brakeman 5.2.0 → 5.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +50 -0
- data/README.md +2 -2
- data/bundle/load.rb +15 -15
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/Changelog.md +6 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/Gemfile +2 -5
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/README.md +1 -2
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/highline.gemspec +1 -1
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/menu.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/question.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/style.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/terminal.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/version.rb +1 -1
- data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline.rb +0 -0
- data/bundle/ruby/{2.7.0/gems/parallel-1.21.0 → 3.1.0/gems/parallel-1.22.1}/lib/parallel/processor_count.rb +2 -3
- data/bundle/ruby/3.1.0/gems/parallel-1.22.1/lib/parallel/version.rb +4 -0
- data/bundle/ruby/{2.7.0/gems/parallel-1.21.0 → 3.1.0/gems/parallel-1.22.1}/lib/parallel.rb +84 -4
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/History.rdoc +38 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/Manifest.txt +2 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/README.rdoc +8 -6
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/gauntlet.md +19 -18
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby20_parser.rb +10973 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby20_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby21_parser.rb +10980 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby21_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby22_parser.rb +11123 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby22_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby23_parser.rb +11132 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby23_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby24_parser.rb +11231 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby24_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby25_parser.rb +11231 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby25_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby26_parser.rb +11253 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby26_parser.y +14 -27
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby27_parser.rb +12996 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby27_parser.y +31 -41
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby30_parser.rb +13258 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby30_parser.y +77 -90
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby31_parser.rb +13638 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1/lib/ruby3_parser.yy → 3.1.0/gems/ruby_parser-3.19.2/lib/ruby31_parser.y} +122 -105
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib/ruby3_parser.yy +3548 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_lexer.rb +11 -4
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_parser.rb +2 -0
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_parser.yy +31 -41
- data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_parser_extras.rb +66 -6
- data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/History.rdoc +6 -0
- data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/pt_testcase.rb +7 -3
- data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/commonmarker.rb +11 -1
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/csv.rb +1 -1
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/pandoc.rb +23 -15
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/redcarpet.rb +5 -2
- data/bundle/ruby/3.1.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +23 -0
- data/bundle/ruby/3.1.0/gems/tilt-2.0.11/lib/tilt/sass.rb +78 -0
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/template.rb +12 -1
- data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt.rb +2 -1
- data/lib/brakeman/app_tree.rb +9 -1
- data/lib/brakeman/checks/base_check.rb +2 -3
- data/lib/brakeman/checks/check_basic_auth.rb +4 -2
- data/lib/brakeman/checks/check_basic_auth_timing_attack.rb +2 -1
- data/lib/brakeman/checks/check_content_tag.rb +8 -4
- data/lib/brakeman/checks/check_cookie_serialization.rb +2 -1
- data/lib/brakeman/checks/check_create_with.rb +4 -2
- data/lib/brakeman/checks/check_cross_site_scripting.rb +6 -3
- data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +2 -1
- data/lib/brakeman/checks/check_default_routes.rb +6 -3
- data/lib/brakeman/checks/check_deserialize.rb +2 -1
- data/lib/brakeman/checks/check_detailed_exceptions.rb +4 -2
- data/lib/brakeman/checks/check_digest_dos.rb +2 -1
- data/lib/brakeman/checks/check_divide_by_zero.rb +2 -1
- data/lib/brakeman/checks/check_dynamic_finders.rb +2 -1
- data/lib/brakeman/checks/check_escape_function.rb +2 -1
- data/lib/brakeman/checks/check_evaluation.rb +2 -1
- data/lib/brakeman/checks/check_execute.rb +6 -3
- data/lib/brakeman/checks/check_file_access.rb +2 -1
- data/lib/brakeman/checks/check_file_disclosure.rb +2 -1
- data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
- data/lib/brakeman/checks/check_force_ssl.rb +2 -1
- data/lib/brakeman/checks/check_forgery_setting.rb +4 -2
- data/lib/brakeman/checks/check_header_dos.rb +2 -1
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -1
- data/lib/brakeman/checks/check_jruby_xml.rb +2 -1
- data/lib/brakeman/checks/check_json_encoding.rb +2 -1
- data/lib/brakeman/checks/check_json_entity_escape.rb +4 -2
- data/lib/brakeman/checks/check_json_parsing.rb +4 -2
- data/lib/brakeman/checks/check_link_to.rb +2 -1
- data/lib/brakeman/checks/check_link_to_href.rb +4 -2
- data/lib/brakeman/checks/check_mail_to.rb +2 -1
- data/lib/brakeman/checks/check_mass_assignment.rb +6 -3
- data/lib/brakeman/checks/check_mime_type_dos.rb +2 -1
- data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -1
- data/lib/brakeman/checks/check_model_attributes.rb +4 -2
- data/lib/brakeman/checks/check_model_serialize.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +2 -1
- data/lib/brakeman/checks/check_number_to_currency.rb +4 -2
- data/lib/brakeman/checks/check_page_caching_cve.rb +2 -1
- data/lib/brakeman/checks/check_pathname.rb +48 -0
- data/lib/brakeman/checks/check_permit_attributes.rb +2 -1
- data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
- data/lib/brakeman/checks/check_redirect.rb +67 -31
- data/lib/brakeman/checks/check_regex_dos.rb +2 -1
- data/lib/brakeman/checks/check_render.rb +4 -2
- data/lib/brakeman/checks/check_render_dos.rb +2 -1
- data/lib/brakeman/checks/check_render_inline.rb +4 -2
- data/lib/brakeman/checks/check_response_splitting.rb +2 -1
- data/lib/brakeman/checks/check_reverse_tabnabbing.rb +2 -1
- data/lib/brakeman/checks/check_route_dos.rb +2 -1
- data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_sanitize_config_cve.rb +120 -0
- data/lib/brakeman/checks/check_sanitize_methods.rb +6 -3
- data/lib/brakeman/checks/check_secrets.rb +2 -1
- data/lib/brakeman/checks/check_select_tag.rb +2 -1
- data/lib/brakeman/checks/check_select_vulnerability.rb +2 -1
- data/lib/brakeman/checks/check_send.rb +2 -1
- data/lib/brakeman/checks/check_session_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_session_settings.rb +6 -3
- data/lib/brakeman/checks/check_simple_format.rb +4 -2
- data/lib/brakeman/checks/check_single_quotes.rb +2 -1
- data/lib/brakeman/checks/check_skip_before_filter.rb +4 -2
- data/lib/brakeman/checks/check_sprockets_path_traversal.rb +2 -1
- data/lib/brakeman/checks/check_sql.rb +7 -4
- data/lib/brakeman/checks/check_sql_cves.rb +4 -2
- data/lib/brakeman/checks/check_ssl_verify.rb +2 -1
- data/lib/brakeman/checks/check_strip_tags.rb +6 -3
- data/lib/brakeman/checks/check_symbol_dos.rb +2 -1
- data/lib/brakeman/checks/check_symbol_dos_cve.rb +2 -1
- data/lib/brakeman/checks/check_template_injection.rb +2 -1
- data/lib/brakeman/checks/check_translate_bug.rb +2 -1
- data/lib/brakeman/checks/check_unsafe_reflection.rb +9 -3
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +2 -1
- data/lib/brakeman/checks/check_unscoped_find.rb +10 -1
- data/lib/brakeman/checks/check_validation_regex.rb +2 -1
- data/lib/brakeman/checks/check_verb_confusion.rb +2 -1
- data/lib/brakeman/checks/check_weak_hash.rb +6 -3
- data/lib/brakeman/checks/check_weak_rsa_key.rb +112 -0
- data/lib/brakeman/checks/check_without_protection.rb +2 -1
- data/lib/brakeman/checks/check_xml_dos.rb +2 -1
- data/lib/brakeman/checks/check_yaml_parsing.rb +4 -2
- data/lib/brakeman/checks/eol_check.rb +4 -2
- data/lib/brakeman/options.rb +1 -1
- data/lib/brakeman/processors/alias_processor.rb +113 -20
- data/lib/brakeman/processors/gem_processor.rb +2 -2
- data/lib/brakeman/processors/lib/find_all_calls.rb +1 -0
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +1 -1
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/report/report_codeclimate.rb +1 -1
- data/lib/brakeman/report/report_csv.rb +2 -0
- data/lib/brakeman/report/report_junit.rb +2 -2
- data/lib/brakeman/report/report_table.rb +5 -5
- data/lib/brakeman/report/report_text.rb +2 -0
- data/lib/brakeman/report/templates/controller_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/ignored_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/model_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/security_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/view_warnings.html.erb +2 -0
- data/lib/brakeman/rescanner.rb +3 -1
- data/lib/brakeman/scanner.rb +1 -1
- data/lib/brakeman/tracker/config.rb +68 -25
- data/lib/brakeman/tracker.rb +1 -1
- data/lib/brakeman/util.rb +20 -4
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +5 -2
- data/lib/brakeman/warning_codes.rb +7 -0
- metadata +421 -417
- data/bundle/ruby/2.7.0/gems/highline-2.0.3/appveyor.yml +0 -37
- data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +0 -4
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb +0 -7128
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb +0 -7182
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb +0 -7228
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb +0 -7237
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb +0 -7268
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb +0 -7268
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb +0 -7287
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb +0 -8517
- data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb +0 -8751
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rst-pandoc.rb +0 -18
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sass.rb +0 -52
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/CHANGES.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/MIT-LICENSE +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/README.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/contrib/erubis +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/contrib/erubis-run.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/contrib/inline-require +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/context.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/converter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ec.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ecpp.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ejava.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ejavascript.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/enhanced.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/eperl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ephp.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/eruby.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/escheme.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/optimized.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/enhancer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/error.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/evaluator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/generator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_form_helper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_helper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/local-setting.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/main.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/preprocessing.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/tiny.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/util.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/erubis-2.7.0/setup.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/CHANGELOG.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/FAQ.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/MIT-LICENSE +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/REFERENCE.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/TODO +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/haml.gemspec +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_builder.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_compiler.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/buffer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/compiler.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/error.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/escapable.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/exec.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/filters.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/generator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_extensions.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_mods.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_xss_mods.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubi_template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubis_template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/xss_mods.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/options.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/plugin.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/railtie.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/sass_rails_filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/template/options.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/temple_engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/temple_line_counter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/util.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/lib/haml.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/yard/default/fulldoc/html/css/common.sass +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/haml-5.2.2/yard/default/layout/html/footer.erb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/AUTHORS +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/COPYING +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/LICENSE +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/TODO +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/builtin_styles.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/color_scheme.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/compatibility.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/custom_errors.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/import.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/io_console_compatible.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/list.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/list_renderer.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/menu/item.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/paginator.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/question/answer_converter.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/question_asker.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/simulate.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/statement.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/string.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/string_extensions.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/template_renderer.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/terminal/io_console.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/terminal/ncurses.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/terminal/unix_stty.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/highline-2.0.3 → 3.1.0/gems/highline-2.1.0}/lib/highline/wrapper.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/parallel-1.21.0 → 3.1.0/gems/parallel-1.22.1}/MIT-LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/NEWS.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/attlistdecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/attribute.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/cdata.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/child.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/comment.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/doctype.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/document.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/attlistdecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/dtd.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/elementdecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/entitydecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/dtd/notationdecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/element.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/encoding.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/entity.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/formatters/default.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/formatters/transitive.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/functions.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/instruction.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/light/node.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/namespace.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/node.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/output.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parent.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parseexception.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/lightparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/ultralightparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/parsers/xpathparser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/quickpath.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/rexml.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/sax2listener.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/security.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/source.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/streamlistener.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/text.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/undefinednamespaceexception.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/validation/relaxng.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/validation/validation.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/validation/validationexception.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/xmldecl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/xmltokens.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/xpath.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml/xpath_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/rexml-3.2.5/lib/rexml.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby2ruby-2.4.4/History.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby2ruby-2.4.4/Manifest.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby2ruby-2.4.4/README.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/compare/normalize.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/debugging.md +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/rp_extensions.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/rp_stringscanner.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_lexer.rex +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_lexer.rex.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/lib/ruby_lexer_strings.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/tools/munge.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/ruby_parser-3.18.1 → 3.1.0/gems/ruby_parser-3.19.2}/tools/ripper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/History.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/Manifest.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/README.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.y +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.y +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser_extras.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/CHANGES.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/bundle_install_all_ruby_versions.sh +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/deep.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/libyaml_checker.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/load.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/date.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/hexadecimal.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/sexagesimal.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_handler.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_resolver.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/resolver.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/safe_to_ruby_visitor.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_hack.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_node_monkeypatch.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_resolver.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_boolean.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_date.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_float.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_integer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_nil.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_symbol.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/transformation_map.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/safe_yaml-1.0.5/safe_yaml.gemspec +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/Manifest.txt +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/README.rdoc +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/composite_sexp_processor.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/sexp.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/sexp_matcher.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/strict_sexp.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/sexp_processor-4.16.0 → 3.1.0/gems/sexp_processor-4.16.1}/lib/unique.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/CHANGES +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/LICENSE +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/README.jp.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/code_attributes.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/command.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/controls.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/do_inserter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/embedded.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/end_inserter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/erb_converter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/grammar.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/include.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/interpolation.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less/context.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/escaper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/splat/builder.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/splat/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/translator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/lib/slim.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/slim-4.1.0/slim.gemspec +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/CHANGES +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/EXPRESSIONS.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/LICENSE +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/engine.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/trimming.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/exceptions.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/code_merger.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/control_flow.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/dynamic_inliner.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/encoding.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/eraser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/escapable.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/multi_flattener.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/remove_bom.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/static_analyzer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/static_merger.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/string_splitter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/validator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/array.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/array_buffer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/erb.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/rails_output_buffer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/string_buffer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/grammar.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_merger.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_remover.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_sorter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/dispatcher.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/fast.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/filter.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/pretty.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/safe.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/map.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/dispatcher.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/engine_dsl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/grammar_dsl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/options.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/template.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/parser.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/static_analyzer.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates/rails.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates/tilt.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/utils.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/lib/temple.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/temple-0.8.2/temple.gemspec +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/Gemfile +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/History.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/Manifest +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/README.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/Todo.rdoc +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/cell.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/import.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/row.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/separator.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/style.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/table.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/version.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/terminal-table-1.8.0/terminal-table.gemspec +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/COPYING +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/asciidoc.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/babel.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/bluecloth.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/builder.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/coffee.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/creole.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/dummy.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/erb.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/erubi.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/erubis.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/etanni.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/haml.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/kramdown.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/less.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/liquid.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/livescript.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/mapping.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/markaby.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/maruku.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/nokogiri.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/plain.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/prawn.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/radius.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/rdiscount.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/rdoc.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/redcloth.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/sigil.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/string.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/typescript.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/wikicloth.rb +0 -0
- /data/bundle/ruby/{2.7.0/gems/tilt-2.0.10 → 3.1.0/gems/tilt-2.0.11}/lib/tilt/yajl.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/CHANGELOG.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/README.md +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/constants.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/index.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/no_string_ext.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/string_ext.rb +0 -0
- /data/bundle/ruby/{2.7.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width.rb +0 -0
@@ -36,7 +36,8 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
|
|
36
36
|
:message => message,
|
37
37
|
:confidence => :medium,
|
38
38
|
:gem_info => gemfile_or_environment,
|
39
|
-
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"
|
39
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
|
40
|
+
:cwe_id => [79]
|
40
41
|
end
|
41
42
|
|
42
43
|
def check_number_helper_usage
|
@@ -69,6 +70,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
|
|
69
70
|
:message => msg("Format options in ", msg_code(result[:call].method), " are not safe in ", msg_version(rails_version)),
|
70
71
|
:confidence => :high,
|
71
72
|
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
|
72
|
-
:user_input => match
|
73
|
+
:user_input => match,
|
74
|
+
:cwe_id => [79]
|
73
75
|
end
|
74
76
|
end
|
@@ -26,7 +26,8 @@ class Brakeman::CheckPageCachingCVE < Brakeman::BaseCheck
|
|
26
26
|
:message => message,
|
27
27
|
:confidence => confidence,
|
28
28
|
:link_path => 'https://groups.google.com/d/msg/rubyonrails-security/CFRVkEytdP8/c5gmICECAgAJ',
|
29
|
-
:gem_info => gemfile_or_environment(gem_name)
|
29
|
+
:gem_info => gemfile_or_environment(gem_name),
|
30
|
+
:cwe_id => [22]
|
30
31
|
end
|
31
32
|
|
32
33
|
def uses_caches_page?
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require 'brakeman/checks/base_check'
|
2
|
+
|
3
|
+
class Brakeman::CheckPathname < Brakeman::BaseCheck
|
4
|
+
Brakeman::Checks.add self
|
5
|
+
|
6
|
+
@description = "Check for unexpected Pathname behavior"
|
7
|
+
|
8
|
+
def run_check
|
9
|
+
check_rails_root_join
|
10
|
+
check_pathname_join
|
11
|
+
|
12
|
+
end
|
13
|
+
|
14
|
+
def check_rails_root_join
|
15
|
+
tracker.find_call(target: :'Rails.root', method: :join, nested: true).each do |result|
|
16
|
+
check_result result
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def check_pathname_join
|
21
|
+
pathname_methods = [
|
22
|
+
:'Pathname.new',
|
23
|
+
:'Pathname.getwd',
|
24
|
+
:'Pathname.glob',
|
25
|
+
:'Pathname.pwd',
|
26
|
+
]
|
27
|
+
|
28
|
+
tracker.find_call(targets: pathname_methods, method: :join, nested: true).each do |result|
|
29
|
+
check_result result
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def check_result result
|
34
|
+
return unless original? result
|
35
|
+
|
36
|
+
result[:call].each_arg do |arg|
|
37
|
+
if match = has_immediate_user_input?(arg)
|
38
|
+
warn :result => result,
|
39
|
+
:warning_type => "Path Traversal",
|
40
|
+
:warning_code => :pathname_traversal,
|
41
|
+
:message => "Absolute paths in `Pathname#join` cause the entire path to be relative to the absolute path, ignoring any prior values",
|
42
|
+
:user_input => match,
|
43
|
+
:confidence => :high,
|
44
|
+
:cwe_id => [22]
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -38,6 +38,7 @@ class Brakeman::CheckPermitAttributes < Brakeman::BaseCheck
|
|
38
38
|
:warning_code => :dangerous_permit_key,
|
39
39
|
:message => "Potentially dangerous key allowed for mass assignment",
|
40
40
|
:confidence => (confidence || SUSPICIOUS_KEYS[key.value]),
|
41
|
-
:user_input => key
|
41
|
+
:user_input => key,
|
42
|
+
:cwe_id => [915]
|
42
43
|
end
|
43
44
|
end
|
@@ -28,7 +28,8 @@ class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck
|
|
28
28
|
:message => message,
|
29
29
|
:confidence => confidence,
|
30
30
|
:gem_info => gemfile_or_environment,
|
31
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion"
|
31
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion",
|
32
|
+
:cwe_id => [89]
|
32
33
|
end
|
33
34
|
end
|
34
35
|
|
@@ -11,9 +11,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
|
|
11
11
|
@description = "Looks for calls to redirect_to with user input as arguments"
|
12
12
|
|
13
13
|
def run_check
|
14
|
-
|
15
|
-
|
16
|
-
@model_find_calls = Set[:all, :create, :create!, :find, :find_by_sql, :first, :last, :new]
|
14
|
+
@model_find_calls = Set[:all, :create, :create!, :find, :find_by_sql, :first, :first!, :last, :last!, :new, :sole]
|
17
15
|
|
18
16
|
if tracker.options[:rails3]
|
19
17
|
@model_find_calls.merge [:from, :group, :having, :joins, :lock, :order, :reorder, :select, :where]
|
@@ -23,7 +21,13 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
|
|
23
21
|
@model_find_calls.merge [:find_by, :find_by!, :take]
|
24
22
|
end
|
25
23
|
|
26
|
-
|
24
|
+
if version_between? "7.0.0", "9.9.9"
|
25
|
+
@model_find_calls << :find_sole_by
|
26
|
+
end
|
27
|
+
|
28
|
+
methods = [:redirect_to, :redirect_back, :redirect_back_or_to]
|
29
|
+
|
30
|
+
@tracker.find_call(:target => false, :methods => methods).each do |res|
|
27
31
|
process_result res
|
28
32
|
end
|
29
33
|
end
|
@@ -32,18 +36,28 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
|
|
32
36
|
return unless original? result
|
33
37
|
|
34
38
|
call = result[:call]
|
35
|
-
method = call.method
|
36
|
-
|
37
39
|
opt = call.first_arg
|
38
40
|
|
39
|
-
|
41
|
+
# Location is specified with `fallback_location:`
|
42
|
+
# otherwise the arguments do not contain a location and
|
43
|
+
# the call can be ignored
|
44
|
+
if call.method == :redirect_back
|
45
|
+
if hash? opt and location = hash_access(opt, :fallback_location)
|
46
|
+
opt = location
|
47
|
+
else
|
48
|
+
return
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
if not protected_by_raise?(call) and
|
40
53
|
not only_path?(call) and
|
41
54
|
not explicit_host?(opt) and
|
42
55
|
not slice_call?(opt) and
|
43
56
|
not safe_permit?(opt) and
|
44
|
-
|
57
|
+
not disallow_other_host?(call) and
|
58
|
+
res = include_user_input?(opt)
|
45
59
|
|
46
|
-
if res.type == :immediate
|
60
|
+
if res.type == :immediate and not allow_other_host?(call)
|
47
61
|
confidence = :high
|
48
62
|
else
|
49
63
|
confidence = :weak
|
@@ -55,7 +69,8 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
|
|
55
69
|
:message => "Possible unprotected redirect",
|
56
70
|
:code => call,
|
57
71
|
:user_input => res,
|
58
|
-
:confidence => confidence
|
72
|
+
:confidence => confidence,
|
73
|
+
:cwe_id => [601]
|
59
74
|
end
|
60
75
|
end
|
61
76
|
|
@@ -63,42 +78,42 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
|
|
63
78
|
#is being output directly. This is necessary because of tracker.options[:check_arguments]
|
64
79
|
#which can be used to enable/disable reporting output of method calls which use
|
65
80
|
#user input as arguments.
|
66
|
-
def include_user_input?
|
81
|
+
def include_user_input? opt, immediate = :immediate
|
67
82
|
Brakeman.debug "Checking if call includes user input"
|
68
83
|
|
69
|
-
arg = call.first_arg
|
70
|
-
|
71
84
|
# if the first argument is an array, rails assumes you are building a
|
72
85
|
# polymorphic route, which will never jump off-host
|
73
|
-
return false if array?
|
86
|
+
return false if array? opt
|
74
87
|
|
75
88
|
if tracker.options[:ignore_redirect_to_model]
|
76
|
-
if model_instance?(
|
89
|
+
if model_instance?(opt) or decorated_model?(opt)
|
77
90
|
return false
|
78
91
|
end
|
79
92
|
end
|
80
93
|
|
81
|
-
if res = has_immediate_model?(
|
82
|
-
unless call?
|
94
|
+
if res = has_immediate_model?(opt)
|
95
|
+
unless call? opt and opt.method.to_s =~ /_path/
|
83
96
|
return Match.new(immediate, res)
|
84
97
|
end
|
85
|
-
elsif call?
|
86
|
-
if request_value?
|
87
|
-
return Match.new(immediate,
|
88
|
-
elsif
|
89
|
-
return Match.new(immediate,
|
90
|
-
elsif arg.method == :url_for and include_user_input? arg
|
91
|
-
return Match.new(immediate, arg)
|
98
|
+
elsif call? opt
|
99
|
+
if request_value? opt
|
100
|
+
return Match.new(immediate, opt)
|
101
|
+
elsif opt.method == :url_for and include_user_input? opt.first_arg
|
102
|
+
return Match.new(immediate, opt)
|
92
103
|
#Ignore helpers like some_model_url?
|
93
|
-
elsif
|
104
|
+
elsif opt.method.to_s =~ /_(url|path)\z/
|
105
|
+
return false
|
106
|
+
elsif opt.method == :url_from
|
94
107
|
return false
|
95
108
|
end
|
96
|
-
elsif request_value?
|
97
|
-
return Match.new(immediate,
|
109
|
+
elsif request_value? opt
|
110
|
+
return Match.new(immediate, opt)
|
111
|
+
elsif node_type? opt, :or
|
112
|
+
return (include_user_input?(opt.lhs) or include_user_input?(opt.rhs))
|
98
113
|
end
|
99
114
|
|
100
|
-
if tracker.options[:check_arguments] and call?
|
101
|
-
include_user_input?
|
115
|
+
if tracker.options[:check_arguments] and call? opt
|
116
|
+
include_user_input? opt.first_arg, false #I'm doubting if this is really necessary...
|
102
117
|
else
|
103
118
|
false
|
104
119
|
end
|
@@ -203,7 +218,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
|
|
203
218
|
def friendly_model? exp
|
204
219
|
call? exp and model_name? exp.target and exp.method == :friendly
|
205
220
|
end
|
206
|
-
|
221
|
+
|
207
222
|
#Returns true if exp is (probably) a decorated model instance
|
208
223
|
#using the Draper gem
|
209
224
|
def decorated_model? exp
|
@@ -244,7 +259,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
|
|
244
259
|
if call? exp and params? exp.target and exp.method == :permit
|
245
260
|
exp.each_arg do |opt|
|
246
261
|
if symbol? opt and DANGEROUS_KEYS.include? opt.value
|
247
|
-
return false
|
262
|
+
return false
|
248
263
|
end
|
249
264
|
end
|
250
265
|
|
@@ -253,4 +268,25 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
|
|
253
268
|
|
254
269
|
false
|
255
270
|
end
|
271
|
+
|
272
|
+
def protected_by_raise? call
|
273
|
+
raise_on_redirects? and
|
274
|
+
not allow_other_host? call
|
275
|
+
end
|
276
|
+
|
277
|
+
def raise_on_redirects?
|
278
|
+
@raise_on_redirects ||= true?(tracker.config.rails.dig(:action_controller, :raise_on_open_redirects))
|
279
|
+
end
|
280
|
+
|
281
|
+
def allow_other_host? call
|
282
|
+
opt = call.last_arg
|
283
|
+
|
284
|
+
hash? opt and true? hash_access(opt, :allow_other_host)
|
285
|
+
end
|
286
|
+
|
287
|
+
def disallow_other_host? call
|
288
|
+
opt = call.last_arg
|
289
|
+
|
290
|
+
hash? opt and false? hash_access(opt, :allow_other_host)
|
291
|
+
end
|
256
292
|
end
|
@@ -57,7 +57,8 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
|
|
57
57
|
:warning_code => :dynamic_render_path,
|
58
58
|
:message => message,
|
59
59
|
:user_input => input,
|
60
|
-
:confidence => confidence
|
60
|
+
:confidence => confidence,
|
61
|
+
:cwe_id => [22]
|
61
62
|
end
|
62
63
|
end
|
63
64
|
|
@@ -78,7 +79,8 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
|
|
78
79
|
:warning_code => :dynamic_render_path_rce,
|
79
80
|
:message => msg("Passing query parameters to ", msg_code("render"), " is vulnerable in ", msg_version(rails_version), " ", msg_cve("CVE-2016-0752")),
|
80
81
|
:user_input => view,
|
81
|
-
:confidence => :high
|
82
|
+
:confidence => :high,
|
83
|
+
:cwe_id => [22]
|
82
84
|
end
|
83
85
|
end
|
84
86
|
end
|
@@ -32,6 +32,7 @@ class Brakeman::CheckRenderDoS < Brakeman::BaseCheck
|
|
32
32
|
:message => message,
|
33
33
|
:confidence => :high,
|
34
34
|
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ",
|
35
|
-
:gem_info => gemfile_or_environment
|
35
|
+
:gem_info => gemfile_or_environment,
|
36
|
+
:cwe_id => [20]
|
36
37
|
end
|
37
38
|
end
|
@@ -28,14 +28,16 @@ class Brakeman::CheckRenderInline < Brakeman::CheckCrossSiteScripting
|
|
28
28
|
:warning_code => :cross_site_scripting_inline,
|
29
29
|
:message => msg("Unescaped ", msg_input(input), " rendered inline"),
|
30
30
|
:user_input => input,
|
31
|
-
:confidence => :high
|
31
|
+
:confidence => :high,
|
32
|
+
:cwe_id => [79]
|
32
33
|
elsif input = has_immediate_model?(render_value)
|
33
34
|
warn :result => result,
|
34
35
|
:warning_type => "Cross-Site Scripting",
|
35
36
|
:warning_code => :cross_site_scripting_inline,
|
36
37
|
:message => "Unescaped model attribute rendered inline",
|
37
38
|
:user_input => input,
|
38
|
-
:confidence => :medium
|
39
|
+
:confidence => :medium,
|
40
|
+
:cwe_id => [79]
|
39
41
|
end
|
40
42
|
end
|
41
43
|
end
|
@@ -15,7 +15,8 @@ class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck
|
|
15
15
|
:message => msg("Rails versions before 2.3.14 have a vulnerability content type handling allowing injection of headers ", msg_cve("CVE-2011-3186")),
|
16
16
|
:confidence => :medium,
|
17
17
|
:gem_info => gemfile_or_environment,
|
18
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion"
|
18
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion",
|
19
|
+
:cwe_id => [94]
|
19
20
|
end
|
20
21
|
end
|
21
22
|
end
|
@@ -53,6 +53,7 @@ class Brakeman::CheckReverseTabnabbing < Brakeman::BaseCheck
|
|
53
53
|
:message => msg("When opening a link in a new tab without setting ", msg_code('rel: "noopener noreferrer"'),
|
54
54
|
", the new tab can control the parent tab's location. For example, an attacker could redirect to a phishing page."),
|
55
55
|
:confidence => confidence,
|
56
|
-
:user_input => rel
|
56
|
+
:user_input => rel,
|
57
|
+
:cwe_id => [1022]
|
57
58
|
end
|
58
59
|
end
|
@@ -23,7 +23,8 @@ class Brakeman::CheckRouteDoS < Brakeman::BaseCheck
|
|
23
23
|
:message => message,
|
24
24
|
:confidence => :medium,
|
25
25
|
:gem_info => gemfile_or_environment,
|
26
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
|
26
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
|
27
|
+
:cwe_id => [399]
|
27
28
|
end
|
28
29
|
end
|
29
30
|
|
@@ -26,6 +26,7 @@ class Brakeman::CheckSafeBufferManipulation < Brakeman::BaseCheck
|
|
26
26
|
:warning_code => :safe_buffer_vuln,
|
27
27
|
:message => message,
|
28
28
|
:confidence => :medium,
|
29
|
-
:gem_info => gemfile_or_environment
|
29
|
+
:gem_info => gemfile_or_environment,
|
30
|
+
:cwe_id => [79]
|
30
31
|
end
|
31
32
|
end
|
@@ -0,0 +1,120 @@
|
|
1
|
+
require 'brakeman/checks/base_check'
|
2
|
+
|
3
|
+
class Brakeman::CheckSanitizeConfigCve < Brakeman::BaseCheck
|
4
|
+
Brakeman::Checks.add self
|
5
|
+
|
6
|
+
@description = "Checks for vunerable uses of sanitize (CVE-2022-32209)"
|
7
|
+
|
8
|
+
def run_check
|
9
|
+
@specific_warning = false
|
10
|
+
|
11
|
+
@gem_version = tracker.config.gem_version :'rails-html-sanitizer'
|
12
|
+
if version_between? "0.0.0", "1.4.2", @gem_version
|
13
|
+
check_config
|
14
|
+
check_sanitize_calls
|
15
|
+
check_safe_list_allowed_tags
|
16
|
+
|
17
|
+
unless @specific_warning
|
18
|
+
# General warning about the vulnerable version
|
19
|
+
cve_warning
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def cve_warning confidence: :weak, result: nil
|
25
|
+
return if result and not original? result
|
26
|
+
|
27
|
+
message = msg(msg_version(@gem_version, 'rails-html-sanitizer'),
|
28
|
+
" is vulnerable to cross-site scripting when ",
|
29
|
+
msg_code('select'),
|
30
|
+
" and ",
|
31
|
+
msg_code("style"),
|
32
|
+
" tags are allowed ",
|
33
|
+
msg_cve("CVE-2022-32209")
|
34
|
+
)
|
35
|
+
|
36
|
+
unless result
|
37
|
+
message << ". Upgrade to 1.4.3 or newer"
|
38
|
+
end
|
39
|
+
|
40
|
+
warn :warning_type => "Cross-Site Scripting",
|
41
|
+
:warning_code => :CVE_2022_32209,
|
42
|
+
:message => message,
|
43
|
+
:confidence => confidence,
|
44
|
+
:gem_info => gemfile_or_environment(:'rails-html-sanitizer'),
|
45
|
+
:link_path => "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s/m/S0fJfnkmBAAJ",
|
46
|
+
:cwe_id => [79],
|
47
|
+
:result => result
|
48
|
+
end
|
49
|
+
|
50
|
+
# Look for
|
51
|
+
# config.action_view.sanitized_allowed_tags = ["select", "style"]
|
52
|
+
def check_config
|
53
|
+
sanitizer_config = tracker.config.rails.dig(:action_view, :sanitized_allowed_tags)
|
54
|
+
|
55
|
+
if sanitizer_config and include_both_tags? sanitizer_config
|
56
|
+
@specific_warning = true
|
57
|
+
cve_warning confidence: :high
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
# Look for
|
62
|
+
# sanitize ..., tags: ["select", "style"]
|
63
|
+
# and
|
64
|
+
# Rails::Html::SafeListSanitizer.new.sanitize(..., tags: ["select", "style"])
|
65
|
+
def check_sanitize_calls
|
66
|
+
tracker.find_call(method: :sanitize, target: nil).each do |result|
|
67
|
+
check_tags_option result
|
68
|
+
end
|
69
|
+
|
70
|
+
tracker.find_call(method: :sanitize, target: :'Rails::Html::SafeListSanitizer.new').each do |result|
|
71
|
+
check_tags_option result
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
# Look for
|
76
|
+
# Rails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]
|
77
|
+
def check_safe_list_allowed_tags
|
78
|
+
tracker.find_call(target: :'Rails::Html::SafeListSanitizer', method: :allowed_tags=).each do |result|
|
79
|
+
check_result result, result[:call].first_arg
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
private
|
84
|
+
|
85
|
+
def check_tags_option result
|
86
|
+
options = result[:call].last_arg
|
87
|
+
|
88
|
+
if options
|
89
|
+
check_result result, hash_access(options, :tags)
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
def check_result result, arg
|
94
|
+
if include_both_tags? arg
|
95
|
+
@specific_warning = true
|
96
|
+
cve_warning confidence: :high, result: result
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
def include_both_tags? exp
|
101
|
+
return unless sexp? exp
|
102
|
+
|
103
|
+
has_tag? exp, 'select' and
|
104
|
+
has_tag? exp, 'style'
|
105
|
+
end
|
106
|
+
|
107
|
+
def has_tag? exp, tag
|
108
|
+
tag_sym = tag.to_sym
|
109
|
+
|
110
|
+
exp.each_sexp do |e|
|
111
|
+
if string? e and e.value == tag
|
112
|
+
return true
|
113
|
+
elsif symbol? e and e.value == tag_sym
|
114
|
+
return true
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
false
|
119
|
+
end
|
120
|
+
end
|
@@ -51,7 +51,8 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
|
|
51
51
|
:warning_code => code,
|
52
52
|
:message => message,
|
53
53
|
:confidence => :high,
|
54
|
-
:link_path => link
|
54
|
+
:link_path => link,
|
55
|
+
:cwe_id => [79]
|
55
56
|
end
|
56
57
|
end
|
57
58
|
|
@@ -83,7 +84,8 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
|
|
83
84
|
:message => message,
|
84
85
|
:gem_info => gemfile_or_environment(:loofah),
|
85
86
|
:confidence => confidence,
|
86
|
-
:link_path => "https://github.com/flavorjones/loofah/issues/144"
|
87
|
+
:link_path => "https://github.com/flavorjones/loofah/issues/144",
|
88
|
+
:cwe_id => [79]
|
87
89
|
end
|
88
90
|
end
|
89
91
|
|
@@ -108,6 +110,7 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
|
|
108
110
|
:message => message,
|
109
111
|
:gem_info => gemfile_or_environment(:'rails-html-sanitizer'),
|
110
112
|
:confidence => confidence,
|
111
|
-
:link_path => link
|
113
|
+
:link_path => link,
|
114
|
+
:cwe_id => [79]
|
112
115
|
end
|
113
116
|
end
|
@@ -27,7 +27,8 @@ class Brakeman::CheckSecrets < Brakeman::BaseCheck
|
|
27
27
|
:message => msg("Hardcoded value for ", msg_code(name), " in source code"),
|
28
28
|
:confidence => :medium,
|
29
29
|
:file => constant.file,
|
30
|
-
:line => constant.line
|
30
|
+
:line => constant.line,
|
31
|
+
:cwe_id => [798]
|
31
32
|
end
|
32
33
|
end
|
33
34
|
end
|
@@ -52,7 +52,8 @@ class Brakeman::CheckSelectTag < Brakeman::BaseCheck
|
|
52
52
|
:message => @message,
|
53
53
|
:confidence => :high,
|
54
54
|
:user_input => input,
|
55
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion"
|
55
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion",
|
56
|
+
:cwe_id => [79]
|
56
57
|
end
|
57
58
|
end
|
58
59
|
end
|
@@ -28,7 +28,8 @@ class Brakeman::CheckSessionManipulation < Brakeman::BaseCheck
|
|
28
28
|
:warning_code => :session_key_manipulation,
|
29
29
|
:message => msg(msg_input(input), " used as key in session hash"),
|
30
30
|
:user_input => input,
|
31
|
-
:confidence => confidence
|
31
|
+
:confidence => confidence,
|
32
|
+
:cwe_id => [20] # TODO: what cwe should this be? it seems like it's looking for authz bypass
|
32
33
|
end
|
33
34
|
end
|
34
35
|
end
|
@@ -142,7 +142,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
|
|
142
142
|
:message => "Session cookies should be set to HTTP only",
|
143
143
|
:confidence => :high,
|
144
144
|
:line => line,
|
145
|
-
:file => file
|
145
|
+
:file => file,
|
146
|
+
:cwe_id => [1004]
|
146
147
|
|
147
148
|
end
|
148
149
|
|
@@ -152,7 +153,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
|
|
152
153
|
:message => "Session secret should not be included in version control",
|
153
154
|
:confidence => :high,
|
154
155
|
:line => line,
|
155
|
-
:file => file
|
156
|
+
:file => file,
|
157
|
+
:cwe_id => [798]
|
156
158
|
end
|
157
159
|
|
158
160
|
def warn_about_secure_only line, file
|
@@ -161,7 +163,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
|
|
161
163
|
:message => "Session cookie should be set to secure only",
|
162
164
|
:confidence => :high,
|
163
165
|
:line => line,
|
164
|
-
:file => file
|
166
|
+
:file => file,
|
167
|
+
:cwe_id => [614]
|
165
168
|
end
|
166
169
|
|
167
170
|
def ignored? file
|
@@ -28,7 +28,8 @@ class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
|
|
28
28
|
:message => message,
|
29
29
|
:confidence => :medium,
|
30
30
|
:gem_info => gemfile_or_environment,
|
31
|
-
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
|
31
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
|
32
|
+
:cwe_id => [79]
|
32
33
|
end
|
33
34
|
|
34
35
|
def check_simple_format_usage
|
@@ -58,6 +59,7 @@ class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
|
|
58
59
|
:message => msg("Values passed to ", msg_code("simple_format"), " are not safe in ", msg_version(rails_version)),
|
59
60
|
:confidence => :high,
|
60
61
|
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
|
61
|
-
:user_input => match
|
62
|
+
:user_input => match,
|
63
|
+
:cwe_id => [79]
|
62
64
|
end
|
63
65
|
end
|
@@ -38,7 +38,8 @@ class Brakeman::CheckSingleQuotes < Brakeman::BaseCheck
|
|
38
38
|
:message => message,
|
39
39
|
:confidence => :medium,
|
40
40
|
:gem_info => gemfile_or_environment,
|
41
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion"
|
41
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion",
|
42
|
+
:cwe_id => [79]
|
42
43
|
end
|
43
44
|
|
44
45
|
#Process initializers to see if they use workaround
|
@@ -29,7 +29,8 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
|
|
29
29
|
:message => msg("List specific actions (", msg_code(":only => [..]"), ") when skipping CSRF check"),
|
30
30
|
:code => filter,
|
31
31
|
:confidence => :medium,
|
32
|
-
:file => controller.file
|
32
|
+
:file => controller.file,
|
33
|
+
:cwe_id => [352]
|
33
34
|
|
34
35
|
when :login_required, :authenticate_user!, :require_user
|
35
36
|
warn :controller => controller.name,
|
@@ -39,7 +40,8 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
|
|
39
40
|
:code => filter,
|
40
41
|
:confidence => :medium,
|
41
42
|
:link_path => "authentication_whitelist",
|
42
|
-
:file => controller.file
|
43
|
+
:file => controller.file,
|
44
|
+
:cwe_id => [287]
|
43
45
|
end
|
44
46
|
end
|
45
47
|
|