brakeman 4.8.0 → 5.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +144 -2
- data/README.md +23 -6
- data/bundle/load.rb +7 -5
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/CHANGELOG.md +24 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/FAQ.md +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/Gemfile +1 -4
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/MIT-LICENSE +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/README.md +21 -16
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/REFERENCE.md +39 -10
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/TODO +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/haml.gemspec +2 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/attribute_builder.rb +58 -3
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/attribute_compiler.rb +45 -32
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/attribute_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/buffer.rb +0 -56
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/compiler.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/error.rb +0 -0
- data/bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/escapable.rb +77 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/exec.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/filters.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/generator.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/helpers/action_view_extensions.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/helpers/action_view_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/helpers/safe_erubi_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/helpers/safe_erubis_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/helpers/xss_mods.rb +6 -3
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/helpers.rb +7 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/parser.rb +32 -4
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/plugin.rb +18 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/railtie.rb +5 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/sass_rails_filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/template/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/temple_engine.rb +2 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/temple_line_counter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/util.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml/version.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/lib/haml.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/yard/default/fulldoc/html/css/common.sass +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.2}/yard/default/layout/html/footer.erb +0 -0
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/MIT-LICENSE.txt +20 -0
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/processor_count.rb +45 -0
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +4 -0
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel.rb +532 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/LICENSE.txt +22 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/NEWS.md +178 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/README.md +48 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/attlistdecl.rb +63 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/attribute.rb +205 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/cdata.rb +68 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/child.rb +97 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/comment.rb +80 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/doctype.rb +311 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/document.rb +451 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/attlistdecl.rb +11 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/dtd.rb +47 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/elementdecl.rb +18 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/entitydecl.rb +57 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/notationdecl.rb +40 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/element.rb +2599 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/encoding.rb +51 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/entity.rb +171 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/default.rb +116 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb +142 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/transitive.rb +58 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/functions.rb +447 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/instruction.rb +79 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/light/node.rb +188 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/namespace.rb +59 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/node.rb +76 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/output.rb +30 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parent.rb +166 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parseexception.rb +52 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +694 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/lightparser.rb +59 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb +197 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb +273 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb +61 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb +101 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/ultralightparser.rb +57 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/xpathparser.rb +689 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/quickpath.rb +266 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/rexml.rb +37 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/sax2listener.rb +98 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/security.rb +28 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/source.rb +298 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/streamlistener.rb +93 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/text.rb +424 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/undefinednamespaceexception.rb +9 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/relaxng.rb +539 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/validation.rb +144 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/validationexception.rb +10 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xmldecl.rb +130 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xmltokens.rb +85 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xpath.rb +81 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xpath_parser.rb +974 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml.rb +3 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/History.rdoc +148 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/Manifest.txt +7 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/README.rdoc +1 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/compare/normalize.rb +51 -6
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/debugging.md +190 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/gauntlet.md +106 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/rp_extensions.rb +15 -36
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_stringscanner.rb +33 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb +7128 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby20_parser.y +420 -296
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb +7182 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby21_parser.y +415 -293
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb +7228 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby22_parser.y +419 -295
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb +7237 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby23_parser.y +419 -295
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb +7268 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby24_parser.y +419 -295
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb +7268 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2/lib/ruby26_parser.y → ruby_parser-3.18.1/lib/ruby25_parser.y} +418 -308
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb +7287 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2/lib/ruby_parser.yy → ruby_parser-3.18.1/lib/ruby26_parser.y} +419 -399
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb +8517 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2/lib/ruby25_parser.y → ruby_parser-3.18.1/lib/ruby27_parser.y} +1030 -294
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb +8751 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.y +3472 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy +3476 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby_lexer.rb +308 -605
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby_lexer.rex +33 -27
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby_lexer.rex.rb +65 -31
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer_strings.rb +638 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby_parser.rb +4 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.yy +3487 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/lib/ruby_parser_extras.rb +341 -127
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/tools/munge.rb +43 -10
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.18.1}/tools/ripper.rb +15 -10
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/History.rdoc +39 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/lib/pt_testcase.rb +9 -4
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/lib/sexp.rb +19 -9
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/lib/sexp_matcher.rb +4 -7
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/lib/strict_sexp.rb +25 -3
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.16.0}/lib/unique.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/CHANGES +4 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/Gemfile +12 -13
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/LICENSE +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/README.jp.md +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/README.md +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/code_attributes.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/command.rb +13 -13
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/controls.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/do_inserter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/embedded.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/end_inserter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/erb_converter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/grammar.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/include.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/interpolation.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/logic_less/context.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/logic_less/filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/logic_less.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/parser.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/smart/escaper.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/smart/filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/smart/parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/smart.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/splat/builder.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/splat/filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/translator.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/version.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/slim.gemspec +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.6.1 → unicode-display_width-1.8.0}/CHANGELOG.md +8 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.6.1 → unicode-display_width-1.8.0}/MIT-LICENSE.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.6.1 → unicode-display_width-1.8.0}/README.md +1 -1
- data/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.6.1 → unicode-display_width-1.8.0}/lib/unicode/display_width/constants.rb +2 -2
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.6.1 → unicode-display_width-1.8.0}/lib/unicode/display_width/index.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.6.1 → unicode-display_width-1.8.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.6.1 → unicode-display_width-1.8.0}/lib/unicode/display_width/string_ext.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.6.1 → unicode-display_width-1.8.0}/lib/unicode/display_width.rb +0 -0
- data/lib/brakeman/app_tree.rb +37 -4
- data/lib/brakeman/checks/base_check.rb +18 -2
- data/lib/brakeman/checks/check_basic_auth.rb +2 -0
- data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +28 -0
- data/lib/brakeman/checks/check_deserialize.rb +21 -1
- data/lib/brakeman/checks/check_detailed_exceptions.rb +1 -1
- data/lib/brakeman/checks/check_eol_rails.rb +23 -0
- data/lib/brakeman/checks/check_eol_ruby.rb +26 -0
- data/lib/brakeman/checks/check_evaluation.rb +1 -1
- data/lib/brakeman/checks/check_execute.rb +12 -1
- data/lib/brakeman/checks/check_json_entity_escape.rb +38 -0
- data/lib/brakeman/checks/check_json_parsing.rb +1 -1
- data/lib/brakeman/checks/check_mass_assignment.rb +37 -9
- data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
- data/lib/brakeman/checks/check_model_attributes.rb +1 -1
- data/lib/brakeman/checks/check_page_caching_cve.rb +37 -0
- data/lib/brakeman/checks/check_permit_attributes.rb +1 -1
- data/lib/brakeman/checks/check_regex_dos.rb +1 -1
- data/lib/brakeman/checks/check_render.rb +15 -1
- data/lib/brakeman/checks/check_sanitize_methods.rb +2 -1
- data/lib/brakeman/checks/check_skip_before_filter.rb +4 -4
- data/lib/brakeman/checks/check_sql.rb +60 -9
- data/lib/brakeman/checks/check_symbol_dos.rb +1 -1
- data/lib/brakeman/checks/check_template_injection.rb +32 -0
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +68 -0
- data/lib/brakeman/checks/check_verb_confusion.rb +75 -0
- data/lib/brakeman/checks/eol_check.rb +47 -0
- data/lib/brakeman/commandline.rb +25 -1
- data/lib/brakeman/file_parser.rb +58 -22
- data/lib/brakeman/options.rb +39 -2
- data/lib/brakeman/parsers/template_parser.rb +26 -3
- data/lib/brakeman/processors/alias_processor.rb +132 -24
- data/lib/brakeman/processors/base_processor.rb +4 -4
- data/lib/brakeman/processors/controller_alias_processor.rb +6 -43
- data/lib/brakeman/processors/controller_processor.rb +1 -1
- data/lib/brakeman/processors/gem_processor.rb +3 -0
- data/lib/brakeman/processors/haml_template_processor.rb +17 -1
- data/lib/brakeman/processors/lib/call_conversion_helper.rb +13 -7
- data/lib/brakeman/processors/lib/file_type_detector.rb +64 -0
- data/lib/brakeman/processors/lib/find_all_calls.rb +28 -13
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +16 -16
- data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -0
- data/lib/brakeman/processors/lib/rails4_config_processor.rb +2 -1
- data/lib/brakeman/processors/lib/render_helper.rb +3 -1
- data/lib/brakeman/processors/library_processor.rb +9 -0
- data/lib/brakeman/processors/model_processor.rb +32 -0
- data/lib/brakeman/processors/output_processor.rb +1 -1
- data/lib/brakeman/processors/template_alias_processor.rb +5 -0
- data/lib/brakeman/report/ignore/config.rb +5 -1
- data/lib/brakeman/report/ignore/interactive.rb +1 -1
- data/lib/brakeman/report/report_base.rb +0 -2
- data/lib/brakeman/report/report_csv.rb +37 -60
- data/lib/brakeman/report/report_github.rb +31 -0
- data/lib/brakeman/report/report_junit.rb +2 -2
- data/lib/brakeman/report/report_sarif.rb +133 -0
- data/lib/brakeman/report/report_sonar.rb +38 -0
- data/lib/brakeman/report/report_tabs.rb +1 -1
- data/lib/brakeman/report/report_text.rb +38 -17
- data/lib/brakeman/report.rb +19 -1
- data/lib/brakeman/rescanner.rb +7 -5
- data/lib/brakeman/scanner.rb +65 -31
- data/lib/brakeman/tracker/collection.rb +57 -7
- data/lib/brakeman/tracker/config.rb +87 -5
- data/lib/brakeman/tracker/constants.rb +8 -7
- data/lib/brakeman/tracker/controller.rb +1 -1
- data/lib/brakeman/tracker/method_info.rb +70 -0
- data/lib/brakeman/tracker.rb +42 -5
- data/lib/brakeman/util.rb +58 -21
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +10 -2
- data/lib/brakeman/warning_codes.rb +13 -0
- data/lib/brakeman.rb +45 -6
- data/lib/ruby_parser/bm_sexp.rb +33 -9
- metadata +201 -123
- data/bundle/ruby/2.7.0/gems/haml-5.1.2/lib/haml/escapable.rb +0 -50
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/debugging.md +0 -18
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/rp_stringscanner.rb +0 -64
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby20_parser.rb +0 -7042
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby21_parser.rb +0 -7113
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby22_parser.rb +0 -7146
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby23_parser.rb +0 -7163
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby24_parser.rb +0 -7175
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby25_parser.rb +0 -7175
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby26_parser.rb +0 -7195
- data/bundle/ruby/2.7.0/gems/unicode-display_width-1.6.1/data/display_width.marshal.gz +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b6672aa0a7532078f913b27574846fc26abd9fc624af178b9017f2de885f5505
|
4
|
+
data.tar.gz: a3eeda0729d72d601bc94f4296f4f878e2cd970ef089f38dd0fcaad2e361f36c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 700ed2e62792a1d2a38222199f2030f29aafee865f79e0b57be17fbbc718f6bbc1dadc1f5e3ceab4b961635f165f1fdcd9303520a4e5a897044e682319aca200
|
7
|
+
data.tar.gz: 2f030bd82e1c7bccd70610151c8baec7a0ed4723226e41f9cd0104d56c51cc443ace66ac9ac43381aaee4f27d5ffad807476060eca2d308d5f878370e0bd7874
|
data/CHANGES.md
CHANGED
@@ -1,4 +1,146 @@
|
|
1
|
-
#
|
1
|
+
# 5.2.1 - 2022-01-30
|
2
|
+
|
3
|
+
* Add warning codes for EOL software warnings
|
4
|
+
|
5
|
+
# 5.2.0 - 2021-12-15
|
6
|
+
|
7
|
+
* Initial Rails 7 support
|
8
|
+
* Require Ruby 2.5.0+
|
9
|
+
* Fix issue with calls to `foo.root` in routes
|
10
|
+
* Ignore `I18n.locale` in SQL queries
|
11
|
+
* Do not treat `sanitize_sql_like` as safe
|
12
|
+
* Add new checks for unsupported Ruby and Rails versions
|
13
|
+
|
14
|
+
# 5.1.2 - 2021-10-28
|
15
|
+
|
16
|
+
* Handle cases where enums are not symbols
|
17
|
+
* Support newer Haml with ::Haml::AttributeBuilder.build
|
18
|
+
* Fix issue where the previous output is still visible (Jason Frey)
|
19
|
+
* Fix warning sorting with nil line numbers
|
20
|
+
* Update for latest RubyParser (Ryan Davis)
|
21
|
+
|
22
|
+
# 5.1.1 - 2021-07-19
|
23
|
+
|
24
|
+
* Unrefactor IgnoreConfig's use of `Brakeman::FilePath`
|
25
|
+
|
26
|
+
# 5.1.0 - 2021-07-19
|
27
|
+
|
28
|
+
* Initial support for ActiveRecord enums
|
29
|
+
* Support `Hash#include?`
|
30
|
+
* Interprocedural dataflow from very simple class methods
|
31
|
+
* Fix SARIF report when checks have no description (Eli Block)
|
32
|
+
* Add ignored warnings to SARIF report (Eli Block)
|
33
|
+
* Add `--sql-safe-methods` option (Esty Scheiner)
|
34
|
+
* Update SQL injection check for Rails 6.0/6.1
|
35
|
+
* Fix false positive in command injection with `Open3.capture` (Richard Fitzgerald)
|
36
|
+
* Fix infinite loop on mixin self-includes (Andrew Szczepanski)
|
37
|
+
* Ignore dates in SQL
|
38
|
+
* Refactor `cookie?`/`param?` methods (Keenan Brock)
|
39
|
+
* Ignore renderables in dynamic render path check (Brad Parker)
|
40
|
+
* Support `Array#push`
|
41
|
+
* Better `Array#join` support
|
42
|
+
* Adjust copy of `--interactive` menu (Elia Schito)
|
43
|
+
* Support `Array#*`
|
44
|
+
* Better method definition tracking and lookup
|
45
|
+
* Support `Hash#values` and `Hash#values_at`
|
46
|
+
* Check for user-controlled evaluation even if it's a call target
|
47
|
+
* Support `Array#fetch` and `Hash#fetch`
|
48
|
+
* Ignore `sanitize_sql_like` in SQL
|
49
|
+
* Ignore method calls on numbers in SQL
|
50
|
+
* Add GitHub Actions format (Klaus Badelt)
|
51
|
+
* Read and parse files in parallel
|
52
|
+
|
53
|
+
# 5.0.4 - 2021-06-08
|
54
|
+
|
55
|
+
(brakeman gem release only)
|
56
|
+
|
57
|
+
* Update bundled `ruby_parser` to include argument forwarding support
|
58
|
+
|
59
|
+
# 5.0.2 - 2021-06-07
|
60
|
+
|
61
|
+
* Fix Loofah version check
|
62
|
+
|
63
|
+
# 5.0.1 - 2021-04-27
|
64
|
+
|
65
|
+
* Detect `::Rails.application.configure` too
|
66
|
+
* Set more line numbers on Sexps
|
67
|
+
* Support loading `slim/smart`
|
68
|
+
* Don't fail if $HOME/$USER are not defined
|
69
|
+
* Always ignore slice/only calls for mass assignment
|
70
|
+
* Convert splat array arguments to arguments
|
71
|
+
|
72
|
+
# 5.0.0 - 2021-01-26
|
73
|
+
|
74
|
+
* Ignore `uuid` as a safe attribute
|
75
|
+
* Collapse `__send__` calls
|
76
|
+
* Ignore `Tempfile#path` in shell commands
|
77
|
+
* Ignore development environment
|
78
|
+
* Revamp CSV report to a CSV list of warnings
|
79
|
+
* Set Rails configuration defaults based on `load_defaults` version
|
80
|
+
* Add check for (more) unsafe method reflection
|
81
|
+
* Suggest using `--force` if no Rails application is detected
|
82
|
+
* Add Sonarqube report format (Adam England)
|
83
|
+
* Add check for potential HTTP verb confusion
|
84
|
+
* Add `--[no-]skip-vendor` option
|
85
|
+
* Scan (almost) all Ruby files in project
|
86
|
+
|
87
|
+
# 4.10.1 - 2020-12-24
|
88
|
+
|
89
|
+
* Declare REXML as a dependency (Ruby 3.0 compatibility)
|
90
|
+
* Use `Sexp#sexp_body` instead of `Sexp#[..]` (Ruby 3.0 compatibility)
|
91
|
+
* Prevent render loops when template names are absolute paths
|
92
|
+
* Ensure RubyParser is passed file path as a String
|
93
|
+
* Support new Haml 5.2.0 escaping method
|
94
|
+
|
95
|
+
# 5.0.0.pre1 - 2020-11-17
|
96
|
+
|
97
|
+
* Add check for (more) unsafe method reflection
|
98
|
+
* Suggest using `--force` if no Rails application is detected
|
99
|
+
* Add Sonarqube report format (Adam England)
|
100
|
+
* Add check for potential HTTP verb confusion
|
101
|
+
* Add `--[no-]skip-vendor` option
|
102
|
+
* Scan (almost) all Ruby files in project
|
103
|
+
* Add support for Haml 5.2.0
|
104
|
+
|
105
|
+
# 4.10.0 - 2020-09-28
|
106
|
+
|
107
|
+
* Add SARIF report format (Steve Winton)
|
108
|
+
|
109
|
+
# 4.9.1 - 2020-09-04
|
110
|
+
|
111
|
+
* Check `chomp`ed strings for SQL injection
|
112
|
+
* Use version from `active_record` for non-Rails apps (Ulysse Buonomo)
|
113
|
+
* Always set line number for joined arrays
|
114
|
+
* Avoid warning about missing `attr_accessible` if `protected_attributes` gem is used
|
115
|
+
|
116
|
+
# 4.9.0 - 2020-08-04
|
117
|
+
|
118
|
+
* Add check for CVE-2020-8166 (Jamie Finnigan)
|
119
|
+
* Avoid warning when `safe_yaml` is used via `YAML.load(..., safe: true)`
|
120
|
+
* Add check for user input in `ERB.new` (Matt Hickman)
|
121
|
+
* Add `--ensure-ignore-notes` (Eli Block)
|
122
|
+
* Remove whitelist/blacklist language, add clarifications
|
123
|
+
* Do not warn about mass assignment with `params.permit!.slice`
|
124
|
+
* Add "full call" information to call index results
|
125
|
+
* Ignore `params.permit!` in path helpers
|
126
|
+
* Treat `Dir.glob` as safe source of values in guards
|
127
|
+
* Always scan `environment.rb`
|
128
|
+
|
129
|
+
# 4.8.2 - 2020-05-12
|
130
|
+
|
131
|
+
* Add check for CVE-2020-8159
|
132
|
+
* Fix `authenticate_or_request_with_http_basic` check for passed blocks (Hugo Corbucci)
|
133
|
+
* Add `--text-fields` option
|
134
|
+
* Add check for escaping HTML entities in JSON configuration
|
135
|
+
|
136
|
+
# 4.8.1 - 2020-04-06
|
137
|
+
|
138
|
+
* Check SQL query strings using `String#strip` or `String.squish`
|
139
|
+
* Handle non-symbol keys in locals hash for render()
|
140
|
+
* Warn about global(!) mass assignment
|
141
|
+
* Index calls in render arguments
|
142
|
+
|
143
|
+
# 4.8.0 - 2020-02-18
|
2
144
|
|
3
145
|
* Add JUnit-XML report format (Naoki Kimura)
|
4
146
|
* Sort ignore files by fingerprint and line (Ngan Pham)
|
@@ -328,7 +470,7 @@
|
|
328
470
|
* Delay loading vendored gems and modifying load path
|
329
471
|
* Avoid warning about SQL injection with `quoted_primary_key`
|
330
472
|
* Support more safe `&.` operations
|
331
|
-
* Allow
|
473
|
+
* Allow multiple line regex in `validates_format_of` (Dmitrij Fedorenko)
|
332
474
|
* Only consider `if` branches in templates
|
333
475
|
* Avoid overwriting instance/class methods with same name (Tim Wade)
|
334
476
|
* Add `--force-scan` option (Neil Matatall)
|
data/README.md
CHANGED
@@ -16,9 +16,11 @@ Using RubyGems:
|
|
16
16
|
|
17
17
|
Using Bundler:
|
18
18
|
|
19
|
-
|
20
|
-
|
21
|
-
|
19
|
+
```ruby
|
20
|
+
group :development do
|
21
|
+
gem 'brakeman'
|
22
|
+
end
|
23
|
+
```
|
22
24
|
|
23
25
|
Using Docker:
|
24
26
|
|
@@ -64,7 +66,7 @@ Outside of Rails root (note that the output file is relative to path/to/rails/ap
|
|
64
66
|
|
65
67
|
Brakeman should work with any version of Rails from 2.3.x to 6.x.
|
66
68
|
|
67
|
-
Brakeman can analyze code written with Ruby 1.8 syntax and newer, but requires at least Ruby 2.
|
69
|
+
Brakeman can analyze code written with Ruby 1.8 syntax and newer, but requires at least Ruby 2.4.0 to run.
|
68
70
|
|
69
71
|
# Basic Options
|
70
72
|
|
@@ -74,12 +76,16 @@ To specify an output file for the results:
|
|
74
76
|
|
75
77
|
brakeman -o output_file
|
76
78
|
|
77
|
-
The output format is determined by the file extension or by using the `-f` option. Current options are: `text`, `html`, `tabs`, `json`, `markdown`, `csv`, and `
|
79
|
+
The output format is determined by the file extension or by using the `-f` option. Current options are: `text`, `html`, `tabs`, `json`, `junit`, `markdown`, `csv`, `codeclimate`, and `sonar`.
|
78
80
|
|
79
81
|
Multiple output files can be specified:
|
80
82
|
|
81
83
|
brakeman -o output.html -o output.json
|
82
84
|
|
85
|
+
To output to both a file and to the console, with color:
|
86
|
+
|
87
|
+
brakeman --color -o /dev/stdout -o output.json
|
88
|
+
|
83
89
|
To suppress informational warnings and just output the report:
|
84
90
|
|
85
91
|
brakeman -q
|
@@ -153,7 +159,16 @@ The `-w` switch takes a number from 1 to 3, with 1 being low (all warnings) and
|
|
153
159
|
|
154
160
|
# Configuration files
|
155
161
|
|
156
|
-
Brakeman options can stored and read from YAML files.
|
162
|
+
Brakeman options can be stored and read from YAML files.
|
163
|
+
|
164
|
+
To simplify the process of writing a configuration file, the `-C` option will output the currently set options:
|
165
|
+
|
166
|
+
```sh
|
167
|
+
$ brakeman -C --skip-files plugins/
|
168
|
+
---
|
169
|
+
:skip_files:
|
170
|
+
- plugins/
|
171
|
+
```
|
157
172
|
|
158
173
|
Options passed in on the commandline have priority over configuration files.
|
159
174
|
|
@@ -167,6 +182,8 @@ There is a [plugin available](http://brakemanscanner.org/docs/jenkins/) for Jenk
|
|
167
182
|
|
168
183
|
For even more continuous testing, try the [Guard plugin](https://github.com/guard/guard-brakeman).
|
169
184
|
|
185
|
+
There are a couple [Github Actions](https://github.com/marketplace?type=actions&query=brakeman) available.
|
186
|
+
|
170
187
|
# Building
|
171
188
|
|
172
189
|
git clone git://github.com/presidentbeef/brakeman.git
|
data/bundle/load.rb
CHANGED
@@ -1,14 +1,16 @@
|
|
1
1
|
path = File.expand_path('../..', __FILE__)
|
2
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib"
|
2
3
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
|
3
|
-
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/
|
4
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
|
4
5
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
|
6
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib"
|
7
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/slim-4.1.0/lib"
|
5
8
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/highline-2.0.3/lib"
|
6
|
-
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib"
|
7
9
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
|
8
|
-
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.6.1/lib"
|
9
10
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
|
10
|
-
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.
|
11
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
|
12
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib"
|
11
13
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
|
12
14
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
|
13
|
-
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/
|
15
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib"
|
14
16
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib"
|
@@ -1,5 +1,29 @@
|
|
1
1
|
# Haml Changelog
|
2
2
|
|
3
|
+
## 5.2.2
|
4
|
+
Released on July 27, 2021
|
5
|
+
([diff](https://github.com/haml/haml/compare/v5.2.1...v5.2.2)).
|
6
|
+
|
7
|
+
* Support for adding Annotations to Haml output (a Rails feature 6.1+)
|
8
|
+
* Expanded test matrix to include Ruby 3.0 and Rails 6.1
|
9
|
+
* Only testing Ruby 2.7+ and Rails 5.2+
|
10
|
+
|
11
|
+
## 5.2.1
|
12
|
+
|
13
|
+
Released on November 30, 2020
|
14
|
+
([diff](https://github.com/haml/haml/compare/v5.2.0...v5.2.1)).
|
15
|
+
|
16
|
+
* Add in improved "multiline" support for attributes [#1043](https://github.com/haml/haml/issues/1043)
|
17
|
+
|
18
|
+
## 5.2
|
19
|
+
|
20
|
+
Released on September 28, 2020
|
21
|
+
([diff](https://github.com/haml/haml/compare/v5.1.2...v5.2.0)).
|
22
|
+
|
23
|
+
* Fix crash in the attribute optimizer when `#inspect` is overridden in TrueClass / FalseClass [#972](https://github.com/haml/haml/issues/972)
|
24
|
+
* Do not HTML-escape templates that are declared to be plaintext [#1014](https://github.com/haml/haml/issues/1014) (Thanks [@cesarizu](https://github.com/cesarizu))
|
25
|
+
* Class names are no longer ordered alphabetically, and now follow a new specification as laid out in REFERENCE [#306](https://github.com/haml/haml/issues/306)
|
26
|
+
|
3
27
|
## 5.1.2
|
4
28
|
|
5
29
|
Released on August 6, 2019
|
File without changes
|
File without changes
|
@@ -1,9 +1,8 @@
|
|
1
1
|
# Haml
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/haml.svg)](http://rubygems.org/gems/haml)
|
4
|
-
[![Build Status](https://travis-ci.org/haml/haml.svg?branch=
|
4
|
+
[![Build Status](https://travis-ci.org/haml/haml.svg?branch=main)](http://travis-ci.org/haml/haml)
|
5
5
|
[![Code Climate](https://codeclimate.com/github/haml/haml/badges/gpa.svg)](https://codeclimate.com/github/haml/haml)
|
6
|
-
[![Coverage Status](http://img.shields.io/coveralls/haml/haml.svg)](https://coveralls.io/r/haml/haml)
|
7
6
|
[![Inline docs](http://inch-ci.org/github/haml/haml.png)](http://inch-ci.org/github/haml/haml)
|
8
7
|
|
9
8
|
Haml is a templating engine for HTML. It's designed to make it both easier and
|
@@ -11,6 +10,13 @@ more pleasant to write HTML documents, by eliminating redundancy, reflecting the
|
|
11
10
|
underlying structure that the document represents, and providing an elegant syntax
|
12
11
|
that's both powerful and easy to understand.
|
13
12
|
|
13
|
+
### Supported Versions
|
14
|
+
|
15
|
+
* Ruby 2.6+
|
16
|
+
* Rails 5.1+
|
17
|
+
|
18
|
+
Other versions may likely work, but we don't test against them.
|
19
|
+
|
14
20
|
## Basic Usage
|
15
21
|
|
16
22
|
Haml can be used from the command line or as part of a Ruby web framework. The
|
@@ -32,7 +38,7 @@ to compile it to HTML. For more information on these commands, check out
|
|
32
38
|
haml --help
|
33
39
|
~~~
|
34
40
|
|
35
|
-
To use Haml
|
41
|
+
To use Haml programmatically, check out the [YARD documentation](http://haml.info/docs/yardoc/).
|
36
42
|
|
37
43
|
## Using Haml with Rails
|
38
44
|
|
@@ -163,35 +169,34 @@ on a specific area:
|
|
163
169
|
ruby -Itest test/helper_test.rb -n test_buffer_access
|
164
170
|
~~~
|
165
171
|
|
166
|
-
Haml currently supports Ruby 2.
|
172
|
+
Haml currently supports Ruby 2.7.0 and higher, so please make sure your changes run on 2.7+.
|
167
173
|
|
168
174
|
## Team
|
169
175
|
|
170
176
|
### Current Maintainers
|
171
177
|
|
172
|
-
* [
|
173
|
-
* [Matt Wildig](https://github.com/mattwildig)
|
174
|
-
* [Tee Parham](https://github.com/teeparham)
|
178
|
+
* [Hampton Catlin](https://github.com/hcatlin)
|
175
179
|
* [Takashi Kokubun](https://github.com/k0kubun)
|
180
|
+
* [Akira Matsuda](https://github.com/amatsuda)
|
176
181
|
|
177
182
|
### Alumni
|
178
183
|
|
179
184
|
Haml was created by [Hampton Catlin](http://hamptoncatlin.com), the author of
|
180
|
-
the original implementation.
|
181
|
-
but still consults on language issues.
|
185
|
+
the original implementation.
|
182
186
|
|
183
|
-
[Natalie Weizenbaum](
|
187
|
+
[Natalie Weizenbaum](https://github.com/nex3) was for many years the primary developer
|
184
188
|
and architect of the "modern" Ruby implementation of Haml.
|
185
189
|
|
186
|
-
|
187
|
-
|
188
|
-
## License
|
190
|
+
This project's been around for many years, and we have many amazing people who kept the project
|
191
|
+
alive! as former maintainers like:
|
189
192
|
|
190
|
-
|
193
|
+
[Norman Clarke](http://github.com/norman)
|
194
|
+
[Matt Wildig](https://github.com/mattwildig)
|
195
|
+
[Tee Parham](https://github.com/teeparham)
|
191
196
|
|
192
|
-
|
197
|
+
## License
|
193
198
|
|
194
|
-
Copyright (c) 2006-
|
199
|
+
Copyright (c) 2006-2021 Hampton Catlin, Natalie Weizenbaum and the Haml team
|
195
200
|
|
196
201
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
197
202
|
this software and associated documentation files (the "Software"), to deal in
|
@@ -107,13 +107,20 @@ output.
|
|
107
107
|
In Rails, options can be set by setting the {Haml::Template#options Haml::Template.options}
|
108
108
|
hash in an initializer:
|
109
109
|
|
110
|
-
|
111
|
-
|
110
|
+
```ruby
|
111
|
+
# config/initializers/haml.rb
|
112
|
+
Haml::Template.options[:format] = :html5
|
113
|
+
|
114
|
+
# Avoid escaping attributes which are already escaped
|
115
|
+
Haml::Template.options[:escape_attrs] = :once
|
116
|
+
```
|
112
117
|
|
113
118
|
Outside Rails, you can set them by configuring them globally in
|
114
119
|
Haml::Options.defaults:
|
115
120
|
|
116
|
-
|
121
|
+
```ruby
|
122
|
+
Haml::Options.defaults[:format] = :html5
|
123
|
+
```
|
117
124
|
|
118
125
|
In sinatra specifically, you can set them in global config with:
|
119
126
|
```ruby
|
@@ -228,15 +235,19 @@ is compiled to:
|
|
228
235
|
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'></html>
|
229
236
|
|
230
237
|
Attribute hashes can also be stretched out over multiple lines to accommodate
|
231
|
-
many attributes.
|
232
|
-
For example:
|
238
|
+
many attributes.
|
233
239
|
|
234
|
-
%script{
|
235
|
-
|
240
|
+
%script{
|
241
|
+
"type": text/javascript",
|
242
|
+
"src": javascripts/script_#{2 + 7}",
|
243
|
+
"data": {
|
244
|
+
"controller": "reporter",
|
245
|
+
},
|
246
|
+
}
|
236
247
|
|
237
248
|
is compiled to:
|
238
249
|
|
239
|
-
<script src='javascripts/script_9' type='text/javascript'></script>
|
250
|
+
<script src='javascripts/script_9' type='text/javascript' data-controller='reporter'></script>
|
240
251
|
|
241
252
|
#### `:class` and `:id` Attributes {#class-and-id-attributes}
|
242
253
|
|
@@ -517,6 +528,24 @@ and is compiled to:
|
|
517
528
|
</div>
|
518
529
|
</div>
|
519
530
|
|
531
|
+
#### Class Name Merging and Ordering
|
532
|
+
|
533
|
+
Class names are ordered in the following way:
|
534
|
+
|
535
|
+
1) Tag identifiers in order (aka, ".alert.me" => "alert me")
|
536
|
+
2) Classes appearing in HTML-style attributes
|
537
|
+
3) Classes appearing in Hash-style attributes
|
538
|
+
|
539
|
+
For instance, this is a complicated and unintuitive test case illustrating the ordering
|
540
|
+
|
541
|
+
.foo.moo{:class => ['bar', 'alpha']}(class='baz')
|
542
|
+
|
543
|
+
The resulting HTML would be as follows:
|
544
|
+
|
545
|
+
<div class='foo moo baz bar alpha'></div>
|
546
|
+
|
547
|
+
*Versions of Haml prior to 5.0 would alphabetically sort class names.*
|
548
|
+
|
520
549
|
### Empty (void) Tags: `/`
|
521
550
|
|
522
551
|
The forward slash character, when placed at the end of a tag definition, causes
|
@@ -853,7 +882,7 @@ is compiled to:
|
|
853
882
|
|
854
883
|
## Ruby Evaluation
|
855
884
|
|
856
|
-
### Inserting Ruby: `=`
|
885
|
+
### Inserting Ruby: `=` {#inserting_ruby}
|
857
886
|
|
858
887
|
The equals character is followed by Ruby code. This code is evaluated and the
|
859
888
|
output is inserted into the document. For example:
|
@@ -1323,7 +1352,7 @@ that just need a lot of template information.
|
|
1323
1352
|
So data structures and functions that require lots of arguments
|
1324
1353
|
can be wrapped over multiple lines,
|
1325
1354
|
as long as each line but the last ends in a comma
|
1326
|
-
(see [Inserting Ruby](#
|
1355
|
+
(see [Inserting Ruby](#inserting_ruby)).
|
1327
1356
|
|
1328
1357
|
## Whitespace Preservation
|
1329
1358
|
|
File without changes
|
@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
|
|
16
16
|
spec.license = "MIT"
|
17
17
|
spec.metadata = {
|
18
18
|
"bug_tracker_uri" => "https://github.com/haml/haml/issues",
|
19
|
-
"changelog_uri" => "https://github.com/haml/haml/blob/
|
19
|
+
"changelog_uri" => "https://github.com/haml/haml/blob/main/CHANGELOG.md",
|
20
20
|
"documentation_uri" => "http://haml.info/docs.html",
|
21
21
|
"homepage_uri" => "http://haml.info",
|
22
22
|
"mailing_list_uri" => "https://groups.google.com/forum/?fromgroups#!forum/haml",
|
@@ -32,6 +32,7 @@ Gem::Specification.new do |spec|
|
|
32
32
|
spec.add_development_dependency 'rbench'
|
33
33
|
spec.add_development_dependency 'minitest', '>= 4.0'
|
34
34
|
spec.add_development_dependency 'nokogiri'
|
35
|
+
spec.add_development_dependency 'simplecov'
|
35
36
|
|
36
37
|
spec.description = <<-END
|
37
38
|
Haml (HTML Abstraction Markup Language) is a layer on top of HTML or XML that's
|
@@ -6,6 +6,17 @@ module Haml
|
|
6
6
|
INVALID_ATTRIBUTE_NAME_REGEX = /[ \0"'>\/=]/
|
7
7
|
|
8
8
|
class << self
|
9
|
+
def build(class_id, obj_ref, is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, *attributes_hashes)
|
10
|
+
attributes = class_id
|
11
|
+
attributes_hashes.each do |old|
|
12
|
+
result = {}
|
13
|
+
old.each { |k, v| result[k.to_s] = v }
|
14
|
+
merge_attributes!(attributes, result)
|
15
|
+
end
|
16
|
+
merge_attributes!(attributes, parse_object_ref(obj_ref)) if obj_ref
|
17
|
+
build_attributes(is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, attributes)
|
18
|
+
end
|
19
|
+
|
9
20
|
def build_attributes(is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, attributes = {})
|
10
21
|
# @TODO this is an absolutely ridiculous amount of arguments. At least
|
11
22
|
# some of this needs to be moved into an instance method.
|
@@ -36,9 +47,9 @@ module Haml
|
|
36
47
|
|
37
48
|
value =
|
38
49
|
if escape_attrs == :once
|
39
|
-
Haml::Helpers.
|
50
|
+
Haml::Helpers.escape_once_without_haml_xss(value.to_s)
|
40
51
|
elsif escape_attrs
|
41
|
-
Haml::Helpers.
|
52
|
+
Haml::Helpers.html_escape_without_haml_xss(value.to_s)
|
42
53
|
else
|
43
54
|
value.to_s
|
44
55
|
end
|
@@ -126,7 +137,7 @@ module Haml
|
|
126
137
|
elsif key == 'class'
|
127
138
|
merged_class = filter_and_join(from, ' ')
|
128
139
|
if to && merged_class
|
129
|
-
merged_class = (
|
140
|
+
merged_class = (to.split(' ') | merged_class.split(' ')).join(' ')
|
130
141
|
elsif to || merged_class
|
131
142
|
merged_class ||= to
|
132
143
|
end
|
@@ -159,6 +170,50 @@ module Haml
|
|
159
170
|
hash.merge! flatten_data_attributes(v, joined, join_char, seen)
|
160
171
|
end
|
161
172
|
end
|
173
|
+
|
174
|
+
# Takes an array of objects and uses the class and id of the first
|
175
|
+
# one to create an attributes hash.
|
176
|
+
# The second object, if present, is used as a prefix,
|
177
|
+
# just like you can do with `dom_id()` and `dom_class()` in Rails
|
178
|
+
def parse_object_ref(ref)
|
179
|
+
prefix = ref[1]
|
180
|
+
ref = ref[0]
|
181
|
+
# Let's make sure the value isn't nil. If it is, return the default Hash.
|
182
|
+
return {} if ref.nil?
|
183
|
+
class_name =
|
184
|
+
if ref.respond_to?(:haml_object_ref)
|
185
|
+
ref.haml_object_ref
|
186
|
+
else
|
187
|
+
underscore(ref.class)
|
188
|
+
end
|
189
|
+
ref_id =
|
190
|
+
if ref.respond_to?(:to_key)
|
191
|
+
key = ref.to_key
|
192
|
+
key.join('_') unless key.nil?
|
193
|
+
else
|
194
|
+
ref.id
|
195
|
+
end
|
196
|
+
id = "#{class_name}_#{ref_id || 'new'}"
|
197
|
+
if prefix
|
198
|
+
class_name = "#{ prefix }_#{ class_name}"
|
199
|
+
id = "#{ prefix }_#{ id }"
|
200
|
+
end
|
201
|
+
|
202
|
+
{ 'id'.freeze => id, 'class'.freeze => class_name }
|
203
|
+
end
|
204
|
+
|
205
|
+
# Changes a word from camel case to underscores.
|
206
|
+
# Based on the method of the same name in Rails' Inflector,
|
207
|
+
# but copied here so it'll run properly without Rails.
|
208
|
+
def underscore(camel_cased_word)
|
209
|
+
word = camel_cased_word.to_s.dup
|
210
|
+
word.gsub!(/::/, '_')
|
211
|
+
word.gsub!(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
|
212
|
+
word.gsub!(/([a-z\d])([A-Z])/, '\1_\2')
|
213
|
+
word.tr!('-', '_')
|
214
|
+
word.downcase!
|
215
|
+
word
|
216
|
+
end
|
162
217
|
end
|
163
218
|
end
|
164
219
|
end
|