941
|
|
901
942
|
* Add check for user input in link_to href parameter
|
902
943
|
* Match ERB processing to rails_xss plugin when plugin used
|
@@ -904,7 +945,7 @@
|
|
904
945
|
* Warnings below minimum confidence are dropped completely
|
905
946
|
* Brakeman.run always returns a Tracker
|
906
947
|
|
907
|
-
# 1.3.0
|
948
|
+
# 1.3.0 - 2012-02-09
|
908
949
|
|
909
950
|
* Add file paths to HTML report
|
910
951
|
* Add caching of filters
|
@@ -917,7 +958,7 @@
|
|
917
958
|
* Better variable substitution
|
918
959
|
* Table output option for rescan reports
|
919
960
|
|
920
|
-
# 1.2.2
|
961
|
+
# 1.2.2 - 2012-01-26
|
921
962
|
|
922
963
|
* --no-progress works again
|
923
964
|
* Make CheckLinkTo a separate check
|
@@ -925,7 +966,7 @@
|
|
925
966
|
* Handle empty resource(s) blocks
|
926
967
|
* Add RescanReport#existing_warnings
|
927
968
|
|
928
|
-
## 1.2.1
|
969
|
+
## 1.2.1 - 2012-01-20
|
929
970
|
|
930
971
|
* Remove link_to warning for Rails 3.x or when using rails_xss
|
931
972
|
* Don't warn if first argument to link_to is escaped
|
@@ -937,7 +978,7 @@
|
|
937
978
|
* Add Brakeman::RescanReport#to_s
|
938
979
|
* Add Brakeman::Warning#to_s
|
939
980
|
|
940
|
-
## 1.2.0
|
981
|
+
## 1.2.0 - 2012-01-14
|
941
982
|
|
942
983
|
* Speed improvements for CheckExecute and CheckRender
|
943
984
|
* Check named_scope() and scope() for SQL injection
|
@@ -946,7 +987,7 @@
|
|
946
987
|
* Add --summary option to only output summary
|
947
988
|
* Fix a problem with Rails 3 routes
|
948
989
|
|
949
|
-
## 1.1.0
|
990
|
+
## 1.1.0 - 2011-12-22
|
950
991
|
|
951
992
|
* Relax required versions for dependencies
|
952
993
|
* Performance improvements for source processing
|
@@ -956,14 +997,14 @@
|
|
956
997
|
* Compatibility with newer Haml versions
|
957
998
|
* Fix some warnings
|
958
999
|
|
959
|
-
## 1.0.0
|
1000
|
+
## 1.0.0 - 2011-12-08
|
960
1001
|
|
961
1002
|
* Better handling of assignments inside ifs
|
962
1003
|
* Check more expressions for SQL injection
|
963
1004
|
* Use latest ruby_parser for better 1.9 syntax support
|
964
1005
|
* Better behavior for Brakeman as a library
|
965
1006
|
|
966
|
-
## 1.0.0rc1
|
1007
|
+
## 1.0.0rc1 - 2011-12-06
|
967
1008
|
|
968
1009
|
* Brakeman can now be used as a library
|
969
1010
|
* Faster call search
|
@@ -976,23 +1017,23 @@
|
|
976
1017
|
* Ignore mass assignment using all literal arguments
|
977
1018
|
* Keep expanded context in view with HTML output
|
978
1019
|
|
979
|
-
## 0.9.2
|
1020
|
+
## 0.9.2 - 2011-11-22
|
980
1021
|
|
981
1022
|
* Fix Rails 3 configuration parsing
|
982
1023
|
* Add t() helper to check for translate XSS bug
|
983
1024
|
|
984
|
-
## 0.9.1
|
1025
|
+
## 0.9.1 - 2011-11-18
|
985
1026
|
|
986
1027
|
* Add warning for translator helper XSS vulnerability
|
987
1028
|
|
988
|
-
## 0.9.0
|
1029
|
+
## 0.9.0 - 2011-11-17
|
989
1030
|
|
990
1031
|
* Process Rails 3 configuration files
|
991
1032
|
* Fix CSV output
|
992
1033
|
* Check for config.active_record.whitelist_attributes = true
|
993
1034
|
* Always produce a warning for without_protection => true
|
994
1035
|
|
995
|
-
## 0.8.4
|
1036
|
+
## 0.8.4 - 2011-11-04
|
996
1037
|
|
997
1038
|
* Option for separate attr_accessible warnings
|
998
1039
|
* Option to set CSS file for HTML output
|
@@ -1001,23 +1042,23 @@
|
|
1001
1042
|
* Fix hash_insert()
|
1002
1043
|
* Remove use of Queue from threaded checks
|
1003
1044
|
|
1004
|
-
## 0.8.3
|
1045
|
+
## 0.8.3 - 2011-10-25
|
1005
1046
|
|
1006
1047
|
* Respect -w flag in .tabs format (tw-ngreen)
|
1007
1048
|
* Escape HTML output of error messages
|
1008
1049
|
* Add --skip-libs option
|
1009
1050
|
|
1010
|
-
## 0.8.2
|
1051
|
+
## 0.8.2 - 2011-10-01
|
1011
1052
|
|
1012
1053
|
* Run checks in parallel threads by default
|
1013
1054
|
* Fix compatibility with ruby_parser 2.3.1
|
1014
1055
|
|
1015
|
-
## 0.8.1
|
1056
|
+
## 0.8.1 - 2011-09-28
|
1016
1057
|
|
1017
1058
|
* Add option to assume all controller methods are actions
|
1018
1059
|
* Recover from errors when parsing routes
|
1019
1060
|
|
1020
|
-
## 0.8.0
|
1061
|
+
## 0.8.0 - 2011-09-15
|
1021
1062
|
|
1022
1063
|
* Add check for mass assignment using without_protection
|
1023
1064
|
* Add check for password in http_basic_authenticate_with
|
@@ -1028,30 +1069,30 @@
|
|
1028
1069
|
* Add ruby_parser hack for Ruby 1.9 hash syntax
|
1029
1070
|
* Add a few Rails 3.1 tests
|
1030
1071
|
|
1031
|
-
## 0.7.2
|
1072
|
+
## 0.7.2 - 2011-08-27
|
1032
1073
|
|
1033
1074
|
* Fix handling of params and cookies with nested access
|
1034
1075
|
* Add CVEs for checks added in 0.7.0
|
1035
1076
|
|
1036
|
-
## 0.7.1
|
1077
|
+
## 0.7.1 - 2011-08-18
|
1037
1078
|
|
1038
1079
|
* Require BaseProcessor for GemProcessor
|
1039
1080
|
|
1040
|
-
## 0.7.0
|
1081
|
+
## 0.7.0 - 2011-08-17
|
1041
1082
|
|
1042
1083
|
* Allow local variable as a class name
|
1043
1084
|
* Add checks for vulnerabilities fixed in Rails 2.3.14 and 3.0.10
|
1044
1085
|
* Check for default routes in Rails 3 apps
|
1045
1086
|
* Look in Gemfile or Gemfile.lock for Rails version
|
1046
1087
|
|
1047
|
-
## 0.6.1
|
1088
|
+
## 0.6.1 - 2011-07-29
|
1048
1089
|
|
1049
1090
|
* Fix XSS check for cookies as parameters in output
|
1050
1091
|
* Don't bother calling super in CheckSessionSettings
|
1051
1092
|
* Add escape_once as a safe method
|
1052
1093
|
* Accept '\Z' or '\z' in model validations
|
1053
1094
|
|
1054
|
-
## 0.6.0
|
1095
|
+
## 0.6.0 - 2011-07-20
|
1055
1096
|
|
1056
1097
|
* Tests are in place and fully functional
|
1057
1098
|
* Hide errors by default in HTML output
|
@@ -1064,17 +1105,17 @@
|
|
1064
1105
|
* Fixes to escaped output scanning
|
1065
1106
|
* Update CSRF CVE-2011-0447 message to be less assertive
|
1066
1107
|
|
1067
|
-
## 0.5.2
|
1108
|
+
## 0.5.2 - 2011-06-29
|
1068
1109
|
|
1069
1110
|
* Output report file name when finished
|
1070
1111
|
* Add initial tests for Rails 2.x
|
1071
1112
|
* Fix ERB line numbers when using Ruby 1.9
|
1072
1113
|
|
1073
|
-
## 0.5.1
|
1114
|
+
## 0.5.1 - 2011-06-17
|
1074
1115
|
|
1075
1116
|
* Fix issue with 'has_one' => in routes
|
1076
1117
|
|
1077
|
-
## 0.5.0
|
1118
|
+
## 0.5.0 - 2011-06-08
|
1078
1119
|
|
1079
1120
|
* Add support for routes like get 'x/y', :to => 'ctrlr#whatever'
|
1080
1121
|
* Allow empty blocks in Rails 3 routes
|
@@ -1082,52 +1123,52 @@
|
|
1082
1123
|
* Add line numbers to session setting warnings
|
1083
1124
|
* Add --checks option to list checks
|
1084
1125
|
|
1085
|
-
## 0.4.1
|
1126
|
+
## 0.4.1 - 2011-05-23
|
1086
1127
|
|
1087
1128
|
* Fix reported line numbers when using new Erubis parser
|
1088
1129
|
(Mostly affects Rails 3 apps)
|
1089
1130
|
|
1090
|
-
## 0.4.0
|
1131
|
+
## 0.4.0 - 2011-05-19
|
1091
1132
|
|
1092
1133
|
* Handle Rails XSS protection properly
|
1093
1134
|
* More detection options for rails_xss
|
1094
1135
|
* Add --escape-html option
|
1095
1136
|
|
1096
|
-
## 0.3.2
|
1137
|
+
## 0.3.2 - 2011-05-12
|
1097
1138
|
|
1098
1139
|
* Autodetect Rails 3 applications
|
1099
1140
|
* Turn on auto-escaping for Rails 3 apps
|
1100
1141
|
* Check Model.create() for mass assignment
|
1101
1142
|
|
1102
|
-
## 0.3.1
|
1143
|
+
## 0.3.1 - 2011-05-03
|
1103
1144
|
|
1104
1145
|
* Always output a line number in tabbed output format
|
1105
1146
|
* Restrict characters in category name in tabbed output format to
|
1106
1147
|
word characters and spaces, for Hudson/Jenkins plugin
|
1107
1148
|
|
1108
|
-
## 0.3.0
|
1149
|
+
## 0.3.0 - 2011-03-21
|
1109
1150
|
|
1110
1151
|
* Check for SQL injection in calls using constantize()
|
1111
1152
|
* Check for SQL injection in calls to count_by_sql()
|
1112
1153
|
|
1113
|
-
## 0.2.2
|
1154
|
+
## 0.2.2 - 2011-02-22
|
1114
1155
|
|
1115
1156
|
* Fix version_between? when no Rails version is specified
|
1116
1157
|
|
1117
|
-
## 0.2.1
|
1158
|
+
## 0.2.1 - 2011-02-18
|
1118
1159
|
|
1119
1160
|
* Add code snippet to tab output messages
|
1120
1161
|
|
1121
|
-
## 0.2.0
|
1162
|
+
## 0.2.0 - 2011-02-16
|
1122
1163
|
|
1123
1164
|
* Add check for mail_to vulnerability - CVE-2011-0446
|
1124
1165
|
* Add check for CSRF weakness - CVE-2011-0447
|
1125
1166
|
|
1126
|
-
## 0.1.1
|
1167
|
+
## 0.1.1 - 2011-01-25
|
1127
1168
|
|
1128
1169
|
* Be more permissive with ActiveSupport version
|
1129
1170
|
|
1130
|
-
## 0.1.0
|
1171
|
+
## 0.1.0 - 2011-01-18
|
1131
1172
|
|
1132
1173
|
* Check link_to for XSS (because arguments are not escaped)
|
1133
1174
|
* Process layouts better (although not perfectly yet)
|