brakeman 5.2.0 → 5.4.0

data/lib/brakeman/tracker/config.rb

@@ -166,7 +166,7 @@ module Brakeman
     # then this will set
     #
     #   rails[:action_controller][:perform_caching] = value
-    def set_rails_config value, *path
+    def set_rails_config value:, path:, overwrite: false
       config = self.rails
 
       path[0..-2].each do |o|
@@ -182,7 +182,9 @@ module Brakeman
         config = option
       end
 
-      config[path.last] = value
+      if overwrite || config[path.last].nil?
+        config[path.last] = value
+      end
     end
 
     # Load defaults based on config.load_defaults value
@@ -195,38 +197,38 @@ module Brakeman
       false_value = Sexp.new(:false)
 
       if version >= 5.0
-        set_rails_config(true_value, :action_controller, :per_form_csrf_tokens)
-        set_rails_config(true_value, :action_controller, :forgery_protection_origin_check)
-        set_rails_config(true_value, :active_record, :belongs_to_required_by_default)
+        set_rails_config(value: true_value, path: [:action_controller, :per_form_csrf_tokens])
+        set_rails_config(value: true_value, path: [:action_controller, :forgery_protection_origin_check])
+        set_rails_config(value: true_value, path: [:active_record, :belongs_to_required_by_default])
         # Note: this may need to be changed, because ssl_options is a Hash
-        set_rails_config(true_value, :ssl_options, :hsts, :subdomains)
+        set_rails_config(value: true_value, path: [:ssl_options, :hsts, :subdomains])
       end
 
       if version >= 5.1
-        set_rails_config(false_value, :assets, :unknown_asset_fallback)
-        set_rails_config(true_value, :action_view, :form_with_generates_remote_forms)
+        set_rails_config(value: false_value, path: [:assets, :unknown_asset_fallback])
+        set_rails_config(value: true_value, path: [:action_view, :form_with_generates_remote_forms])
       end
 
       if version >= 5.2
-        set_rails_config(true_value, :active_record, :cache_versioning)
-        set_rails_config(true_value, :action_dispatch, :use_authenticated_cookie_encryption)
-        set_rails_config(true_value, :active_support, :use_authenticated_message_encryption)
-        set_rails_config(true_value, :active_support, :use_sha1_digests)
-        set_rails_config(true_value, :action_controller, :default_protect_from_forgery)
-        set_rails_config(true_value, :action_view, :form_with_generates_ids)
+        set_rails_config(value: true_value, path: [:active_record, :cache_versioning])
+        set_rails_config(value: true_value, path: [:action_dispatch, :use_authenticated_cookie_encryption])
+        set_rails_config(value: true_value, path: [:active_support, :use_authenticated_message_encryption])
+        set_rails_config(value: true_value, path: [:active_support, :use_sha1_digests])
+        set_rails_config(value: true_value, path: [:action_controller, :default_protect_from_forgery])
+        set_rails_config(value: true_value, path: [:action_view, :form_with_generates_ids])
       end
 
       if version >= 6.0
-        set_rails_config(Sexp.new(:lit, :zeitwerk), :autoloader)
-        set_rails_config(false_value, :action_view, :default_enforce_utf8)
-        set_rails_config(true_value, :action_dispatch, :use_cookies_with_metadata)
-        set_rails_config(false_value, :action_dispatch, :return_only_media_type_on_content_type)
-        set_rails_config(Sexp.new(:str, 'ActionMailer::MailDeliveryJob'), :action_mailer, :delivery_job)
-        set_rails_config(true_value, :active_job, :return_false_on_aborted_enqueue)
-        set_rails_config(Sexp.new(:lit, :active_storage_analysis), :active_storage, :queues, :analysis)
-        set_rails_config(Sexp.new(:lit, :active_storage_purge), :active_storage, :queues, :purge)
-        set_rails_config(true_value, :active_storage, :replace_on_assign_to_many)
-        set_rails_config(true_value, :active_record, :collection_cache_versioning)
+        set_rails_config(value: Sexp.new(:lit, :zeitwerk), path: [:autoloader])
+        set_rails_config(value: false_value, path: [:action_view, :default_enforce_utf8])
+        set_rails_config(value: true_value, path: [:action_dispatch, :use_cookies_with_metadata])
+        set_rails_config(value: false_value, path: [:action_dispatch, :return_only_media_type_on_content_type])
+        set_rails_config(value: Sexp.new(:str, 'ActionMailer::MailDeliveryJob'), path: [:action_mailer, :delivery_job])
+        set_rails_config(value: true_value, path: [:active_job, :return_false_on_aborted_enqueue])
+        set_rails_config(value: Sexp.new(:lit, :active_storage_analysis), path: [:active_storage, :queues, :analysis])
+        set_rails_config(value: Sexp.new(:lit, :active_storage_purge), path: [:active_storage, :queues, :purge])
+        set_rails_config(value: true_value, path: [:active_storage, :replace_on_assign_to_many])
+        set_rails_config(value: true_value, path: [:active_record, :collection_cache_versioning])
       end
     end
   end

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "5.2.0"
+  Version = "5.4.0"
 end

data/lib/brakeman/warning.rb

@@ -5,7 +5,7 @@ require 'brakeman/messages'
 
 #The Warning class stores information about warnings
 class Brakeman::Warning
-  attr_reader :called_from, :check, :class, :confidence, :controller,
+  attr_reader :called_from, :check, :class, :confidence, :controller, :cwe_id,
     :line, :method, :model, :template, :user_input, :user_input_type,
     :warning_code, :warning_set, :warning_type
 
@@ -31,6 +31,7 @@ class Brakeman::Warning
     :class => :@class,
     :code => :@code,
     :controller => :@controller,
+    :cwe_id => :@cwe_id,
     :file => :@file,
     :gem_info => :@gem_info,
     :line => :@line,
@@ -219,6 +220,7 @@ class Brakeman::Warning
   def to_row type = :warning
     @row = { "Confidence" => TEXT_CONFIDENCE[self.confidence],
       "Warning Type" => self.warning_type.to_s,
+      "CWE ID" => self.cwe_id,
       "Message" => self.message }
 
     case type
@@ -302,7 +304,8 @@ class Brakeman::Warning
       :render_path => render_path,
       :location => self.location(false),
       :user_input => (@user_input && self.format_user_input(false)),
-      :confidence => self.confidence_name
+      :confidence => self.confidence_name,
+      :cwe_id => cwe_id
     }
   end
 

data/lib/brakeman/warning_codes.rb

@@ -123,6 +123,13 @@ module Brakeman::WarningCodes
     :unsafe_method_reflection => 119,
     :eol_rails => 120,
     :eol_ruby => 121,
+    :pending_eol_rails => 122,
+    :pending_eol_ruby => 123,
+    :CVE_2022_32209 => 124,
+    :pathname_traversal => 125,
+    :insecure_rsa_padding_mode => 126,
+    :missing_rsa_padding_mode => 127,
+    :small_rsa_key_size => 128,
 
     :custom_check => 9090,
   }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 5.4.0
 platform: ruby
 authors:
 - Justin Collins
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-16 00:00:00.000000000 Z
+date: 2022-11-18 00:00:00.000000000 Z
 dependencies: []
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications
   via static analysis.
@@ -132,10 +132,10 @@ files:
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/version.rb
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb
-- bundle/ruby/2.7.0/gems/parallel-1.21.0/MIT-LICENSE.txt
-- bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel.rb
-- bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/processor_count.rb
-- bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb
+- bundle/ruby/2.7.0/gems/parallel-1.22.1/MIT-LICENSE.txt
+- bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel.rb
+- bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/processor_count.rb
+- bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb
 - bundle/ruby/2.7.0/gems/rexml-3.2.5/LICENSE.txt
 - bundle/ruby/2.7.0/gems/rexml-3.2.5/NEWS.md
 - bundle/ruby/2.7.0/gems/rexml-3.2.5/README.md
@@ -193,42 +193,44 @@ files:
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/History.rdoc
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/Manifest.txt
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/README.rdoc
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/compare/normalize.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/debugging.md
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/gauntlet.md
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_extensions.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/rp_stringscanner.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.y
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rex
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer.rex.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_lexer_strings.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser.yy
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby_parser_extras.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/munge.rb
-- bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/tools/ripper.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/History.rdoc
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/Manifest.txt
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/README.rdoc
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/compare/normalize.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/debugging.md
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/gauntlet.md
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/rp_extensions.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/rp_stringscanner.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.y
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby3_parser.yy
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rex
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer.rex.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_lexer_strings.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser.yy
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby_parser_extras.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/tools/munge.rb
+- bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/tools/ripper.rb
 - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/History.rdoc
 - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt
 - bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/README.rdoc
@@ -273,16 +275,16 @@ files:
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/History.rdoc
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/Manifest.txt
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/README.rdoc
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/composite_sexp_processor.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/pt_testcase.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_matcher.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_processor.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/strict_sexp.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/unique.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/History.rdoc
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/Manifest.txt
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/README.rdoc
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/composite_sexp_processor.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/pt_testcase.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_matcher.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_processor.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/strict_sexp.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/unique.rb
 - bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
 - bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
 - bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE
@@ -385,46 +387,46 @@ files:
 - bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb
 - bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib/terminal-table/version.rb
 - bundle/ruby/2.7.0/gems/terminal-table-1.8.0/terminal-table.gemspec
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/COPYING
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/asciidoc.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/babel.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/bluecloth.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/builder.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/coffee.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/commonmarker.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/creole.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/csv.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/dummy.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/erb.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/erubi.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/erubis.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/etanni.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/haml.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/kramdown.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/less.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/liquid.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/livescript.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/mapping.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/markaby.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/maruku.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/nokogiri.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/pandoc.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/plain.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/prawn.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/radius.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rdiscount.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rdoc.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/redcarpet.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/redcloth.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rst-pandoc.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sass.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sigil.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/string.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/template.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/typescript.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/wikicloth.rb
-- bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/yajl.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/COPYING
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/asciidoc.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/babel.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/bluecloth.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/builder.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/coffee.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/commonmarker.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/creole.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/csv.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/dummy.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erb.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erubi.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erubis.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/etanni.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/haml.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/kramdown.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/less.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/liquid.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/livescript.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/mapping.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/markaby.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/maruku.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/nokogiri.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/pandoc.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/plain.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/prawn.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/radius.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rdiscount.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rdoc.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/redcarpet.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/redcloth.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sass.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sigil.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/string.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/template.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/typescript.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/wikicloth.rb
+- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/yajl.rb
 - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/CHANGELOG.md
 - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt
 - bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/README.md
@@ -480,6 +482,7 @@ files:
 - lib/brakeman/checks/check_nested_attributes_bypass.rb
 - lib/brakeman/checks/check_number_to_currency.rb
 - lib/brakeman/checks/check_page_caching_cve.rb
+- lib/brakeman/checks/check_pathname.rb
 - lib/brakeman/checks/check_permit_attributes.rb
 - lib/brakeman/checks/check_quote_table_name.rb
 - lib/brakeman/checks/check_redirect.rb
@@ -491,6 +494,7 @@ files:
 - lib/brakeman/checks/check_reverse_tabnabbing.rb
 - lib/brakeman/checks/check_route_dos.rb
 - lib/brakeman/checks/check_safe_buffer_manipulation.rb
+- lib/brakeman/checks/check_sanitize_config_cve.rb
 - lib/brakeman/checks/check_sanitize_methods.rb
 - lib/brakeman/checks/check_secrets.rb
 - lib/brakeman/checks/check_select_tag.rb
@@ -517,6 +521,7 @@ files:
 - lib/brakeman/checks/check_validation_regex.rb
 - lib/brakeman/checks/check_verb_confusion.rb
 - lib/brakeman/checks/check_weak_hash.rb
+- lib/brakeman/checks/check_weak_rsa_key.rb
 - lib/brakeman/checks/check_without_protection.rb
 - lib/brakeman/checks/check_xml_dos.rb
 - lib/brakeman/checks/check_yaml_parsing.rb
@@ -643,7 +648,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Security vulnerability scanner for Ruby on Rails.

data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-module Parallel
-  VERSION = Version = '1.21.0' # rubocop:disable Naming/ConstantName
-end