brakeman 5.1.2 → 5.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (71) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +21 -0
  3. data/bundle/load.rb +2 -2
  4. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/MIT-LICENSE.txt +0 -0
  5. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel/processor_count.rb +2 -3
  6. data/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb +4 -0
  7. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel.rb +84 -4
  8. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/History.rdoc +40 -0
  9. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/Manifest.txt +2 -0
  10. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/README.rdoc +8 -6
  11. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/compare/normalize.rb +0 -0
  12. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/debugging.md +0 -0
  13. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/gauntlet.md +19 -18
  14. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/rp_extensions.rb +0 -0
  15. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/rp_stringscanner.rb +0 -0
  16. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.rb +10973 -0
  17. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby20_parser.y +23 -30
  18. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.rb +10980 -0
  19. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby21_parser.y +23 -30
  20. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.rb +11123 -0
  21. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby22_parser.y +23 -30
  22. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.rb +11132 -0
  23. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby23_parser.y +23 -30
  24. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.rb +11231 -0
  25. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby24_parser.y +23 -30
  26. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.rb +11231 -0
  27. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby25_parser.y +23 -30
  28. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.rb +11253 -0
  29. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby26_parser.y +23 -30
  30. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.rb +12980 -0
  31. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby27_parser.y +28 -44
  32. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.rb +13242 -0
  33. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby30_parser.y +77 -93
  34. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.rb +13622 -0
  35. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0/lib/ruby3_parser.yy → ruby_parser-3.19.1/lib/ruby31_parser.y} +121 -107
  36. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby3_parser.yy +3536 -0
  37. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_lexer.rb +0 -0
  38. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_lexer.rex +0 -0
  39. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_lexer.rex.rb +0 -0
  40. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_lexer_strings.rb +0 -0
  41. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_parser.rb +2 -0
  42. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_parser.yy +28 -44
  43. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby_parser_extras.rb +55 -2
  44. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/tools/munge.rb +0 -0
  45. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/tools/ripper.rb +0 -0
  46. data/lib/brakeman/checks/base_check.rb +10 -0
  47. data/lib/brakeman/checks/check_eol_rails.rb +23 -0
  48. data/lib/brakeman/checks/check_eol_ruby.rb +26 -0
  49. data/lib/brakeman/checks/check_sql.rb +6 -4
  50. data/lib/brakeman/checks/check_symbol_dos.rb +1 -1
  51. data/lib/brakeman/checks/check_unsafe_reflection.rb +7 -2
  52. data/lib/brakeman/checks/eol_check.rb +47 -0
  53. data/lib/brakeman/options.rb +8 -0
  54. data/lib/brakeman/processors/alias_processor.rb +17 -1
  55. data/lib/brakeman/processors/gem_processor.rb +3 -0
  56. data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -0
  57. data/lib/brakeman/scanner.rb +3 -1
  58. data/lib/brakeman/tracker/config.rb +8 -1
  59. data/lib/brakeman/version.rb +1 -1
  60. data/lib/brakeman/warning_codes.rb +4 -0
  61. metadata +48 -43
  62. data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +0 -4
  63. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby20_parser.rb +0 -7122
  64. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby21_parser.rb +0 -7176
  65. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby22_parser.rb +0 -7222
  66. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby23_parser.rb +0 -7231
  67. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby24_parser.rb +0 -7262
  68. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby25_parser.rb +0 -7262
  69. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby26_parser.rb +0 -7281
  70. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby27_parser.rb +0 -8511
  71. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.0/lib/ruby30_parser.rb +0 -8741
data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.0 → ruby_parser-3.19.1}/lib/ruby20_parser.y RENAMED
@@ -682,8 +682,7 @@ rule
682
682
 
683
683
  cpath: tCOLON3 cname
684
684
  {
685
- _, (name, line) = val
686
- result = s(:colon3, name.to_sym).line line
685
+ result = wrap :colon3, val[1]
687
686
  }
688
687
  | cname
689
688
  {
@@ -708,9 +707,7 @@ rule
708
707
 
709
708
  fitem: fname
710
709
  {
711
- (id, line), = val
712
-
713
- result = s(:lit, id.to_sym).line line
710
+ result = wrap :lit, val[0]
714
711
  }
715
712
  | symbol
716
713
 
@@ -779,9 +776,9 @@ rule
779
776
  }
780
777
  | tCOLON3 tCONSTANT tOP_ASGN arg_rhs
781
778
  {
782
- _, (lhs, line), op, rhs = val
779
+ _, lhs, op, rhs = val
783
780
 
784
- lhs = s(:colon3, lhs.to_sym).line line
781
+ lhs = wrap :colon3, lhs
785
782
  result = new_const_op_asgn [lhs, op, rhs]
786
783
  }
787
784
  | backref tOP_ASGN arg_rhs
@@ -1182,9 +1179,7 @@ rule
1182
1179
  }
1183
1180
  | tCOLON3 tCONSTANT
1184
1181
  {
1185
- _, (id, line) = val
1186
-
1187
- result = s(:colon3, id.to_sym).line line
1182
+ result = wrap :colon3, val[1]
1188
1183
  }
1189
1184
  | tLBRACK { result = lexer.lineno } aref_args tRBRACK
1190
1185
  {
@@ -1208,15 +1203,21 @@ rule
1208
1203
  }
1209
1204
  | kYIELD tLPAREN2 call_args rparen
1210
1205
  {
1211
- result = new_yield val[2]
1206
+ (_, line), _, args, _ = val
1207
+
1208
+ result = new_yield(args).line line
1212
1209
  }
1213
1210
  | kYIELD tLPAREN2 rparen
1214
1211
  {
1215
- result = new_yield
1212
+ (_, line), _, _ = val
1213
+
1214
+ result = new_yield.line line
1216
1215
  }
1217
1216
  | kYIELD
1218
1217
  {
1219
- result = new_yield
1218
+ (_, line), = val
1219
+
1220
+ result = new_yield.line line
1220
1221
  }
1221
1222
  | kDEFINED opt_nl tLPAREN2 expr rparen
1222
1223
  {
@@ -1672,8 +1673,7 @@ opt_block_args_tail: tCOMMA block_args_tail
1672
1673
 
1673
1674
  bvar: tIDENTIFIER
1674
1675
  {
1675
- (id, line), = val
1676
- result = s(:shadow, id.to_sym).line line
1676
+ result = wrap :shadow, val[0]
1677
1677
  }
1678
1678
  | f_bad_arg
1679
1679
 
@@ -2188,18 +2188,15 @@ regexp_contents: none
2188
2188
 
2189
2189
  string_dvar: tGVAR
2190
2190
  {
2191
- (id, line), = val
2192
- result = s(:gvar, id.to_sym).line line
2191
+ result = wrap :gvar, val[0]
2193
2192
  }
2194
2193
  | tIVAR
2195
2194
  {
2196
- (id, line), = val
2197
- result = s(:ivar, id.to_sym).line line
2195
+ result = wrap :ivar, val[0]
2198
2196
  }
2199
2197
  | tCVAR
2200
2198
  {
2201
- (id, line), = val
2202
- result = s(:cvar, id.to_sym).line line
2199
+ result = wrap :cvar, val[0]
2203
2200
  }
2204
2201
  | backref
2205
2202
 
@@ -2208,17 +2205,13 @@ regexp_contents: none
2208
2205
 
2209
2206
  ssym: tSYMBEG sym
2210
2207
  {
2211
- _, (id, line) = val
2212
-
2213
2208
  lexer.lex_state = EXPR_END
2214
- result = s(:lit, id.to_sym).line line
2209
+ result = wrap :lit, val[1]
2215
2210
  }
2216
2211
  | tSYMBOL
2217
2212
  {
2218
- (id, line), = val
2219
-
2220
2213
  lexer.lex_state = EXPR_END
2221
- result = s(:lit, id.to_sym).line line
2214
+ result = wrap :lit, val[0]
2222
2215
  }
2223
2216
 
2224
2217
  sym: fname | tIVAR | tGVAR | tCVAR
@@ -2641,10 +2634,10 @@ keyword_variable: kNIL { result = s(:nil).line lexer.lineno }
2641
2634
  }
2642
2635
  | tLABEL arg_value
2643
2636
  {
2644
- (label, line), arg = val
2637
+ label, arg = val
2645
2638
 
2646
- lit = s(:lit, label.to_sym).line line
2647
- result = s(:array, lit, arg).line line
2639
+ lit = wrap :lit, label
2640
+ result = s(:array, lit, arg).line lit.line
2648
2641
  }
2649
2642
  | tDSTAR arg_value
2650
2643
  {