brakeman 5.0.1 → 5.0.4

data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.1 → ruby_parser-3.16.0}/lib/ruby_parser.rb

@@ -79,10 +79,12 @@ require "ruby24_parser"
 require "ruby25_parser"
 require "ruby26_parser"
 require "ruby27_parser"
+require "ruby30_parser"
 
 class RubyParser # HACK
   VERSIONS.clear # also a HACK caused by racc namespace issues
 
+  class V30 < ::Ruby30Parser; end
   class V27 < ::Ruby27Parser; end
   class V26 < ::Ruby26Parser; end
   class V25 < ::Ruby25Parser; end

data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.1 → ruby_parser-3.16.0}/lib/ruby_parser.yy

@@ -16,6 +16,8 @@ class Ruby25Parser
 class Ruby26Parser
 #elif V == 27
 class Ruby27Parser
+#elif V == 30
+class Ruby30Parser
 #else
 fail "version not specified or supported on code generation"
 #endif

data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.1 → ruby_parser-3.16.0}/lib/ruby_parser_extras.rb

@@ -29,7 +29,7 @@ class Sexp
 end
 
 module RubyParserStuff
-  VERSION = "3.15.1"
+  VERSION = "3.16.0"
 
   attr_accessor :lexer, :in_def, :in_single, :file
   attr_accessor :in_kwarg
@@ -115,7 +115,7 @@ module RubyParserStuff
   def initialize(options = {})
     super()
 
-    v = self.class.name[/2\d/]
+    v = self.class.name[/[23]\d/]
     raise "Bad Class name #{self.class}" unless v
 
     self.lexer = RubyLexer.new v && v.to_i

data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.2 → sexp_processor-4.15.3}/History.rdoc

@@ -1,3 +1,9 @@
+=== 4.15.3 / 2021-05-15
+
+* 1 minor enhancement:
+
+  * Added 3.0 to pt_testcase.rb
+
 === 4.15.2 / 2021-01-10
 
 * 1 bug fix:

data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.2 → sexp_processor-4.15.3}/lib/pt_testcase.rb

@@ -77,7 +77,7 @@ class ParseTreeTestCase < Minitest::Test
   end
 
   def self.add_19tests name, hash
-    add_tests "#{name}__19_20_21_22_23_24_25_26_27", hash # HACK?
+    add_tests "#{name}__19_20_21_22_23_24_25_26_27_30", hash # HACK?
   end
 
   def self.add_19edgecases ruby, sexp, cases
@@ -102,7 +102,7 @@ class ParseTreeTestCase < Minitest::Test
     testcases[verbose][klass] = testcases[nonverbose][klass]
   end
 
-  VER_RE = "(1[89]|2[01234567])"
+  VER_RE = "(1[89]|2[01234567]|3[0])"
 
   def self.generate_test klass, node, data, input_name, output_name
     klass.send :define_method, "test_#{node}" do

data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.2 → sexp_processor-4.15.3}/lib/sexp_processor.rb

@@ -34,7 +34,7 @@ require "sexp"
 class SexpProcessor
 
   # duh
-  VERSION = "4.15.2"
+  VERSION = "4.15.3"
 
   ##
   # Automatically shifts off the Sexp type before handing the

data/lib/brakeman/checks/check_sanitize_methods.rb

@@ -90,7 +90,8 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
   def loofah_vulnerable_cve_2018_8048?
     loofah_version = tracker.config.gem_version(:loofah)
 
-    loofah_version and loofah_version < "2.2.1"
+    # 2.2.1 is fix version
+    loofah_version and version_between?("0.0.0", "2.2.0", loofah_version)
   end
 
   def warn_sanitizer_cve cve, link, upgrade_version

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "5.0.1"
+  Version = "5.0.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman
 version: !ruby/object:Gem::Version
-  version: 5.0.1
+  version: 5.0.4
 platform: ruby
 authors:
 - Justin Collins
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-28 00:00:00.000000000 Z
+date: 2021-06-08 00:00:00.000000000 Z
 dependencies: []
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications
   via static analysis.
@@ -189,37 +189,39 @@ files:
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/History.rdoc
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/Manifest.txt
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/README.rdoc
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/compare/normalize.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/debugging.md
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/rp_extensions.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/rp_stringscanner.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby20_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby20_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby21_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby21_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby22_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby22_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby23_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby23_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby24_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby24_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby25_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby25_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby26_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby26_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby27_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby27_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_lexer.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_lexer.rex
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_lexer.rex.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_parser.yy
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/lib/ruby_parser_extras.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/tools/munge.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.15.1/tools/ripper.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/History.rdoc
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/Manifest.txt
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/README.rdoc
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/compare/normalize.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/debugging.md
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/rp_extensions.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/rp_stringscanner.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby20_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby20_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby21_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby21_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby22_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby22_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby23_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby23_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby24_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby24_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby25_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby25_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby26_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby26_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby27_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby27_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_lexer.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_lexer.rex
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_lexer.rex.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_parser.yy
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_parser_extras.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/tools/munge.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/tools/ripper.rb
 - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/History.rdoc
 - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt
 - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/README.rdoc
@@ -264,16 +266,16 @@ files:
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/History.rdoc
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/Manifest.txt
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/README.rdoc
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/lib/composite_sexp_processor.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/lib/pt_testcase.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/lib/sexp.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/lib/sexp_matcher.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/lib/sexp_processor.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/lib/strict_sexp.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.15.2/lib/unique.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/History.rdoc
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/Manifest.txt
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/README.rdoc
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/composite_sexp_processor.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/pt_testcase.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/sexp.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/sexp_matcher.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/sexp_processor.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/strict_sexp.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/unique.rb
 - bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
 - bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
 - bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE