brakeman 5.1.2 → 5.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (71) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +21 -0
  3. data/bundle/load.rb +2 -2
  4. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/MIT-LICENSE.txt +0 -0
  5. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel/processor_count.rb +2 -3
  6. data/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb +4 -0
  7. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel.rb +84 -4
  8. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/History.rdoc +40 -0
  9. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/Manifest.txt +2 -0
  10. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/README.rdoc +8 -6
  11. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/compare/normalize.rb +0 -0
  12. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/debugging.md +0 -0
  13. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/gauntlet.md +19 -18
  14. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/rp_extensions.rb +0 -0
  15. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/rp_stringscanner.rb +0 -0
  16. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.rb +10973 -0
  17. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby20_parser.y +23 -30
  18. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.rb +10980 -0
  19. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby21_parser.y +23 -30
  20. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.rb +11123 -0
  21. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby22_parser.y +23 -30
  22. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.rb +11132 -0
  23. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby23_parser.y +23 -30
  24. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.rb +11231 -0
  25. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby24_parser.y +23 -30
  26. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.rb +11231 -0
  27. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby25_parser.y +23 -30
  28. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.rb +11253 -0
  29. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby26_parser.y +23 -30
  30. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.rb +12980 -0
  31. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby27_parser.y +28 -44
  32. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.rb +13242 -0
  33. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby30_parser.y +77 -93
  34. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.rb +13622 -0
  35. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0/lib/ruby3_parser.yy → ruby_parser-3.19.1/lib/ruby31_parser.y} +121 -107
  36. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby3_parser.yy +3536 -0
  37. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_lexer.rb +0 -0
  38. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_lexer.rex +0 -0
  39. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_lexer.rex.rb +0 -0
  40. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_lexer_strings.rb +0 -0
  41. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_parser.rb +2 -0
  42. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_parser.yy +28 -44
  43. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_parser_extras.rb +55 -2
  44. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/tools/munge.rb +0 -0
  45. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/tools/ripper.rb +0 -0
  46. data/lib/brakeman/checks/base_check.rb +10 -0
  47. data/lib/brakeman/checks/check_eol_rails.rb +23 -0
  48. data/lib/brakeman/checks/check_eol_ruby.rb +26 -0
  49. data/lib/brakeman/checks/check_sql.rb +6 -4
  50. data/lib/brakeman/checks/check_symbol_dos.rb +1 -1
  51. data/lib/brakeman/checks/check_unsafe_reflection.rb +7 -2
  52. data/lib/brakeman/checks/eol_check.rb +47 -0
  53. data/lib/brakeman/options.rb +8 -0
  54. data/lib/brakeman/processors/alias_processor.rb +17 -1
  55. data/lib/brakeman/processors/gem_processor.rb +3 -0
  56. data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -0
  57. data/lib/brakeman/scanner.rb +3 -1
  58. data/lib/brakeman/tracker/config.rb +8 -1
  59. data/lib/brakeman/version.rb +1 -1
  60. data/lib/brakeman/warning_codes.rb +4 -0
  61. metadata +48 -43
  62. data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +0 -4
  63. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby20_parser.rb +0 -7122
  64. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby21_parser.rb +0 -7176
  65. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby22_parser.rb +0 -7222
  66. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby23_parser.rb +0 -7231
  67. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby24_parser.rb +0 -7262
  68. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby25_parser.rb +0 -7262
  69. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby26_parser.rb +0 -7281
  70. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby27_parser.rb +0 -8511
  71. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby30_parser.rb +0 -8741
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.1.2
4
+ version: 5.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-10-28 00:00:00.000000000 Z
11
+ date: 2022-04-06 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Brakeman detects security vulnerabilities in Ruby on Rails applications
14
14
  via static analysis.
@@ -132,10 +132,10 @@ files:
132
132
  - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb
133
133
  - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/version.rb
134
134
  - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb
135
- - bundle/ruby/2.7.0/gems/parallel-1.21.0/MIT-LICENSE.txt
136
- - bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel.rb
137
- - bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/processor_count.rb
138
- - bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb
135
+ - bundle/ruby/2.7.0/gems/parallel-1.22.1/MIT-LICENSE.txt
136
+ - bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel.rb
137
+ - bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/processor_count.rb
138
+ - bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb
139
139
  - bundle/ruby/2.7.0/gems/rexml-3.2.5/LICENSE.txt
140
140
  - bundle/ruby/2.7.0/gems/rexml-3.2.5/NEWS.md
141
141
  - bundle/ruby/2.7.0/gems/rexml-3.2.5/README.md
@@ -193,42 +193,44 @@ files:
193
193
  - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
194
194
  - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
195
195
  - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb
196
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/History.rdoc
197
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/Manifest.txt
198
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/README.rdoc
199
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/compare/normalize.rb
200
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/debugging.md
201
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/gauntlet.md
202
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/rp_extensions.rb
203
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/rp_stringscanner.rb
204
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby20_parser.rb
205
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby20_parser.y
206
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby21_parser.rb
207
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby21_parser.y
208
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby22_parser.rb
209
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby22_parser.y
210
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby23_parser.rb
211
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby23_parser.y
212
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby24_parser.rb
213
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby24_parser.y
214
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby25_parser.rb
215
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby25_parser.y
216
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby26_parser.rb
217
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby26_parser.y
218
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby27_parser.rb
219
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby27_parser.y
220
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby30_parser.rb
221
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby30_parser.y
222
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby3_parser.yy
223
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby_lexer.rb
224
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby_lexer.rex
225
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby_lexer.rex.rb
226
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby_lexer_strings.rb
227
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby_parser.rb
228
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby_parser.yy
229
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby_parser_extras.rb
230
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/tools/munge.rb
231
- - bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/tools/ripper.rb
196
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/History.rdoc
197
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/Manifest.txt
198
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/README.rdoc
199
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/compare/normalize.rb
200
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/debugging.md
201
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/gauntlet.md
202
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/rp_extensions.rb
203
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/rp_stringscanner.rb
204
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.rb
205
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.y
206
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.rb
207
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.y
208
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.rb
209
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.y
210
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.rb
211
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.y
212
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.rb
213
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.y
214
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.rb
215
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.y
216
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.rb
217
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.y
218
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.rb
219
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.y
220
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.rb
221
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.y
222
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.rb
223
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.y
224
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby3_parser.yy
225
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rb
226
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rex
227
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rex.rb
228
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer_strings.rb
229
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser.rb
230
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser.yy
231
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser_extras.rb
232
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/tools/munge.rb
233
+ - bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/tools/ripper.rb
232
234
  - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/History.rdoc
233
235
  - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt
234
236
  - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/README.rdoc
@@ -452,6 +454,8 @@ files:
452
454
  - lib/brakeman/checks/check_digest_dos.rb
453
455
  - lib/brakeman/checks/check_divide_by_zero.rb
454
456
  - lib/brakeman/checks/check_dynamic_finders.rb
457
+ - lib/brakeman/checks/check_eol_rails.rb
458
+ - lib/brakeman/checks/check_eol_ruby.rb
455
459
  - lib/brakeman/checks/check_escape_function.rb
456
460
  - lib/brakeman/checks/check_evaluation.rb
457
461
  - lib/brakeman/checks/check_execute.rb
@@ -518,6 +522,7 @@ files:
518
522
  - lib/brakeman/checks/check_without_protection.rb
519
523
  - lib/brakeman/checks/check_xml_dos.rb
520
524
  - lib/brakeman/checks/check_yaml_parsing.rb
525
+ - lib/brakeman/checks/eol_check.rb
521
526
  - lib/brakeman/codeclimate/engine_configuration.rb
522
527
  - lib/brakeman/commandline.rb
523
528
  - lib/brakeman/differ.rb
@@ -633,7 +638,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
633
638
  requirements:
634
639
  - - ">="
635
640
  - !ruby/object:Gem::Version
636
- version: 2.4.0
641
+ version: 2.5.0
637
642
  required_rubygems_version: !ruby/object:Gem::Requirement
638
643
  requirements:
639
644
  - - ">="
data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb DELETED
@@ -1,4 +0,0 @@
1
- # frozen_string_literal: true
2
- module Parallel
3
- VERSION = Version = '1.21.0' # rubocop:disable Naming/ConstantName
4
- end