brakeman 4.6.1 → 4.7.0

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/plugin.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Haml
+
+  # This module makes Haml work with Rails using the template handler API.
+  class Plugin
+    def handles_encoding?; true; end
+
+    def compile(template, source)
+      options = Haml::Template.options.dup
+      if template.respond_to?(:type)
+        options[:mime_type] = template.type
+      elsif template.respond_to? :mime_type
+        options[:mime_type] = template.mime_type
+      end
+      options[:filename] = template.identifier
+      Haml::Engine.new(source, options).compiler.precompiled_with_ambles(
+        [],
+        after_preamble: '@output_buffer = output_buffer ||= ActionView::OutputBuffer.new if defined?(ActionView::OutputBuffer)',
+      )
+    end
+
+    def self.call(template, source = nil)
+      source ||= template.source
+
+      new.compile(template, source)
+    end
+
+    def cache_fragment(block, name = {}, options = nil)
+      @view.fragment_for(block, name, options) do
+        eval("_hamlout.buffer", block.binding)
+      end
+    end
+  end
+end
+
+ActionView::Template.register_template_handler(:haml, Haml::Plugin)

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/railtie.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'haml/template/options'
+
+# check for a compatible Rails version when Haml is loaded
+if (activesupport_spec = Gem.loaded_specs['activesupport'])
+  if activesupport_spec.version.to_s < '4.0'
+    raise Exception.new("\n\n** Haml now requires Rails 4.0 and later. Use Haml version 4.0.x\n\n")
+  end
+end
+
+module Haml
+  module Filters
+    module RailsErb
+      extend Plain
+      extend TiltFilter
+      extend PrecompiledTiltFilter
+    end
+  end
+
+  class Railtie < ::Rails::Railtie
+    initializer :haml do |app|
+      ActiveSupport.on_load(:action_view) do
+        require "haml/template"
+
+        if defined?(::Sass::Rails::SassTemplate) && app.config.assets.enabled
+          require "haml/sass_rails_filter"
+        end
+
+        # Any object under ActionView::Template will be defined as the root constant with the same
+        # name if it exists. If Erubi is loaded at all, ActionView::Template::Handlers::ERB::Erubi
+        # will turn out to be a reference to the ::Erubi module.
+        # In Rails 4.2, calling const_defined? results in odd exceptions, which seems to be
+        # solved by looking for ::Erubi first.
+        # However, in JRuby, the const_defined? finds it anyway, so we must make sure that it's
+        # not just a reference to ::Erubi.
+        if defined?(::Erubi) && (::ActionView::Template::Handlers::ERB.const_get('Erubi') != ::Erubi)
+          require "haml/helpers/safe_erubi_template"
+          Haml::Filters::RailsErb.template_class = Haml::SafeErubiTemplate
+        else
+          require "haml/helpers/safe_erubis_template"
+          Haml::Filters::RailsErb.template_class = Haml::SafeErubisTemplate
+        end
+        Haml::Template.options[:filters] = { 'erb' => Haml::Filters::RailsErb }
+      end
+    end
+  end
+end

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/sass_rails_filter.rb

@@ -1,11 +1,25 @@
+# frozen_string_literal: true
+
 module Haml
   module Filters
     # This is an extension of Sass::Rails's SassTemplate class that allows
     # Rails's asset helpers to be used inside Haml Sass filter.
     class SassRailsTemplate < ::Sass::Rails::SassTemplate
-      def render(scope=Object.new, locals={}, &block)
-        scope = ::Rails.application.assets.context_class.new(::Rails.application.assets, "/", "/")
-        super
+      if Gem::Version.new(Sprockets::VERSION) >= Gem::Version.new('3.0.0')
+        def render(scope=Object.new, locals={}, &block)
+          environment = ::Sprockets::Railtie.build_environment(::Rails.application)
+          scope = environment.context_class.new(
+            environment: environment,
+            filename: "/",
+            metadata: {}
+          )
+          super
+        end
+      else
+        def render(scope=Object.new, locals={}, &block)
+          scope = ::Rails.application.assets.context_class.new(::Rails.application.assets, "/", "/")
+          super
+        end
       end
 
       def sass_options(scope)
@@ -30,4 +44,4 @@ module Haml
     register_tilt_filter "Sass", :extend => "Css", :template_class => SassRailsTemplate
     register_tilt_filter "Scss", :extend => "Css", :template_class => ScssRailsTemplate
   end
-end
+end

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/template.rb

@@ -1,12 +1,20 @@
+# frozen_string_literal: true
+
 require 'haml/template/options'
-require 'haml/engine'
-require 'haml/helpers/action_view_mods'
-require 'haml/helpers/action_view_extensions'
+if defined?(ActiveSupport)
+  ActiveSupport.on_load(:action_view) do
+    require 'haml/helpers/action_view_mods'
+    require 'haml/helpers/action_view_extensions'
+  end
+else
+  require 'haml/helpers/action_view_mods'
+  require 'haml/helpers/action_view_extensions'
+end
 require 'haml/helpers/xss_mods'
 require 'haml/helpers/action_view_xss_mods'
 
 module Haml
-  class Compiler
+  class TempleEngine
     def precompiled_method_return_value_with_haml_xss
       "::Haml::Util.html_safe(#{precompiled_method_return_value_without_haml_xss})"
     end
@@ -26,7 +34,6 @@ module Haml
 end
 
 
-Haml::Template.options[:ugly] = defined?(Rails) ? !Rails.env.development? : true
 Haml::Template.options[:escape_html] = true
 
-require 'haml/template/plugin'
+require 'haml/plugin'

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/template/options.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # We keep options in its own self-contained file
 # so that we can load it independently in Rails 3,
 # where the full template stuff is lazy-loaded.
@@ -6,11 +8,20 @@ module Haml
   module Template
     extend self
 
-    @options = {}
+    class Options < Hash
+      def []=(key, value)
+        super
+        if Haml::Options.buffer_defaults.key?(key)
+          Haml::Options.buffer_defaults[key] = value
+        end
+      end
+    end
+
+    @options = ::Haml::Template::Options.new
     # The options hash for Haml when used within Rails.
     # See {file:REFERENCE.md#options the Haml options documentation}.
     #
-    # @return [{Symbol => Object}]
+    # @return [Haml::Template::Options<Symbol => Object>]
     attr_accessor :options
   end
 end

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/temple_engine.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+require 'temple'
+require 'haml/escapable'
+require 'haml/generator'
+
+module Haml
+  class TempleEngine < Temple::Engine
+    define_options(
+      attr_wrapper:         "'",
+      autoclose:            %w(area base basefont br col command embed frame
+                               hr img input isindex keygen link menuitem meta
+                               param source track wbr),
+      encoding:             nil,
+      escape_attrs:         true,
+      escape_html:          false,
+      escape_filter_interpolations: nil,
+      filename:             '(haml)',
+      format:               :html5,
+      hyphenate_data_attrs: true,
+      line:                 1,
+      mime_type:            'text/html',
+      preserve:             %w(textarea pre code),
+      remove_whitespace:    false,
+      suppress_eval:        false,
+      cdata:                false,
+      parser_class:         ::Haml::Parser,
+      compiler_class:       ::Haml::Compiler,
+      trace:                false,
+      filters:              {},
+    )
+
+    use :Parser,   -> { options[:parser_class] }
+    use :Compiler, -> { options[:compiler_class] }
+    use Escapable
+    filter :ControlFlow
+    filter :MultiFlattener
+    filter :StaticMerger
+    use Generator
+
+    def compile(template)
+      initialize_encoding(template, options[:encoding])
+      @precompiled = call(template)
+    end
+
+    # The source code that is evaluated to produce the Haml document.
+    #
+    # This is automatically converted to the correct encoding
+    # (see {file:REFERENCE.md#encodings the `:encoding` option}).
+    #
+    # @return [String]
+    def precompiled
+      encoding = Encoding.find(@encoding || '')
+      return @precompiled.dup.force_encoding(encoding) if encoding == Encoding::ASCII_8BIT
+      return @precompiled.encode(encoding)
+    end
+
+    def precompiled_with_return_value
+      "#{precompiled};#{precompiled_method_return_value}".dup
+    end
+
+    # The source code that is evaluated to produce the Haml document.
+    #
+    # This is automatically converted to the correct encoding
+    # (see {file:REFERENCE.md#encodings the `:encoding` option}).
+    #
+    # @return [String]
+    def precompiled_with_ambles(local_names, after_preamble: '')
+      preamble = <<END.tr("\n", ';')
+begin
+extend Haml::Helpers
+_hamlout = @haml_buffer = Haml::Buffer.new(haml_buffer, #{Options.new(options).for_buffer.inspect})
+_erbout = _hamlout.buffer
+#{after_preamble}
+END
+      postamble = <<END.tr("\n", ';')
+#{precompiled_method_return_value}
+ensure
+@haml_buffer = @haml_buffer.upper if @haml_buffer
+end
+END
+      "#{preamble}#{locals_code(local_names)}#{precompiled}#{postamble}".dup
+    end
+
+    private
+
+    def initialize_encoding(template, given_value)
+      if given_value
+        @encoding = given_value
+      else
+        @encoding = Encoding.default_internal || template.encoding
+      end
+    end
+
+    # Returns the string used as the return value of the precompiled method.
+    # This method exists so it can be monkeypatched to return modified values.
+    def precompiled_method_return_value
+      "_erbout"
+    end
+
+    def locals_code(names)
+      names = names.keys if Hash === names
+
+      names.map do |name|
+        # Can't use || because someone might explicitly pass in false with a symbol
+        sym_local = "_haml_locals[#{inspect_obj(name.to_sym)}]"
+        str_local = "_haml_locals[#{inspect_obj(name.to_s)}]"
+        "#{name} = #{sym_local}.nil? ? #{str_local} : #{sym_local};"
+      end.join
+    end
+
+    def inspect_obj(obj)
+      case obj
+      when String
+        %Q!"#{obj.gsub(/[\x00-\x7F]+/) {|s| s.inspect[1...-1]}}"!
+      when Symbol
+        ":#{inspect_obj(obj.to_s)}"
+      else
+        obj.inspect
+      end
+    end
+  end
+end

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/temple_line_counter.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Haml
+  # A module to count lines of expected code. This would be faster than actual code generation
+  # and counting newlines in it.
+  module TempleLineCounter
+    class UnexpectedExpression < StandardError; end
+
+    def self.count_lines(exp)
+      type, *args = exp
+      case type
+      when :multi
+        args.map { |a| count_lines(a) }.reduce(:+) || 0
+      when :dynamic, :code
+        args.first.count("\n")
+      when :static
+        0 # It has not real newline "\n" but escaped "\\n".
+      when :case
+        arg, *cases = args
+        arg.count("\n") + cases.map do |cond, e|
+          (cond == :else ? 0 : cond.count("\n")) + count_lines(e)
+        end.reduce(:+)
+      when :escape
+        count_lines(args[1])
+      else
+        raise UnexpectedExpression.new("[HAML BUG] Unexpected Temple expression '#{type}' is given!")
+      end
+    end
+  end
+end

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/util.rb

@@ -0,0 +1,258 @@
+# frozen_string_literal: true
+
+begin
+  require 'erubis/tiny'
+rescue LoadError
+  require 'erb'
+end
+require 'set'
+require 'stringio'
+require 'strscan'
+
+module Haml
+  # A module containing various useful functions.
+  module Util
+    extend self
+
+    # Silence all output to STDERR within a block.
+    #
+    # @yield A block in which no output will be printed to STDERR
+    def silence_warnings
+      the_real_stderr, $stderr = $stderr, StringIO.new
+      yield
+    ensure
+      $stderr = the_real_stderr
+    end
+
+    ## Rails XSS Safety
+
+    # Whether or not ActionView's XSS protection is available and enabled,
+    # as is the default for Rails 3.0+, and optional for version 2.3.5+.
+    # Overridden in haml/template.rb if this is the case.
+    #
+    # @return [Boolean]
+    def rails_xss_safe?
+      false
+    end
+
+    # Returns the given text, marked as being HTML-safe.
+    # With older versions of the Rails XSS-safety mechanism,
+    # this destructively modifies the HTML-safety of `text`.
+    #
+    # It only works if you are using ActiveSupport or the parameter `text`
+    # implements the #html_safe method.
+    #
+    # @param text [String, nil]
+    # @return [String, nil] `text`, marked as HTML-safe
+    def html_safe(text)
+      return unless text
+      text.html_safe
+    end
+
+    # Checks that the encoding of a string is valid
+    # and cleans up potential encoding gotchas like the UTF-8 BOM.
+    # If it's not, yields an error string describing the invalid character
+    # and the line on which it occurs.
+    #
+    # @param str [String] The string of which to check the encoding
+    # @yield [msg] A block in which an encoding error can be raised.
+    #   Only yields if there is an encoding error
+    # @yieldparam msg [String] The error message to be raised
+    # @return [String] `str`, potentially with encoding gotchas like BOMs removed
+    def check_encoding(str)
+      if str.valid_encoding?
+        # Get rid of the Unicode BOM if possible
+        # Shortcut for UTF-8 which might be the majority case
+        if str.encoding == Encoding::UTF_8
+          return str.gsub(/\A\uFEFF/, '')
+        elsif str.encoding.name =~ /^UTF-(16|32)(BE|LE)?$/
+          return str.gsub(Regexp.new("\\A\uFEFF".encode(str.encoding)), '')
+        else
+          return str
+        end
+      end
+
+      encoding = str.encoding
+      newlines = Regexp.new("\r\n|\r|\n".encode(encoding).force_encoding(Encoding::ASCII_8BIT))
+      str.force_encoding(Encoding::ASCII_8BIT).split(newlines).each_with_index do |line, i|
+        begin
+          line.encode(encoding)
+        rescue Encoding::UndefinedConversionError => e
+          yield <<MSG.rstrip, i + 1
+Invalid #{encoding.name} character #{e.error_char.dump}
+MSG
+        end
+      end
+      return str
+    end
+
+    # Like {\#check\_encoding}, but also checks for a Ruby-style `-# coding:` comment
+    # at the beginning of the template and uses that encoding if it exists.
+    #
+    # The Haml encoding rules are simple.
+    # If a `-# coding:` comment exists,
+    # we assume that that's the original encoding of the document.
+    # Otherwise, we use whatever encoding Ruby has.
+    #
+    # Haml uses the same rules for parsing coding comments as Ruby.
+    # This means that it can understand Emacs-style comments
+    # (e.g. `-*- encoding: "utf-8" -*-`),
+    # and also that it cannot understand non-ASCII-compatible encodings
+    # such as `UTF-16` and `UTF-32`.
+    #
+    # @param str [String] The Haml template of which to check the encoding
+    # @yield [msg] A block in which an encoding error can be raised.
+    #   Only yields if there is an encoding error
+    # @yieldparam msg [String] The error message to be raised
+    # @return [String] The original string encoded properly
+    # @raise [ArgumentError] if the document declares an unknown encoding
+    def check_haml_encoding(str, &block)
+      str = str.dup if str.frozen?
+
+      bom, encoding = parse_haml_magic_comment(str)
+      if encoding; str.force_encoding(encoding)
+      elsif bom; str.force_encoding(Encoding::UTF_8)
+      end
+
+      return check_encoding(str, &block)
+    end
+
+    # Like `Object#inspect`, but preserves non-ASCII characters rather than escaping them.
+    # This is necessary so that the precompiled Haml template can be `#encode`d into `@options[:encoding]`
+    # before being evaluated.
+    #
+    # @param obj {Object}
+    # @return {String}
+    def inspect_obj(obj)
+      case obj
+      when String
+        %Q!"#{obj.gsub(/[\x00-\x7F]+/) {|s| s.dump[1...-1]}}"!
+      when Symbol
+        ":#{inspect_obj(obj.to_s)}"
+      else
+        obj.inspect
+      end
+    end
+
+    # Scans through a string looking for the interoplation-opening `#{`
+    # and, when it's found, yields the scanner to the calling code
+    # so it can handle it properly.
+    #
+    # The scanner will have any backslashes immediately in front of the `#{`
+    # as the second capture group (`scan[2]`),
+    # and the text prior to that as the first (`scan[1]`).
+    #
+    # @yieldparam scan [StringScanner] The scanner scanning through the string
+    # @return [String] The text remaining in the scanner after all `#{`s have been processed
+    def handle_interpolation(str)
+      scan = StringScanner.new(str)
+      yield scan while scan.scan(/(.*?)(\\*)#([\{@$])/)
+      scan.rest
+    end
+
+    # Moves a scanner through a balanced pair of characters.
+    # For example:
+    #
+    #     Foo (Bar (Baz bang) bop) (Bang (bop bip))
+    #     ^                       ^
+    #     from                    to
+    #
+    # @param scanner [StringScanner] The string scanner to move
+    # @param start [String] The character opening the balanced pair.
+    # @param finish [String] The character closing the balanced pair.
+    # @param count [Fixnum] The number of opening characters matched
+    #   before calling this method
+    # @return [(String, String)] The string matched within the balanced pair
+    #   and the rest of the string.
+    #   `["Foo (Bar (Baz bang) bop)", " (Bang (bop bip))"]` in the example above.
+    def balance(scanner, start, finish, count = 0)
+      str = ''.dup
+      scanner = StringScanner.new(scanner) unless scanner.is_a? StringScanner
+      regexp = Regexp.new("(.*?)[\\#{start.chr}\\#{finish.chr}]", Regexp::MULTILINE)
+      while scanner.scan(regexp)
+        str << scanner.matched
+        count += 1 if scanner.matched[-1] == start
+        count -= 1 if scanner.matched[-1] == finish
+        return [str.strip, scanner.rest] if count == 0
+      end
+    end
+
+    # Formats a string for use in error messages about indentation.
+    #
+    # @param indentation [String] The string used for indentation
+    # @return [String] The name of the indentation (e.g. `"12 spaces"`, `"1 tab"`)
+    def human_indentation(indentation)
+      if !indentation.include?(?\t)
+        noun = 'space'
+      elsif !indentation.include?(?\s)
+        noun = 'tab'
+      else
+        return indentation.inspect
+      end
+
+      singular = indentation.length == 1
+      "#{indentation.length} #{noun}#{'s' unless singular}"
+    end
+
+    def contains_interpolation?(str)
+      /#[\{$@]/ === str
+    end
+
+    def unescape_interpolation(str, escape_html = nil)
+      res = ''.dup
+      rest = Haml::Util.handle_interpolation str.dump do |scan|
+        escapes = (scan[2].size - 1) / 2
+        char = scan[3] # '{', '@' or '$'
+        res << scan.matched[0...-3 - escapes]
+        if escapes % 2 == 1
+          res << "\##{char}"
+        else
+          interpolated = if char == '{'
+            balance(scan, ?{, ?}, 1)[0][0...-1]
+          else
+            scan.scan(/\w+/)
+          end
+          content = eval("\"#{interpolated}\"")
+          content.prepend(char) if char == '@' || char == '$'
+          content = "Haml::Helpers.html_escape((#{content}))" if escape_html
+
+          res << "\#{#{content}}"
+        end
+      end
+      res + rest
+    end
+
+    private
+
+    # Parses a magic comment at the beginning of a Haml file.
+    # The parsing rules are basically the same as Ruby's.
+    #
+    # @return [(Boolean, String or nil)]
+    #   Whether the document begins with a UTF-8 BOM,
+    #   and the declared encoding of the document (or nil if none is declared)
+    def parse_haml_magic_comment(str)
+      scanner = StringScanner.new(str.dup.force_encoding(Encoding::ASCII_8BIT))
+      bom = scanner.scan(/\xEF\xBB\xBF/n)
+      return bom unless scanner.scan(/-\s*#\s*/n)
+      if (coding = try_parse_haml_emacs_magic_comment(scanner))
+        return bom, coding
+      end
+
+      return bom unless scanner.scan(/.*?coding[=:]\s*([\w-]+)/in)
+      return bom, scanner[1]
+    end
+
+    def try_parse_haml_emacs_magic_comment(scanner)
+      pos = scanner.pos
+      return unless scanner.scan(/.*?-\*-\s*/n)
+      # From Ruby's parse.y
+      return unless scanner.scan(/([^\s'":;]+)\s*:\s*("(?:\\.|[^"])*"|[^"\s;]+?)[\s;]*-\*-/n)
+      name, val = scanner[1], scanner[2]
+      return unless name =~ /(en)?coding/in
+      val = $1 if val =~ /^"(.*)"$/n
+      return val
+    ensure
+      scanner.pos = pos
+    end
+  end
+end