brakeman 5.2.0 → 5.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +50 -0
- data/README.md +2 -2
- data/bundle/load.rb +15 -15
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/Changelog.md +6 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/Gemfile +2 -5
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/README.md +1 -2
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/highline.gemspec +1 -1
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/menu.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/question.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/style.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/terminal.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/version.rb +1 -1
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/parallel-1.21.0 → 3.1.0/gems/parallel-1.22.1}/lib/parallel/processor_count.rb +2 -3
- data/bundle/ruby/3.1.0/gems/parallel-1.22.1/lib/parallel/version.rb +4 -0
- data/bundle/ruby/{2.7.0/gems/parallel-1.21.0 → 3.1.0/gems/parallel-1.22.1}/lib/parallel.rb +84 -4
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/History.rdoc +38 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/Manifest.txt +2 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/README.rdoc +8 -6
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/gauntlet.md +19 -18
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby20_parser.rb +10973 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby20_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby21_parser.rb +10980 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby21_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby22_parser.rb +11123 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby22_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby23_parser.rb +11132 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby23_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby24_parser.rb +11231 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby24_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby25_parser.rb +11231 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby25_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby26_parser.rb +11253 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby26_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby27_parser.rb +12996 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby27_parser.y +31 -41
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby30_parser.rb +13258 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby30_parser.y +77 -90
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby31_parser.rb +13638 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy → 3.1.0/gems/ruby_parser-3.19.2/lib/ruby31_parser.y} +122 -105
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby3_parser.yy +3548 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_lexer.rb +11 -4
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_parser.rb +2 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_parser.yy +31 -41
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_parser_extras.rb +66 -6
- data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/History.rdoc +6 -0
- data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/pt_testcase.rb +7 -3
- data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/commonmarker.rb +11 -1
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/csv.rb +1 -1
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/pandoc.rb +23 -15
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/redcarpet.rb +5 -2
- data/bundle/ruby/3.1.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +23 -0
- data/bundle/ruby/3.1.0/gems/tilt-2.0.11/lib/tilt/sass.rb +78 -0
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/template.rb +12 -1
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt.rb +2 -1
- data/lib/brakeman/app_tree.rb +9 -1
- data/lib/brakeman/checks/base_check.rb +2 -3
- data/lib/brakeman/checks/check_basic_auth.rb +4 -2
- data/lib/brakeman/checks/check_basic_auth_timing_attack.rb +2 -1
- data/lib/brakeman/checks/check_content_tag.rb +8 -4
- data/lib/brakeman/checks/check_cookie_serialization.rb +2 -1
- data/lib/brakeman/checks/check_create_with.rb +4 -2
- data/lib/brakeman/checks/check_cross_site_scripting.rb +6 -3
- data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +2 -1
- data/lib/brakeman/checks/check_default_routes.rb +6 -3
- data/lib/brakeman/checks/check_deserialize.rb +2 -1
- data/lib/brakeman/checks/check_detailed_exceptions.rb +4 -2
- data/lib/brakeman/checks/check_digest_dos.rb +2 -1
- data/lib/brakeman/checks/check_divide_by_zero.rb +2 -1
- data/lib/brakeman/checks/check_dynamic_finders.rb +2 -1
- data/lib/brakeman/checks/check_escape_function.rb +2 -1
- data/lib/brakeman/checks/check_evaluation.rb +2 -1
- data/lib/brakeman/checks/check_execute.rb +6 -3
- data/lib/brakeman/checks/check_file_access.rb +2 -1
- data/lib/brakeman/checks/check_file_disclosure.rb +2 -1
- data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
- data/lib/brakeman/checks/check_force_ssl.rb +2 -1
- data/lib/brakeman/checks/check_forgery_setting.rb +4 -2
- data/lib/brakeman/checks/check_header_dos.rb +2 -1
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -1
- data/lib/brakeman/checks/check_jruby_xml.rb +2 -1
- data/lib/brakeman/checks/check_json_encoding.rb +2 -1
- data/lib/brakeman/checks/check_json_entity_escape.rb +4 -2
- data/lib/brakeman/checks/check_json_parsing.rb +4 -2
- data/lib/brakeman/checks/check_link_to.rb +2 -1
- data/lib/brakeman/checks/check_link_to_href.rb +4 -2
- data/lib/brakeman/checks/check_mail_to.rb +2 -1
- data/lib/brakeman/checks/check_mass_assignment.rb +6 -3
- data/lib/brakeman/checks/check_mime_type_dos.rb +2 -1
- data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -1
- data/lib/brakeman/checks/check_model_attributes.rb +4 -2
- data/lib/brakeman/checks/check_model_serialize.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +2 -1
- data/lib/brakeman/checks/check_number_to_currency.rb +4 -2
- data/lib/brakeman/checks/check_page_caching_cve.rb +2 -1
- data/lib/brakeman/checks/check_pathname.rb +48 -0
- data/lib/brakeman/checks/check_permit_attributes.rb +2 -1
- data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
- data/lib/brakeman/checks/check_redirect.rb +67 -31
- data/lib/brakeman/checks/check_regex_dos.rb +2 -1
- data/lib/brakeman/checks/check_render.rb +4 -2
- data/lib/brakeman/checks/check_render_dos.rb +2 -1
- data/lib/brakeman/checks/check_render_inline.rb +4 -2
- data/lib/brakeman/checks/check_response_splitting.rb +2 -1
- data/lib/brakeman/checks/check_reverse_tabnabbing.rb +2 -1
- data/lib/brakeman/checks/check_route_dos.rb +2 -1
- data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_sanitize_config_cve.rb +120 -0
- data/lib/brakeman/checks/check_sanitize_methods.rb +6 -3
- data/lib/brakeman/checks/check_secrets.rb +2 -1
- data/lib/brakeman/checks/check_select_tag.rb +2 -1
- data/lib/brakeman/checks/check_select_vulnerability.rb +2 -1
- data/lib/brakeman/checks/check_send.rb +2 -1
- data/lib/brakeman/checks/check_session_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_session_settings.rb +6 -3
- data/lib/brakeman/checks/check_simple_format.rb +4 -2
- data/lib/brakeman/checks/check_single_quotes.rb +2 -1
- data/lib/brakeman/checks/check_skip_before_filter.rb +4 -2
- data/lib/brakeman/checks/check_sprockets_path_traversal.rb +2 -1
- data/lib/brakeman/checks/check_sql.rb +7 -4
- data/lib/brakeman/checks/check_sql_cves.rb +4 -2
- data/lib/brakeman/checks/check_ssl_verify.rb +2 -1
- data/lib/brakeman/checks/check_strip_tags.rb +6 -3
- data/lib/brakeman/checks/check_symbol_dos.rb +2 -1
- data/lib/brakeman/checks/check_symbol_dos_cve.rb +2 -1
- data/lib/brakeman/checks/check_template_injection.rb +2 -1
- data/lib/brakeman/checks/check_translate_bug.rb +2 -1
- data/lib/brakeman/checks/check_unsafe_reflection.rb +9 -3
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +2 -1
- data/lib/brakeman/checks/check_unscoped_find.rb +10 -1
- data/lib/brakeman/checks/check_validation_regex.rb +2 -1
- data/lib/brakeman/checks/check_verb_confusion.rb +2 -1
- data/lib/brakeman/checks/check_weak_hash.rb +6 -3
- data/lib/brakeman/checks/check_weak_rsa_key.rb +112 -0
- data/lib/brakeman/checks/check_without_protection.rb +2 -1
- data/lib/brakeman/checks/check_xml_dos.rb +2 -1
- data/lib/brakeman/checks/check_yaml_parsing.rb +4 -2
- data/lib/brakeman/checks/eol_check.rb +4 -2
- data/lib/brakeman/options.rb +1 -1
- data/lib/brakeman/processors/alias_processor.rb +113 -20
- data/lib/brakeman/processors/gem_processor.rb +2 -2
- data/lib/brakeman/processors/lib/find_all_calls.rb +1 -0
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +1 -1
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/report/report_codeclimate.rb +1 -1
- data/lib/brakeman/report/report_csv.rb +2 -0
- data/lib/brakeman/report/report_junit.rb +2 -2
- data/lib/brakeman/report/report_table.rb +5 -5
- data/lib/brakeman/report/report_text.rb +2 -0
- data/lib/brakeman/report/templates/controller_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/ignored_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/model_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/security_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/view_warnings.html.erb +2 -0
- data/lib/brakeman/rescanner.rb +3 -1
- data/lib/brakeman/scanner.rb +1 -1
- data/lib/brakeman/tracker/config.rb +68 -25
- data/lib/brakeman/tracker.rb +1 -1
- data/lib/brakeman/util.rb +20 -4
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +5 -2
- data/lib/brakeman/warning_codes.rb +7 -0
- metadata +421 -417
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/appveyor.yml +0 -37
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +0 -4
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb +0 -7128
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb +0 -7182
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb +0 -7228
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb +0 -7237
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb +0 -7268
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb +0 -7268
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb +0 -7287
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb +0 -8517
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb +0 -8751
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rst-pandoc.rb +0 -18
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sass.rb +0 -52
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/CHANGES.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/MIT-LICENSE +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/README.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/contrib/erubis +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/contrib/erubis-run.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/contrib/inline-require +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/context.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/converter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ec.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ecpp.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ejava.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ejavascript.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/enhanced.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/eperl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ephp.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/eruby.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/escheme.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/optimized.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/enhancer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/error.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/evaluator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/generator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_form_helper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_helper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/local-setting.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/main.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/preprocessing.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/tiny.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/util.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/setup.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/CHANGELOG.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/FAQ.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/MIT-LICENSE +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/REFERENCE.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/TODO +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/haml.gemspec +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_builder.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_compiler.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/buffer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/compiler.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/error.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/escapable.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/exec.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/filters.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/generator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_extensions.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_mods.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_xss_mods.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubi_template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubis_template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/xss_mods.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/options.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/plugin.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/railtie.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/sass_rails_filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/template/options.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/temple_engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/temple_line_counter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/util.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/yard/default/fulldoc/html/css/common.sass +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/yard/default/layout/html/footer.erb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/AUTHORS +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/COPYING +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/LICENSE +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/TODO +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/builtin_styles.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/color_scheme.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/compatibility.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/custom_errors.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/import.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/io_console_compatible.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/list.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/list_renderer.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/menu/item.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/paginator.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/question/answer_converter.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/question_asker.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/simulate.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/statement.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/string.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/string_extensions.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/template_renderer.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/terminal/io_console.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/terminal/ncurses.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/terminal/unix_stty.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/wrapper.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/parallel-1.21.0 → 3.1.0/gems/parallel-1.22.1}/MIT-LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/NEWS.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/attlistdecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/attribute.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/cdata.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/child.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/comment.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/doctype.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/document.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/attlistdecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/dtd.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/elementdecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/entitydecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/notationdecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/element.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/encoding.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/entity.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/formatters/default.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/formatters/transitive.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/functions.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/instruction.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/light/node.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/namespace.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/node.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/output.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parent.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parseexception.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/lightparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/ultralightparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/xpathparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/quickpath.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/rexml.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/sax2listener.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/security.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/source.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/streamlistener.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/text.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/undefinednamespaceexception.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/validation/relaxng.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/validation/validation.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/validation/validationexception.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/xmldecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/xmltokens.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/xpath.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/xpath_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby2ruby-2.4.4/History.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby2ruby-2.4.4/Manifest.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby2ruby-2.4.4/README.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/compare/normalize.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/debugging.md +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/rp_extensions.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/rp_stringscanner.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_lexer.rex +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_lexer.rex.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_lexer_strings.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/tools/munge.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/tools/ripper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/History.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/Manifest.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/README.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.y +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.y +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser_extras.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/CHANGES.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/bundle_install_all_ruby_versions.sh +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/deep.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/libyaml_checker.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/load.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/date.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/hexadecimal.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/sexagesimal.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_handler.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_resolver.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/resolver.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/safe_to_ruby_visitor.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_hack.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_node_monkeypatch.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_resolver.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_boolean.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_date.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_float.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_integer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_nil.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_symbol.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/transformation_map.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/safe_yaml.gemspec +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/Manifest.txt +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/README.rdoc +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/composite_sexp_processor.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/sexp.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/sexp_matcher.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/strict_sexp.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/unique.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/CHANGES +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/LICENSE +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/README.jp.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/code_attributes.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/command.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/controls.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/do_inserter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/embedded.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/end_inserter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/erb_converter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/grammar.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/include.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/interpolation.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less/context.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/escaper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/splat/builder.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/splat/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/translator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/slim.gemspec +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/CHANGES +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/EXPRESSIONS.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/LICENSE +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/trimming.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/exceptions.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/code_merger.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/control_flow.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/dynamic_inliner.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/encoding.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/eraser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/escapable.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/multi_flattener.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/remove_bom.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/static_analyzer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/static_merger.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/string_splitter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/validator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/array.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/array_buffer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/erb.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/rails_output_buffer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/string_buffer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/grammar.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_merger.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_remover.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_sorter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/dispatcher.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/fast.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/pretty.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/safe.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/map.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/dispatcher.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/engine_dsl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/grammar_dsl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/options.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/static_analyzer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates/rails.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates/tilt.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/utils.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/temple.gemspec +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/History.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/Manifest +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/README.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/Todo.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/cell.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/import.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/row.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/separator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/style.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/table.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/terminal-table.gemspec +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/COPYING +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/asciidoc.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/babel.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/bluecloth.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/builder.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/coffee.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/creole.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/dummy.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/erb.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/erubi.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/erubis.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/etanni.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/haml.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/kramdown.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/less.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/liquid.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/livescript.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/mapping.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/markaby.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/maruku.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/nokogiri.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/plain.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/prawn.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/radius.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/rdiscount.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/rdoc.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/redcloth.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/sigil.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/string.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/typescript.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/wikicloth.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/yajl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/CHANGELOG.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/constants.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/index.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/no_string_ext.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/string_ext.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width.rb +0 -0
data/lib/brakeman/app_tree.rb
CHANGED
@@ -205,7 +205,7 @@ module Brakeman
|
|
205
205
|
paths.reject do |path|
|
206
206
|
relative_path = path.relative
|
207
207
|
|
208
|
-
if @skip_vendor and relative_path.include? 'vendor/'
|
208
|
+
if @skip_vendor and relative_path.include? 'vendor/' and !in_engine_paths?(path) and !in_add_libs_paths?(path)
|
209
209
|
true
|
210
210
|
else
|
211
211
|
EXCLUDED_PATHS.any? do |excluded|
|
@@ -215,6 +215,14 @@ module Brakeman
|
|
215
215
|
end
|
216
216
|
end
|
217
217
|
|
218
|
+
def in_engine_paths?(path)
|
219
|
+
@engine_paths.any? { |p| path.absolute.include?(p) }
|
220
|
+
end
|
221
|
+
|
222
|
+
def in_add_libs_paths?(path)
|
223
|
+
@additional_libs_path.any? { |p| path.absolute.include?(p) }
|
224
|
+
end
|
225
|
+
|
218
226
|
def match_path files, path
|
219
227
|
absolute_path = Pathname.new(path)
|
220
228
|
# relative root never has a leading separator. But, we use a leading
|
@@ -76,7 +76,7 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
76
76
|
@has_user_input = Match.new(:params, exp)
|
77
77
|
elsif cookies? target
|
78
78
|
@has_user_input = Match.new(:cookies, exp)
|
79
|
-
elsif
|
79
|
+
elsif request_headers? target
|
80
80
|
@has_user_input = Match.new(:request, exp)
|
81
81
|
elsif sexp? target and model_name? target[1] #TODO: Can this be target.target?
|
82
82
|
@has_user_input = Match.new(:model, exp)
|
@@ -313,7 +313,7 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
313
313
|
return Match.new(:params, exp)
|
314
314
|
elsif cookies? exp
|
315
315
|
return Match.new(:cookies, exp)
|
316
|
-
elsif
|
316
|
+
elsif request_headers? exp
|
317
317
|
return Match.new(:request, exp)
|
318
318
|
else
|
319
319
|
has_immediate_user_input? exp.target
|
@@ -467,7 +467,6 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
|
|
467
467
|
version_between? version, "2.3.18.99", tracker.config.gem_version(:'railslts-version')
|
468
468
|
end
|
469
469
|
|
470
|
-
|
471
470
|
def version_between? low_version, high_version, current_version = nil
|
472
471
|
tracker.config.version_between? low_version, high_version, current_version
|
473
472
|
end
|
@@ -31,7 +31,8 @@ class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
|
|
31
31
|
:message => "Basic authentication password stored in source code",
|
32
32
|
:code => call,
|
33
33
|
:confidence => :high,
|
34
|
-
:file => controller.file
|
34
|
+
:file => controller.file,
|
35
|
+
:cwe_id => [259]
|
35
36
|
break
|
36
37
|
end
|
37
38
|
end
|
@@ -50,7 +51,8 @@ class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
|
|
50
51
|
:warning_type => "Basic Auth",
|
51
52
|
:warning_code => :basic_auth_password,
|
52
53
|
:message => "Basic authentication password stored in source code",
|
53
|
-
:confidence => :high
|
54
|
+
:confidence => :high,
|
55
|
+
:cwe_id => [259]
|
54
56
|
end
|
55
57
|
end
|
56
58
|
end
|
@@ -27,7 +27,8 @@ class Brakeman::CheckBasicAuthTimingAttack < Brakeman::BaseCheck
|
|
27
27
|
:warning_code => :CVE_2015_7576,
|
28
28
|
:message => msg("Basic authentication in ", msg_version(rails_version), " is vulnerable to timing attacks. Upgrade to ", msg_version(@upgrade)),
|
29
29
|
:confidence => :high,
|
30
|
-
:link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
|
30
|
+
:link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
|
31
|
+
:cwe_id => [1254]
|
31
32
|
end
|
32
33
|
end
|
33
34
|
end
|
@@ -117,7 +117,8 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
|
|
117
117
|
:message => message,
|
118
118
|
:user_input => input,
|
119
119
|
:confidence => :high,
|
120
|
-
:link_path => "content_tag"
|
120
|
+
:link_path => "content_tag",
|
121
|
+
:cwe_id => [79]
|
121
122
|
|
122
123
|
elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(arg)
|
123
124
|
unless IGNORE_MODEL_METHODS.include? match.method
|
@@ -135,7 +136,8 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
|
|
135
136
|
:message => msg("Unescaped model attribute in ", msg_code("content_tag")),
|
136
137
|
:user_input => match,
|
137
138
|
:confidence => confidence,
|
138
|
-
:link_path => "content_tag"
|
139
|
+
:link_path => "content_tag",
|
140
|
+
:cwe_id => [79]
|
139
141
|
end
|
140
142
|
|
141
143
|
elsif @matched
|
@@ -151,7 +153,8 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
|
|
151
153
|
:message => message,
|
152
154
|
:user_input => @matched,
|
153
155
|
:confidence => :medium,
|
154
|
-
:link_path => "content_tag"
|
156
|
+
:link_path => "content_tag",
|
157
|
+
:cwe_id => [79]
|
155
158
|
end
|
156
159
|
end
|
157
160
|
|
@@ -195,7 +198,8 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
|
|
195
198
|
:message => msg(msg_version(rails_version), " ", msg_code("content_tag"), " does not escape double quotes in attribute values ", msg_cve("CVE-2016-6316"), ". Upgrade to ", msg_version(fix_version)),
|
196
199
|
:confidence => confidence,
|
197
200
|
:gem_info => gemfile_or_environment,
|
198
|
-
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ"
|
201
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ",
|
202
|
+
:cwe_id => [79]
|
199
203
|
end
|
200
204
|
end
|
201
205
|
|
@@ -15,7 +15,8 @@ class Brakeman::CheckCookieSerialization < Brakeman::BaseCheck
|
|
15
15
|
:warning_code => :unsafe_cookie_serialization,
|
16
16
|
:message => msg("Use of unsafe cookie serialization strategy ", msg_code(setting.value.inspect), " might lead to remote code execution"),
|
17
17
|
:confidence => :medium,
|
18
|
-
:link_path => "unsafe_deserialization"
|
18
|
+
:link_path => "unsafe_deserialization",
|
19
|
+
:cwe_id => [565, 502]
|
19
20
|
end
|
20
21
|
end
|
21
22
|
end
|
@@ -39,7 +39,8 @@ class Brakeman::CheckCreateWith < Brakeman::BaseCheck
|
|
39
39
|
:result => result,
|
40
40
|
:message => @message,
|
41
41
|
:confidence => confidence,
|
42
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
|
42
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ",
|
43
|
+
:cwe_id => [915]
|
43
44
|
end
|
44
45
|
end
|
45
46
|
|
@@ -69,6 +70,7 @@ class Brakeman::CheckCreateWith < Brakeman::BaseCheck
|
|
69
70
|
:message => @message,
|
70
71
|
:gem_info => gemfile_or_environment,
|
71
72
|
:confidence => :medium,
|
72
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
|
73
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ",
|
74
|
+
:cwe_id => [915]
|
73
75
|
end
|
74
76
|
end
|
@@ -82,7 +82,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
|
|
82
82
|
:warning_code => :cross_site_scripting,
|
83
83
|
:message => message,
|
84
84
|
:code => input.match,
|
85
|
-
:confidence => :high
|
85
|
+
:confidence => :high,
|
86
|
+
:cwe_id => [79]
|
86
87
|
|
87
88
|
elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(out)
|
88
89
|
method = if call? match
|
@@ -116,7 +117,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
|
|
116
117
|
:message => message,
|
117
118
|
:code => match,
|
118
119
|
:confidence => confidence,
|
119
|
-
:link_path => link_path
|
120
|
+
:link_path => link_path,
|
121
|
+
:cwe_id => [79]
|
120
122
|
end
|
121
123
|
|
122
124
|
else
|
@@ -200,7 +202,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
|
|
200
202
|
:code => exp,
|
201
203
|
:user_input => @matched,
|
202
204
|
:confidence => confidence,
|
203
|
-
:link_path => link_path
|
205
|
+
:link_path => link_path,
|
206
|
+
:cwe_id => [79]
|
204
207
|
end
|
205
208
|
end
|
206
209
|
|
@@ -21,7 +21,8 @@ class Brakeman::CheckCSRFTokenForgeryCVE < Brakeman::BaseCheck
|
|
21
21
|
:message => msg(msg_version(rails_version), " has a vulnerability that may allow CSRF token forgery. Upgrade to ", msg_version(fix_version), " or patch"),
|
22
22
|
:confidence => :medium,
|
23
23
|
:gem_info => gemfile_or_environment,
|
24
|
-
:link => "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
|
24
|
+
:link => "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
|
25
|
+
:cwe_id => [352]
|
25
26
|
end
|
26
27
|
end
|
27
28
|
end
|
@@ -27,7 +27,8 @@ class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
|
|
27
27
|
:message => msg("All public methods in controllers are available as actions in ", msg_file("routes.rb")),
|
28
28
|
:line => tracker.routes[:allow_all_actions].line,
|
29
29
|
:confidence => :high,
|
30
|
-
:file => "#{tracker.app_path}/config/routes.rb"
|
30
|
+
:file => "#{tracker.app_path}/config/routes.rb",
|
31
|
+
:cwe_id => [22]
|
31
32
|
end
|
32
33
|
end
|
33
34
|
|
@@ -49,7 +50,8 @@ class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
|
|
49
50
|
:message => msg("Any public method in ", msg_code(name), " can be used as an action for ", msg_code(verb), " requests."),
|
50
51
|
:line => actions[2],
|
51
52
|
:confidence => :medium,
|
52
|
-
:file => "#{tracker.app_path}/config/routes.rb"
|
53
|
+
:file => "#{tracker.app_path}/config/routes.rb",
|
54
|
+
:cwe_id => [22]
|
53
55
|
end
|
54
56
|
end
|
55
57
|
end
|
@@ -82,7 +84,8 @@ class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
|
|
82
84
|
:message => msg(msg_version(rails_version), " with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to ", msg_version(upgrade)),
|
83
85
|
:confidence => confidence,
|
84
86
|
:file => "#{tracker.app_path}/config/routes.rb",
|
85
|
-
:link => "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
|
87
|
+
:link => "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf",
|
88
|
+
:cwe_id => [22]
|
86
89
|
end
|
87
90
|
|
88
91
|
def allow_all_actions?
|
@@ -19,7 +19,8 @@ class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck
|
|
19
19
|
:warning_code => :local_request_config,
|
20
20
|
:message => "Detailed exceptions are enabled in production",
|
21
21
|
:confidence => :high,
|
22
|
-
:file => "config/environments/production.rb"
|
22
|
+
:file => "config/environments/production.rb",
|
23
|
+
:cwe_id => [200]
|
23
24
|
end
|
24
25
|
end
|
25
26
|
|
@@ -42,7 +43,8 @@ class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck
|
|
42
43
|
:message => msg("Detailed exceptions may be enabled in ", msg_code("show_detailed_exceptions?")),
|
43
44
|
:confidence => confidence,
|
44
45
|
:code => src,
|
45
|
-
:file => definition[:file]
|
46
|
+
:file => definition[:file],
|
47
|
+
:cwe_id => [200]
|
46
48
|
end
|
47
49
|
end
|
48
50
|
end
|
@@ -29,7 +29,8 @@ class Brakeman::CheckDigestDoS < Brakeman::BaseCheck
|
|
29
29
|
:message => message,
|
30
30
|
:confidence => confidence,
|
31
31
|
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/vxJjrc15qYM/discussion",
|
32
|
-
:gem_info => gemfile_or_environment
|
32
|
+
:gem_info => gemfile_or_environment,
|
33
|
+
:cwe_id => [287]
|
33
34
|
end
|
34
35
|
|
35
36
|
def with_http_digest?
|
@@ -36,7 +36,8 @@ class Brakeman::CheckDivideByZero < Brakeman::BaseCheck
|
|
36
36
|
:warning_code => :divide_by_zero,
|
37
37
|
:message => "Potential division by zero",
|
38
38
|
:confidence => confidence,
|
39
|
-
:user_input => denominator
|
39
|
+
:user_input => denominator,
|
40
|
+
:cwe_id => [369]
|
40
41
|
end
|
41
42
|
end
|
42
43
|
end
|
@@ -27,7 +27,8 @@ class Brakeman::CheckDynamicFinders < Brakeman::BaseCheck
|
|
27
27
|
:warning_code => :sql_injection_dynamic_finder,
|
28
28
|
:message => "MySQL integer conversion may cause 0 to match any string",
|
29
29
|
:confidence => :medium,
|
30
|
-
:user_input => arg
|
30
|
+
:user_input => arg,
|
31
|
+
:cwe_id => [89]
|
31
32
|
|
32
33
|
break
|
33
34
|
end
|
@@ -15,7 +15,8 @@ class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck
|
|
15
15
|
:message => msg("Rails versions before 2.3.14 have a vulnerability in the ", msg_code("escape"), " method when used with Ruby 1.8 ", msg_cve("CVE-2011-2932")),
|
16
16
|
:confidence => :high,
|
17
17
|
:gem_info => gemfile_or_environment,
|
18
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion"
|
18
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion",
|
19
|
+
:cwe_id => [79]
|
19
20
|
end
|
20
21
|
end
|
21
22
|
end
|
@@ -117,7 +117,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
117
117
|
:message => "Possible command injection",
|
118
118
|
:code => call,
|
119
119
|
:user_input => failure,
|
120
|
-
:confidence => confidence
|
120
|
+
:confidence => confidence,
|
121
|
+
:cwe_id => [77]
|
121
122
|
end
|
122
123
|
end
|
123
124
|
|
@@ -138,7 +139,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
138
139
|
:warning_code => :command_injection,
|
139
140
|
:message => msg("Possible command injection in ", msg_code("open")),
|
140
141
|
:user_input => match,
|
141
|
-
:confidence => :high
|
142
|
+
:confidence => :high,
|
143
|
+
:cwe_id => [77]
|
142
144
|
end
|
143
145
|
end
|
144
146
|
end
|
@@ -201,7 +203,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
201
203
|
:message => "Possible command injection",
|
202
204
|
:code => exp,
|
203
205
|
:user_input => input,
|
204
|
-
:confidence => confidence
|
206
|
+
:confidence => confidence,
|
207
|
+
:cwe_id => [77]
|
205
208
|
end
|
206
209
|
|
207
210
|
# This method expects a :dstr or :evstr node
|
@@ -25,7 +25,8 @@ class Brakeman::CheckFileDisclosure < Brakeman::BaseCheck
|
|
25
25
|
:message => msg(msg_version(rails_version), " has a file existence disclosure vulnerability. Upgrade to ", msg_version(fix_version), " or disable serving static assets"),
|
26
26
|
:confidence => :high,
|
27
27
|
:gem_info => gemfile_or_environment,
|
28
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ"
|
28
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ",
|
29
|
+
:cwe_id => [22]
|
29
30
|
end
|
30
31
|
end
|
31
32
|
|
@@ -15,7 +15,8 @@ class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck
|
|
15
15
|
:message => msg("Rails versions before 3.0.10 have a vulnerability which allows filters to be bypassed", msg_cve("CVE-2011-2929")),
|
16
16
|
:confidence => :high,
|
17
17
|
:gem_info => gemfile_or_environment,
|
18
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion"
|
18
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion",
|
19
|
+
:cwe_id => [20]
|
19
20
|
end
|
20
21
|
end
|
21
22
|
|
@@ -21,7 +21,8 @@ class Brakeman::CheckForceSSL < Brakeman::BaseCheck
|
|
21
21
|
:message => msg("The application does not force use of HTTPS: ", msg_code("config.force_ssl"), " is not enabled"),
|
22
22
|
:confidence => :high,
|
23
23
|
:file => "config/environments/production.rb",
|
24
|
-
:line => line
|
24
|
+
:line => line,
|
25
|
+
:cwe_id => [311]
|
25
26
|
end
|
26
27
|
end
|
27
28
|
end
|
@@ -52,7 +52,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
|
|
52
52
|
opts = {
|
53
53
|
:controller => :ApplicationController,
|
54
54
|
:warning_type => "Cross-Site Request Forgery",
|
55
|
-
:confidence => :high
|
55
|
+
:confidence => :high,
|
56
|
+
:cwe_id => [352]
|
56
57
|
}.merge opts
|
57
58
|
|
58
59
|
warn opts
|
@@ -76,6 +77,7 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
|
|
76
77
|
:message => msg("CSRF protection is flawed in unpatched versions of ", msg_version(rails_version), " ", msg_cve("CVE-2011-0447"), ". Upgrade to ", msg_version(new_version), " or apply patches as needed"),
|
77
78
|
:gem_info => gemfile_or_environment,
|
78
79
|
:file => nil,
|
79
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
|
80
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion",
|
81
|
+
:cwe_id => [352]
|
80
82
|
end
|
81
83
|
end
|
@@ -20,7 +20,8 @@ class Brakeman::CheckHeaderDoS < Brakeman::BaseCheck
|
|
20
20
|
:message => message,
|
21
21
|
:confidence => :medium,
|
22
22
|
:gem_info => gemfile_or_environment,
|
23
|
-
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"
|
23
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ",
|
24
|
+
:cwe_id => [20]
|
24
25
|
end
|
25
26
|
end
|
26
27
|
|
@@ -23,7 +23,8 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
|
|
23
23
|
:message => message,
|
24
24
|
:confidence => :medium,
|
25
25
|
:gem_info => gemfile_or_environment(:i18n),
|
26
|
-
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"
|
26
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ",
|
27
|
+
:cwe_id => [79]
|
27
28
|
end
|
28
29
|
end
|
29
30
|
|
@@ -31,6 +31,7 @@ class Brakeman::CheckJRubyXML < Brakeman::BaseCheck
|
|
31
31
|
:message => msg(msg_version(rails_version), " with JRuby has a vulnerability in XML parser. Upgrade to ", msg_version(fix_version), " or patch"),
|
32
32
|
:confidence => :high,
|
33
33
|
:gem_info => gemfile_or_environment,
|
34
|
-
:link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ"
|
34
|
+
:link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ",
|
35
|
+
:cwe_id => [20]
|
35
36
|
end
|
36
37
|
end
|
@@ -26,7 +26,8 @@ class Brakeman::CheckJSONEncoding < Brakeman::BaseCheck
|
|
26
26
|
:message => message,
|
27
27
|
:confidence => confidence,
|
28
28
|
:gem_info => gemfile_or_environment,
|
29
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"
|
29
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ",
|
30
|
+
:cwe_id => [79]
|
30
31
|
end
|
31
32
|
end
|
32
33
|
|
@@ -17,7 +17,8 @@ class Brakeman::CheckJSONEntityEscape < Brakeman::BaseCheck
|
|
17
17
|
:message => msg("HTML entities in JSON are not escaped by default"),
|
18
18
|
:confidence => :medium,
|
19
19
|
:file => "config/environments/production.rb",
|
20
|
-
:line => 1
|
20
|
+
:line => 1,
|
21
|
+
:cwe_id => [79]
|
21
22
|
end
|
22
23
|
end
|
23
24
|
|
@@ -31,7 +32,8 @@ class Brakeman::CheckJSONEntityEscape < Brakeman::BaseCheck
|
|
31
32
|
:warning_code => :json_html_escape_module,
|
32
33
|
:message => msg("HTML entities in JSON are not escaped by default"),
|
33
34
|
:confidence => :medium,
|
34
|
-
:file => "config/environments/production.rb"
|
35
|
+
:file => "config/environments/production.rb",
|
36
|
+
:cwe_id => [79]
|
35
37
|
end
|
36
38
|
end
|
37
39
|
end
|
@@ -33,7 +33,8 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
|
|
33
33
|
:message => message,
|
34
34
|
:confidence => :high,
|
35
35
|
:gem_info => gem_info,
|
36
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion"
|
36
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion",
|
37
|
+
:cwe_id => [74] # TODO: is this the best CWE for this?
|
37
38
|
end
|
38
39
|
end
|
39
40
|
|
@@ -98,7 +99,8 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
|
|
98
99
|
:message => message,
|
99
100
|
:confidence => confidence,
|
100
101
|
:gem_info => gemfile_or_environment(name),
|
101
|
-
:link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion"
|
102
|
+
:link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion",
|
103
|
+
:cwe_id => [74] # TODO: is this the best CWE for this?
|
102
104
|
end
|
103
105
|
|
104
106
|
def uses_json_parse?
|
@@ -56,7 +56,8 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
|
|
56
56
|
:message => message,
|
57
57
|
:user_input => input,
|
58
58
|
:confidence => :high,
|
59
|
-
:link_path => "link_to_href"
|
59
|
+
:link_path => "link_to_href",
|
60
|
+
:cwe_id => [79]
|
60
61
|
end
|
61
62
|
elsif not tracker.options[:ignore_model_output] and input = has_immediate_model?(url_arg)
|
62
63
|
return if ignore_model_call? url_arg, input or duplicate? result
|
@@ -70,7 +71,8 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
|
|
70
71
|
:message => message,
|
71
72
|
:user_input => input,
|
72
73
|
:confidence => :weak,
|
73
|
-
:link_path => "link_to_href"
|
74
|
+
:link_path => "link_to_href",
|
75
|
+
:cwe_id => [79]
|
74
76
|
end
|
75
77
|
end
|
76
78
|
|
@@ -25,7 +25,8 @@ class Brakeman::CheckMailTo < Brakeman::BaseCheck
|
|
25
25
|
:message => message,
|
26
26
|
:confidence => :high,
|
27
27
|
:gem_info => gemfile_or_environment, # Probably ignored now
|
28
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion"
|
28
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion",
|
29
|
+
:cwe_id => [79]
|
29
30
|
end
|
30
31
|
end
|
31
32
|
|
@@ -99,7 +99,8 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
|
|
99
99
|
:message => "Unprotected mass assignment",
|
100
100
|
:code => call,
|
101
101
|
:user_input => input,
|
102
|
-
:confidence => confidence
|
102
|
+
:confidence => confidence,
|
103
|
+
:cwe_id => [915]
|
103
104
|
end
|
104
105
|
|
105
106
|
res
|
@@ -205,7 +206,8 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
|
|
205
206
|
:warning_type => "Mass Assignment",
|
206
207
|
:warning_code => :mass_assign_permit!,
|
207
208
|
:message => msg('Specify exact keys allowed for mass assignment instead of using ', msg_code('permit!'), ' which allows any keys'),
|
208
|
-
:confidence => confidence
|
209
|
+
:confidence => confidence,
|
210
|
+
:cwe_id => [915]
|
209
211
|
end
|
210
212
|
|
211
213
|
def check_permit_all_parameters
|
@@ -217,7 +219,8 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
|
|
217
219
|
:warning_type => "Mass Assignment",
|
218
220
|
:warning_code => :mass_assign_permit_all,
|
219
221
|
:message => msg('Mass assignment is globally enabled. Disable and specify exact keys using ', msg_code('params.permit'), ' instead'),
|
220
|
-
:confidence => :high
|
222
|
+
:confidence => :high,
|
223
|
+
:cwe_id => [915]
|
221
224
|
end
|
222
225
|
end
|
223
226
|
end
|
@@ -26,7 +26,8 @@ class Brakeman::CheckMimeTypeDoS < Brakeman::BaseCheck
|
|
26
26
|
:message => message,
|
27
27
|
:confidence => :medium,
|
28
28
|
:gem_info => gemfile_or_environment,
|
29
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
|
29
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
|
30
|
+
:cwe_id => [399]
|
30
31
|
end
|
31
32
|
|
32
33
|
def has_workaround?
|
@@ -31,7 +31,8 @@ class Brakeman::CheckModelAttrAccessible < Brakeman::BaseCheck
|
|
31
31
|
:warning_code => :dangerous_attr_accessible,
|
32
32
|
:message => "Potentially dangerous attribute available for mass assignment",
|
33
33
|
:confidence => confidence,
|
34
|
-
:code => Sexp.new(:lit, attribute)
|
34
|
+
:code => Sexp.new(:lit, attribute),
|
35
|
+
:cwe_id => [915]
|
35
36
|
break # Prevent from matching single attr multiple times
|
36
37
|
end
|
37
38
|
end
|
@@ -23,7 +23,8 @@ class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
|
|
23
23
|
:warning_type => "Attribute Restriction",
|
24
24
|
:warning_code => :no_attr_accessible,
|
25
25
|
:message => msg("Mass assignment is not restricted using ", msg_code("attr_accessible")),
|
26
|
-
:confidence => :high
|
26
|
+
:confidence => :high,
|
27
|
+
:cwe_id => [915] # TODO: Should this be mass assignment?
|
27
28
|
elsif not tracker.options[:ignore_attr_protected]
|
28
29
|
message, confidence, link = check_for_attr_protected_bypass
|
29
30
|
|
@@ -39,7 +40,8 @@ class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
|
|
39
40
|
:warning_type => "Attribute Restriction",
|
40
41
|
:warning_code => warning_code,
|
41
42
|
:message => message,
|
42
|
-
:confidence => confidence
|
43
|
+
:confidence => confidence,
|
44
|
+
:cwe_id => [915] # TODO: Should this be mass assignment?
|
43
45
|
end
|
44
46
|
end
|
45
47
|
end
|
@@ -61,7 +61,8 @@ class Brakeman::CheckModelSerialize < Brakeman::BaseCheck
|
|
61
61
|
:confidence => confidence,
|
62
62
|
:link => "https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion",
|
63
63
|
:file => model.file,
|
64
|
-
:line => model.top_line
|
64
|
+
:line => model.top_line,
|
65
|
+
:cwe_id => [502]
|
65
66
|
end
|
66
67
|
end
|
67
68
|
end
|
@@ -24,7 +24,8 @@ class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck
|
|
24
24
|
:message => message,
|
25
25
|
:confidence => :high,
|
26
26
|
:gem_info => gemfile_or_environment,
|
27
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion"
|
27
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion",
|
28
|
+
:cwe_id => [20]
|
28
29
|
end
|
29
30
|
end
|
30
31
|
|
@@ -39,7 +39,8 @@ class Brakeman::CheckNestedAttributesBypass < Brakeman::BaseCheck
|
|
39
39
|
:file => model.file,
|
40
40
|
:line => args.line,
|
41
41
|
:confidence => :medium,
|
42
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
|
42
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
|
43
|
+
:cwe_id => [284]
|
43
44
|
end
|
44
45
|
|
45
46
|
def allow_destroy? arg
|