brakeman 5.2.0 → 5.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6cb338d80c6615c14b65edf49dd428ad57bb033e71366a2f1cc599253d28fb11
-  data.tar.gz: f310c08560f4e5dd9d55983ba41e8ad64ac5cce07a805415ddd51658069c8fb9
+  metadata.gz: 2ae08a71e19d6c694a9e567fda5793a56ab174d106f44b178f7e9f69c3057814
+  data.tar.gz: fd24750e512d528b3fd9cecb344f4788a58e1aa8ffd6b28ff7c88bc7f034a3e8
 SHA512:
-  metadata.gz: d79a9b1253b5bce89082ea81ed8ece812299c7df06a68248cb2e03866e32a57d685615e0b9f5f5ed36250f70d1f64705eced85dab9c4497dd529aa6416055755
-  data.tar.gz: 89279ff60b5a728a10017c905cbc43da143eb78064d4531b913bcb545d566ffdcfad6744e718eb1ac082cec4333ea7a0b2bdf29c39b77cae236fabf9cdeb8cca
+  metadata.gz: e0e2d7fde5907d8158b21803876b0dd77e659ce8cae42c25e23021b46bd2c9d8c5d0dd13edff64f7fd721a8d1bca92af4a9fbbf2505e47c791557a3316c0f3d2
+  data.tar.gz: 38f894b42f893a6ce45db047f2d21c1529b63de0dd19e00a69475a72cbb4c2d9738f0f25edc60460d61607182d5a5c01ccbb77a6ae6eeae69ec4e88f9345a2e1

data/CHANGES.md

@@ -1,3 +1,20 @@
+# 5.2.3 - 2022-05-01
+
+* Fix error with hash shorthand syntax
+* Match order of interactive options with help message (Rory O'Kane)
+
+# 5.2.2 - 2022-04-06
+
+* Update `ruby_parser` for Ruby 3.1 support (Merek Skubela)
+* Handle `nil` when joining values (Dan Buettner)
+* Update message for unsafe reflection (Pedro Baracho)
+* Add additional String methods for SQL injection check
+* Respect equality in `if` conditions
+
+# 5.2.1 - 2022-01-30
+
+* Add warning codes for EOL software warnings
+
 # 5.2.0 - 2021-12-15
 
 * Initial Rails 7 support

data/bundle/load.rb

@@ -1,7 +1,6 @@
 path = File.expand_path('../..', __FILE__)
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib"
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/slim-4.1.0/lib"
@@ -9,7 +8,8 @@ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/highline-2.0.3/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib"
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib"
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib"

data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel/processor_count.rb

@@ -1,11 +1,10 @@
 # frozen_string_literal: true
-require 'etc'
-
 module Parallel
   # TODO: inline this method into parallel.rb and kill physical_processor_count in next major release
   module ProcessorCount
     # Number of processors seen by the OS, used for process scheduling
     def processor_count
+      require 'etc'
       @processor_count ||= Integer(ENV['PARALLEL_PROCESSOR_COUNT'] || Etc.nprocessors)
     end
 
@@ -19,7 +18,7 @@ module Parallel
           when /linux/
             cores = {} # unique physical ID / core ID combinations
             phy = 0
-            IO.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
+            File.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
               if ln.start_with?("physical")
                 phy = ln[/\d+/]
               elsif ln.start_with?("core")

data/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+module Parallel
+  VERSION = Version = '1.22.1' # rubocop:disable Naming/ConstantName
+end

data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel.rb

@@ -264,6 +264,9 @@ module Parallel
       elsif options[:in_threads]
         method = :in_threads
         size = options[method]
+      elsif options[:in_ractors]
+        method = :in_ractors
+        size = options[method]
       else
         method = :in_processes
         if Process.respond_to?(:fork)
@@ -285,6 +288,8 @@ module Parallel
           work_direct(job_factory, options, &block)
         elsif method == :in_threads
           work_in_threads(job_factory, options.merge(count: size), &block)
+        elsif method == :in_ractors
+          work_in_ractors(job_factory, options.merge(count: size), &block)
         else
           work_in_processes(job_factory, options.merge(count: size), &block)
         end
@@ -382,6 +387,72 @@ module Parallel
       exception || results
     end
 
+    def work_in_ractors(job_factory, options)
+      exception = nil
+      results = []
+      results_mutex = Mutex.new # arrays are not thread-safe on jRuby
+
+      callback = options[:ractor]
+      if block_given? || !callback
+        raise ArgumentError, "pass the code you want to execute as `ractor: [ClassName, :method_name]`"
+      end
+
+      # build
+      ractors = Array.new(options.fetch(:count)) do
+        Ractor.new do
+          loop do
+            got = receive
+            (klass, method_name), item, index = got
+            break if index == :break
+            begin
+              Ractor.yield [nil, klass.send(method_name, item), item, index]
+            rescue StandardError => e
+              Ractor.yield [e, nil, item, index]
+            end
+          end
+        end
+      end
+
+      # start
+      ractors.dup.each do |ractor|
+        if set = job_factory.next
+          item, index = set
+          instrument_start item, index, options
+          ractor.send [callback, item, index]
+        else
+          ractor.send([[nil, nil], nil, :break]) # stop the ractor
+          ractors.delete ractor
+        end
+      end
+
+      # replace with new items
+      while set = job_factory.next
+        item_next, index_next = set
+        done, (exception, result, item, index) = Ractor.select(*ractors)
+        if exception
+          ractors.delete done
+          break
+        end
+        instrument_finish item, index, result, options
+        results_mutex.synchronize { results[index] = (options[:preserve_results] == false ? nil : result) }
+
+        instrument_start item_next, index_next, options
+        done.send([callback, item_next, index_next])
+      end
+
+      # finish
+      ractors.each do |ractor|
+        (new_exception, result, item, index) = ractor.take
+        exception ||= new_exception
+        next if new_exception
+        instrument_finish item, index, result, options
+        results_mutex.synchronize { results[index] = (options[:preserve_results] == false ? nil : result) }
+        ractor.send([[nil, nil], nil, :break]) # stop the ractor
+      end
+
+      exception || results
+    end
+
     def work_in_processes(job_factory, options, &blk)
       workers = create_workers(job_factory, options, &blk)
       results = []
@@ -426,6 +497,7 @@ module Parallel
           end
         end
       end
+
       exception || results
     end
 
@@ -521,12 +593,20 @@ module Parallel
     end
 
     def with_instrumentation(item, index, options)
-      on_start = options[:start]
-      on_finish = options[:finish]
-      options[:mutex].synchronize { on_start.call(item, index) } if on_start
+      instrument_start(item, index, options)
       result = yield
-      options[:mutex].synchronize { on_finish.call(item, index, result) } if on_finish
+      instrument_finish(item, index, result, options)
       result unless options[:preserve_results] == false
     end
+
+    def instrument_finish(item, index, result, options)
+      return unless on_finish = options[:finish]
+      options[:mutex].synchronize { on_finish.call(item, index, result) }
+    end
+
+    def instrument_start(item, index, options)
+      return unless on_start = options[:start]
+      options[:mutex].synchronize { on_start.call(item, index) }
+    end
   end
 end

data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/History.rdoc

@@ -1,3 +1,31 @@
+=== 3.19.1 / 2022-04-05
+
+* 2 bug fixes:
+
+  * Added comments to endless defn and defs. (mvz)
+  * Fixed endless method bug handling attrset names.
+
+=== 3.19.0 / 2022-03-29
+
+* 1 major enhancement:
+
+  * Added tentative 3.1 support.
+
+* 7 minor enhancements:
+
+  * 3.1: bare RHS assoc: { y: } => s(:hash, s(:lit, :y), nil)
+  * 3.1: calls w/ unnamed block args (bare &)
+  * 3.1: endless defn/defs w/ paren-less calls (aka commands)
+  * 3.1: pattern capture to nonlocal vars, eg: ^@a, ^$b, ^@@c
+  * 3.1: pattern: ^(expr) => expr
+  * Improved steps for adding new versions.
+  * Improved steps for running gauntlets.
+
+* 2 bug fixes:
+
+  * Bumped 2.6+ cached versions for rake compare.
+  * Skip test_regexp_esc_C_slash on ruby 3.1.0 because of MRI bug.
+
 === 3.18.1 / 2021-11-10
 
 * 1 minor enhancement:

data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/Manifest.txt

@@ -29,6 +29,8 @@ lib/ruby27_parser.rb
 lib/ruby27_parser.y
 lib/ruby30_parser.rb
 lib/ruby30_parser.y
+lib/ruby31_parser.rb
+lib/ruby31_parser.y
 lib/ruby3_parser.yy
 lib/ruby_lexer.rb
 lib/ruby_lexer.rex

data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/README.rdoc

@@ -33,6 +33,9 @@ Tested against 801,039 files from the latest of all rubygems (as of 2013-05):
 * 1.9 parser is at 99.9940% accuracy, 4.013 sigma
 * 2.0 parser is at 99.9939% accuracy, 4.008 sigma
 * 2.6 parser is at 99.9972% accuracy, 4.191 sigma
+* 3.0 parser has a 100% parse rate.
+  * Tested against 2,672,412 unique ruby files across 167k gems.
+  * As do all the others now, basically.
 
 == FEATURES/PROBLEMS:
 
@@ -62,15 +65,14 @@ You can also use Ruby19Parser, Ruby18Parser, or RubyParser.for_current_ruby:
 
 To add a new version:
 
-* New parser should be generated from lib/ruby_parser.yy.
-* Extend lib/ruby_parser.yy with new class name.
-* Add new version number to V2 in Rakefile for rule creation.
+* New parser should be generated from lib/ruby[3]_parser.yy.
+* Extend lib/ruby[3]_parser.yy with new class name.
+* Add new version number to V2/V3 in Rakefile for rule creation.
+* Add new (full) version to `ruby_parse` section of Rakefile for rake compare
 * Require generated parser in lib/ruby_parser.rb.
 * Add empty TestRubyParserShared##Plus module and TestRubyParserV## to test/test_ruby_parser.rb.
 * Extend Manifest.txt with generated file names.
-* Extend sexp_processor's pt_testcase.rb to match version
-  * add_19tests needs to have the version added
-  * VER_RE needs to have the regexp expanded
+* Add new version number to sexp_processor's pt_testcase.rb in all_versions
 
 Until all of these are done, you won't have a clean test run.
 

data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/gauntlet.md

@@ -19,10 +19,10 @@ an external disk. Here is the config:
 And I update using rake:
 
 ```
-% cd ~/Work/git/rubygems/rubygems-mirror
+% cd GIT/rubygems/rubygems-mirror
 % git down
 % rake mirror:latest
-% /Volumes/StuffA/gauntlet/bin/cleanup.rb
+% /Volumes/StuffA/gauntlet/bin/cleanup.rb -y -v
 ```
 
 This rather quickly updates my mirror to the latest versions of
@@ -34,22 +34,23 @@ bit, but it is pretty minimal (currently ~20 bad gems).
 ## Curating an Archive of Ruby Files
 
 Next, I process the gem mirror into a much more digestable structure
-using `hash.rb` (TODO: needs a better name):
+using `unpack_gems.rb`.
 
 ```
-% cd RP
-% /Volumes/StuffA/gauntlet/bin/unpack_gems.rb
+% cd RP/gauntlet
+% time caffeinate /Volumes/StuffA/gauntlet/bin/unpack_gems.rb -v [-a] ; say done
 ... waaaait ...
-% mv hashed.noindex gauntlet.$(today).noindex
-% lrztar gauntlet.$(today).noindex
-% mv gauntlet.$(today).noindex.lrz /Volumes/StuffA/gauntlet/
+% DIR=gauntlet.$(today).(all|new).noindex
+% mv hashed.noindex $DIR
+% tar vc -T <(fd -tf . $DIR | sort) | zstd -5 -T0 --long > archives/$DIR.tar.zst ; say done
+% ./bin/sync.sh
 ```
 
-This script filters all the newer gems (TODO: WHY?), unpacks them,
-finds all the files that look like they're valid ruby, ensures they're
-valid ruby (using the current version of ruby to compile them), and
-then moves them into a SHA dir structure that looks something like
-this:
+This script filters all the newer (< 1 year old) gems (unless `-a` is
+used), unpacks them, finds all the files that look like they're valid
+ruby, ensures they're valid ruby (using the current version of ruby to
+compile them), and then moves them into a SHA dir structure that looks
+something like this:
 
 ```
 hashed.noindex/a/b/c/<full_file_sha>.rb
@@ -64,8 +65,8 @@ Unpacking, validating, SHA'ing everything is disk and CPU intensive.
 The `.noindex` extension stops spotlight from indexing the continous
 churn of files being unpacked and moved and saves time.
 
-Finally, I rename and archive it all up (currently using lrztar, but
-I'm not in love with it).
+Finally, I rename and archive it all up (currently using zstd to
+compress).
 
 ### Stats
 
@@ -73,7 +74,7 @@ I'm not in love with it).
 9696 % find gauntlet.$(today).noindex -type f | lc
   561270
 3.5G gauntlet.2021-08-06.noindex
-239M gauntlet.2021-08-06.noindex.tar.lrz
+239M gauntlet.2021-08-06.noindex.tar.zst
 ```
 
 So I wind up with a little over half a million unique ruby files to
@@ -84,7 +85,7 @@ parse. It's about 3.5g but compresses very nicely down to 240m
 Assuming you're starting from scratch, unpack the archive once:
 
 ```
-% lrzuntar gauntlet.$(today).noindex.lrz
+% zstdcat gauntlet.$(today).noindex.tar.zst | tar x
 ```
 
 Then, either run a single process (easier to read):
@@ -96,7 +97,7 @@ Then, either run a single process (easier to read):
 Or max out your machine using xargs (note the `-P 16` and choose accordingly):
 
 ```
-% ls -d gauntlet/*.noindex/?/? | xargs -n 1 -P 16 ./gauntlet/bin/gauntlet.rb
+% ls -d gauntlet/*.noindex/?/? | time xargs -n 1 -P 16 ./gauntlet/bin/gauntlet.rb
 ```
 
 In another terminal I usually monitor the progress like so: