brakeman 5.1.1 → 5.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cafb4506d0cbb4ef2ab84459c03a8d356ed916c29ceca5104536b836162a91ed
-  data.tar.gz: b1166612e496c77ffc41f07dc4c7a1226c19ee0726d1e02e3241c792ce4463a8
+  metadata.gz: 6cb338d80c6615c14b65edf49dd428ad57bb033e71366a2f1cc599253d28fb11
+  data.tar.gz: f310c08560f4e5dd9d55983ba41e8ad64ac5cce07a805415ddd51658069c8fb9
 SHA512:
-  metadata.gz: 70920cb9dd7d8647ee9767502575c8336768cfe7d6c418cef810c90b7f3a9a9ea2fb48fb70af123dd8853bb60851cac3def642b0412fb5a4422c47b2f37fd6dd
-  data.tar.gz: '083ba7226c065d0e15ddaf5bbf3023326a35bcf167c9070080629fedb517110726d17fac3cf3c4f2f24232ce49dc1b5476d4bf46c60aa55869c4407c6e79bc92'
+  metadata.gz: d79a9b1253b5bce89082ea81ed8ece812299c7df06a68248cb2e03866e32a57d685615e0b9f5f5ed36250f70d1f64705eced85dab9c4497dd529aa6416055755
+  data.tar.gz: 89279ff60b5a728a10017c905cbc43da143eb78064d4531b913bcb545d566ffdcfad6744e718eb1ac082cec4333ea7a0b2bdf29c39b77cae236fabf9cdeb8cca

data/CHANGES.md

@@ -1,3 +1,20 @@
+# 5.2.0 - 2021-12-15
+
+* Initial Rails 7 support
+* Require Ruby 2.5.0+
+* Fix issue with calls to `foo.root` in routes
+* Ignore `I18n.locale` in SQL queries
+* Do not treat `sanitize_sql_like` as safe
+* Add new checks for unsupported Ruby and Rails versions
+
+# 5.1.2 - 2021-10-28
+
+* Handle cases where enums are not symbols
+* Support newer Haml with ::Haml::AttributeBuilder.build
+* Fix issue where the previous output is still visible (Jason Frey)
+* Fix warning sorting with nil line numbers
+* Update for latest RubyParser (Ryan Davis)
+
 # 5.1.1 - 2021-07-19
 
 * Unrefactor IgnoreConfig's use of `Brakeman::FilePath`
@@ -449,7 +466,7 @@
 * Delay loading vendored gems and modifying load path
 * Avoid warning about SQL injection with `quoted_primary_key`
 * Support more safe `&.` operations
-* Allow multile line regex in `validates_format_of` (Dmitrij Fedorenko)
+* Allow multiple line regex in `validates_format_of` (Dmitrij Fedorenko)
 * Only consider `if` branches in templates
 * Avoid overwriting instance/class methods with same name (Tim Wade)
 * Add `--force-scan` option (Neil Matatall)

data/README.md

@@ -66,7 +66,7 @@ Outside of Rails root (note that the output file is relative to path/to/rails/ap
 
 Brakeman should work with any version of Rails from 2.3.x to 6.x.
 
-Brakeman can analyze code written with Ruby 1.8 syntax and newer, but requires at least Ruby 2.3.0 to run.
+Brakeman can analyze code written with Ruby 1.8 syntax and newer, but requires at least Ruby 2.4.0 to run.
 
 # Basic Options
 

data/bundle/load.rb

@@ -1,16 +1,16 @@
 path = File.expand_path('../..', __FILE__)
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib"
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.7.0/lib"
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/slim-4.1.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/highline-2.0.3/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.15.3/lib"
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib"
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.1/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib"

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Haml Changelog
 
+## 5.2.2
+Released on July 27, 2021
+([diff](https://github.com/haml/haml/compare/v5.2.1...v5.2.2)).
+
+* Support for adding Annotations to Haml output (a Rails feature 6.1+)
+* Expanded test matrix to include Ruby 3.0 and Rails 6.1
+* Only testing Ruby 2.7+ and Rails 5.2+
+
 ## 5.2.1
 
 Released on November 30, 2020

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/README.md

@@ -10,6 +10,13 @@ more pleasant to write HTML documents, by eliminating redundancy, reflecting the
 underlying structure that the document represents, and providing an elegant syntax
 that's both powerful and easy to understand.
 
+### Supported Versions
+
+* Ruby 2.6+
+* Rails 5.1+
+
+Other versions may likely work, but we don't test against them.
+
 ## Basic Usage
 
 Haml can be used from the command line or as part of a Ruby web framework. The
@@ -162,35 +169,34 @@ on a specific area:
 ruby -Itest test/helper_test.rb -n test_buffer_access
 ~~~
 
-Haml currently supports Ruby 2.0.0 and higher, so please make sure your changes run on 2.0+.
+Haml currently supports Ruby 2.7.0 and higher, so please make sure your changes run on 2.7+.
 
 ## Team
 
 ### Current Maintainers
 
-* [Akira Matsuda](https://github.com/amatsuda)
-* [Matt Wildig](https://github.com/mattwildig)
-* [Tee Parham](https://github.com/teeparham)
+* [Hampton Catlin](https://github.com/hcatlin)
 * [Takashi Kokubun](https://github.com/k0kubun)
+* [Akira Matsuda](https://github.com/amatsuda)
 
 ### Alumni
 
 Haml was created by [Hampton Catlin](http://hamptoncatlin.com), the author of
-the original implementation. Hampton is no longer involved in day-to-day coding,
-but still consults on language issues.
+the original implementation.
 
-[Natalie Weizenbaum](http://nex-3.com) was for many years the primary developer
+[Natalie Weizenbaum](https://github.com/nex3) was for many years the primary developer
 and architect of the "modern" Ruby implementation of Haml.
 
-[Norman Clarke](http://github.com/norman) was the primary maintainer of Haml from 2012 to 2016.
-
-## License
+This project's been around for many years, and we have many amazing people who kept the project 
+alive! as former maintainers like:
 
-Some of Natalie's work on Haml was supported by Unspace Interactive.
+[Norman Clarke](http://github.com/norman)
+[Matt Wildig](https://github.com/mattwildig)
+[Tee Parham](https://github.com/teeparham)
 
-Beyond that, the implementation is licensed under the MIT License.
+## License
 
-Copyright (c) 2006-2019 Hampton Catlin, Natalie Weizenbaum and the Haml team
+Copyright (c) 2006-2021 Hampton Catlin, Natalie Weizenbaum and the Haml team
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/REFERENCE.md

@@ -107,13 +107,20 @@ output.
 In Rails, options can be set by setting the {Haml::Template#options Haml::Template.options}
 hash in an initializer:
 
-    # config/initializers/haml.rb
-    Haml::Template.options[:format] = :html5
+```ruby
+# config/initializers/haml.rb
+Haml::Template.options[:format] = :html5
+
+# Avoid escaping attributes which are already escaped
+Haml::Template.options[:escape_attrs] = :once
+```
 
 Outside Rails, you can set them by configuring them globally in
 Haml::Options.defaults:
 
-    Haml::Options.defaults[:format] = :html5
+```ruby
+Haml::Options.defaults[:format] = :html5
+```
 
 In sinatra specifically, you can set them in global config with:
 ```ruby

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/attribute_builder.rb

@@ -6,6 +6,17 @@ module Haml
     INVALID_ATTRIBUTE_NAME_REGEX = /[ \0"'>\/=]/
 
     class << self
+      def build(class_id, obj_ref, is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, *attributes_hashes)
+        attributes = class_id
+        attributes_hashes.each do |old|
+          result = {}
+          old.each { |k, v| result[k.to_s] = v }
+          merge_attributes!(attributes, result)
+        end
+        merge_attributes!(attributes, parse_object_ref(obj_ref)) if obj_ref
+        build_attributes(is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, attributes)
+      end
+
       def build_attributes(is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, attributes = {})
         # @TODO this is an absolutely ridiculous amount of arguments. At least
         # some of this needs to be moved into an instance method.
@@ -159,6 +170,50 @@ module Haml
           hash.merge! flatten_data_attributes(v, joined, join_char, seen)
         end
       end
+
+      # Takes an array of objects and uses the class and id of the first
+      # one to create an attributes hash.
+      # The second object, if present, is used as a prefix,
+      # just like you can do with `dom_id()` and `dom_class()` in Rails
+      def parse_object_ref(ref)
+        prefix = ref[1]
+        ref = ref[0]
+        # Let's make sure the value isn't nil. If it is, return the default Hash.
+        return {} if ref.nil?
+        class_name =
+          if ref.respond_to?(:haml_object_ref)
+            ref.haml_object_ref
+          else
+            underscore(ref.class)
+          end
+        ref_id =
+          if ref.respond_to?(:to_key)
+            key = ref.to_key
+            key.join('_') unless key.nil?
+          else
+            ref.id
+          end
+        id = "#{class_name}_#{ref_id || 'new'}"
+        if prefix
+          class_name = "#{ prefix }_#{ class_name}"
+          id = "#{ prefix }_#{ id }"
+        end
+
+        { 'id'.freeze => id, 'class'.freeze => class_name }
+      end
+
+      # Changes a word from camel case to underscores.
+      # Based on the method of the same name in Rails' Inflector,
+      # but copied here so it'll run properly without Rails.
+      def underscore(camel_cased_word)
+        word = camel_cased_word.to_s.dup
+        word.gsub!(/::/, '_')
+        word.gsub!(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
+        word.gsub!(/([a-z\d])([A-Z])/, '\1_\2')
+        word.tr!('-', '_')
+        word.downcase!
+        word
+      end
     end
   end
 end

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/attribute_compiler.rb

@@ -51,7 +51,8 @@ module Haml
     # @param dynamic_attributes [Haml::Parser::DynamicAttributes]
     # @return [String] Attributes rendering code
     def compile_runtime_build(attributes, object_ref, dynamic_attributes)
-      "_hamlout.attributes(#{to_literal(attributes)}, #{object_ref}, #{dynamic_attributes.to_literal})"
+      arguments = [@is_html, @attr_wrapper, @escape_attrs, @hyphenate_data_attrs].map(&method(:to_literal)).join(', ')
+      "::Haml::AttributeBuilder.build(#{to_literal(attributes)}, #{object_ref}, #{arguments}, #{dynamic_attributes.to_literal})"
     end
 
     # Build array of grouped values whose sort order may go back and forth, which is also sorted with key name.
@@ -106,7 +107,8 @@ module Haml
       hash_content = values.group_by(&:key).map do |key, values_for_key|
         "#{frozen_string(key)} => #{merged_value(key, values_for_key)}"
       end.join(', ')
-      [:dynamic, "_hamlout.attributes({ #{hash_content} }, nil)"]
+      arguments = [@is_html, @attr_wrapper, @escape_attrs, @hyphenate_data_attrs].map(&method(:to_literal)).join(', ')
+      [:dynamic, "::Haml::AttributeBuilder.build({ #{hash_content} }, nil, #{arguments})"]
     end
 
     # Renders attribute values statically.

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/buffer.rb

@@ -130,18 +130,6 @@ module Haml
       @real_tabs += tab_change
     end
 
-    def attributes(class_id, obj_ref, *attributes_hashes)
-      attributes = class_id
-      attributes_hashes.each do |old|
-        result = {}
-        old.each { |k, v| result[k.to_s] = v }
-        AttributeBuilder.merge_attributes!(attributes, result)
-      end
-      AttributeBuilder.merge_attributes!(attributes, parse_object_ref(obj_ref)) if obj_ref
-      AttributeBuilder.build_attributes(
-        html?, @options[:attr_wrapper], @options[:escape_attrs], @options[:hyphenate_data_attrs], attributes)
-    end
-
     # Remove the whitespace from the right side of the buffer string.
     # Doesn't do anything if we're at the beginning of a capture_haml block.
     def rstrip!
@@ -190,49 +178,5 @@ module Haml
       tabs = [count + @tabulation, 0].max
       @@tab_cache[tabs] ||= '  ' * tabs
     end
-
-    # Takes an array of objects and uses the class and id of the first
-    # one to create an attributes hash.
-    # The second object, if present, is used as a prefix,
-    # just like you can do with `dom_id()` and `dom_class()` in Rails
-    def parse_object_ref(ref)
-      prefix = ref[1]
-      ref = ref[0]
-      # Let's make sure the value isn't nil. If it is, return the default Hash.
-      return {} if ref.nil?
-      class_name =
-        if ref.respond_to?(:haml_object_ref)
-          ref.haml_object_ref
-        else
-          underscore(ref.class)
-        end
-      ref_id =
-        if ref.respond_to?(:to_key)
-          key = ref.to_key
-          key.join('_') unless key.nil?
-        else
-          ref.id
-        end
-      id = "#{class_name}_#{ref_id || 'new'}"
-      if prefix
-        class_name = "#{ prefix }_#{ class_name}"
-        id = "#{ prefix }_#{ id }"
-      end
-
-      { 'id'.freeze => id, 'class'.freeze => class_name }
-    end
-
-    # Changes a word from camel case to underscores.
-    # Based on the method of the same name in Rails' Inflector,
-    # but copied here so it'll run properly without Rails.
-    def underscore(camel_cased_word)
-      word = camel_cased_word.to_s.dup
-      word.gsub!(/::/, '_')
-      word.gsub!(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
-      word.gsub!(/([a-z\d])([A-Z])/, '\1_\2')
-      word.tr!('-', '_')
-      word.downcase!
-      word
-    end
   end
 end

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/plugin.rb

@@ -4,6 +4,11 @@ module Haml
 
   # This module makes Haml work with Rails using the template handler API.
   class Plugin
+    class << self
+      attr_accessor :annotate_rendered_view_with_filenames
+    end
+    self.annotate_rendered_view_with_filenames = false
+
     def handles_encoding?; true; end
 
     def compile(template, source)
@@ -14,9 +19,21 @@ module Haml
         options[:mime_type] = template.mime_type
       end
       options[:filename] = template.identifier
+
+      preamble = '@output_buffer = output_buffer ||= ActionView::OutputBuffer.new if defined?(ActionView::OutputBuffer);'
+      postamble = ''
+
+      if self.class.annotate_rendered_view_with_filenames
+        # short_identifier is only available in Rails 6+. On older versions, 'inspect' gives similar results.
+        ident = template.respond_to?(:short_identifier) ? template.short_identifier : template.inspect
+        preamble += "haml_concat '<!-- BEGIN #{ident} -->'.html_safe;"
+        postamble += "haml_concat '<!-- END #{ident} -->'.html_safe;"
+      end
+
       Haml::Engine.new(source, options).compiler.precompiled_with_ambles(
         [],
-        after_preamble: '@output_buffer = output_buffer ||= ActionView::OutputBuffer.new if defined?(ActionView::OutputBuffer)',
+        after_preamble: preamble,
+        before_postamble: postamble
       )
     end
 

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/railtie.rb

@@ -42,6 +42,11 @@ module Haml
           Haml::Filters::RailsErb.template_class = Haml::SafeErubisTemplate
         end
         Haml::Template.options[:filters] = { 'erb' => Haml::Filters::RailsErb }
+
+        if app.config.respond_to?(:action_view) &&
+           app.config.action_view.annotate_rendered_view_with_filenames
+          Haml::Plugin.annotate_rendered_view_with_filenames = true
+        end
       end
     end
   end

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/temple_engine.rb

@@ -65,7 +65,7 @@ module Haml
     # (see {file:REFERENCE.md#encodings the `:encoding` option}).
     #
     # @return [String]
-    def precompiled_with_ambles(local_names, after_preamble: '')
+    def precompiled_with_ambles(local_names, after_preamble: '', before_postamble: '')
       preamble = <<END.tr("\n", ';')
 begin
 extend Haml::Helpers
@@ -74,6 +74,7 @@ _erbout = _hamlout.buffer
 #{after_preamble}
 END
       postamble = <<END.tr("\n", ';')
+#{before_postamble}
 #{precompiled_method_return_value}
 ensure
 @haml_buffer = @haml_buffer.upper if @haml_buffer

data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.2}/lib/haml/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Haml
-  VERSION = "5.2.1"
+  VERSION = "5.2.2"
 end

data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/processor_count.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+require 'etc'
+
+module Parallel
+  # TODO: inline this method into parallel.rb and kill physical_processor_count in next major release
+  module ProcessorCount
+    # Number of processors seen by the OS, used for process scheduling
+    def processor_count
+      @processor_count ||= Integer(ENV['PARALLEL_PROCESSOR_COUNT'] || Etc.nprocessors)
+    end
+
+    # Number of physical processor cores on the current system.
+    def physical_processor_count
+      @physical_processor_count ||= begin
+        ppc =
+          case RbConfig::CONFIG["target_os"]
+          when /darwin[12]/
+            IO.popen("/usr/sbin/sysctl -n hw.physicalcpu").read.to_i
+          when /linux/
+            cores = {} # unique physical ID / core ID combinations
+            phy = 0
+            IO.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
+              if ln.start_with?("physical")
+                phy = ln[/\d+/]
+              elsif ln.start_with?("core")
+                cid = "#{phy}:#{ln[/\d+/]}"
+                cores[cid] = true unless cores[cid]
+              end
+            end
+            cores.count
+          when /mswin|mingw/
+            require 'win32ole'
+            result_set = WIN32OLE.connect("winmgmts://").ExecQuery(
+              "select NumberOfCores from Win32_Processor"
+            )
+            result_set.to_enum.collect(&:NumberOfCores).reduce(:+)
+          else
+            processor_count
+          end
+        # fall back to logical count if physical info is invalid
+        ppc > 0 ? ppc : processor_count
+      end
+    end
+  end
+end

data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+module Parallel
+  VERSION = Version = '1.21.0' # rubocop:disable Naming/ConstantName
+end