brakeman 5.1.0 → 5.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +26 -1
- data/README.md +1 -1
- data/bundle/load.rb +5 -5
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/CHANGELOG.md +8 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/FAQ.md +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/Gemfile +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/MIT-LICENSE +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/README.md +19 -13
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/REFERENCE.md +10 -3
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/TODO +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/haml.gemspec +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/attribute_builder.rb +55 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/attribute_compiler.rb +4 -2
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/attribute_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/buffer.rb +0 -56
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/compiler.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/error.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/escapable.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/exec.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/filters.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/generator.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/action_view_extensions.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/action_view_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/safe_erubi_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/safe_erubis_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/plugin.rb +18 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/railtie.rb +5 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/sass_rails_filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/template/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/temple_engine.rb +2 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/temple_line_counter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/util.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/version.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/yard/default/fulldoc/html/css/common.sass +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/yard/default/layout/html/footer.erb +0 -0
- data/bundle/ruby/2.7.0/gems/{parallel-1.20.1 → parallel-1.21.0}/MIT-LICENSE.txt +0 -0
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/processor_count.rb +45 -0
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +4 -0
- data/bundle/ruby/2.7.0/gems/{parallel-1.20.1 → parallel-1.21.0}/lib/parallel.rb +52 -43
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/History.rdoc +88 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/Manifest.txt +3 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/README.rdoc +1 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/compare/normalize.rb +6 -1
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/debugging.md +0 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/gauntlet.md +106 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/rp_extensions.rb +15 -36
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_stringscanner.rb +33 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb +7128 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby20_parser.y +335 -252
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb +7182 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby21_parser.y +330 -249
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb +7228 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby22_parser.y +334 -251
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb +7237 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0/lib/ruby26_parser.y → ruby_parser-3.18.1/lib/ruby23_parser.y} +336 -276
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb +7268 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby24_parser.y +334 -251
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb +7268 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0/lib/ruby30_parser.y → ruby_parser-3.18.1/lib/ruby25_parser.y} +335 -304
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb +7287 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0/lib/ruby27_parser.y → ruby_parser-3.18.1/lib/ruby26_parser.y} +334 -288
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb +8517 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0/lib/ruby_parser.yy → ruby_parser-3.18.1/lib/ruby27_parser.y} +906 -380
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb +8751 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.y +3472 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy +3476 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rb +261 -609
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rex +27 -20
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rex.rb +59 -23
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer_strings.rb +638 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.yy +3487 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_parser_extras.rb +296 -115
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/tools/munge.rb +34 -6
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/ripper.rb +44 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/History.rdoc +15 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/pt_testcase.rb +7 -2
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/sexp.rb +19 -9
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/sexp_matcher.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/strict_sexp.rb +25 -3
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/unique.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/CHANGELOG.md +4 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/MIT-LICENSE.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/README.md +1 -1
- data/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width/constants.rb +2 -2
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width/index.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width/string_ext.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width.rb +0 -0
- data/lib/brakeman/app_tree.rb +1 -1
- data/lib/brakeman/checks/base_check.rb +10 -0
- data/lib/brakeman/checks/check_eol_rails.rb +23 -0
- data/lib/brakeman/checks/check_eol_ruby.rb +26 -0
- data/lib/brakeman/checks/check_json_parsing.rb +1 -1
- data/lib/brakeman/checks/check_sql.rb +3 -2
- data/lib/brakeman/checks/check_symbol_dos.rb +1 -1
- data/lib/brakeman/checks/eol_check.rb +47 -0
- data/lib/brakeman/commandline.rb +1 -1
- data/lib/brakeman/options.rb +8 -0
- data/lib/brakeman/processors/alias_processor.rb +7 -1
- data/lib/brakeman/processors/gem_processor.rb +3 -0
- data/lib/brakeman/processors/haml_template_processor.rb +9 -0
- data/lib/brakeman/processors/lib/call_conversion_helper.rb +2 -0
- data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -0
- data/lib/brakeman/processors/model_processor.rb +1 -0
- data/lib/brakeman/report/ignore/config.rb +5 -5
- data/lib/brakeman/report/report_csv.rb +1 -1
- data/lib/brakeman/report/report_sarif.rb +2 -2
- data/lib/brakeman/report/report_text.rb +1 -1
- data/lib/brakeman/scanner.rb +15 -13
- data/lib/brakeman/tracker/config.rb +8 -1
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning_codes.rb +4 -0
- data/lib/brakeman.rb +6 -8
- data/lib/ruby_parser/bm_sexp.rb +11 -1
- metadata +105 -99
- data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/processor_count.rb +0 -42
- data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/version.rb +0 -3
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/rp_stringscanner.rb +0 -64
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby20_parser.rb +0 -7075
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby21_parser.rb +0 -7148
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby22_parser.rb +0 -7185
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby23_parser.rb +0 -7199
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby23_parser.y +0 -2643
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby24_parser.rb +0 -7219
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby25_parser.rb +0 -7218
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby25_parser.y +0 -2651
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby26_parser.rb +0 -7240
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby27_parser.rb +0 -7358
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.rb +0 -7358
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/tools/ripper.rb +0 -39
- data/bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/data/display_width.marshal.gz +0 -0
@@ -8,6 +8,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
|
8
8
|
HAML_HELPERS2 = s(:colon2, s(:colon3, :Haml), :Helpers)
|
9
9
|
JAVASCRIPT_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Javascript)
|
10
10
|
COFFEE_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Coffee)
|
11
|
+
ATTRIBUTE_BUILDER = s(:colon2, s(:colon3, :Haml), :AttributeBuilder)
|
11
12
|
|
12
13
|
def initialize *args
|
13
14
|
super
|
@@ -133,6 +134,8 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
|
133
134
|
|
134
135
|
get_pushed_value(exp.first_arg, default)
|
135
136
|
@javascript = false
|
137
|
+
elsif haml_attribute_builder? exp
|
138
|
+
ignore # probably safe... seems escaped by default?
|
136
139
|
else
|
137
140
|
add_output exp, default
|
138
141
|
end
|
@@ -154,6 +157,12 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
|
154
157
|
exp.method == :attributes
|
155
158
|
end
|
156
159
|
|
160
|
+
def haml_attribute_builder? exp
|
161
|
+
call? exp and
|
162
|
+
exp.target == ATTRIBUTE_BUILDER and
|
163
|
+
exp.method == :build
|
164
|
+
end
|
165
|
+
|
157
166
|
def fix_textareas? exp
|
158
167
|
call? exp and
|
159
168
|
exp.target == HAMLOUT and
|
@@ -78,6 +78,8 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BasicProcessor
|
|
78
78
|
|
79
79
|
#TODO: Need test for this
|
80
80
|
def process_root exp
|
81
|
+
return exp unless hash? exp.first_arg
|
82
|
+
|
81
83
|
if value = hash_access(exp.first_arg, :to)
|
82
84
|
if string? value
|
83
85
|
add_route_from_string value
|
@@ -100,14 +100,14 @@ module Brakeman
|
|
100
100
|
|
101
101
|
# Read configuration to file
|
102
102
|
def read_from_file file = @file
|
103
|
-
if File.exist? file
|
103
|
+
if File.exist? file
|
104
104
|
begin
|
105
105
|
@already_ignored = JSON.parse(File.read(file), :symbolize_names => true)[:ignored_warnings]
|
106
106
|
rescue => e
|
107
|
-
raise e, "\nError[#{e.class}] while reading brakeman ignore file: #{file
|
107
|
+
raise e, "\nError[#{e.class}] while reading brakeman ignore file: #{file}\n"
|
108
108
|
end
|
109
109
|
else
|
110
|
-
Brakeman.notify "[Notice] Could not find ignore configuration in #{file
|
110
|
+
Brakeman.notify "[Notice] Could not find ignore configuration in #{file}"
|
111
111
|
@already_ignored = []
|
112
112
|
end
|
113
113
|
|
@@ -126,7 +126,7 @@ module Brakeman
|
|
126
126
|
|
127
127
|
w[:note] = @notes[w[:fingerprint]] || ""
|
128
128
|
w
|
129
|
-
end.sort_by { |w| [w[:fingerprint], w[:line]] }
|
129
|
+
end.sort_by { |w| [w[:fingerprint], w[:line] || 0] }
|
130
130
|
|
131
131
|
output = {
|
132
132
|
:ignored_warnings => warnings,
|
@@ -134,7 +134,7 @@ module Brakeman
|
|
134
134
|
:brakeman_version => Brakeman::Version
|
135
135
|
}
|
136
136
|
|
137
|
-
File.open file
|
137
|
+
File.open file, "w" do |f|
|
138
138
|
f.puts JSON.pretty_generate(output)
|
139
139
|
end
|
140
140
|
end
|
@@ -17,7 +17,7 @@ class Brakeman::Report::CSV < Brakeman::Report::Base
|
|
17
17
|
]
|
18
18
|
|
19
19
|
rows = tracker.filtered_warnings.sort_by do |w|
|
20
|
-
[w.confidence, w.warning_type, w.file, w.line, w.fingerprint]
|
20
|
+
[w.confidence, w.warning_type, w.file, w.line || 0, w.fingerprint]
|
21
21
|
end.map do |warning|
|
22
22
|
generate_row(headers, warning)
|
23
23
|
end
|
@@ -80,7 +80,7 @@ class Brakeman::Report::SARIF < Brakeman::Report::Base
|
|
80
80
|
:location => {
|
81
81
|
:physicalLocation => {
|
82
82
|
:artifactLocation => {
|
83
|
-
:uri => @ignore_filter.file.relative,
|
83
|
+
:uri => Brakeman::FilePath.from_app_tree(@app_tree, @ignore_filter.file).relative,
|
84
84
|
:uriBaseId => '%SRCROOT%',
|
85
85
|
},
|
86
86
|
},
|
@@ -93,7 +93,7 @@ class Brakeman::Report::SARIF < Brakeman::Report::Base
|
|
93
93
|
end
|
94
94
|
end
|
95
95
|
|
96
|
-
# Returns a hash of all check descriptions, keyed by check
|
96
|
+
# Returns a hash of all check descriptions, keyed by check name
|
97
97
|
def check_descriptions
|
98
98
|
@check_descriptions ||= Brakeman::Checks.checks.map do |check|
|
99
99
|
[check.name.gsub(/^Check/, ''), check.description]
|
@@ -92,7 +92,7 @@ class Brakeman::Report::Text < Brakeman::Report::Base
|
|
92
92
|
HighLine.color("No warnings found", :bold, :green)
|
93
93
|
else
|
94
94
|
warnings = tracker.filtered_warnings.sort_by do |w|
|
95
|
-
[w.confidence, w.warning_type, w.file, w.line, w.fingerprint]
|
95
|
+
[w.confidence, w.warning_type, w.file, w.line || 0, w.fingerprint]
|
96
96
|
end.map do |w|
|
97
97
|
output_warning w
|
98
98
|
end
|
data/lib/brakeman/scanner.rb
CHANGED
@@ -40,32 +40,32 @@ class Brakeman::Scanner
|
|
40
40
|
|
41
41
|
#Process everything in the Rails application
|
42
42
|
def process
|
43
|
-
Brakeman.notify "Processing gems..."
|
43
|
+
Brakeman.notify "Processing gems... "
|
44
44
|
process_gems
|
45
45
|
guess_rails_version
|
46
|
-
Brakeman.notify "Processing configuration..."
|
46
|
+
Brakeman.notify "Processing configuration... "
|
47
47
|
process_config
|
48
|
-
Brakeman.notify "Parsing files..."
|
48
|
+
Brakeman.notify "Parsing files... "
|
49
49
|
parse_files
|
50
|
-
Brakeman.notify "Detecting file types..."
|
50
|
+
Brakeman.notify "Detecting file types... "
|
51
51
|
detect_file_types
|
52
|
-
Brakeman.notify "Processing initializers..."
|
52
|
+
Brakeman.notify "Processing initializers... "
|
53
53
|
process_initializers
|
54
|
-
Brakeman.notify "Processing libs..."
|
54
|
+
Brakeman.notify "Processing libs... "
|
55
55
|
process_libs
|
56
|
-
Brakeman.notify "Processing routes...
|
56
|
+
Brakeman.notify "Processing routes... "
|
57
57
|
process_routes
|
58
|
-
Brakeman.notify "Processing templates...
|
58
|
+
Brakeman.notify "Processing templates... "
|
59
59
|
process_templates
|
60
|
-
Brakeman.notify "Processing data flow in templates..."
|
60
|
+
Brakeman.notify "Processing data flow in templates... "
|
61
61
|
process_template_data_flows
|
62
|
-
Brakeman.notify "Processing models...
|
62
|
+
Brakeman.notify "Processing models... "
|
63
63
|
process_models
|
64
|
-
Brakeman.notify "Processing controllers...
|
64
|
+
Brakeman.notify "Processing controllers... "
|
65
65
|
process_controllers
|
66
66
|
Brakeman.notify "Processing data flow in controllers..."
|
67
67
|
process_controller_data_flows
|
68
|
-
Brakeman.notify "Indexing call sites...
|
68
|
+
Brakeman.notify "Indexing call sites... "
|
69
69
|
index_call_sites
|
70
70
|
tracker
|
71
71
|
end
|
@@ -137,7 +137,9 @@ class Brakeman::Scanner
|
|
137
137
|
end
|
138
138
|
|
139
139
|
if @app_tree.exists? ".ruby-version"
|
140
|
-
|
140
|
+
if version = @app_tree.file_path(".ruby-version").read[/(\d\.\d.\d+)/]
|
141
|
+
tracker.config.set_ruby_version version
|
142
|
+
end
|
141
143
|
end
|
142
144
|
|
143
145
|
tracker.config.load_rails_defaults
|
@@ -14,7 +14,7 @@ module Brakeman
|
|
14
14
|
@settings = {}
|
15
15
|
@escape_html = nil
|
16
16
|
@erubis = nil
|
17
|
-
@ruby_version =
|
17
|
+
@ruby_version = nil
|
18
18
|
@rails_version = nil
|
19
19
|
end
|
20
20
|
|
@@ -106,6 +106,13 @@ module Brakeman
|
|
106
106
|
tracker.options[:rails5] = true
|
107
107
|
tracker.options[:rails6] = true
|
108
108
|
Brakeman.notify "[Notice] Detected Rails 6 application"
|
109
|
+
elsif @rails_version.start_with? "7"
|
110
|
+
tracker.options[:rails3] = true
|
111
|
+
tracker.options[:rails4] = true
|
112
|
+
tracker.options[:rails5] = true
|
113
|
+
tracker.options[:rails6] = true
|
114
|
+
tracker.options[:rails7] = true
|
115
|
+
Brakeman.notify "[Notice] Detected Rails 7 application"
|
109
116
|
end
|
110
117
|
end
|
111
118
|
end
|
data/lib/brakeman/version.rb
CHANGED
@@ -121,6 +121,10 @@ module Brakeman::WarningCodes
|
|
121
121
|
:erb_template_injection => 117,
|
122
122
|
:http_verb_confusion => 118,
|
123
123
|
:unsafe_method_reflection => 119,
|
124
|
+
:eol_rails => 120,
|
125
|
+
:eol_ruby => 121,
|
126
|
+
:pending_eol_rails => 122,
|
127
|
+
:pending_eol_ruby => 123,
|
124
128
|
|
125
129
|
:custom_check => 9090,
|
126
130
|
}
|
data/lib/brakeman.rb
CHANGED
@@ -394,7 +394,7 @@ module Brakeman
|
|
394
394
|
if options[:parallel_checks]
|
395
395
|
notify "Running checks in parallel..."
|
396
396
|
else
|
397
|
-
notify "
|
397
|
+
notify "Running checks..."
|
398
398
|
end
|
399
399
|
|
400
400
|
tracker.run_checks
|
@@ -479,7 +479,7 @@ module Brakeman
|
|
479
479
|
$stderr.puts message if @debug
|
480
480
|
end
|
481
481
|
|
482
|
-
# Compare JSON
|
482
|
+
# Compare JSON output from a previous scan and return the diff of the two scans
|
483
483
|
def self.compare options
|
484
484
|
require 'json'
|
485
485
|
require 'brakeman/differ'
|
@@ -527,14 +527,12 @@ module Brakeman
|
|
527
527
|
|
528
528
|
# Returns an array of alert fingerprints for any ignored warnings without
|
529
529
|
# notes found in the specified ignore file (if it exists).
|
530
|
-
def self.ignore_file_entries_with_empty_notes file
|
530
|
+
def self.ignore_file_entries_with_empty_notes file
|
531
531
|
return [] unless file
|
532
532
|
|
533
533
|
require 'brakeman/report/ignore/config'
|
534
534
|
|
535
|
-
|
536
|
-
|
537
|
-
config = IgnoreConfig.new(Brakeman::FilePath.from_app_tree(app_tree, file), nil)
|
535
|
+
config = IgnoreConfig.new(file, nil)
|
538
536
|
config.read_from_file
|
539
537
|
config.already_ignored_entries_with_empty_notes.map { |i| i[:fingerprint] }
|
540
538
|
end
|
@@ -545,9 +543,9 @@ module Brakeman
|
|
545
543
|
app_tree = Brakeman::AppTree.from_options(options)
|
546
544
|
|
547
545
|
if options[:ignore_file]
|
548
|
-
file =
|
546
|
+
file = options[:ignore_file]
|
549
547
|
elsif app_tree.exists? "config/brakeman.ignore"
|
550
|
-
file =
|
548
|
+
file = app_tree.expand_path("config/brakeman.ignore")
|
551
549
|
elsif not options[:interactive_ignore]
|
552
550
|
return
|
553
551
|
end
|
data/lib/ruby_parser/bm_sexp.rb
CHANGED
@@ -544,7 +544,7 @@ class Sexp
|
|
544
544
|
end
|
545
545
|
|
546
546
|
# Number of "statements" in a method.
|
547
|
-
# This is more
|
547
|
+
# This is more efficient than `Sexp#body.length`
|
548
548
|
# because `Sexp#body` creates a new Sexp.
|
549
549
|
def method_length
|
550
550
|
expect :defn, :defs
|
@@ -642,4 +642,14 @@ end
|
|
642
642
|
RUBY
|
643
643
|
end
|
644
644
|
|
645
|
+
class String
|
646
|
+
##
|
647
|
+
# This is a hack used by the lexer to sneak in line numbers at the
|
648
|
+
# identifier level. This should be MUCH smaller than making
|
649
|
+
# process_token return [value, lineno] and modifying EVERYTHING that
|
650
|
+
# reduces tIDENTIFIER.
|
651
|
+
|
652
|
+
attr_accessor :lineno
|
653
|
+
end
|
654
|
+
|
645
655
|
class WrongSexpError < RuntimeError; end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.1
|
4
|
+
version: 5.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-30 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
14
14
|
via static analysis.
|
@@ -56,46 +56,46 @@ files:
|
|
56
56
|
- bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/tiny.rb
|
57
57
|
- bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/util.rb
|
58
58
|
- bundle/ruby/2.7.0/gems/erubis-2.7.0/setup.rb
|
59
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
60
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
61
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
62
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
63
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
64
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
65
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
66
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
67
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
68
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
69
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
70
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
71
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
72
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
73
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
74
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
75
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
76
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
77
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
78
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
79
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
80
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
81
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
82
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
83
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
84
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
85
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
86
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
87
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
88
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
89
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
90
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
91
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
92
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
93
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
94
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
95
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
96
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
97
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
98
|
-
- bundle/ruby/2.7.0/gems/haml-5.2.
|
59
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/CHANGELOG.md
|
60
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/FAQ.md
|
61
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/Gemfile
|
62
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/MIT-LICENSE
|
63
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/README.md
|
64
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/REFERENCE.md
|
65
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/TODO
|
66
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/haml.gemspec
|
67
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml.rb
|
68
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/attribute_builder.rb
|
69
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/attribute_compiler.rb
|
70
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/attribute_parser.rb
|
71
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/buffer.rb
|
72
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/compiler.rb
|
73
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/engine.rb
|
74
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/error.rb
|
75
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/escapable.rb
|
76
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/exec.rb
|
77
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/filters.rb
|
78
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/generator.rb
|
79
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers.rb
|
80
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/action_view_extensions.rb
|
81
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/action_view_mods.rb
|
82
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/action_view_xss_mods.rb
|
83
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/safe_erubi_template.rb
|
84
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/safe_erubis_template.rb
|
85
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/xss_mods.rb
|
86
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/options.rb
|
87
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/parser.rb
|
88
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/plugin.rb
|
89
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/railtie.rb
|
90
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/sass_rails_filter.rb
|
91
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/template.rb
|
92
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/template/options.rb
|
93
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/temple_engine.rb
|
94
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/temple_line_counter.rb
|
95
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/util.rb
|
96
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/version.rb
|
97
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/yard/default/fulldoc/html/css/common.sass
|
98
|
+
- bundle/ruby/2.7.0/gems/haml-5.2.2/yard/default/layout/html/footer.erb
|
99
99
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/AUTHORS
|
100
100
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/COPYING
|
101
101
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/Changelog.md
|
@@ -132,10 +132,10 @@ files:
|
|
132
132
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb
|
133
133
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/version.rb
|
134
134
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb
|
135
|
-
- bundle/ruby/2.7.0/gems/parallel-1.
|
136
|
-
- bundle/ruby/2.7.0/gems/parallel-1.
|
137
|
-
- bundle/ruby/2.7.0/gems/parallel-1.
|
138
|
-
- bundle/ruby/2.7.0/gems/parallel-1.
|
135
|
+
- bundle/ruby/2.7.0/gems/parallel-1.21.0/MIT-LICENSE.txt
|
136
|
+
- bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel.rb
|
137
|
+
- bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/processor_count.rb
|
138
|
+
- bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb
|
139
139
|
- bundle/ruby/2.7.0/gems/rexml-3.2.5/LICENSE.txt
|
140
140
|
- bundle/ruby/2.7.0/gems/rexml-3.2.5/NEWS.md
|
141
141
|
- bundle/ruby/2.7.0/gems/rexml-3.2.5/README.md
|
@@ -193,39 +193,42 @@ files:
|
|
193
193
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
|
194
194
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
|
195
195
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb
|
196
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
197
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
198
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
199
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
200
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
201
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
202
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
203
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
204
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
205
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
206
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
207
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
208
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
209
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
210
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
211
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
212
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
213
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
214
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
215
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
216
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
217
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
218
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
219
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
220
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
221
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
222
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
223
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
224
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
225
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
226
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
227
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
228
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
196
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/History.rdoc
|
197
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/Manifest.txt
|
198
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/README.rdoc
|
199
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/compare/normalize.rb
|
200
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/debugging.md
|
201
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/gauntlet.md
|
202
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_extensions.rb
|
203
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_stringscanner.rb
|
204
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb
|
205
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.y
|
206
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb
|
207
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.y
|
208
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb
|
209
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.y
|
210
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb
|
211
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.y
|
212
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb
|
213
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.y
|
214
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb
|
215
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.y
|
216
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb
|
217
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.y
|
218
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb
|
219
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.y
|
220
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb
|
221
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.y
|
222
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy
|
223
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rb
|
224
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rex
|
225
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rex.rb
|
226
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer_strings.rb
|
227
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.rb
|
228
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.yy
|
229
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser_extras.rb
|
230
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/munge.rb
|
231
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/ripper.rb
|
229
232
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/History.rdoc
|
230
233
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt
|
231
234
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/README.rdoc
|
@@ -270,16 +273,16 @@ files:
|
|
270
273
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
|
271
274
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
|
272
275
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
|
273
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
274
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
275
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
276
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
277
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
278
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
279
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
280
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
281
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
282
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.
|
276
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/History.rdoc
|
277
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/Manifest.txt
|
278
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/README.rdoc
|
279
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/composite_sexp_processor.rb
|
280
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/pt_testcase.rb
|
281
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp.rb
|
282
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_matcher.rb
|
283
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_processor.rb
|
284
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/strict_sexp.rb
|
285
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/unique.rb
|
283
286
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
|
284
287
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
|
285
288
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE
|
@@ -422,15 +425,15 @@ files:
|
|
422
425
|
- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/typescript.rb
|
423
426
|
- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/wikicloth.rb
|
424
427
|
- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/yajl.rb
|
425
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
426
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
427
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
428
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
429
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
430
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
431
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
432
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
433
|
-
- bundle/ruby/2.7.0/gems/unicode-display_width-1.
|
428
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/CHANGELOG.md
|
429
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt
|
430
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/README.md
|
431
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz
|
432
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width.rb
|
433
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width/constants.rb
|
434
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width/index.rb
|
435
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width/no_string_ext.rb
|
436
|
+
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width/string_ext.rb
|
434
437
|
- lib/brakeman.rb
|
435
438
|
- lib/brakeman/app_tree.rb
|
436
439
|
- lib/brakeman/call_index.rb
|
@@ -449,6 +452,8 @@ files:
|
|
449
452
|
- lib/brakeman/checks/check_digest_dos.rb
|
450
453
|
- lib/brakeman/checks/check_divide_by_zero.rb
|
451
454
|
- lib/brakeman/checks/check_dynamic_finders.rb
|
455
|
+
- lib/brakeman/checks/check_eol_rails.rb
|
456
|
+
- lib/brakeman/checks/check_eol_ruby.rb
|
452
457
|
- lib/brakeman/checks/check_escape_function.rb
|
453
458
|
- lib/brakeman/checks/check_evaluation.rb
|
454
459
|
- lib/brakeman/checks/check_execute.rb
|
@@ -515,6 +520,7 @@ files:
|
|
515
520
|
- lib/brakeman/checks/check_without_protection.rb
|
516
521
|
- lib/brakeman/checks/check_xml_dos.rb
|
517
522
|
- lib/brakeman/checks/check_yaml_parsing.rb
|
523
|
+
- lib/brakeman/checks/eol_check.rb
|
518
524
|
- lib/brakeman/codeclimate/engine_configuration.rb
|
519
525
|
- lib/brakeman/commandline.rb
|
520
526
|
- lib/brakeman/differ.rb
|
@@ -630,7 +636,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
630
636
|
requirements:
|
631
637
|
- - ">="
|
632
638
|
- !ruby/object:Gem::Version
|
633
|
-
version: 2.
|
639
|
+
version: 2.5.0
|
634
640
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
635
641
|
requirements:
|
636
642
|
- - ">="
|
@@ -1,42 +0,0 @@
|
|
1
|
-
require 'etc'
|
2
|
-
|
3
|
-
module Parallel
|
4
|
-
# TODO: inline this method into parallel.rb and kill physical_processor_count in next major release
|
5
|
-
module ProcessorCount
|
6
|
-
# Number of processors seen by the OS, used for process scheduling
|
7
|
-
def processor_count
|
8
|
-
@processor_count ||= Integer(ENV['PARALLEL_PROCESSOR_COUNT'] || Etc.nprocessors)
|
9
|
-
end
|
10
|
-
|
11
|
-
# Number of physical processor cores on the current system.
|
12
|
-
def physical_processor_count
|
13
|
-
@physical_processor_count ||= begin
|
14
|
-
ppc = case RbConfig::CONFIG["target_os"]
|
15
|
-
when /darwin1/
|
16
|
-
IO.popen("/usr/sbin/sysctl -n hw.physicalcpu").read.to_i
|
17
|
-
when /linux/
|
18
|
-
cores = {} # unique physical ID / core ID combinations
|
19
|
-
phy = 0
|
20
|
-
IO.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
|
21
|
-
if ln.start_with?("physical")
|
22
|
-
phy = ln[/\d+/]
|
23
|
-
elsif ln.start_with?("core")
|
24
|
-
cid = phy + ":" + ln[/\d+/]
|
25
|
-
cores[cid] = true if not cores[cid]
|
26
|
-
end
|
27
|
-
end
|
28
|
-
cores.count
|
29
|
-
when /mswin|mingw/
|
30
|
-
require 'win32ole'
|
31
|
-
result_set = WIN32OLE.connect("winmgmts://").ExecQuery(
|
32
|
-
"select NumberOfCores from Win32_Processor")
|
33
|
-
result_set.to_enum.collect(&:NumberOfCores).reduce(:+)
|
34
|
-
else
|
35
|
-
processor_count
|
36
|
-
end
|
37
|
-
# fall back to logical count if physical info is invalid
|
38
|
-
ppc > 0 ? ppc : processor_count
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|