brakeman 4.5.1 → 4.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +150 -109
- data/README.md +0 -1
- data/bundle/load.rb +13 -13
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/CHANGES.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/MIT-LICENSE +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/README.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/contrib/erubis +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/contrib/erubis-run.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/contrib/inline-require +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/context.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/converter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ec.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ecpp.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ejava.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ejavascript.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/enhanced.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/eperl.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/ephp.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/eruby.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/escheme.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/engine/optimized.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/enhancer.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/error.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/evaluator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/generator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_form_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/local-setting.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/main.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/preprocessing.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/tiny.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/lib/erubis/util.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/erubis-2.7.0/setup.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/CHANGELOG.md +122 -4
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/FAQ.md +4 -14
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/Gemfile +19 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/MIT-LICENSE +20 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/README.md +80 -42
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/REFERENCE.md +121 -64
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/TODO +24 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/haml.gemspec +44 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml.rb +2 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_builder.rb +164 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_compiler.rb +224 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_parser.rb +150 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/buffer.rb +25 -132
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/compiler.rb +330 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/engine.rb +34 -41
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/error.rb +65 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/escapable.rb +50 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/exec.rb +38 -20
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/filters.rb +22 -27
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/generator.rb +42 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers.rb +129 -90
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/action_view_extensions.rb +4 -2
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/action_view_mods.rb +45 -60
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/action_view_xss_mods.rb +2 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/helpers/safe_erubi_template.rb +20 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/safe_erubis_template.rb +5 -1
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers/xss_mods.rb +19 -12
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/options.rb +63 -69
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/parser.rb +292 -228
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/plugin.rb +37 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/railtie.rb +48 -0
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/sass_rails_filter.rb +18 -4
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/template.rb +13 -6
- data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/template/options.rb +13 -2
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/temple_engine.rb +123 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/temple_line_counter.rb +30 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/util.rb +258 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/version.rb +5 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/yard/default/fulldoc/html/css/common.sass +15 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/yard/default/layout/html/footer.erb +12 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/AUTHORS +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/COPYING +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/Changelog.md +3 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/Gemfile +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/LICENSE +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/README.md +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/TODO +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/appveyor.yml +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/highline.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/builtin_styles.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/color_scheme.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/compatibility.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/custom_errors.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/import.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/io_console_compatible.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/list.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/list_renderer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/menu.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/menu/item.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/paginator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/question.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/question/answer_converter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/question_asker.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/simulate.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/statement.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/string.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/string_extensions.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/style.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/template_renderer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/terminal.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/terminal/io_console.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/terminal/ncurses.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/terminal/unix_stty.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/version.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/highline-2.0.2 → 2.6.0/gems/highline-2.0.3}/lib/highline/wrapper.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.2 → 2.6.0/gems/ruby2ruby-2.4.4}/History.rdoc +19 -5
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.2 → 2.6.0/gems/ruby2ruby-2.4.4}/Manifest.txt +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.2 → 2.6.0/gems/ruby2ruby-2.4.4}/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby2ruby-2.4.2 → 2.6.0/gems/ruby2ruby-2.4.4}/lib/ruby2ruby.rb +122 -112
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/History.rdoc +38 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/Manifest.txt +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/README.rdoc +3 -3
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/compare/normalize.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/debugging.md +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/rp_extensions.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/rp_stringscanner.rb +0 -0
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby20_parser.rb +7045 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1/lib/ruby_parser.yy → 2.6.0/gems/ruby_parser-3.14.0/lib/ruby20_parser.y} +390 -397
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby21_parser.rb +7116 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby21_parser.y +399 -254
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby22_parser.rb +7149 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby22_parser.y +400 -255
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby23_parser.rb +7166 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby23_parser.y +400 -255
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby24_parser.rb +7178 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby24_parser.y +404 -257
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby25_parser.rb +7178 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby25_parser.y +404 -257
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby26_parser.rb +7198 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby26_parser.y +410 -261
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_lexer.rb +424 -432
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_lexer.rex +0 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_lexer.rex.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_parser.rb +27 -27
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby_parser.yy +2732 -0
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/lib/ruby_parser_extras.rb +627 -406
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/tools/munge.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/ruby_parser-3.13.1 → 2.6.0/gems/ruby_parser-3.14.0}/tools/ripper.rb +13 -2
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/History.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/Manifest.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.y +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.y +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser_extras.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/CHANGES.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/Gemfile +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/LICENSE.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/README.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/bundle_install_all_ruby_versions.sh +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/deep.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/libyaml_checker.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/load.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/date.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/hexadecimal.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/sexagesimal.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_handler.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_resolver.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/resolver.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/safe_to_ruby_visitor.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_hack.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_node_monkeypatch.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_resolver.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_boolean.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_date.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_float.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_integer.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_nil.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_symbol.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/transformation_map.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/safe_yaml-1.0.5/safe_yaml.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/History.rdoc +25 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/Manifest.txt +1 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/pt_testcase.rb +13 -15
- data/bundle/ruby/2.6.0/gems/sexp_processor-4.13.0/lib/sexp.rb +381 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0/lib/sexp.rb → 2.6.0/gems/sexp_processor-4.13.0/lib/sexp_matcher.rb} +25 -382
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/sexp_processor.rb +2 -2
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/strict_sexp.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/sexp_processor-4.12.0 → 2.6.0/gems/sexp_processor-4.13.0}/lib/unique.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/CHANGES +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/Gemfile +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/LICENSE +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/README.jp.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/README.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/code_attributes.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/command.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/controls.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/do_inserter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/embedded.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/end_inserter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/engine.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/erb_converter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/filter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/grammar.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/include.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/interpolation.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/logic_less.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/logic_less/context.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/logic_less/filter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/smart.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/smart/escaper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/smart/filter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/smart/parser.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/splat/builder.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/splat/filter.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/template.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/translator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/lib/slim/version.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/slim-4.0.1/slim.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/CHANGES +5 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/EXPRESSIONS.md +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/Gemfile +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/LICENSE +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/README.md +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/engine.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/erb/engine.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/erb/parser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/erb/template.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/erb/trimming.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/exceptions.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/code_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/control_flow.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/dynamic_inliner.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/encoding.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/eraser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/escapable.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/multi_flattener.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/remove_bom.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/static_analyzer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/static_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/string_splitter.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/filters/validator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generator.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/array.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/array_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/erb.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/rails_output_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/generators/string_buffer.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/grammar.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/attribute_merger.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/attribute_remover.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/attribute_sorter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/dispatcher.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/fast.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/filter.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/pretty.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/html/safe.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/map.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/dispatcher.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/engine_dsl.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/grammar_dsl.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/options.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/mixins/template.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/parser.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/static_analyzer.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/templates.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/templates/rails.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/templates/tilt.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/lib/temple/utils.rb +0 -0
- data/bundle/ruby/2.6.0/gems/temple-0.8.2/lib/temple/version.rb +3 -0
- data/bundle/ruby/{2.5.0/gems/temple-0.8.1 → 2.6.0/gems/temple-0.8.2}/temple.gemspec +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/Gemfile +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/History.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/LICENSE.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/Manifest +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/README.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/Todo.rdoc +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/cell.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/import.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/row.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/separator.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/style.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/table.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/lib/terminal-table/version.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/terminal-table-1.8.0/terminal-table.gemspec +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/COPYING +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt.rb +1 -1
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/asciidoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/babel.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/bluecloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/builder.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/coffee.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/commonmarker.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/creole.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/csv.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/dummy.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/erb.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/erubi.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/erubis.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/etanni.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/haml.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/kramdown.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/less.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/liquid.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/livescript.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/mapping.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/markaby.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/maruku.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/nokogiri.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/pandoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/plain.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/prawn.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/radius.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/rdiscount.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/rdoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/redcarpet.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/redcloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/rst-pandoc.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/sass.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/sigil.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/string.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/template.rb +7 -12
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/typescript.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/wikicloth.rb +0 -0
- data/bundle/ruby/{2.5.0/gems/tilt-2.0.9 → 2.6.0/gems/tilt-2.0.10}/lib/tilt/yajl.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/CHANGELOG.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/MIT-LICENSE.txt +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/README.md +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/data/display_width.marshal.gz +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/constants.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/index.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/no_string_ext.rb +0 -0
- data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/string_ext.rb +0 -0
- data/lib/brakeman/call_index.rb +54 -15
- data/lib/brakeman/checks/base_check.rb +50 -47
- data/lib/brakeman/checks/check_cookie_serialization.rb +22 -0
- data/lib/brakeman/checks/check_cross_site_scripting.rb +4 -4
- data/lib/brakeman/checks/check_deserialize.rb +3 -6
- data/lib/brakeman/checks/check_execute.rb +26 -1
- data/lib/brakeman/checks/check_file_access.rb +7 -1
- data/lib/brakeman/checks/check_header_dos.rb +2 -2
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -2
- data/lib/brakeman/checks/check_jruby_xml.rb +2 -2
- data/lib/brakeman/checks/check_json_parsing.rb +2 -2
- data/lib/brakeman/checks/check_mime_type_dos.rb +2 -2
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +1 -1
- data/lib/brakeman/checks/check_reverse_tabnabbing.rb +58 -0
- data/lib/brakeman/checks/check_sanitize_methods.rb +2 -2
- data/lib/brakeman/checks/check_session_settings.rb +5 -2
- data/lib/brakeman/checks/check_xml_dos.rb +2 -2
- data/lib/brakeman/checks/check_yaml_parsing.rb +10 -18
- data/lib/brakeman/differ.rb +16 -28
- data/lib/brakeman/file_parser.rb +4 -8
- data/lib/brakeman/file_path.rb +14 -0
- data/lib/brakeman/parsers/haml_embedded.rb +1 -1
- data/lib/brakeman/parsers/template_parser.rb +3 -1
- data/lib/brakeman/processor.rb +1 -1
- data/lib/brakeman/processors/alias_processor.rb +15 -1
- data/lib/brakeman/processors/base_processor.rb +2 -0
- data/lib/brakeman/processors/controller_processor.rb +4 -4
- data/lib/brakeman/processors/gem_processor.rb +10 -2
- data/lib/brakeman/processors/haml_template_processor.rb +87 -123
- data/lib/brakeman/processors/lib/call_conversion_helper.rb +5 -4
- data/lib/brakeman/processors/lib/find_all_calls.rb +27 -4
- data/lib/brakeman/processors/lib/find_call.rb +3 -64
- data/lib/brakeman/processors/lib/rails2_config_processor.rb +1 -1
- data/lib/brakeman/processors/template_alias_processor.rb +28 -0
- data/lib/brakeman/processors/template_processor.rb +10 -6
- data/lib/brakeman/report/report_text.rb +4 -5
- data/lib/brakeman/rescanner.rb +4 -0
- data/lib/brakeman/tracker.rb +26 -2
- data/lib/brakeman/tracker/config.rb +38 -73
- data/lib/brakeman/tracker/constants.rb +2 -1
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +4 -0
- data/lib/brakeman/warning_codes.rb +3 -0
- data/lib/ruby_parser/bm_sexp.rb +7 -2
- metadata +352 -342
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/MIT-LICENSE +0 -20
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/compiler.rb +0 -540
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/error.rb +0 -61
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/railtie.rb +0 -22
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/template/plugin.rb +0 -41
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/util.rb +0 -377
- data/bundle/ruby/2.5.0/gems/haml-4.0.7/lib/haml/version.rb +0 -3
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby20_parser.rb +0 -6869
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby20_parser.y +0 -2431
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby21_parser.rb +0 -6944
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby22_parser.rb +0 -6968
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby23_parser.rb +0 -6987
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby24_parser.rb +0 -6994
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby25_parser.rb +0 -6994
- data/bundle/ruby/2.5.0/gems/ruby_parser-3.13.1/lib/ruby26_parser.rb +0 -7012
- data/bundle/ruby/2.5.0/gems/temple-0.8.1/lib/temple/version.rb +0 -3
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/CHANGELOG.md +0 -132
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/Gemfile +0 -70
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/HACKING +0 -16
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/README.md +0 -233
- data/bundle/ruby/2.5.0/gems/tilt-2.0.9/tilt.gemspec +0 -130
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/data/display_width.marshal.gz
RENAMED
File without changes
|
data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width.rb
RENAMED
File without changes
|
File without changes
|
data/bundle/ruby/{2.5.0 → 2.6.0}/gems/unicode-display_width-1.6.0/lib/unicode/display_width/index.rb
RENAMED
File without changes
|
File without changes
|
File without changes
|
data/lib/brakeman/call_index.rb
CHANGED
@@ -27,7 +27,7 @@ class Brakeman::CallIndex
|
|
27
27
|
if options[:chained]
|
28
28
|
return find_chain options
|
29
29
|
#Find by narrowest category
|
30
|
-
elsif target
|
30
|
+
elsif target.is_a? Array and method.is_a? Array
|
31
31
|
if target.length > method.length
|
32
32
|
calls = filter_by_target calls_by_methods(method), target
|
33
33
|
else
|
@@ -35,6 +35,12 @@ class Brakeman::CallIndex
|
|
35
35
|
calls = filter_by_method calls, method
|
36
36
|
end
|
37
37
|
|
38
|
+
elsif target.is_a? Regexp and method
|
39
|
+
calls = filter_by_target(calls_by_method(method), target)
|
40
|
+
|
41
|
+
elsif method.is_a? Regexp and target
|
42
|
+
calls = filter_by_method(calls_by_target(target), method)
|
43
|
+
|
38
44
|
#Find by target, then by methods, if provided
|
39
45
|
elsif target
|
40
46
|
calls = calls_by_target target
|
@@ -85,6 +91,16 @@ class Brakeman::CallIndex
|
|
85
91
|
end
|
86
92
|
end
|
87
93
|
|
94
|
+
def remove_indexes_by_file file
|
95
|
+
[@calls_by_method, @calls_by_target].each do |calls_by|
|
96
|
+
calls_by.each do |_name, calls|
|
97
|
+
calls.delete_if do |call|
|
98
|
+
call[:location][:file] == file
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
88
104
|
def index_calls calls
|
89
105
|
calls.each do |call|
|
90
106
|
@calls_by_method[call[:method]] ||= []
|
@@ -116,8 +132,11 @@ class Brakeman::CallIndex
|
|
116
132
|
end
|
117
133
|
|
118
134
|
def calls_by_target target
|
119
|
-
|
135
|
+
case target
|
136
|
+
when Array
|
120
137
|
calls_by_targets target
|
138
|
+
when Regexp
|
139
|
+
calls_by_targets_regex target
|
121
140
|
else
|
122
141
|
@calls_by_target[target] || []
|
123
142
|
end
|
@@ -133,10 +152,24 @@ class Brakeman::CallIndex
|
|
133
152
|
calls
|
134
153
|
end
|
135
154
|
|
155
|
+
def calls_by_targets_regex targets_regex
|
156
|
+
calls = []
|
157
|
+
|
158
|
+
@calls_by_target.each do |key, value|
|
159
|
+
case key
|
160
|
+
when String, Symbol
|
161
|
+
calls.concat value if key.match targets_regex
|
162
|
+
end
|
163
|
+
end
|
164
|
+
|
165
|
+
calls
|
166
|
+
end
|
167
|
+
|
136
168
|
def calls_by_method method
|
137
|
-
|
169
|
+
case method
|
170
|
+
when Array
|
138
171
|
calls_by_methods method
|
139
|
-
|
172
|
+
when Regexp
|
140
173
|
calls_by_methods_regex method
|
141
174
|
else
|
142
175
|
@calls_by_method[method.to_sym] || []
|
@@ -156,26 +189,28 @@ class Brakeman::CallIndex
|
|
156
189
|
|
157
190
|
def calls_by_methods_regex methods_regex
|
158
191
|
calls = []
|
192
|
+
|
159
193
|
@calls_by_method.each do |key, value|
|
160
|
-
calls.concat value if key.
|
194
|
+
calls.concat value if key.match methods_regex
|
161
195
|
end
|
162
|
-
calls
|
163
|
-
end
|
164
196
|
|
165
|
-
|
166
|
-
@calls_by_target[nil]
|
197
|
+
calls
|
167
198
|
end
|
168
199
|
|
169
200
|
def filter calls, key, value
|
170
|
-
|
201
|
+
case value
|
202
|
+
when Array
|
171
203
|
values = Set.new value
|
172
204
|
|
173
205
|
calls.select do |call|
|
174
206
|
values.include? call[key]
|
175
207
|
end
|
176
|
-
|
208
|
+
when Regexp
|
177
209
|
calls.select do |call|
|
178
|
-
call[key]
|
210
|
+
case call[key]
|
211
|
+
when String, Symbol
|
212
|
+
call[key].match value
|
213
|
+
end
|
179
214
|
end
|
180
215
|
else
|
181
216
|
calls.select do |call|
|
@@ -197,15 +232,19 @@ class Brakeman::CallIndex
|
|
197
232
|
end
|
198
233
|
|
199
234
|
def filter_by_chain calls, target
|
200
|
-
|
235
|
+
case target
|
236
|
+
when Array
|
201
237
|
targets = Set.new target
|
202
238
|
|
203
239
|
calls.select do |call|
|
204
240
|
targets.include? call[:chain].first
|
205
241
|
end
|
206
|
-
|
242
|
+
when Regexp
|
207
243
|
calls.select do |call|
|
208
|
-
call[:chain].first
|
244
|
+
case call[:chain].first
|
245
|
+
when String, Symbol
|
246
|
+
call[:chain].first.match target
|
247
|
+
end
|
209
248
|
end
|
210
249
|
else
|
211
250
|
calls.select do |call|
|
@@ -39,24 +39,15 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
39
39
|
@active_record_models = nil
|
40
40
|
@mass_assign_disabled = nil
|
41
41
|
@has_user_input = nil
|
42
|
+
@in_array = false
|
42
43
|
@safe_input_attributes = Set[:to_i, :to_f, :arel_table, :id]
|
43
44
|
@comparison_ops = Set[:==, :!=, :>, :<, :>=, :<=]
|
44
45
|
end
|
45
46
|
|
46
47
|
#Add result to result list, which is used to check for duplicates
|
47
|
-
def add_result result
|
48
|
-
location
|
49
|
-
location =
|
50
|
-
location = location.name if location.is_a? Brakeman::Collection
|
51
|
-
location = location.to_sym
|
52
|
-
|
53
|
-
if result.is_a? Hash
|
54
|
-
line = result[:call].original_line || result[:call].line
|
55
|
-
elsif sexp? result
|
56
|
-
line = result.original_line || result.line
|
57
|
-
else
|
58
|
-
raise ArgumentError
|
59
|
-
end
|
48
|
+
def add_result result
|
49
|
+
location = get_location result
|
50
|
+
location, line = get_location result
|
60
51
|
|
61
52
|
@results << [line, location, result]
|
62
53
|
end
|
@@ -119,9 +110,16 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
119
110
|
exp
|
120
111
|
end
|
121
112
|
|
113
|
+
def process_array exp
|
114
|
+
@in_array = true
|
115
|
+
process_default exp
|
116
|
+
ensure
|
117
|
+
@in_array = false
|
118
|
+
end
|
119
|
+
|
122
120
|
#Does not actually process string interpolation, but notes that it occurred.
|
123
121
|
def process_dstr exp
|
124
|
-
unless @string_interp # don't overwrite existing value
|
122
|
+
unless array_interp? exp or @string_interp # don't overwrite existing value
|
125
123
|
@string_interp = Match.new(:interp, exp)
|
126
124
|
end
|
127
125
|
|
@@ -130,6 +128,20 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
130
128
|
|
131
129
|
private
|
132
130
|
|
131
|
+
# Checking for
|
132
|
+
#
|
133
|
+
# %W[#{a}]
|
134
|
+
#
|
135
|
+
# which will be parsed as
|
136
|
+
#
|
137
|
+
# s(:array, s(:dstr, "", s(:evstr, s(:call, nil, :a))))
|
138
|
+
def array_interp? exp
|
139
|
+
@in_array and
|
140
|
+
string_interp? exp and
|
141
|
+
exp[1] == "".freeze and
|
142
|
+
exp.length == 3 # only one interpolated value
|
143
|
+
end
|
144
|
+
|
133
145
|
def always_safe_method? meth
|
134
146
|
@safe_input_attributes.include? meth or
|
135
147
|
@comparison_ops.include? meth
|
@@ -170,8 +182,9 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
170
182
|
@mass_assign_disabled = true
|
171
183
|
else
|
172
184
|
#Check for ActiveRecord::Base.send(:attr_accessible, nil)
|
173
|
-
tracker.
|
174
|
-
call = result
|
185
|
+
tracker.find_call(target: :"ActiveRecord::Base", method: :attr_accessible).each do |result|
|
186
|
+
call = result[:call]
|
187
|
+
|
175
188
|
if call? call
|
176
189
|
if call.first_arg == Sexp.new(:nil)
|
177
190
|
@mass_assign_disabled = true
|
@@ -180,26 +193,12 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
180
193
|
end
|
181
194
|
end
|
182
195
|
|
183
|
-
unless @mass_assign_disabled
|
184
|
-
tracker.check_initializers(:"ActiveRecord::Base", :send).each do |result|
|
185
|
-
call = result.call
|
186
|
-
if call? call
|
187
|
-
if call.first_arg == Sexp.new(:lit, :attr_accessible) and call.second_arg == Sexp.new(:nil)
|
188
|
-
@mass_assign_disabled = true
|
189
|
-
break
|
190
|
-
end
|
191
|
-
end
|
192
|
-
end
|
193
|
-
end
|
194
|
-
|
195
196
|
unless @mass_assign_disabled
|
196
197
|
#Check for
|
197
198
|
# class ActiveRecord::Base
|
198
199
|
# attr_accessible nil
|
199
200
|
# end
|
200
|
-
|
201
|
-
|
202
|
-
matches.each do |result|
|
201
|
+
tracker.check_initializers([], :attr_accessible).each do |result|
|
203
202
|
if result.module == "ActiveRecord" and result.result_class == :Base
|
204
203
|
arg = result.call.first_arg
|
205
204
|
|
@@ -227,10 +226,8 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
227
226
|
end
|
228
227
|
|
229
228
|
unless @mass_assign_disabled
|
230
|
-
|
231
|
-
|
232
|
-
matches.each do |result|
|
233
|
-
call = result.call
|
229
|
+
tracker.find_call(target: :"ActiveRecord::Base", method: [:send, :include]).each do |result|
|
230
|
+
call = result[:call]
|
234
231
|
if call? call and (call.first_arg == forbidden_protection or call.second_arg == forbidden_protection)
|
235
232
|
@mass_assign_disabled = true
|
236
233
|
end
|
@@ -250,6 +247,22 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
250
247
|
#This is to avoid reporting duplicates. Checks if the result has been
|
251
248
|
#reported already from the same line number.
|
252
249
|
def duplicate? result, location = nil
|
250
|
+
location, line = get_location result
|
251
|
+
|
252
|
+
@results.each do |r|
|
253
|
+
if r[0] == line and r[1] == location
|
254
|
+
if tracker.options[:combine_locations]
|
255
|
+
return true
|
256
|
+
elsif r[2] == result
|
257
|
+
return true
|
258
|
+
end
|
259
|
+
end
|
260
|
+
end
|
261
|
+
|
262
|
+
false
|
263
|
+
end
|
264
|
+
|
265
|
+
def get_location result
|
253
266
|
if result.is_a? Hash
|
254
267
|
line = result[:call].original_line || result[:call].line
|
255
268
|
elsif sexp? result
|
@@ -258,23 +271,13 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
258
271
|
raise ArgumentError
|
259
272
|
end
|
260
273
|
|
261
|
-
location ||= (@current_template && @current_template.name) || @current_class || @current_module || @current_set || result[:location][:class] || result[:location][:template]
|
274
|
+
location ||= (@current_template && @current_template.name) || @current_class || @current_module || @current_set || result[:location][:class] || result[:location][:template] || result[:location][:file].to_s
|
262
275
|
|
263
276
|
location = location[:name] if location.is_a? Hash
|
264
277
|
location = location.name if location.is_a? Brakeman::Collection
|
265
278
|
location = location.to_sym
|
266
279
|
|
267
|
-
|
268
|
-
if r[0] == line and r[1] == location
|
269
|
-
if tracker.options[:combine_locations]
|
270
|
-
return true
|
271
|
-
elsif r[2] == result
|
272
|
-
return true
|
273
|
-
end
|
274
|
-
end
|
275
|
-
end
|
276
|
-
|
277
|
-
false
|
280
|
+
return location, line
|
278
281
|
end
|
279
282
|
|
280
283
|
#Checks if an expression contains string interpolation.
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'brakeman/checks/base_check'
|
2
|
+
|
3
|
+
class Brakeman::CheckCookieSerialization < Brakeman::BaseCheck
|
4
|
+
Brakeman::Checks.add self
|
5
|
+
|
6
|
+
@description = "Check for use of Marshal for cookie serialization"
|
7
|
+
|
8
|
+
def run_check
|
9
|
+
tracker.find_call(target: :'Rails.application.config.action_dispatch', method: :cookies_serializer=).each do |result|
|
10
|
+
setting = result[:call].first_arg
|
11
|
+
|
12
|
+
if symbol? setting and [:marshal, :hybrid].include? setting.value
|
13
|
+
warn :result => result,
|
14
|
+
:warning_type => "Remote Code Execution",
|
15
|
+
:warning_code => :unsafe_cookie_serialization,
|
16
|
+
:message => msg("Use of unsafe cookie serialization strategy ", msg_code(setting.value.inspect), " might lead to remote code execution"),
|
17
|
+
:confidence => :medium,
|
18
|
+
:link_path => "unsafe_deserialization"
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -287,7 +287,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
|
|
287
287
|
|
288
288
|
def setup
|
289
289
|
@ignore_methods = Set[:==, :!=, :button_to, :check_box, :content_tag, :escapeHTML, :escape_once,
|
290
|
-
:field_field, :fields_for, :h, :hidden_field,
|
290
|
+
:field_field, :fields_for, :form_for, :h, :hidden_field,
|
291
291
|
:hidden_field, :hidden_field_tag, :image_tag, :label,
|
292
292
|
:link_to, :mail_to, :radio_button, :select,
|
293
293
|
:submit_tag, :text_area, :text_field,
|
@@ -316,11 +316,11 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
|
|
316
316
|
end
|
317
317
|
|
318
318
|
json_escape_on = false
|
319
|
-
initializers = tracker.
|
320
|
-
initializers.each {|result| json_escape_on = true?(result
|
319
|
+
initializers = tracker.find_call(target: :ActiveSupport, method: :escape_html_entities_in_json=)
|
320
|
+
initializers.each {|result| json_escape_on = true?(result[:call].first_arg) }
|
321
321
|
|
322
322
|
if tracker.config.escape_html_entities_in_json?
|
323
|
-
|
323
|
+
json_escape_on = true
|
324
324
|
elsif version_between? "4.0.0", "9.9.9"
|
325
325
|
json_escape_on = true
|
326
326
|
end
|
@@ -80,13 +80,10 @@ class Brakeman::CheckDeserialize < Brakeman::BaseCheck
|
|
80
80
|
def oj_safe_default?
|
81
81
|
safe_default = false
|
82
82
|
|
83
|
-
|
84
|
-
if tracker.check_initializers(:Oj, :mimic_JSON).any?
|
83
|
+
if tracker.find_call(target: :Oj, method: :mimic_JSON).any?
|
85
84
|
safe_default = true
|
86
|
-
|
87
|
-
|
88
|
-
if result = tracker.check_initializers(:Oj, :default_options=).first
|
89
|
-
options = result.call.first_arg
|
85
|
+
elsif result = tracker.find_call(target: :Oj, method: :default_options=).first
|
86
|
+
options = result[:call].first_arg
|
90
87
|
|
91
88
|
if oj_safe_mode? options
|
92
89
|
safe_default = true
|
@@ -21,6 +21,10 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
21
21
|
SHELL_ESCAPE_MODULE_METHODS = Set[:escape, :join, :shellescape, :shelljoin]
|
22
22
|
SHELL_ESCAPE_MIXIN_METHODS = Set[:shellescape, :shelljoin]
|
23
23
|
|
24
|
+
# These are common shells that are known to allow the execution of commands
|
25
|
+
# via a -c flag. See dash_c_shell_command? for more info.
|
26
|
+
KNOWN_SHELL_COMMANDS = Set["sh", "bash", "ksh", "csh", "tcsh", "zsh"]
|
27
|
+
|
24
28
|
SHELLWORDS = s(:const, :Shellwords)
|
25
29
|
|
26
30
|
#Check models, controllers, and views for command injection.
|
@@ -42,6 +46,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
42
46
|
end
|
43
47
|
end
|
44
48
|
|
49
|
+
private
|
50
|
+
|
45
51
|
#Processes results from Tracker#find_call.
|
46
52
|
def process_result result
|
47
53
|
call = result[:call]
|
@@ -54,7 +60,17 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
54
60
|
failure = include_user_input?(args) || dangerous_interp?(args)
|
55
61
|
end
|
56
62
|
when :system, :exec
|
57
|
-
|
63
|
+
# Normally, if we're in a `system` or `exec` call, we only are worried
|
64
|
+
# about shell injection when there's a single argument, because comma-
|
65
|
+
# separated arguments are always escaped by Ruby. However, an exception is
|
66
|
+
# when the first two arguments are something like "bash -c" because then
|
67
|
+
# the third argument is effectively the command being run and might be
|
68
|
+
# a malicious executable if it comes (partially or fully) from user input.
|
69
|
+
if dash_c_shell_command?(first_arg, call.second_arg)
|
70
|
+
failure = include_user_input?(args[3]) || dangerous_interp?(args[3])
|
71
|
+
else
|
72
|
+
failure = include_user_input?(first_arg) || dangerous_interp?(first_arg)
|
73
|
+
end
|
58
74
|
else
|
59
75
|
failure = include_user_input?(args) || dangerous_interp?(args)
|
60
76
|
end
|
@@ -77,6 +93,15 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
77
93
|
end
|
78
94
|
end
|
79
95
|
|
96
|
+
# @return [Boolean] true iff the command given by `first_arg`, `second_arg`
|
97
|
+
# invokes a new shell process via `<shell_command> -c` (like `bash -c`)
|
98
|
+
def dash_c_shell_command?(first_arg, second_arg)
|
99
|
+
string?(first_arg) &&
|
100
|
+
KNOWN_SHELL_COMMANDS.include?(first_arg.value) &&
|
101
|
+
string?(second_arg) &&
|
102
|
+
second_arg.value == "-c"
|
103
|
+
end
|
104
|
+
|
80
105
|
def check_open_calls
|
81
106
|
tracker.find_call(:targets => [nil, :Kernel], :method => :open).each do |result|
|
82
107
|
if match = dangerous_open_arg?(result[:call].first_arg)
|