brakeman 5.1.2 → 5.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +13 -0
- data/bundle/load.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/History.rdoc +12 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/compare/normalize.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/debugging.md +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/gauntlet.md +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/rp_extensions.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/rp_stringscanner.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby20_parser.rb +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby20_parser.y +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby21_parser.rb +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby21_parser.y +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby22_parser.rb +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby22_parser.y +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby23_parser.rb +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby23_parser.y +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby24_parser.rb +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby24_parser.y +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby25_parser.rb +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby25_parser.y +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby26_parser.rb +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby26_parser.y +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby27_parser.rb +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby27_parser.y +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby30_parser.rb +15 -5
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby30_parser.y +12 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby3_parser.yy +12 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rex +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby_lexer.rex.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby_lexer_strings.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby_parser.yy +9 -3
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby_parser_extras.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/tools/munge.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/tools/ripper.rb +0 -0
- data/lib/brakeman/checks/base_check.rb +10 -0
- data/lib/brakeman/checks/check_eol_rails.rb +23 -0
- data/lib/brakeman/checks/check_eol_ruby.rb +26 -0
- data/lib/brakeman/checks/check_sql.rb +3 -2
- data/lib/brakeman/checks/check_symbol_dos.rb +1 -1
- data/lib/brakeman/checks/eol_check.rb +47 -0
- data/lib/brakeman/options.rb +8 -0
- data/lib/brakeman/processors/gem_processor.rb +3 -0
- data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -0
- data/lib/brakeman/scanner.rb +3 -1
- data/lib/brakeman/tracker/config.rb +8 -1
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning_codes.rb +4 -0
- metadata +42 -39
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b6672aa0a7532078f913b27574846fc26abd9fc624af178b9017f2de885f5505
|
4
|
+
data.tar.gz: a3eeda0729d72d601bc94f4296f4f878e2cd970ef089f38dd0fcaad2e361f36c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 700ed2e62792a1d2a38222199f2030f29aafee865f79e0b57be17fbbc718f6bbc1dadc1f5e3ceab4b961635f165f1fdcd9303520a4e5a897044e682319aca200
|
7
|
+
data.tar.gz: 2f030bd82e1c7bccd70610151c8baec7a0ed4723226e41f9cd0104d56c51cc443ace66ac9ac43381aaee4f27d5ffad807476060eca2d308d5f878370e0bd7874
|
data/CHANGES.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
# 5.2.1 - 2022-01-30
|
2
|
+
|
3
|
+
* Add warning codes for EOL software warnings
|
4
|
+
|
5
|
+
# 5.2.0 - 2021-12-15
|
6
|
+
|
7
|
+
* Initial Rails 7 support
|
8
|
+
* Require Ruby 2.5.0+
|
9
|
+
* Fix issue with calls to `foo.root` in routes
|
10
|
+
* Ignore `I18n.locale` in SQL queries
|
11
|
+
* Do not treat `sanitize_sql_like` as safe
|
12
|
+
* Add new checks for unsupported Ruby and Rails versions
|
13
|
+
|
1
14
|
# 5.1.2 - 2021-10-28
|
2
15
|
|
3
16
|
* Handle cases where enums are not symbols
|
data/bundle/load.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
path = File.expand_path('../..', __FILE__)
|
2
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib"
|
2
3
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
|
3
4
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
|
4
5
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
|
@@ -8,7 +9,6 @@ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/highline-2.0.3/lib"
|
|
8
9
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
|
9
10
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
|
10
11
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
|
11
|
-
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib"
|
12
12
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib"
|
13
13
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
|
14
14
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
|
@@ -1,3 +1,15 @@
|
|
1
|
+
=== 3.18.1 / 2021-11-10
|
2
|
+
|
3
|
+
* 1 minor enhancement:
|
4
|
+
|
5
|
+
* All parser tests are now explicitly testing line numbers at every level.
|
6
|
+
|
7
|
+
* 3 bug fixes:
|
8
|
+
|
9
|
+
* Fixed endless method with noargs. (mitsuru)
|
10
|
+
* Fixed line numbers on some yield forms.
|
11
|
+
* Handle and clearly report if unifdef is missing.
|
12
|
+
|
1
13
|
=== 3.18.0 / 2021-10-27
|
2
14
|
|
3
15
|
Holy crap... 58 commits! 2.7 and 3.0 are feature complete. Strings
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/rp_stringscanner.rb
RENAMED
File without changes
|
@@ -5131,19 +5131,25 @@ def _reduce_306(val, _values, result)
|
|
5131
5131
|
end
|
5132
5132
|
|
5133
5133
|
def _reduce_307(val, _values, result)
|
5134
|
-
|
5134
|
+
(_, line), _, args, _ = val
|
5135
|
+
|
5136
|
+
result = new_yield(args).line line
|
5135
5137
|
|
5136
5138
|
result
|
5137
5139
|
end
|
5138
5140
|
|
5139
5141
|
def _reduce_308(val, _values, result)
|
5140
|
-
|
5142
|
+
(_, line), _, _ = val
|
5143
|
+
|
5144
|
+
result = new_yield.line line
|
5141
5145
|
|
5142
5146
|
result
|
5143
5147
|
end
|
5144
5148
|
|
5145
5149
|
def _reduce_309(val, _values, result)
|
5146
|
-
|
5150
|
+
(_, line), = val
|
5151
|
+
|
5152
|
+
result = new_yield.line line
|
5147
5153
|
|
5148
5154
|
result
|
5149
5155
|
end
|
@@ -1208,15 +1208,21 @@ rule
|
|
1208
1208
|
}
|
1209
1209
|
| kYIELD tLPAREN2 call_args rparen
|
1210
1210
|
{
|
1211
|
-
|
1211
|
+
(_, line), _, args, _ = val
|
1212
|
+
|
1213
|
+
result = new_yield(args).line line
|
1212
1214
|
}
|
1213
1215
|
| kYIELD tLPAREN2 rparen
|
1214
1216
|
{
|
1215
|
-
|
1217
|
+
(_, line), _, _ = val
|
1218
|
+
|
1219
|
+
result = new_yield.line line
|
1216
1220
|
}
|
1217
1221
|
| kYIELD
|
1218
1222
|
{
|
1219
|
-
|
1223
|
+
(_, line), = val
|
1224
|
+
|
1225
|
+
result = new_yield.line line
|
1220
1226
|
}
|
1221
1227
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1222
1228
|
{
|
@@ -5162,19 +5162,25 @@ def _reduce_306(val, _values, result)
|
|
5162
5162
|
end
|
5163
5163
|
|
5164
5164
|
def _reduce_307(val, _values, result)
|
5165
|
-
|
5165
|
+
(_, line), _, args, _ = val
|
5166
|
+
|
5167
|
+
result = new_yield(args).line line
|
5166
5168
|
|
5167
5169
|
result
|
5168
5170
|
end
|
5169
5171
|
|
5170
5172
|
def _reduce_308(val, _values, result)
|
5171
|
-
|
5173
|
+
(_, line), _, _ = val
|
5174
|
+
|
5175
|
+
result = new_yield.line line
|
5172
5176
|
|
5173
5177
|
result
|
5174
5178
|
end
|
5175
5179
|
|
5176
5180
|
def _reduce_309(val, _values, result)
|
5177
|
-
|
5181
|
+
(_, line), = val
|
5182
|
+
|
5183
|
+
result = new_yield.line line
|
5178
5184
|
|
5179
5185
|
result
|
5180
5186
|
end
|
@@ -1206,15 +1206,21 @@ rule
|
|
1206
1206
|
}
|
1207
1207
|
| kYIELD tLPAREN2 call_args rparen
|
1208
1208
|
{
|
1209
|
-
|
1209
|
+
(_, line), _, args, _ = val
|
1210
|
+
|
1211
|
+
result = new_yield(args).line line
|
1210
1212
|
}
|
1211
1213
|
| kYIELD tLPAREN2 rparen
|
1212
1214
|
{
|
1213
|
-
|
1215
|
+
(_, line), _, _ = val
|
1216
|
+
|
1217
|
+
result = new_yield.line line
|
1214
1218
|
}
|
1215
1219
|
| kYIELD
|
1216
1220
|
{
|
1217
|
-
|
1221
|
+
(_, line), = val
|
1222
|
+
|
1223
|
+
result = new_yield.line line
|
1218
1224
|
}
|
1219
1225
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1220
1226
|
{
|
@@ -5196,19 +5196,25 @@ def _reduce_306(val, _values, result)
|
|
5196
5196
|
end
|
5197
5197
|
|
5198
5198
|
def _reduce_307(val, _values, result)
|
5199
|
-
|
5199
|
+
(_, line), _, args, _ = val
|
5200
|
+
|
5201
|
+
result = new_yield(args).line line
|
5200
5202
|
|
5201
5203
|
result
|
5202
5204
|
end
|
5203
5205
|
|
5204
5206
|
def _reduce_308(val, _values, result)
|
5205
|
-
|
5207
|
+
(_, line), _, _ = val
|
5208
|
+
|
5209
|
+
result = new_yield.line line
|
5206
5210
|
|
5207
5211
|
result
|
5208
5212
|
end
|
5209
5213
|
|
5210
5214
|
def _reduce_309(val, _values, result)
|
5211
|
-
|
5215
|
+
(_, line), = val
|
5216
|
+
|
5217
|
+
result = new_yield.line line
|
5212
5218
|
|
5213
5219
|
result
|
5214
5220
|
end
|
@@ -1207,15 +1207,21 @@ rule
|
|
1207
1207
|
}
|
1208
1208
|
| kYIELD tLPAREN2 call_args rparen
|
1209
1209
|
{
|
1210
|
-
|
1210
|
+
(_, line), _, args, _ = val
|
1211
|
+
|
1212
|
+
result = new_yield(args).line line
|
1211
1213
|
}
|
1212
1214
|
| kYIELD tLPAREN2 rparen
|
1213
1215
|
{
|
1214
|
-
|
1216
|
+
(_, line), _, _ = val
|
1217
|
+
|
1218
|
+
result = new_yield.line line
|
1215
1219
|
}
|
1216
1220
|
| kYIELD
|
1217
1221
|
{
|
1218
|
-
|
1222
|
+
(_, line), = val
|
1223
|
+
|
1224
|
+
result = new_yield.line line
|
1219
1225
|
}
|
1220
1226
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1221
1227
|
{
|
@@ -5203,19 +5203,25 @@ def _reduce_306(val, _values, result)
|
|
5203
5203
|
end
|
5204
5204
|
|
5205
5205
|
def _reduce_307(val, _values, result)
|
5206
|
-
|
5206
|
+
(_, line), _, args, _ = val
|
5207
|
+
|
5208
|
+
result = new_yield(args).line line
|
5207
5209
|
|
5208
5210
|
result
|
5209
5211
|
end
|
5210
5212
|
|
5211
5213
|
def _reduce_308(val, _values, result)
|
5212
|
-
|
5214
|
+
(_, line), _, _ = val
|
5215
|
+
|
5216
|
+
result = new_yield.line line
|
5213
5217
|
|
5214
5218
|
result
|
5215
5219
|
end
|
5216
5220
|
|
5217
5221
|
def _reduce_309(val, _values, result)
|
5218
|
-
|
5222
|
+
(_, line), = val
|
5223
|
+
|
5224
|
+
result = new_yield.line line
|
5219
5225
|
|
5220
5226
|
result
|
5221
5227
|
end
|
@@ -1208,15 +1208,21 @@ rule
|
|
1208
1208
|
}
|
1209
1209
|
| kYIELD tLPAREN2 call_args rparen
|
1210
1210
|
{
|
1211
|
-
|
1211
|
+
(_, line), _, args, _ = val
|
1212
|
+
|
1213
|
+
result = new_yield(args).line line
|
1212
1214
|
}
|
1213
1215
|
| kYIELD tLPAREN2 rparen
|
1214
1216
|
{
|
1215
|
-
|
1217
|
+
(_, line), _, _ = val
|
1218
|
+
|
1219
|
+
result = new_yield.line line
|
1216
1220
|
}
|
1217
1221
|
| kYIELD
|
1218
1222
|
{
|
1219
|
-
|
1223
|
+
(_, line), = val
|
1224
|
+
|
1225
|
+
result = new_yield.line line
|
1220
1226
|
}
|
1221
1227
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1222
1228
|
{
|
@@ -5234,19 +5234,25 @@ def _reduce_307(val, _values, result)
|
|
5234
5234
|
end
|
5235
5235
|
|
5236
5236
|
def _reduce_308(val, _values, result)
|
5237
|
-
|
5237
|
+
(_, line), _, args, _ = val
|
5238
|
+
|
5239
|
+
result = new_yield(args).line line
|
5238
5240
|
|
5239
5241
|
result
|
5240
5242
|
end
|
5241
5243
|
|
5242
5244
|
def _reduce_309(val, _values, result)
|
5243
|
-
|
5245
|
+
(_, line), _, _ = val
|
5246
|
+
|
5247
|
+
result = new_yield.line line
|
5244
5248
|
|
5245
5249
|
result
|
5246
5250
|
end
|
5247
5251
|
|
5248
5252
|
def _reduce_310(val, _values, result)
|
5249
|
-
|
5253
|
+
(_, line), = val
|
5254
|
+
|
5255
|
+
result = new_yield.line line
|
5250
5256
|
|
5251
5257
|
result
|
5252
5258
|
end
|
@@ -1216,15 +1216,21 @@ rule
|
|
1216
1216
|
}
|
1217
1217
|
| kYIELD tLPAREN2 call_args rparen
|
1218
1218
|
{
|
1219
|
-
|
1219
|
+
(_, line), _, args, _ = val
|
1220
|
+
|
1221
|
+
result = new_yield(args).line line
|
1220
1222
|
}
|
1221
1223
|
| kYIELD tLPAREN2 rparen
|
1222
1224
|
{
|
1223
|
-
|
1225
|
+
(_, line), _, _ = val
|
1226
|
+
|
1227
|
+
result = new_yield.line line
|
1224
1228
|
}
|
1225
1229
|
| kYIELD
|
1226
1230
|
{
|
1227
|
-
|
1231
|
+
(_, line), = val
|
1232
|
+
|
1233
|
+
result = new_yield.line line
|
1228
1234
|
}
|
1229
1235
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1230
1236
|
{
|
@@ -5234,19 +5234,25 @@ def _reduce_307(val, _values, result)
|
|
5234
5234
|
end
|
5235
5235
|
|
5236
5236
|
def _reduce_308(val, _values, result)
|
5237
|
-
|
5237
|
+
(_, line), _, args, _ = val
|
5238
|
+
|
5239
|
+
result = new_yield(args).line line
|
5238
5240
|
|
5239
5241
|
result
|
5240
5242
|
end
|
5241
5243
|
|
5242
5244
|
def _reduce_309(val, _values, result)
|
5243
|
-
|
5245
|
+
(_, line), _, _ = val
|
5246
|
+
|
5247
|
+
result = new_yield.line line
|
5244
5248
|
|
5245
5249
|
result
|
5246
5250
|
end
|
5247
5251
|
|
5248
5252
|
def _reduce_310(val, _values, result)
|
5249
|
-
|
5253
|
+
(_, line), = val
|
5254
|
+
|
5255
|
+
result = new_yield.line line
|
5250
5256
|
|
5251
5257
|
result
|
5252
5258
|
end
|
@@ -1216,15 +1216,21 @@ rule
|
|
1216
1216
|
}
|
1217
1217
|
| kYIELD tLPAREN2 call_args rparen
|
1218
1218
|
{
|
1219
|
-
|
1219
|
+
(_, line), _, args, _ = val
|
1220
|
+
|
1221
|
+
result = new_yield(args).line line
|
1220
1222
|
}
|
1221
1223
|
| kYIELD tLPAREN2 rparen
|
1222
1224
|
{
|
1223
|
-
|
1225
|
+
(_, line), _, _ = val
|
1226
|
+
|
1227
|
+
result = new_yield.line line
|
1224
1228
|
}
|
1225
1229
|
| kYIELD
|
1226
1230
|
{
|
1227
|
-
|
1231
|
+
(_, line), = val
|
1232
|
+
|
1233
|
+
result = new_yield.line line
|
1228
1234
|
}
|
1229
1235
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1230
1236
|
{
|
@@ -5253,19 +5253,25 @@ def _reduce_309(val, _values, result)
|
|
5253
5253
|
end
|
5254
5254
|
|
5255
5255
|
def _reduce_310(val, _values, result)
|
5256
|
-
|
5256
|
+
(_, line), _, args, _ = val
|
5257
|
+
|
5258
|
+
result = new_yield(args).line line
|
5257
5259
|
|
5258
5260
|
result
|
5259
5261
|
end
|
5260
5262
|
|
5261
5263
|
def _reduce_311(val, _values, result)
|
5262
|
-
|
5264
|
+
(_, line), _, _ = val
|
5265
|
+
|
5266
|
+
result = new_yield.line line
|
5263
5267
|
|
5264
5268
|
result
|
5265
5269
|
end
|
5266
5270
|
|
5267
5271
|
def _reduce_312(val, _values, result)
|
5268
|
-
|
5272
|
+
(_, line), = val
|
5273
|
+
|
5274
|
+
result = new_yield.line line
|
5269
5275
|
|
5270
5276
|
result
|
5271
5277
|
end
|
@@ -1231,15 +1231,21 @@ rule
|
|
1231
1231
|
}
|
1232
1232
|
| kYIELD tLPAREN2 call_args rparen
|
1233
1233
|
{
|
1234
|
-
|
1234
|
+
(_, line), _, args, _ = val
|
1235
|
+
|
1236
|
+
result = new_yield(args).line line
|
1235
1237
|
}
|
1236
1238
|
| kYIELD tLPAREN2 rparen
|
1237
1239
|
{
|
1238
|
-
|
1240
|
+
(_, line), _, _ = val
|
1241
|
+
|
1242
|
+
result = new_yield.line line
|
1239
1243
|
}
|
1240
1244
|
| kYIELD
|
1241
1245
|
{
|
1242
|
-
|
1246
|
+
(_, line), = val
|
1247
|
+
|
1248
|
+
result = new_yield.line line
|
1243
1249
|
}
|
1244
1250
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1245
1251
|
{
|
@@ -5794,19 +5794,25 @@ def _reduce_316(val, _values, result)
|
|
5794
5794
|
end
|
5795
5795
|
|
5796
5796
|
def _reduce_317(val, _values, result)
|
5797
|
-
|
5797
|
+
(_, line), _, args, _ = val
|
5798
|
+
|
5799
|
+
result = new_yield(args).line line
|
5798
5800
|
|
5799
5801
|
result
|
5800
5802
|
end
|
5801
5803
|
|
5802
5804
|
def _reduce_318(val, _values, result)
|
5803
|
-
|
5805
|
+
(_, line), _, _ = val
|
5806
|
+
|
5807
|
+
result = new_yield.line line
|
5804
5808
|
|
5805
5809
|
result
|
5806
5810
|
end
|
5807
5811
|
|
5808
5812
|
def _reduce_319(val, _values, result)
|
5809
|
-
|
5813
|
+
(_, line), = val
|
5814
|
+
|
5815
|
+
result = new_yield.line line
|
5810
5816
|
|
5811
5817
|
result
|
5812
5818
|
end
|
@@ -1294,15 +1294,21 @@ rule
|
|
1294
1294
|
}
|
1295
1295
|
| kYIELD tLPAREN2 call_args rparen
|
1296
1296
|
{
|
1297
|
-
|
1297
|
+
(_, line), _, args, _ = val
|
1298
|
+
|
1299
|
+
result = new_yield(args).line line
|
1298
1300
|
}
|
1299
1301
|
| kYIELD tLPAREN2 rparen
|
1300
1302
|
{
|
1301
|
-
|
1303
|
+
(_, line), _, _ = val
|
1304
|
+
|
1305
|
+
result = new_yield.line line
|
1302
1306
|
}
|
1303
1307
|
| kYIELD
|
1304
1308
|
{
|
1305
|
-
|
1309
|
+
(_, line), = val
|
1310
|
+
|
1311
|
+
result = new_yield.line line
|
1306
1312
|
}
|
1307
1313
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1308
1314
|
{
|
@@ -3424,7 +3424,7 @@ racc_reduce_table = [
|
|
3424
3424
|
4, 277, :_reduce_658,
|
3425
3425
|
1, 277, :_reduce_659,
|
3426
3426
|
1, 235, :_reduce_none,
|
3427
|
-
1, 235, :
|
3427
|
+
1, 235, :_reduce_661,
|
3428
3428
|
3, 394, :_reduce_662,
|
3429
3429
|
5, 394, :_reduce_663,
|
3430
3430
|
3, 394, :_reduce_664,
|
@@ -6008,19 +6008,25 @@ def _reduce_326(val, _values, result)
|
|
6008
6008
|
end
|
6009
6009
|
|
6010
6010
|
def _reduce_327(val, _values, result)
|
6011
|
-
|
6011
|
+
(_, line), _, args, _ = val
|
6012
|
+
|
6013
|
+
result = new_yield(args).line line
|
6012
6014
|
|
6013
6015
|
result
|
6014
6016
|
end
|
6015
6017
|
|
6016
6018
|
def _reduce_328(val, _values, result)
|
6017
|
-
|
6019
|
+
(_, line), _, _ = val
|
6020
|
+
|
6021
|
+
result = new_yield.line line
|
6018
6022
|
|
6019
6023
|
result
|
6020
6024
|
end
|
6021
6025
|
|
6022
6026
|
def _reduce_329(val, _values, result)
|
6023
|
-
|
6027
|
+
(_, line), = val
|
6028
|
+
|
6029
|
+
result = new_yield.line line
|
6024
6030
|
|
6025
6031
|
result
|
6026
6032
|
end
|
@@ -8164,7 +8170,11 @@ end
|
|
8164
8170
|
|
8165
8171
|
# reduce 660 omitted
|
8166
8172
|
|
8167
|
-
|
8173
|
+
def _reduce_661(val, _values, result)
|
8174
|
+
result = end_args val
|
8175
|
+
|
8176
|
+
result
|
8177
|
+
end
|
8168
8178
|
|
8169
8179
|
def _reduce_662(val, _values, result)
|
8170
8180
|
result = end_args val
|
@@ -1392,15 +1392,21 @@ rule
|
|
1392
1392
|
}
|
1393
1393
|
| kYIELD tLPAREN2 call_args rparen
|
1394
1394
|
{
|
1395
|
-
|
1395
|
+
(_, line), _, args, _ = val
|
1396
|
+
|
1397
|
+
result = new_yield(args).line line
|
1396
1398
|
}
|
1397
1399
|
| kYIELD tLPAREN2 rparen
|
1398
1400
|
{
|
1399
|
-
|
1401
|
+
(_, line), _, _ = val
|
1402
|
+
|
1403
|
+
result = new_yield.line line
|
1400
1404
|
}
|
1401
1405
|
| kYIELD
|
1402
1406
|
{
|
1403
|
-
|
1407
|
+
(_, line), = val
|
1408
|
+
|
1409
|
+
result = new_yield.line line
|
1404
1410
|
}
|
1405
1411
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1406
1412
|
{
|
@@ -3035,6 +3041,9 @@ keyword_variable: kNIL { result = s(:nil).line lexer.lineno }
|
|
3035
3041
|
|
3036
3042
|
f_opt_paren_args: f_paren_args
|
3037
3043
|
| none
|
3044
|
+
{
|
3045
|
+
result = end_args val
|
3046
|
+
}
|
3038
3047
|
|
3039
3048
|
f_paren_args: tLPAREN2 f_args rparen
|
3040
3049
|
{
|
@@ -1396,15 +1396,21 @@ rule
|
|
1396
1396
|
}
|
1397
1397
|
| kYIELD tLPAREN2 call_args rparen
|
1398
1398
|
{
|
1399
|
-
|
1399
|
+
(_, line), _, args, _ = val
|
1400
|
+
|
1401
|
+
result = new_yield(args).line line
|
1400
1402
|
}
|
1401
1403
|
| kYIELD tLPAREN2 rparen
|
1402
1404
|
{
|
1403
|
-
|
1405
|
+
(_, line), _, _ = val
|
1406
|
+
|
1407
|
+
result = new_yield.line line
|
1404
1408
|
}
|
1405
1409
|
| kYIELD
|
1406
1410
|
{
|
1407
|
-
|
1411
|
+
(_, line), = val
|
1412
|
+
|
1413
|
+
result = new_yield.line line
|
1408
1414
|
}
|
1409
1415
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1410
1416
|
{
|
@@ -3039,6 +3045,9 @@ keyword_variable: kNIL { result = s(:nil).line lexer.lineno }
|
|
3039
3045
|
|
3040
3046
|
f_opt_paren_args: f_paren_args
|
3041
3047
|
| none
|
3048
|
+
{
|
3049
|
+
result = end_args val
|
3050
|
+
}
|
3042
3051
|
|
3043
3052
|
f_paren_args: tLPAREN2 f_args rparen
|
3044
3053
|
{
|
File without changes
|
File without changes
|
File without changes
|
data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.18.1}/lib/ruby_lexer_strings.rb
RENAMED
File without changes
|
File without changes
|
@@ -1362,15 +1362,21 @@ rule
|
|
1362
1362
|
}
|
1363
1363
|
| kYIELD tLPAREN2 call_args rparen
|
1364
1364
|
{
|
1365
|
-
|
1365
|
+
(_, line), _, args, _ = val
|
1366
|
+
|
1367
|
+
result = new_yield(args).line line
|
1366
1368
|
}
|
1367
1369
|
| kYIELD tLPAREN2 rparen
|
1368
1370
|
{
|
1369
|
-
|
1371
|
+
(_, line), _, _ = val
|
1372
|
+
|
1373
|
+
result = new_yield.line line
|
1370
1374
|
}
|
1371
1375
|
| kYIELD
|
1372
1376
|
{
|
1373
|
-
|
1377
|
+
(_, line), = val
|
1378
|
+
|
1379
|
+
result = new_yield.line line
|
1374
1380
|
}
|
1375
1381
|
| kDEFINED opt_nl tLPAREN2 expr rparen
|
1376
1382
|
{
|
File without changes
|
File without changes
|
@@ -513,4 +513,14 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
513
513
|
string_building? exp.target or
|
514
514
|
string_building? exp.first_arg
|
515
515
|
end
|
516
|
+
|
517
|
+
I18N_CLASS = s(:const, :I18n)
|
518
|
+
|
519
|
+
def locale_call? exp
|
520
|
+
return unless call? exp
|
521
|
+
|
522
|
+
(exp.target == I18N_CLASS and
|
523
|
+
exp.method == :locale) or
|
524
|
+
locale_call? exp.target
|
525
|
+
end
|
516
526
|
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require_relative 'eol_check'
|
2
|
+
|
3
|
+
class Brakeman::CheckEOLRails < Brakeman::EOLCheck
|
4
|
+
Brakeman::Checks.add self
|
5
|
+
|
6
|
+
@description = "Checks for unsupported versions of Rails"
|
7
|
+
|
8
|
+
def run_check
|
9
|
+
return unless tracker.config.rails_version
|
10
|
+
|
11
|
+
check_eol_version :rails, RAILS_EOL_DATES
|
12
|
+
end
|
13
|
+
|
14
|
+
RAILS_EOL_DATES = {
|
15
|
+
['2.0.0', '2.3.99'] => Date.new(2013, 6, 25),
|
16
|
+
['3.0.0', '3.2.99'] => Date.new(2016, 6, 30),
|
17
|
+
['4.0.0', '4.2.99'] => Date.new(2017, 4, 27),
|
18
|
+
['5.0.0', '5.0.99'] => Date.new(2018, 5, 9),
|
19
|
+
['5.1.0', '5.1.99'] => Date.new(2019, 8, 25),
|
20
|
+
['5.2.0', '5.2.99'] => Date.new(2022, 6, 1),
|
21
|
+
['6.0.0', '6.0.99'] => Date.new(2023, 6, 1),
|
22
|
+
}
|
23
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require_relative 'eol_check'
|
2
|
+
|
3
|
+
class Brakeman::CheckEOLRuby < Brakeman::EOLCheck
|
4
|
+
Brakeman::Checks.add self
|
5
|
+
|
6
|
+
@description = "Checks for unsupported versions of Ruby"
|
7
|
+
|
8
|
+
def run_check
|
9
|
+
return unless tracker.config.ruby_version
|
10
|
+
|
11
|
+
check_eol_version :ruby, RUBY_EOL_DATES
|
12
|
+
end
|
13
|
+
|
14
|
+
RUBY_EOL_DATES = {
|
15
|
+
['0.0.0', '1.9.3'] => Date.new(2015, 2, 23),
|
16
|
+
['2.0.0', '2.0.99'] => Date.new(2016, 2, 24),
|
17
|
+
['2.1.0', '2.1.99'] => Date.new(2017, 3, 31),
|
18
|
+
['2.2.0', '2.2.99'] => Date.new(2018, 3, 31),
|
19
|
+
['2.3.0', '2.3.99'] => Date.new(2019, 3, 31),
|
20
|
+
['2.4.0', '2.4.99'] => Date.new(2020, 3, 31),
|
21
|
+
['2.5.0', '2.5.99'] => Date.new(2021, 3, 31),
|
22
|
+
['2.6.0', '2.6.99'] => Date.new(2022, 3, 31),
|
23
|
+
['2.7.0', '2.7.99'] => Date.new(2023, 3, 31),
|
24
|
+
['3.0.0', '2.8.99'] => Date.new(2024, 3, 31),
|
25
|
+
}
|
26
|
+
end
|
@@ -584,7 +584,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
584
584
|
end
|
585
585
|
|
586
586
|
IGNORE_METHODS_IN_SQL = Set[:id, :merge_conditions, :table_name, :quoted_table_name,
|
587
|
-
:quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array,
|
587
|
+
:quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array,
|
588
588
|
:sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
|
589
589
|
:sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
|
590
590
|
:to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,
|
@@ -628,7 +628,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
628
628
|
arel? exp or
|
629
629
|
exp.method.to_s.end_with? "_id" or
|
630
630
|
number_target? exp or
|
631
|
-
date_target? exp
|
631
|
+
date_target? exp or
|
632
|
+
locale_call? exp
|
632
633
|
end
|
633
634
|
|
634
635
|
QUOTE_METHODS = [:quote, :quote_column_name, :quoted_date, :quote_string, :quote_table_name]
|
@@ -9,7 +9,7 @@ class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
|
|
9
9
|
|
10
10
|
def run_check
|
11
11
|
return if rails_version and rails_version >= "5.0.0"
|
12
|
-
return if tracker.config.ruby_version >= "2.2"
|
12
|
+
return if tracker.config.ruby_version and tracker.config.ruby_version >= "2.2"
|
13
13
|
|
14
14
|
tracker.find_call(:methods => UNSAFE_METHODS, :nested => true).each do |result|
|
15
15
|
check_unsafe_symbol_creation(result)
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'date'
|
2
|
+
require 'brakeman/checks/base_check'
|
3
|
+
|
4
|
+
# Not used directly - base check for EOLRails and EOLRuby
|
5
|
+
class Brakeman::EOLCheck < Brakeman::BaseCheck
|
6
|
+
def check_eol_version library, eol_dates
|
7
|
+
version = case library
|
8
|
+
when :rails
|
9
|
+
tracker.config.rails_version
|
10
|
+
when :ruby
|
11
|
+
tracker.config.ruby_version
|
12
|
+
else
|
13
|
+
raise 'Implement using tracker.config.gem_version'
|
14
|
+
end
|
15
|
+
|
16
|
+
eol_dates.each do |(start_version, end_version), eol_date|
|
17
|
+
if version_between? start_version, end_version, version
|
18
|
+
case
|
19
|
+
when Date.today >= eol_date
|
20
|
+
warn_about_unsupported_version library, eol_date, version
|
21
|
+
when (Date.today + 30) >= eol_date
|
22
|
+
warn_about_soon_unsupported_version library, eol_date, version, :medium
|
23
|
+
when (Date.today + 60) >= eol_date
|
24
|
+
warn_about_soon_unsupported_version library, eol_date, version, :low
|
25
|
+
end
|
26
|
+
|
27
|
+
break
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def warn_about_soon_unsupported_version library, eol_date, version, confidence
|
33
|
+
warn warning_type: 'Unmaintained Dependency',
|
34
|
+
warning_code: :"pending_eol_#{library}",
|
35
|
+
message: msg("Support for ", msg_version(version, library.capitalize), " ends on #{eol_date}"),
|
36
|
+
confidence: confidence,
|
37
|
+
gem_info: gemfile_or_environment
|
38
|
+
end
|
39
|
+
|
40
|
+
def warn_about_unsupported_version library, eol_date, version
|
41
|
+
warn warning_type: 'Unmaintained Dependency',
|
42
|
+
warning_code: :"eol_#{library}",
|
43
|
+
message: msg("Support for ", msg_version(version, library.capitalize), " ended on #{eol_date}"),
|
44
|
+
confidence: :high,
|
45
|
+
gem_info: gemfile_or_environment
|
46
|
+
end
|
47
|
+
end
|
data/lib/brakeman/options.rb
CHANGED
@@ -93,6 +93,14 @@ module Brakeman::Options
|
|
93
93
|
options[:rails6] = true
|
94
94
|
end
|
95
95
|
|
96
|
+
opts.on "-7", "--rails7", "Force Rails 7 mode" do
|
97
|
+
options[:rails3] = true
|
98
|
+
options[:rails4] = true
|
99
|
+
options[:rails5] = true
|
100
|
+
options[:rails6] = true
|
101
|
+
options[:rails7] = true
|
102
|
+
end
|
103
|
+
|
96
104
|
opts.separator ""
|
97
105
|
opts.separator "Scanning options:"
|
98
106
|
|
@@ -6,6 +6,7 @@ class Brakeman::GemProcessor < Brakeman::BasicProcessor
|
|
6
6
|
def initialize *args
|
7
7
|
super
|
8
8
|
@gem_name_version = /^\s*([-_+.A-Za-z0-9]+) \((\w(\.\w+)*)\)/
|
9
|
+
@ruby_version = /^\s+ruby (\d\.\d.\d+)/
|
9
10
|
end
|
10
11
|
|
11
12
|
def process_gems gem_files
|
@@ -95,6 +96,8 @@ class Brakeman::GemProcessor < Brakeman::BasicProcessor
|
|
95
96
|
def set_gem_version_and_file line, file, line_num
|
96
97
|
if line =~ @gem_name_version
|
97
98
|
@tracker.config.add_gem $1, $2, file, line_num
|
99
|
+
elsif line =~ @ruby_version
|
100
|
+
@tracker.config.set_ruby_version $1
|
98
101
|
end
|
99
102
|
end
|
100
103
|
end
|
@@ -78,6 +78,8 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BasicProcessor
|
|
78
78
|
|
79
79
|
#TODO: Need test for this
|
80
80
|
def process_root exp
|
81
|
+
return exp unless hash? exp.first_arg
|
82
|
+
|
81
83
|
if value = hash_access(exp.first_arg, :to)
|
82
84
|
if string? value
|
83
85
|
add_route_from_string value
|
data/lib/brakeman/scanner.rb
CHANGED
@@ -137,7 +137,9 @@ class Brakeman::Scanner
|
|
137
137
|
end
|
138
138
|
|
139
139
|
if @app_tree.exists? ".ruby-version"
|
140
|
-
|
140
|
+
if version = @app_tree.file_path(".ruby-version").read[/(\d\.\d.\d+)/]
|
141
|
+
tracker.config.set_ruby_version version
|
142
|
+
end
|
141
143
|
end
|
142
144
|
|
143
145
|
tracker.config.load_rails_defaults
|
@@ -14,7 +14,7 @@ module Brakeman
|
|
14
14
|
@settings = {}
|
15
15
|
@escape_html = nil
|
16
16
|
@erubis = nil
|
17
|
-
@ruby_version =
|
17
|
+
@ruby_version = nil
|
18
18
|
@rails_version = nil
|
19
19
|
end
|
20
20
|
|
@@ -106,6 +106,13 @@ module Brakeman
|
|
106
106
|
tracker.options[:rails5] = true
|
107
107
|
tracker.options[:rails6] = true
|
108
108
|
Brakeman.notify "[Notice] Detected Rails 6 application"
|
109
|
+
elsif @rails_version.start_with? "7"
|
110
|
+
tracker.options[:rails3] = true
|
111
|
+
tracker.options[:rails4] = true
|
112
|
+
tracker.options[:rails5] = true
|
113
|
+
tracker.options[:rails6] = true
|
114
|
+
tracker.options[:rails7] = true
|
115
|
+
Brakeman.notify "[Notice] Detected Rails 7 application"
|
109
116
|
end
|
110
117
|
end
|
111
118
|
end
|
data/lib/brakeman/version.rb
CHANGED
@@ -121,6 +121,10 @@ module Brakeman::WarningCodes
|
|
121
121
|
:erb_template_injection => 117,
|
122
122
|
:http_verb_confusion => 118,
|
123
123
|
:unsafe_method_reflection => 119,
|
124
|
+
:eol_rails => 120,
|
125
|
+
:eol_ruby => 121,
|
126
|
+
:pending_eol_rails => 122,
|
127
|
+
:pending_eol_ruby => 123,
|
124
128
|
|
125
129
|
:custom_check => 9090,
|
126
130
|
}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.1
|
4
|
+
version: 5.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-30 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
14
14
|
via static analysis.
|
@@ -193,42 +193,42 @@ files:
|
|
193
193
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
|
194
194
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
|
195
195
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb
|
196
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
197
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
198
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
199
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
200
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
201
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
202
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
203
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
204
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
205
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
206
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
207
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
208
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
209
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
210
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
211
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
212
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
213
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
214
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
215
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
216
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
217
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
218
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
219
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
220
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
221
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
222
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
223
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
224
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
225
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
226
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
227
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
228
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
229
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
230
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
231
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.
|
196
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/History.rdoc
|
197
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/Manifest.txt
|
198
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/README.rdoc
|
199
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/compare/normalize.rb
|
200
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/debugging.md
|
201
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/gauntlet.md
|
202
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_extensions.rb
|
203
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_stringscanner.rb
|
204
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb
|
205
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.y
|
206
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb
|
207
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.y
|
208
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb
|
209
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.y
|
210
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb
|
211
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.y
|
212
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb
|
213
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.y
|
214
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb
|
215
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.y
|
216
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb
|
217
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.y
|
218
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb
|
219
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.y
|
220
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb
|
221
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.y
|
222
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy
|
223
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rb
|
224
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rex
|
225
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rex.rb
|
226
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer_strings.rb
|
227
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.rb
|
228
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.yy
|
229
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser_extras.rb
|
230
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/munge.rb
|
231
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/ripper.rb
|
232
232
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/History.rdoc
|
233
233
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt
|
234
234
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/README.rdoc
|
@@ -452,6 +452,8 @@ files:
|
|
452
452
|
- lib/brakeman/checks/check_digest_dos.rb
|
453
453
|
- lib/brakeman/checks/check_divide_by_zero.rb
|
454
454
|
- lib/brakeman/checks/check_dynamic_finders.rb
|
455
|
+
- lib/brakeman/checks/check_eol_rails.rb
|
456
|
+
- lib/brakeman/checks/check_eol_ruby.rb
|
455
457
|
- lib/brakeman/checks/check_escape_function.rb
|
456
458
|
- lib/brakeman/checks/check_evaluation.rb
|
457
459
|
- lib/brakeman/checks/check_execute.rb
|
@@ -518,6 +520,7 @@ files:
|
|
518
520
|
- lib/brakeman/checks/check_without_protection.rb
|
519
521
|
- lib/brakeman/checks/check_xml_dos.rb
|
520
522
|
- lib/brakeman/checks/check_yaml_parsing.rb
|
523
|
+
- lib/brakeman/checks/eol_check.rb
|
521
524
|
- lib/brakeman/codeclimate/engine_configuration.rb
|
522
525
|
- lib/brakeman/commandline.rb
|
523
526
|
- lib/brakeman/differ.rb
|
@@ -633,7 +636,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
633
636
|
requirements:
|
634
637
|
- - ">="
|
635
638
|
- !ruby/object:Gem::Version
|
636
|
-
version: 2.
|
639
|
+
version: 2.5.0
|
637
640
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
638
641
|
requirements:
|
639
642
|
- - ">="
|