brakeman 5.1.0 → 5.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (146) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +26 -1
  3. data/README.md +1 -1
  4. data/bundle/load.rb +5 -5
  5. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/CHANGELOG.md +8 -0
  6. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/FAQ.md +0 -0
  7. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/Gemfile +0 -0
  8. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/MIT-LICENSE +0 -0
  9. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/README.md +19 -13
  10. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/REFERENCE.md +10 -3
  11. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/TODO +0 -0
  12. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/haml.gemspec +0 -0
  13. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/attribute_builder.rb +55 -0
  14. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/attribute_compiler.rb +4 -2
  15. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/attribute_parser.rb +0 -0
  16. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/buffer.rb +0 -56
  17. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/compiler.rb +0 -0
  18. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/engine.rb +0 -0
  19. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/error.rb +0 -0
  20. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/escapable.rb +0 -0
  21. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/exec.rb +0 -0
  22. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/filters.rb +0 -0
  23. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/generator.rb +0 -0
  24. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/action_view_extensions.rb +0 -0
  25. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/action_view_mods.rb +0 -0
  26. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
  27. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/safe_erubi_template.rb +0 -0
  28. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/safe_erubis_template.rb +0 -0
  29. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers/xss_mods.rb +0 -0
  30. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/helpers.rb +0 -0
  31. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/options.rb +0 -0
  32. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/parser.rb +0 -0
  33. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/plugin.rb +18 -1
  34. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/railtie.rb +5 -0
  35. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/sass_rails_filter.rb +0 -0
  36. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/template/options.rb +0 -0
  37. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/template.rb +0 -0
  38. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/temple_engine.rb +2 -1
  39. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/temple_line_counter.rb +0 -0
  40. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/util.rb +0 -0
  41. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/version.rb +1 -1
  42. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml.rb +0 -0
  43. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/yard/default/fulldoc/html/css/common.sass +0 -0
  44. data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/yard/default/layout/html/footer.erb +0 -0
  45. data/bundle/ruby/2.7.0/gems/{parallel-1.20.1 → parallel-1.21.0}/MIT-LICENSE.txt +0 -0
  46. data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/processor_count.rb +45 -0
  47. data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +4 -0
  48. data/bundle/ruby/2.7.0/gems/{parallel-1.20.1 → parallel-1.21.0}/lib/parallel.rb +52 -43
  49. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/History.rdoc +88 -0
  50. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/Manifest.txt +3 -0
  51. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/README.rdoc +1 -0
  52. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/compare/normalize.rb +6 -1
  53. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/debugging.md +0 -0
  54. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/gauntlet.md +106 -0
  55. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/rp_extensions.rb +15 -36
  56. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_stringscanner.rb +33 -0
  57. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb +7128 -0
  58. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby20_parser.y +335 -252
  59. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb +7182 -0
  60. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby21_parser.y +330 -249
  61. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb +7228 -0
  62. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby22_parser.y +334 -251
  63. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb +7237 -0
  64. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0/lib/ruby26_parser.y → ruby_parser-3.18.1/lib/ruby23_parser.y} +336 -276
  65. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb +7268 -0
  66. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby24_parser.y +334 -251
  67. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb +7268 -0
  68. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0/lib/ruby30_parser.y → ruby_parser-3.18.1/lib/ruby25_parser.y} +335 -304
  69. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb +7287 -0
  70. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0/lib/ruby27_parser.y → ruby_parser-3.18.1/lib/ruby26_parser.y} +334 -288
  71. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb +8517 -0
  72. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0/lib/ruby_parser.yy → ruby_parser-3.18.1/lib/ruby27_parser.y} +906 -380
  73. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb +8751 -0
  74. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.y +3472 -0
  75. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy +3476 -0
  76. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rb +261 -609
  77. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rex +27 -20
  78. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rex.rb +59 -23
  79. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer_strings.rb +638 -0
  80. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_parser.rb +0 -0
  81. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.yy +3487 -0
  82. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/lib/ruby_parser_extras.rb +296 -115
  83. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.16.0 → ruby_parser-3.18.1}/tools/munge.rb +34 -6
  84. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/ripper.rb +44 -0
  85. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/History.rdoc +15 -0
  86. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/Manifest.txt +0 -0
  87. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/README.rdoc +0 -0
  88. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/composite_sexp_processor.rb +0 -0
  89. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/pt_testcase.rb +7 -2
  90. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/sexp.rb +19 -9
  91. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/sexp_matcher.rb +0 -0
  92. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/sexp_processor.rb +1 -1
  93. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/strict_sexp.rb +25 -3
  94. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.3 → sexp_processor-4.16.0}/lib/unique.rb +0 -0
  95. data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/CHANGELOG.md +4 -0
  96. data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/MIT-LICENSE.txt +0 -0
  97. data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/README.md +1 -1
  98. data/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz +0 -0
  99. data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width/constants.rb +2 -2
  100. data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width/index.rb +0 -0
  101. data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
  102. data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width/string_ext.rb +0 -0
  103. data/bundle/ruby/2.7.0/gems/{unicode-display_width-1.7.0 → unicode-display_width-1.8.0}/lib/unicode/display_width.rb +0 -0
  104. data/lib/brakeman/app_tree.rb +1 -1
  105. data/lib/brakeman/checks/base_check.rb +10 -0
  106. data/lib/brakeman/checks/check_eol_rails.rb +23 -0
  107. data/lib/brakeman/checks/check_eol_ruby.rb +26 -0
  108. data/lib/brakeman/checks/check_json_parsing.rb +1 -1
  109. data/lib/brakeman/checks/check_sql.rb +3 -2
  110. data/lib/brakeman/checks/check_symbol_dos.rb +1 -1
  111. data/lib/brakeman/checks/eol_check.rb +47 -0
  112. data/lib/brakeman/commandline.rb +1 -1
  113. data/lib/brakeman/options.rb +8 -0
  114. data/lib/brakeman/processors/alias_processor.rb +7 -1
  115. data/lib/brakeman/processors/gem_processor.rb +3 -0
  116. data/lib/brakeman/processors/haml_template_processor.rb +9 -0
  117. data/lib/brakeman/processors/lib/call_conversion_helper.rb +2 -0
  118. data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -0
  119. data/lib/brakeman/processors/model_processor.rb +1 -0
  120. data/lib/brakeman/report/ignore/config.rb +5 -5
  121. data/lib/brakeman/report/report_csv.rb +1 -1
  122. data/lib/brakeman/report/report_sarif.rb +2 -2
  123. data/lib/brakeman/report/report_text.rb +1 -1
  124. data/lib/brakeman/scanner.rb +15 -13
  125. data/lib/brakeman/tracker/config.rb +8 -1
  126. data/lib/brakeman/version.rb +1 -1
  127. data/lib/brakeman/warning_codes.rb +4 -0
  128. data/lib/brakeman.rb +6 -8
  129. data/lib/ruby_parser/bm_sexp.rb +11 -1
  130. metadata +105 -99
  131. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/processor_count.rb +0 -42
  132. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/version.rb +0 -3
  133. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/rp_stringscanner.rb +0 -64
  134. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby20_parser.rb +0 -7075
  135. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby21_parser.rb +0 -7148
  136. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby22_parser.rb +0 -7185
  137. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby23_parser.rb +0 -7199
  138. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby23_parser.y +0 -2643
  139. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby24_parser.rb +0 -7219
  140. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby25_parser.rb +0 -7218
  141. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby25_parser.y +0 -2651
  142. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby26_parser.rb +0 -7240
  143. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby27_parser.rb +0 -7358
  144. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.rb +0 -7358
  145. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/tools/ripper.rb +0 -39
  146. data/bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/data/display_width.marshal.gz +0 -0
@@ -8,6 +8,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
8
8
  HAML_HELPERS2 = s(:colon2, s(:colon3, :Haml), :Helpers)
9
9
  JAVASCRIPT_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Javascript)
10
10
  COFFEE_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Coffee)
11
+ ATTRIBUTE_BUILDER = s(:colon2, s(:colon3, :Haml), :AttributeBuilder)
11
12
 
12
13
  def initialize *args
13
14
  super
@@ -133,6 +134,8 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
133
134
 
134
135
  get_pushed_value(exp.first_arg, default)
135
136
  @javascript = false
137
+ elsif haml_attribute_builder? exp
138
+ ignore # probably safe... seems escaped by default?
136
139
  else
137
140
  add_output exp, default
138
141
  end
@@ -154,6 +157,12 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
154
157
  exp.method == :attributes
155
158
  end
156
159
 
160
+ def haml_attribute_builder? exp
161
+ call? exp and
162
+ exp.target == ATTRIBUTE_BUILDER and
163
+ exp.method == :build
164
+ end
165
+
157
166
  def fix_textareas? exp
158
167
  call? exp and
159
168
  exp.target == HAMLOUT and
@@ -89,6 +89,8 @@ module Brakeman
89
89
  end
90
90
  end
91
91
 
92
+ # You must check the return value for `nil`s -
93
+ # which indicate a key could not be found.
92
94
  def hash_values_at hash, keys
93
95
  values = keys.map do |key|
94
96
  process_hash_access hash, key
@@ -78,6 +78,8 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BasicProcessor
78
78
 
79
79
  #TODO: Need test for this
80
80
  def process_root exp
81
+ return exp unless hash? exp.first_arg
82
+
81
83
  if value = hash_access(exp.first_arg, :to)
82
84
  if string? value
83
85
  add_route_from_string value
@@ -93,6 +93,7 @@ class Brakeman::ModelProcessor < Brakeman::BaseProcessor
93
93
  def add_enum_method call
94
94
  arg = call.first_arg
95
95
  return unless hash? arg
96
+ return unless symbol? arg[1]
96
97
 
97
98
  enum_name = arg[1].value # first key
98
99
  enums = arg[2] # first value
@@ -100,14 +100,14 @@ module Brakeman
100
100
 
101
101
  # Read configuration to file
102
102
  def read_from_file file = @file
103
- if File.exist? file.absolute
103
+ if File.exist? file
104
104
  begin
105
105
  @already_ignored = JSON.parse(File.read(file), :symbolize_names => true)[:ignored_warnings]
106
106
  rescue => e
107
- raise e, "\nError[#{e.class}] while reading brakeman ignore file: #{file.relative}\n"
107
+ raise e, "\nError[#{e.class}] while reading brakeman ignore file: #{file}\n"
108
108
  end
109
109
  else
110
- Brakeman.notify "[Notice] Could not find ignore configuration in #{file.relative}"
110
+ Brakeman.notify "[Notice] Could not find ignore configuration in #{file}"
111
111
  @already_ignored = []
112
112
  end
113
113
 
@@ -126,7 +126,7 @@ module Brakeman
126
126
 
127
127
  w[:note] = @notes[w[:fingerprint]] || ""
128
128
  w
129
- end.sort_by { |w| [w[:fingerprint], w[:line]] }
129
+ end.sort_by { |w| [w[:fingerprint], w[:line] || 0] }
130
130
 
131
131
  output = {
132
132
  :ignored_warnings => warnings,
@@ -134,7 +134,7 @@ module Brakeman
134
134
  :brakeman_version => Brakeman::Version
135
135
  }
136
136
 
137
- File.open file.absolute, "w" do |f|
137
+ File.open file, "w" do |f|
138
138
  f.puts JSON.pretty_generate(output)
139
139
  end
140
140
  end
@@ -17,7 +17,7 @@ class Brakeman::Report::CSV < Brakeman::Report::Base
17
17
  ]
18
18
 
19
19
  rows = tracker.filtered_warnings.sort_by do |w|
20
- [w.confidence, w.warning_type, w.file, w.line, w.fingerprint]
20
+ [w.confidence, w.warning_type, w.file, w.line || 0, w.fingerprint]
21
21
  end.map do |warning|
22
22
  generate_row(headers, warning)
23
23
  end
@@ -80,7 +80,7 @@ class Brakeman::Report::SARIF < Brakeman::Report::Base
80
80
  :location => {
81
81
  :physicalLocation => {
82
82
  :artifactLocation => {
83
- :uri => @ignore_filter.file.relative,
83
+ :uri => Brakeman::FilePath.from_app_tree(@app_tree, @ignore_filter.file).relative,
84
84
  :uriBaseId => '%SRCROOT%',
85
85
  },
86
86
  },
@@ -93,7 +93,7 @@ class Brakeman::Report::SARIF < Brakeman::Report::Base
93
93
  end
94
94
  end
95
95
 
96
- # Returns a hash of all check descriptions, keyed by check namne
96
+ # Returns a hash of all check descriptions, keyed by check name
97
97
  def check_descriptions
98
98
  @check_descriptions ||= Brakeman::Checks.checks.map do |check|
99
99
  [check.name.gsub(/^Check/, ''), check.description]
@@ -92,7 +92,7 @@ class Brakeman::Report::Text < Brakeman::Report::Base
92
92
  HighLine.color("No warnings found", :bold, :green)
93
93
  else
94
94
  warnings = tracker.filtered_warnings.sort_by do |w|
95
- [w.confidence, w.warning_type, w.file, w.line, w.fingerprint]
95
+ [w.confidence, w.warning_type, w.file, w.line || 0, w.fingerprint]
96
96
  end.map do |w|
97
97
  output_warning w
98
98
  end
@@ -40,32 +40,32 @@ class Brakeman::Scanner
40
40
 
41
41
  #Process everything in the Rails application
42
42
  def process
43
- Brakeman.notify "Processing gems..."
43
+ Brakeman.notify "Processing gems... "
44
44
  process_gems
45
45
  guess_rails_version
46
- Brakeman.notify "Processing configuration..."
46
+ Brakeman.notify "Processing configuration... "
47
47
  process_config
48
- Brakeman.notify "Parsing files..."
48
+ Brakeman.notify "Parsing files... "
49
49
  parse_files
50
- Brakeman.notify "Detecting file types..."
50
+ Brakeman.notify "Detecting file types... "
51
51
  detect_file_types
52
- Brakeman.notify "Processing initializers..."
52
+ Brakeman.notify "Processing initializers... "
53
53
  process_initializers
54
- Brakeman.notify "Processing libs..."
54
+ Brakeman.notify "Processing libs... "
55
55
  process_libs
56
- Brakeman.notify "Processing routes... "
56
+ Brakeman.notify "Processing routes... "
57
57
  process_routes
58
- Brakeman.notify "Processing templates... "
58
+ Brakeman.notify "Processing templates... "
59
59
  process_templates
60
- Brakeman.notify "Processing data flow in templates..."
60
+ Brakeman.notify "Processing data flow in templates... "
61
61
  process_template_data_flows
62
- Brakeman.notify "Processing models... "
62
+ Brakeman.notify "Processing models... "
63
63
  process_models
64
- Brakeman.notify "Processing controllers... "
64
+ Brakeman.notify "Processing controllers... "
65
65
  process_controllers
66
66
  Brakeman.notify "Processing data flow in controllers..."
67
67
  process_controller_data_flows
68
- Brakeman.notify "Indexing call sites... "
68
+ Brakeman.notify "Indexing call sites... "
69
69
  index_call_sites
70
70
  tracker
71
71
  end
@@ -137,7 +137,9 @@ class Brakeman::Scanner
137
137
  end
138
138
 
139
139
  if @app_tree.exists? ".ruby-version"
140
- tracker.config.set_ruby_version @app_tree.file_path(".ruby-version").read
140
+ if version = @app_tree.file_path(".ruby-version").read[/(\d\.\d.\d+)/]
141
+ tracker.config.set_ruby_version version
142
+ end
141
143
  end
142
144
 
143
145
  tracker.config.load_rails_defaults
@@ -14,7 +14,7 @@ module Brakeman
14
14
  @settings = {}
15
15
  @escape_html = nil
16
16
  @erubis = nil
17
- @ruby_version = ""
17
+ @ruby_version = nil
18
18
  @rails_version = nil
19
19
  end
20
20
 
@@ -106,6 +106,13 @@ module Brakeman
106
106
  tracker.options[:rails5] = true
107
107
  tracker.options[:rails6] = true
108
108
  Brakeman.notify "[Notice] Detected Rails 6 application"
109
+ elsif @rails_version.start_with? "7"
110
+ tracker.options[:rails3] = true
111
+ tracker.options[:rails4] = true
112
+ tracker.options[:rails5] = true
113
+ tracker.options[:rails6] = true
114
+ tracker.options[:rails7] = true
115
+ Brakeman.notify "[Notice] Detected Rails 7 application"
109
116
  end
110
117
  end
111
118
  end
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "5.1.0"
2
+ Version = "5.2.1"
3
3
  end
@@ -121,6 +121,10 @@ module Brakeman::WarningCodes
121
121
  :erb_template_injection => 117,
122
122
  :http_verb_confusion => 118,
123
123
  :unsafe_method_reflection => 119,
124
+ :eol_rails => 120,
125
+ :eol_ruby => 121,
126
+ :pending_eol_rails => 122,
127
+ :pending_eol_ruby => 123,
124
128
 
125
129
  :custom_check => 9090,
126
130
  }
data/lib/brakeman.rb CHANGED
@@ -394,7 +394,7 @@ module Brakeman
394
394
  if options[:parallel_checks]
395
395
  notify "Running checks in parallel..."
396
396
  else
397
- notify "Runnning checks..."
397
+ notify "Running checks..."
398
398
  end
399
399
 
400
400
  tracker.run_checks
@@ -479,7 +479,7 @@ module Brakeman
479
479
  $stderr.puts message if @debug
480
480
  end
481
481
 
482
- # Compare JSON ouptut from a previous scan and return the diff of the two scans
482
+ # Compare JSON output from a previous scan and return the diff of the two scans
483
483
  def self.compare options
484
484
  require 'json'
485
485
  require 'brakeman/differ'
@@ -527,14 +527,12 @@ module Brakeman
527
527
 
528
528
  # Returns an array of alert fingerprints for any ignored warnings without
529
529
  # notes found in the specified ignore file (if it exists).
530
- def self.ignore_file_entries_with_empty_notes file, options
530
+ def self.ignore_file_entries_with_empty_notes file
531
531
  return [] unless file
532
532
 
533
533
  require 'brakeman/report/ignore/config'
534
534
 
535
- app_tree = Brakeman::AppTree.from_options(options)
536
-
537
- config = IgnoreConfig.new(Brakeman::FilePath.from_app_tree(app_tree, file), nil)
535
+ config = IgnoreConfig.new(file, nil)
538
536
  config.read_from_file
539
537
  config.already_ignored_entries_with_empty_notes.map { |i| i[:fingerprint] }
540
538
  end
@@ -545,9 +543,9 @@ module Brakeman
545
543
  app_tree = Brakeman::AppTree.from_options(options)
546
544
 
547
545
  if options[:ignore_file]
548
- file = Brakeman::FilePath.from_app_tree(app_tree, options[:ignore_file])
546
+ file = options[:ignore_file]
549
547
  elsif app_tree.exists? "config/brakeman.ignore"
550
- file = Brakeman::FilePath.from_app_tree(app_tree, "config/brakeman.ignore")
548
+ file = app_tree.expand_path("config/brakeman.ignore")
551
549
  elsif not options[:interactive_ignore]
552
550
  return
553
551
  end
@@ -544,7 +544,7 @@ class Sexp
544
544
  end
545
545
 
546
546
  # Number of "statements" in a method.
547
- # This is more effecient than `Sexp#body.length`
547
+ # This is more efficient than `Sexp#body.length`
548
548
  # because `Sexp#body` creates a new Sexp.
549
549
  def method_length
550
550
  expect :defn, :defs
@@ -642,4 +642,14 @@ end
642
642
  RUBY
643
643
  end
644
644
 
645
+ class String
646
+ ##
647
+ # This is a hack used by the lexer to sneak in line numbers at the
648
+ # identifier level. This should be MUCH smaller than making
649
+ # process_token return [value, lineno] and modifying EVERYTHING that
650
+ # reduces tIDENTIFIER.
651
+
652
+ attr_accessor :lineno
653
+ end
654
+
645
655
  class WrongSexpError < RuntimeError; end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.1.0
4
+ version: 5.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-19 00:00:00.000000000 Z
11
+ date: 2022-01-30 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Brakeman detects security vulnerabilities in Ruby on Rails applications
14
14
  via static analysis.
@@ -56,46 +56,46 @@ files:
56
56
  - bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/tiny.rb
57
57
  - bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/util.rb
58
58
  - bundle/ruby/2.7.0/gems/erubis-2.7.0/setup.rb
59
- - bundle/ruby/2.7.0/gems/haml-5.2.1/CHANGELOG.md
60
- - bundle/ruby/2.7.0/gems/haml-5.2.1/FAQ.md
61
- - bundle/ruby/2.7.0/gems/haml-5.2.1/Gemfile
62
- - bundle/ruby/2.7.0/gems/haml-5.2.1/MIT-LICENSE
63
- - bundle/ruby/2.7.0/gems/haml-5.2.1/README.md
64
- - bundle/ruby/2.7.0/gems/haml-5.2.1/REFERENCE.md
65
- - bundle/ruby/2.7.0/gems/haml-5.2.1/TODO
66
- - bundle/ruby/2.7.0/gems/haml-5.2.1/haml.gemspec
67
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml.rb
68
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_builder.rb
69
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_compiler.rb
70
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_parser.rb
71
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/buffer.rb
72
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/compiler.rb
73
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/engine.rb
74
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/error.rb
75
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/escapable.rb
76
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/exec.rb
77
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/filters.rb
78
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/generator.rb
79
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers.rb
80
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_extensions.rb
81
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_mods.rb
82
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_xss_mods.rb
83
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/safe_erubi_template.rb
84
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/safe_erubis_template.rb
85
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/xss_mods.rb
86
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/options.rb
87
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/parser.rb
88
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/plugin.rb
89
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/railtie.rb
90
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/sass_rails_filter.rb
91
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/template.rb
92
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/template/options.rb
93
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/temple_engine.rb
94
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/temple_line_counter.rb
95
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/util.rb
96
- - bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/version.rb
97
- - bundle/ruby/2.7.0/gems/haml-5.2.1/yard/default/fulldoc/html/css/common.sass
98
- - bundle/ruby/2.7.0/gems/haml-5.2.1/yard/default/layout/html/footer.erb
59
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/CHANGELOG.md
60
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/FAQ.md
61
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/Gemfile
62
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/MIT-LICENSE
63
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/README.md
64
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/REFERENCE.md
65
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/TODO
66
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/haml.gemspec
67
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml.rb
68
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/attribute_builder.rb
69
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/attribute_compiler.rb
70
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/attribute_parser.rb
71
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/buffer.rb
72
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/compiler.rb
73
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/engine.rb
74
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/error.rb
75
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/escapable.rb
76
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/exec.rb
77
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/filters.rb
78
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/generator.rb
79
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers.rb
80
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/action_view_extensions.rb
81
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/action_view_mods.rb
82
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/action_view_xss_mods.rb
83
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/safe_erubi_template.rb
84
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/safe_erubis_template.rb
85
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/helpers/xss_mods.rb
86
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/options.rb
87
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/parser.rb
88
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/plugin.rb
89
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/railtie.rb
90
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/sass_rails_filter.rb
91
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/template.rb
92
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/template/options.rb
93
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/temple_engine.rb
94
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/temple_line_counter.rb
95
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/util.rb
96
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/lib/haml/version.rb
97
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/yard/default/fulldoc/html/css/common.sass
98
+ - bundle/ruby/2.7.0/gems/haml-5.2.2/yard/default/layout/html/footer.erb
99
99
  - bundle/ruby/2.7.0/gems/highline-2.0.3/AUTHORS
100
100
  - bundle/ruby/2.7.0/gems/highline-2.0.3/COPYING
101
101
  - bundle/ruby/2.7.0/gems/highline-2.0.3/Changelog.md
@@ -132,10 +132,10 @@ files:
132
132
  - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb
133
133
  - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/version.rb
134
134
  - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb
135
- - bundle/ruby/2.7.0/gems/parallel-1.20.1/MIT-LICENSE.txt
136
- - bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel.rb
137
- - bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/processor_count.rb
138
- - bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/version.rb
135
+ - bundle/ruby/2.7.0/gems/parallel-1.21.0/MIT-LICENSE.txt
136
+ - bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel.rb
137
+ - bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/processor_count.rb
138
+ - bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb
139
139
  - bundle/ruby/2.7.0/gems/rexml-3.2.5/LICENSE.txt
140
140
  - bundle/ruby/2.7.0/gems/rexml-3.2.5/NEWS.md
141
141
  - bundle/ruby/2.7.0/gems/rexml-3.2.5/README.md
@@ -193,39 +193,42 @@ files:
193
193
  - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
194
194
  - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
195
195
  - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb
196
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/History.rdoc
197
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/Manifest.txt
198
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/README.rdoc
199
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/compare/normalize.rb
200
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/debugging.md
201
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/rp_extensions.rb
202
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/rp_stringscanner.rb
203
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby20_parser.rb
204
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby20_parser.y
205
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby21_parser.rb
206
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby21_parser.y
207
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby22_parser.rb
208
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby22_parser.y
209
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby23_parser.rb
210
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby23_parser.y
211
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby24_parser.rb
212
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby24_parser.y
213
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby25_parser.rb
214
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby25_parser.y
215
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby26_parser.rb
216
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby26_parser.y
217
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby27_parser.rb
218
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby27_parser.y
219
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.rb
220
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.y
221
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_lexer.rb
222
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_lexer.rex
223
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_lexer.rex.rb
224
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_parser.rb
225
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_parser.yy
226
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby_parser_extras.rb
227
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/tools/munge.rb
228
- - bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/tools/ripper.rb
196
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/History.rdoc
197
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/Manifest.txt
198
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/README.rdoc
199
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/compare/normalize.rb
200
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/debugging.md
201
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/gauntlet.md
202
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_extensions.rb
203
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_stringscanner.rb
204
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb
205
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.y
206
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb
207
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.y
208
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb
209
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.y
210
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb
211
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.y
212
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb
213
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.y
214
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb
215
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.y
216
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb
217
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.y
218
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb
219
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.y
220
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb
221
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.y
222
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy
223
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rb
224
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rex
225
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rex.rb
226
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer_strings.rb
227
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.rb
228
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.yy
229
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser_extras.rb
230
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/munge.rb
231
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/ripper.rb
229
232
  - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/History.rdoc
230
233
  - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt
231
234
  - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/README.rdoc
@@ -270,16 +273,16 @@ files:
270
273
  - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
271
274
  - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
272
275
  - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
273
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/History.rdoc
274
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/Manifest.txt
275
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/README.rdoc
276
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/composite_sexp_processor.rb
277
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/pt_testcase.rb
278
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/sexp.rb
279
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/sexp_matcher.rb
280
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/sexp_processor.rb
281
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/strict_sexp.rb
282
- - bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib/unique.rb
276
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/History.rdoc
277
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/Manifest.txt
278
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/README.rdoc
279
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/composite_sexp_processor.rb
280
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/pt_testcase.rb
281
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp.rb
282
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_matcher.rb
283
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_processor.rb
284
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/strict_sexp.rb
285
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/unique.rb
283
286
  - bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
284
287
  - bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
285
288
  - bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE
@@ -422,15 +425,15 @@ files:
422
425
  - bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/typescript.rb
423
426
  - bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/wikicloth.rb
424
427
  - bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/yajl.rb
425
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/CHANGELOG.md
426
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/MIT-LICENSE.txt
427
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/README.md
428
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/data/display_width.marshal.gz
429
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/lib/unicode/display_width.rb
430
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/lib/unicode/display_width/constants.rb
431
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/lib/unicode/display_width/index.rb
432
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/lib/unicode/display_width/no_string_ext.rb
433
- - bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/lib/unicode/display_width/string_ext.rb
428
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/CHANGELOG.md
429
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt
430
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/README.md
431
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz
432
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width.rb
433
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width/constants.rb
434
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width/index.rb
435
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width/no_string_ext.rb
436
+ - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib/unicode/display_width/string_ext.rb
434
437
  - lib/brakeman.rb
435
438
  - lib/brakeman/app_tree.rb
436
439
  - lib/brakeman/call_index.rb
@@ -449,6 +452,8 @@ files:
449
452
  - lib/brakeman/checks/check_digest_dos.rb
450
453
  - lib/brakeman/checks/check_divide_by_zero.rb
451
454
  - lib/brakeman/checks/check_dynamic_finders.rb
455
+ - lib/brakeman/checks/check_eol_rails.rb
456
+ - lib/brakeman/checks/check_eol_ruby.rb
452
457
  - lib/brakeman/checks/check_escape_function.rb
453
458
  - lib/brakeman/checks/check_evaluation.rb
454
459
  - lib/brakeman/checks/check_execute.rb
@@ -515,6 +520,7 @@ files:
515
520
  - lib/brakeman/checks/check_without_protection.rb
516
521
  - lib/brakeman/checks/check_xml_dos.rb
517
522
  - lib/brakeman/checks/check_yaml_parsing.rb
523
+ - lib/brakeman/checks/eol_check.rb
518
524
  - lib/brakeman/codeclimate/engine_configuration.rb
519
525
  - lib/brakeman/commandline.rb
520
526
  - lib/brakeman/differ.rb
@@ -630,7 +636,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
630
636
  requirements:
631
637
  - - ">="
632
638
  - !ruby/object:Gem::Version
633
- version: 2.4.0
639
+ version: 2.5.0
634
640
  required_rubygems_version: !ruby/object:Gem::Requirement
635
641
  requirements:
636
642
  - - ">="
@@ -1,42 +0,0 @@
1
- require 'etc'
2
-
3
- module Parallel
4
- # TODO: inline this method into parallel.rb and kill physical_processor_count in next major release
5
- module ProcessorCount
6
- # Number of processors seen by the OS, used for process scheduling
7
- def processor_count
8
- @processor_count ||= Integer(ENV['PARALLEL_PROCESSOR_COUNT'] || Etc.nprocessors)
9
- end
10
-
11
- # Number of physical processor cores on the current system.
12
- def physical_processor_count
13
- @physical_processor_count ||= begin
14
- ppc = case RbConfig::CONFIG["target_os"]
15
- when /darwin1/
16
- IO.popen("/usr/sbin/sysctl -n hw.physicalcpu").read.to_i
17
- when /linux/
18
- cores = {} # unique physical ID / core ID combinations
19
- phy = 0
20
- IO.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
21
- if ln.start_with?("physical")
22
- phy = ln[/\d+/]
23
- elsif ln.start_with?("core")
24
- cid = phy + ":" + ln[/\d+/]
25
- cores[cid] = true if not cores[cid]
26
- end
27
- end
28
- cores.count
29
- when /mswin|mingw/
30
- require 'win32ole'
31
- result_set = WIN32OLE.connect("winmgmts://").ExecQuery(
32
- "select NumberOfCores from Win32_Processor")
33
- result_set.to_enum.collect(&:NumberOfCores).reduce(:+)
34
- else
35
- processor_count
36
- end
37
- # fall back to logical count if physical info is invalid
38
- ppc > 0 ? ppc : processor_count
39
- end
40
- end
41
- end
42
- end
@@ -1,3 +0,0 @@
1
- module Parallel
2
- VERSION = Version = '1.20.1'
3
- end