brakeman 5.2.0 → 5.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +38 -0
- data/bundle/load.rb +4 -4
- data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/MIT-LICENSE.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel/processor_count.rb +2 -3
- data/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb +4 -0
- data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel.rb +84 -4
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/History.rdoc +28 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/Manifest.txt +2 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/README.rdoc +8 -6
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/compare/normalize.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/debugging.md +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/gauntlet.md +19 -18
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/rp_extensions.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/rp_stringscanner.rb +0 -0
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.rb +10973 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby20_parser.y +14 -27
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.rb +10980 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby21_parser.y +14 -27
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.rb +11123 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby22_parser.y +14 -27
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.rb +11132 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby23_parser.y +14 -27
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.rb +11231 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby24_parser.y +14 -27
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.rb +11231 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby25_parser.y +14 -27
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.rb +11253 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby26_parser.y +14 -27
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.rb +12980 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby27_parser.y +19 -41
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.rb +13242 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby30_parser.y +65 -90
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.rb +13622 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1/lib/ruby3_parser.yy → ruby_parser-3.19.1/lib/ruby31_parser.y} +110 -105
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby3_parser.yy +3536 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rex +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rex.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer_strings.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser.rb +2 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser.yy +19 -41
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser_extras.rb +55 -2
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/tools/munge.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/tools/ripper.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/History.rdoc +6 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb +7 -3
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_matcher.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/strict_sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/unique.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/COPYING +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/asciidoc.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/babel.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/bluecloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/builder.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/coffee.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/commonmarker.rb +11 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/creole.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/csv.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/dummy.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erb.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubi.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubis.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/etanni.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/haml.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/kramdown.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/less.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/liquid.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/livescript.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/mapping.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/markaby.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/maruku.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/nokogiri.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/pandoc.rb +23 -15
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/plain.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/prawn.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/radius.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdiscount.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdoc.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcarpet.rb +5 -2
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +23 -0
- data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sass.rb +78 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/sigil.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/string.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/template.rb +12 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/typescript.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/wikicloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/yajl.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt.rb +2 -1
- data/lib/brakeman/app_tree.rb +9 -1
- data/lib/brakeman/checks/check_basic_auth.rb +4 -2
- data/lib/brakeman/checks/check_basic_auth_timing_attack.rb +2 -1
- data/lib/brakeman/checks/check_content_tag.rb +8 -4
- data/lib/brakeman/checks/check_cookie_serialization.rb +2 -1
- data/lib/brakeman/checks/check_create_with.rb +4 -2
- data/lib/brakeman/checks/check_cross_site_scripting.rb +6 -3
- data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +2 -1
- data/lib/brakeman/checks/check_default_routes.rb +6 -3
- data/lib/brakeman/checks/check_deserialize.rb +2 -1
- data/lib/brakeman/checks/check_detailed_exceptions.rb +4 -2
- data/lib/brakeman/checks/check_digest_dos.rb +2 -1
- data/lib/brakeman/checks/check_divide_by_zero.rb +2 -1
- data/lib/brakeman/checks/check_dynamic_finders.rb +2 -1
- data/lib/brakeman/checks/check_escape_function.rb +2 -1
- data/lib/brakeman/checks/check_evaluation.rb +2 -1
- data/lib/brakeman/checks/check_execute.rb +6 -3
- data/lib/brakeman/checks/check_file_access.rb +2 -1
- data/lib/brakeman/checks/check_file_disclosure.rb +2 -1
- data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
- data/lib/brakeman/checks/check_force_ssl.rb +2 -1
- data/lib/brakeman/checks/check_forgery_setting.rb +4 -2
- data/lib/brakeman/checks/check_header_dos.rb +2 -1
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -1
- data/lib/brakeman/checks/check_jruby_xml.rb +2 -1
- data/lib/brakeman/checks/check_json_encoding.rb +2 -1
- data/lib/brakeman/checks/check_json_entity_escape.rb +4 -2
- data/lib/brakeman/checks/check_json_parsing.rb +4 -2
- data/lib/brakeman/checks/check_link_to.rb +2 -1
- data/lib/brakeman/checks/check_link_to_href.rb +4 -2
- data/lib/brakeman/checks/check_mail_to.rb +2 -1
- data/lib/brakeman/checks/check_mass_assignment.rb +6 -3
- data/lib/brakeman/checks/check_mime_type_dos.rb +2 -1
- data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -1
- data/lib/brakeman/checks/check_model_attributes.rb +4 -2
- data/lib/brakeman/checks/check_model_serialize.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +2 -1
- data/lib/brakeman/checks/check_number_to_currency.rb +4 -2
- data/lib/brakeman/checks/check_page_caching_cve.rb +2 -1
- data/lib/brakeman/checks/check_pathname.rb +48 -0
- data/lib/brakeman/checks/check_permit_attributes.rb +2 -1
- data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
- data/lib/brakeman/checks/check_redirect.rb +7 -2
- data/lib/brakeman/checks/check_regex_dos.rb +2 -1
- data/lib/brakeman/checks/check_render.rb +4 -2
- data/lib/brakeman/checks/check_render_dos.rb +2 -1
- data/lib/brakeman/checks/check_render_inline.rb +4 -2
- data/lib/brakeman/checks/check_response_splitting.rb +2 -1
- data/lib/brakeman/checks/check_reverse_tabnabbing.rb +2 -1
- data/lib/brakeman/checks/check_route_dos.rb +2 -1
- data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_sanitize_config_cve.rb +120 -0
- data/lib/brakeman/checks/check_sanitize_methods.rb +6 -3
- data/lib/brakeman/checks/check_secrets.rb +2 -1
- data/lib/brakeman/checks/check_select_tag.rb +2 -1
- data/lib/brakeman/checks/check_select_vulnerability.rb +2 -1
- data/lib/brakeman/checks/check_send.rb +2 -1
- data/lib/brakeman/checks/check_session_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_session_settings.rb +6 -3
- data/lib/brakeman/checks/check_simple_format.rb +4 -2
- data/lib/brakeman/checks/check_single_quotes.rb +2 -1
- data/lib/brakeman/checks/check_skip_before_filter.rb +4 -2
- data/lib/brakeman/checks/check_sprockets_path_traversal.rb +2 -1
- data/lib/brakeman/checks/check_sql.rb +7 -4
- data/lib/brakeman/checks/check_sql_cves.rb +4 -2
- data/lib/brakeman/checks/check_ssl_verify.rb +2 -1
- data/lib/brakeman/checks/check_strip_tags.rb +6 -3
- data/lib/brakeman/checks/check_symbol_dos.rb +2 -1
- data/lib/brakeman/checks/check_symbol_dos_cve.rb +2 -1
- data/lib/brakeman/checks/check_template_injection.rb +2 -1
- data/lib/brakeman/checks/check_translate_bug.rb +2 -1
- data/lib/brakeman/checks/check_unsafe_reflection.rb +9 -3
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +2 -1
- data/lib/brakeman/checks/check_unscoped_find.rb +2 -1
- data/lib/brakeman/checks/check_validation_regex.rb +2 -1
- data/lib/brakeman/checks/check_verb_confusion.rb +2 -1
- data/lib/brakeman/checks/check_weak_hash.rb +6 -3
- data/lib/brakeman/checks/check_weak_rsa_key.rb +112 -0
- data/lib/brakeman/checks/check_without_protection.rb +2 -1
- data/lib/brakeman/checks/check_xml_dos.rb +2 -1
- data/lib/brakeman/checks/check_yaml_parsing.rb +4 -2
- data/lib/brakeman/checks/eol_check.rb +4 -2
- data/lib/brakeman/options.rb +1 -1
- data/lib/brakeman/processors/alias_processor.rb +69 -7
- data/lib/brakeman/processors/lib/find_all_calls.rb +1 -0
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +1 -1
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/report/report_codeclimate.rb +1 -1
- data/lib/brakeman/report/report_csv.rb +2 -0
- data/lib/brakeman/report/report_junit.rb +2 -2
- data/lib/brakeman/report/report_table.rb +5 -5
- data/lib/brakeman/report/report_text.rb +2 -0
- data/lib/brakeman/report/templates/controller_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/ignored_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/model_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/security_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/view_warnings.html.erb +2 -0
- data/lib/brakeman/tracker/config.rb +26 -24
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +5 -2
- data/lib/brakeman/warning_codes.rb +7 -0
- metadata +98 -93
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +0 -4
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb +0 -7128
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb +0 -7182
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb +0 -7228
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb +0 -7237
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb +0 -7268
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb +0 -7268
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb +0 -7287
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb +0 -8517
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb +0 -8751
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rst-pandoc.rb +0 -18
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sass.rb +0 -52
@@ -166,7 +166,7 @@ module Brakeman
|
|
166
166
|
# then this will set
|
167
167
|
#
|
168
168
|
# rails[:action_controller][:perform_caching] = value
|
169
|
-
def set_rails_config value
|
169
|
+
def set_rails_config value:, path:, overwrite: false
|
170
170
|
config = self.rails
|
171
171
|
|
172
172
|
path[0..-2].each do |o|
|
@@ -182,7 +182,9 @@ module Brakeman
|
|
182
182
|
config = option
|
183
183
|
end
|
184
184
|
|
185
|
-
config[path.last]
|
185
|
+
if overwrite || config[path.last].nil?
|
186
|
+
config[path.last] = value
|
187
|
+
end
|
186
188
|
end
|
187
189
|
|
188
190
|
# Load defaults based on config.load_defaults value
|
@@ -195,38 +197,38 @@ module Brakeman
|
|
195
197
|
false_value = Sexp.new(:false)
|
196
198
|
|
197
199
|
if version >= 5.0
|
198
|
-
set_rails_config(true_value, :action_controller, :per_form_csrf_tokens)
|
199
|
-
set_rails_config(true_value, :action_controller, :forgery_protection_origin_check)
|
200
|
-
set_rails_config(true_value, :active_record, :belongs_to_required_by_default)
|
200
|
+
set_rails_config(value: true_value, path: [:action_controller, :per_form_csrf_tokens])
|
201
|
+
set_rails_config(value: true_value, path: [:action_controller, :forgery_protection_origin_check])
|
202
|
+
set_rails_config(value: true_value, path: [:active_record, :belongs_to_required_by_default])
|
201
203
|
# Note: this may need to be changed, because ssl_options is a Hash
|
202
|
-
set_rails_config(true_value, :ssl_options, :hsts, :subdomains)
|
204
|
+
set_rails_config(value: true_value, path: [:ssl_options, :hsts, :subdomains])
|
203
205
|
end
|
204
206
|
|
205
207
|
if version >= 5.1
|
206
|
-
set_rails_config(false_value, :assets, :unknown_asset_fallback)
|
207
|
-
set_rails_config(true_value, :action_view, :form_with_generates_remote_forms)
|
208
|
+
set_rails_config(value: false_value, path: [:assets, :unknown_asset_fallback])
|
209
|
+
set_rails_config(value: true_value, path: [:action_view, :form_with_generates_remote_forms])
|
208
210
|
end
|
209
211
|
|
210
212
|
if version >= 5.2
|
211
|
-
set_rails_config(true_value, :active_record, :cache_versioning)
|
212
|
-
set_rails_config(true_value, :action_dispatch, :use_authenticated_cookie_encryption)
|
213
|
-
set_rails_config(true_value, :active_support, :use_authenticated_message_encryption)
|
214
|
-
set_rails_config(true_value, :active_support, :use_sha1_digests)
|
215
|
-
set_rails_config(true_value, :action_controller, :default_protect_from_forgery)
|
216
|
-
set_rails_config(true_value, :action_view, :form_with_generates_ids)
|
213
|
+
set_rails_config(value: true_value, path: [:active_record, :cache_versioning])
|
214
|
+
set_rails_config(value: true_value, path: [:action_dispatch, :use_authenticated_cookie_encryption])
|
215
|
+
set_rails_config(value: true_value, path: [:active_support, :use_authenticated_message_encryption])
|
216
|
+
set_rails_config(value: true_value, path: [:active_support, :use_sha1_digests])
|
217
|
+
set_rails_config(value: true_value, path: [:action_controller, :default_protect_from_forgery])
|
218
|
+
set_rails_config(value: true_value, path: [:action_view, :form_with_generates_ids])
|
217
219
|
end
|
218
220
|
|
219
221
|
if version >= 6.0
|
220
|
-
set_rails_config(Sexp.new(:lit, :zeitwerk), :autoloader)
|
221
|
-
set_rails_config(false_value, :action_view, :default_enforce_utf8)
|
222
|
-
set_rails_config(true_value, :action_dispatch, :use_cookies_with_metadata)
|
223
|
-
set_rails_config(false_value, :action_dispatch, :return_only_media_type_on_content_type)
|
224
|
-
set_rails_config(Sexp.new(:str, 'ActionMailer::MailDeliveryJob'), :action_mailer, :delivery_job)
|
225
|
-
set_rails_config(true_value, :active_job, :return_false_on_aborted_enqueue)
|
226
|
-
set_rails_config(Sexp.new(:lit, :active_storage_analysis), :active_storage, :queues, :analysis)
|
227
|
-
set_rails_config(Sexp.new(:lit, :active_storage_purge), :active_storage, :queues, :purge)
|
228
|
-
set_rails_config(true_value, :active_storage, :replace_on_assign_to_many)
|
229
|
-
set_rails_config(true_value, :active_record, :collection_cache_versioning)
|
222
|
+
set_rails_config(value: Sexp.new(:lit, :zeitwerk), path: [:autoloader])
|
223
|
+
set_rails_config(value: false_value, path: [:action_view, :default_enforce_utf8])
|
224
|
+
set_rails_config(value: true_value, path: [:action_dispatch, :use_cookies_with_metadata])
|
225
|
+
set_rails_config(value: false_value, path: [:action_dispatch, :return_only_media_type_on_content_type])
|
226
|
+
set_rails_config(value: Sexp.new(:str, 'ActionMailer::MailDeliveryJob'), path: [:action_mailer, :delivery_job])
|
227
|
+
set_rails_config(value: true_value, path: [:active_job, :return_false_on_aborted_enqueue])
|
228
|
+
set_rails_config(value: Sexp.new(:lit, :active_storage_analysis), path: [:active_storage, :queues, :analysis])
|
229
|
+
set_rails_config(value: Sexp.new(:lit, :active_storage_purge), path: [:active_storage, :queues, :purge])
|
230
|
+
set_rails_config(value: true_value, path: [:active_storage, :replace_on_assign_to_many])
|
231
|
+
set_rails_config(value: true_value, path: [:active_record, :collection_cache_versioning])
|
230
232
|
end
|
231
233
|
end
|
232
234
|
end
|
data/lib/brakeman/version.rb
CHANGED
data/lib/brakeman/warning.rb
CHANGED
@@ -5,7 +5,7 @@ require 'brakeman/messages'
|
|
5
5
|
|
6
6
|
#The Warning class stores information about warnings
|
7
7
|
class Brakeman::Warning
|
8
|
-
attr_reader :called_from, :check, :class, :confidence, :controller,
|
8
|
+
attr_reader :called_from, :check, :class, :confidence, :controller, :cwe_id,
|
9
9
|
:line, :method, :model, :template, :user_input, :user_input_type,
|
10
10
|
:warning_code, :warning_set, :warning_type
|
11
11
|
|
@@ -31,6 +31,7 @@ class Brakeman::Warning
|
|
31
31
|
:class => :@class,
|
32
32
|
:code => :@code,
|
33
33
|
:controller => :@controller,
|
34
|
+
:cwe_id => :@cwe_id,
|
34
35
|
:file => :@file,
|
35
36
|
:gem_info => :@gem_info,
|
36
37
|
:line => :@line,
|
@@ -219,6 +220,7 @@ class Brakeman::Warning
|
|
219
220
|
def to_row type = :warning
|
220
221
|
@row = { "Confidence" => TEXT_CONFIDENCE[self.confidence],
|
221
222
|
"Warning Type" => self.warning_type.to_s,
|
223
|
+
"CWE ID" => self.cwe_id,
|
222
224
|
"Message" => self.message }
|
223
225
|
|
224
226
|
case type
|
@@ -302,7 +304,8 @@ class Brakeman::Warning
|
|
302
304
|
:render_path => render_path,
|
303
305
|
:location => self.location(false),
|
304
306
|
:user_input => (@user_input && self.format_user_input(false)),
|
305
|
-
:confidence => self.confidence_name
|
307
|
+
:confidence => self.confidence_name,
|
308
|
+
:cwe_id => cwe_id
|
306
309
|
}
|
307
310
|
end
|
308
311
|
|
@@ -123,6 +123,13 @@ module Brakeman::WarningCodes
|
|
123
123
|
:unsafe_method_reflection => 119,
|
124
124
|
:eol_rails => 120,
|
125
125
|
:eol_ruby => 121,
|
126
|
+
:pending_eol_rails => 122,
|
127
|
+
:pending_eol_ruby => 123,
|
128
|
+
:CVE_2022_32209 => 124,
|
129
|
+
:pathname_traversal => 125,
|
130
|
+
:insecure_rsa_padding_mode => 126,
|
131
|
+
:missing_rsa_padding_mode => 127,
|
132
|
+
:small_rsa_key_size => 128,
|
126
133
|
|
127
134
|
:custom_check => 9090,
|
128
135
|
}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.
|
4
|
+
version: 5.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-11-18 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
14
14
|
via static analysis.
|
@@ -132,10 +132,10 @@ files:
|
|
132
132
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb
|
133
133
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/version.rb
|
134
134
|
- bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb
|
135
|
-
- bundle/ruby/2.7.0/gems/parallel-1.
|
136
|
-
- bundle/ruby/2.7.0/gems/parallel-1.
|
137
|
-
- bundle/ruby/2.7.0/gems/parallel-1.
|
138
|
-
- bundle/ruby/2.7.0/gems/parallel-1.
|
135
|
+
- bundle/ruby/2.7.0/gems/parallel-1.22.1/MIT-LICENSE.txt
|
136
|
+
- bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel.rb
|
137
|
+
- bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/processor_count.rb
|
138
|
+
- bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb
|
139
139
|
- bundle/ruby/2.7.0/gems/rexml-3.2.5/LICENSE.txt
|
140
140
|
- bundle/ruby/2.7.0/gems/rexml-3.2.5/NEWS.md
|
141
141
|
- bundle/ruby/2.7.0/gems/rexml-3.2.5/README.md
|
@@ -193,42 +193,44 @@ files:
|
|
193
193
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
|
194
194
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
|
195
195
|
- bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb
|
196
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
197
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
198
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
199
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
200
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
201
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
202
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
203
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
204
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
205
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
206
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
207
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
208
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
209
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
210
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
211
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
212
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
213
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
214
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
215
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
216
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
217
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
218
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
219
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
220
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
221
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
222
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
223
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
224
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
225
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
226
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
227
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
228
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
229
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
230
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
231
|
-
- bundle/ruby/2.7.0/gems/ruby_parser-3.
|
196
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/History.rdoc
|
197
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/Manifest.txt
|
198
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/README.rdoc
|
199
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/compare/normalize.rb
|
200
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/debugging.md
|
201
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/gauntlet.md
|
202
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/rp_extensions.rb
|
203
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/rp_stringscanner.rb
|
204
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.rb
|
205
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.y
|
206
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.rb
|
207
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.y
|
208
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.rb
|
209
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.y
|
210
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.rb
|
211
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.y
|
212
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.rb
|
213
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.y
|
214
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.rb
|
215
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.y
|
216
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.rb
|
217
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.y
|
218
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.rb
|
219
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.y
|
220
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.rb
|
221
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.y
|
222
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.rb
|
223
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.y
|
224
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby3_parser.yy
|
225
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rb
|
226
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rex
|
227
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rex.rb
|
228
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer_strings.rb
|
229
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser.rb
|
230
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser.yy
|
231
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser_extras.rb
|
232
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/tools/munge.rb
|
233
|
+
- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/tools/ripper.rb
|
232
234
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/History.rdoc
|
233
235
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt
|
234
236
|
- bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/README.rdoc
|
@@ -273,16 +275,16 @@ files:
|
|
273
275
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
|
274
276
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
|
275
277
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
|
276
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
277
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
278
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
279
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
280
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
281
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
282
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
283
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
284
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
285
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
278
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/History.rdoc
|
279
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/Manifest.txt
|
280
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/README.rdoc
|
281
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/composite_sexp_processor.rb
|
282
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/pt_testcase.rb
|
283
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp.rb
|
284
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_matcher.rb
|
285
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_processor.rb
|
286
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/strict_sexp.rb
|
287
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/unique.rb
|
286
288
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
|
287
289
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
|
288
290
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE
|
@@ -385,46 +387,46 @@ files:
|
|
385
387
|
- bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb
|
386
388
|
- bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib/terminal-table/version.rb
|
387
389
|
- bundle/ruby/2.7.0/gems/terminal-table-1.8.0/terminal-table.gemspec
|
388
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
389
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
390
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
391
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
392
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
393
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
394
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
395
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
396
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
397
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
398
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
399
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
400
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
401
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
402
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
403
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
404
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
405
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
406
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
407
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
408
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
409
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
410
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
411
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
412
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
413
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
414
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
415
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
416
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
417
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
418
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
419
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
420
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
421
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
422
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
423
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
424
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
425
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
426
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
427
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
390
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/COPYING
|
391
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt.rb
|
392
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/asciidoc.rb
|
393
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/babel.rb
|
394
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/bluecloth.rb
|
395
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/builder.rb
|
396
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/coffee.rb
|
397
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/commonmarker.rb
|
398
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/creole.rb
|
399
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/csv.rb
|
400
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/dummy.rb
|
401
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erb.rb
|
402
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erubi.rb
|
403
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erubis.rb
|
404
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/etanni.rb
|
405
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/haml.rb
|
406
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/kramdown.rb
|
407
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/less.rb
|
408
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/liquid.rb
|
409
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/livescript.rb
|
410
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/mapping.rb
|
411
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/markaby.rb
|
412
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/maruku.rb
|
413
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/nokogiri.rb
|
414
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/pandoc.rb
|
415
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/plain.rb
|
416
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/prawn.rb
|
417
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/radius.rb
|
418
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rdiscount.rb
|
419
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rdoc.rb
|
420
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/redcarpet.rb
|
421
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/redcloth.rb
|
422
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb
|
423
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sass.rb
|
424
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sigil.rb
|
425
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/string.rb
|
426
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/template.rb
|
427
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/typescript.rb
|
428
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/wikicloth.rb
|
429
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/yajl.rb
|
428
430
|
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/CHANGELOG.md
|
429
431
|
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt
|
430
432
|
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/README.md
|
@@ -480,6 +482,7 @@ files:
|
|
480
482
|
- lib/brakeman/checks/check_nested_attributes_bypass.rb
|
481
483
|
- lib/brakeman/checks/check_number_to_currency.rb
|
482
484
|
- lib/brakeman/checks/check_page_caching_cve.rb
|
485
|
+
- lib/brakeman/checks/check_pathname.rb
|
483
486
|
- lib/brakeman/checks/check_permit_attributes.rb
|
484
487
|
- lib/brakeman/checks/check_quote_table_name.rb
|
485
488
|
- lib/brakeman/checks/check_redirect.rb
|
@@ -491,6 +494,7 @@ files:
|
|
491
494
|
- lib/brakeman/checks/check_reverse_tabnabbing.rb
|
492
495
|
- lib/brakeman/checks/check_route_dos.rb
|
493
496
|
- lib/brakeman/checks/check_safe_buffer_manipulation.rb
|
497
|
+
- lib/brakeman/checks/check_sanitize_config_cve.rb
|
494
498
|
- lib/brakeman/checks/check_sanitize_methods.rb
|
495
499
|
- lib/brakeman/checks/check_secrets.rb
|
496
500
|
- lib/brakeman/checks/check_select_tag.rb
|
@@ -517,6 +521,7 @@ files:
|
|
517
521
|
- lib/brakeman/checks/check_validation_regex.rb
|
518
522
|
- lib/brakeman/checks/check_verb_confusion.rb
|
519
523
|
- lib/brakeman/checks/check_weak_hash.rb
|
524
|
+
- lib/brakeman/checks/check_weak_rsa_key.rb
|
520
525
|
- lib/brakeman/checks/check_without_protection.rb
|
521
526
|
- lib/brakeman/checks/check_xml_dos.rb
|
522
527
|
- lib/brakeman/checks/check_yaml_parsing.rb
|
@@ -643,7 +648,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
643
648
|
- !ruby/object:Gem::Version
|
644
649
|
version: '0'
|
645
650
|
requirements: []
|
646
|
-
rubygems_version: 3.1.
|
651
|
+
rubygems_version: 3.1.6
|
647
652
|
signing_key:
|
648
653
|
specification_version: 4
|
649
654
|
summary: Security vulnerability scanner for Ruby on Rails.
|