brakeman 4.8.2 → 4.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (106) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +24 -0
  3. data/bundle/load.rb +3 -3
  4. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/History.rdoc +35 -0
  5. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/Manifest.txt +2 -0
  6. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/README.rdoc +0 -0
  7. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/compare/normalize.rb +43 -3
  8. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/debugging.md +57 -0
  9. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/rp_extensions.rb +0 -0
  10. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/rp_stringscanner.rb +0 -0
  11. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby20_parser.rb +7062 -0
  12. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby20_parser.y +91 -58
  13. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby21_parser.rb +2603 -2576
  14. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby21_parser.y +91 -58
  15. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby22_parser.rb +7160 -0
  16. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby22_parser.y +91 -58
  17. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby23_parser.rb +7175 -0
  18. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby23_parser.y +91 -58
  19. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby24_parser.rb +7204 -0
  20. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby24_parser.y +91 -58
  21. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2/lib/ruby23_parser.rb → ruby_parser-3.15.0/lib/ruby25_parser.rb} +2867 -2826
  22. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby25_parser.y +91 -58
  23. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2/lib/ruby25_parser.rb → ruby_parser-3.15.0/lib/ruby26_parser.rb} +2432 -2383
  24. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby26_parser.y +91 -58
  25. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2/lib/ruby24_parser.rb → ruby_parser-3.15.0/lib/ruby27_parser.rb} +2432 -2383
  26. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby27_parser.y +2657 -0
  27. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby_lexer.rb +72 -40
  28. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby_lexer.rex +5 -6
  29. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby_lexer.rex.rb +6 -8
  30. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby_parser.rb +2 -0
  31. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby_parser.yy +93 -58
  32. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/lib/ruby_parser_extras.rb +49 -16
  33. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/tools/munge.rb +9 -4
  34. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.14.2 → ruby_parser-3.15.0}/tools/ripper.rb +0 -0
  35. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/History.rdoc +12 -0
  36. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/Manifest.txt +0 -0
  37. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/README.rdoc +0 -0
  38. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/lib/composite_sexp_processor.rb +0 -0
  39. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/lib/pt_testcase.rb +2 -2
  40. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/lib/sexp.rb +0 -0
  41. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/lib/sexp_matcher.rb +4 -7
  42. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/lib/sexp_processor.rb +1 -1
  43. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/lib/strict_sexp.rb +0 -0
  44. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.14.1 → sexp_processor-4.15.1}/lib/unique.rb +0 -0
  45. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/CHANGES +4 -0
  46. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/Gemfile +12 -13
  47. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/LICENSE +0 -0
  48. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/README.jp.md +0 -0
  49. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/README.md +0 -0
  50. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim.rb +0 -0
  51. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/code_attributes.rb +0 -0
  52. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/command.rb +13 -13
  53. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/controls.rb +0 -0
  54. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/do_inserter.rb +0 -0
  55. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/embedded.rb +0 -0
  56. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/end_inserter.rb +0 -0
  57. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/engine.rb +0 -0
  58. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/erb_converter.rb +0 -0
  59. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/filter.rb +0 -0
  60. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/grammar.rb +0 -0
  61. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/include.rb +0 -0
  62. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/interpolation.rb +0 -0
  63. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/logic_less.rb +0 -0
  64. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/logic_less/context.rb +0 -0
  65. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/logic_less/filter.rb +0 -0
  66. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/parser.rb +1 -1
  67. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/smart.rb +0 -0
  68. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/smart/escaper.rb +0 -0
  69. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/smart/filter.rb +0 -0
  70. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/smart/parser.rb +0 -0
  71. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/splat/builder.rb +0 -0
  72. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/splat/filter.rb +0 -0
  73. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/template.rb +0 -0
  74. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/translator.rb +0 -0
  75. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/lib/slim/version.rb +1 -1
  76. data/bundle/ruby/2.7.0/gems/{slim-4.0.1 → slim-4.1.0}/slim.gemspec +0 -0
  77. data/lib/brakeman.rb +20 -0
  78. data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +28 -0
  79. data/lib/brakeman/checks/check_deserialize.rb +21 -1
  80. data/lib/brakeman/checks/check_mass_assignment.rb +19 -4
  81. data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
  82. data/lib/brakeman/checks/check_model_attributes.rb +1 -1
  83. data/lib/brakeman/checks/check_permit_attributes.rb +1 -1
  84. data/lib/brakeman/checks/check_skip_before_filter.rb +4 -4
  85. data/lib/brakeman/checks/check_sql.rb +1 -1
  86. data/lib/brakeman/checks/check_template_injection.rb +32 -0
  87. data/lib/brakeman/commandline.rb +25 -1
  88. data/lib/brakeman/options.rb +5 -1
  89. data/lib/brakeman/processors/alias_processor.rb +2 -3
  90. data/lib/brakeman/processors/lib/call_conversion_helper.rb +1 -1
  91. data/lib/brakeman/processors/lib/find_all_calls.rb +27 -12
  92. data/lib/brakeman/report.rb +7 -0
  93. data/lib/brakeman/report/ignore/config.rb +4 -0
  94. data/lib/brakeman/report/report_sarif.rb +114 -0
  95. data/lib/brakeman/scanner.rb +4 -1
  96. data/lib/brakeman/tracker.rb +3 -1
  97. data/lib/brakeman/tracker/config.rb +3 -1
  98. data/lib/brakeman/tracker/constants.rb +8 -7
  99. data/lib/brakeman/util.rb +16 -0
  100. data/lib/brakeman/version.rb +1 -1
  101. data/lib/brakeman/warning_codes.rb +2 -0
  102. metadata +78 -73
  103. data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/debugging.md +0 -18
  104. data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby20_parser.rb +0 -7042
  105. data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby22_parser.rb +0 -7146
  106. data/bundle/ruby/2.7.0/gems/ruby_parser-3.14.2/lib/ruby26_parser.rb +0 -7195

There are too many changes on this page to be displayed.

The amount of changes on this page would crash your brower.

You can still verify the content by downloading the gem file manually.