brakeman 5.2.1 → 5.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (205) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +25 -0
  3. data/bundle/load.rb +4 -4
  4. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/MIT-LICENSE.txt +0 -0
  5. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel/processor_count.rb +2 -3
  6. data/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb +4 -0
  7. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel.rb +84 -4
  8. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/History.rdoc +28 -0
  9. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/Manifest.txt +2 -0
  10. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/README.rdoc +8 -6
  11. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/compare/normalize.rb +0 -0
  12. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/debugging.md +0 -0
  13. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/gauntlet.md +19 -18
  14. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/rp_extensions.rb +0 -0
  15. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/rp_stringscanner.rb +0 -0
  16. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.rb +10973 -0
  17. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby20_parser.y +14 -27
  18. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.rb +10980 -0
  19. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby21_parser.y +14 -27
  20. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.rb +11123 -0
  21. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby22_parser.y +14 -27
  22. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.rb +11132 -0
  23. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby23_parser.y +14 -27
  24. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.rb +11231 -0
  25. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby24_parser.y +14 -27
  26. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.rb +11231 -0
  27. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby25_parser.y +14 -27
  28. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.rb +11253 -0
  29. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby26_parser.y +14 -27
  30. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.rb +12980 -0
  31. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby27_parser.y +19 -41
  32. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.rb +13242 -0
  33. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby30_parser.y +65 -90
  34. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.rb +13622 -0
  35. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1/lib/ruby3_parser.yy → ruby_parser-3.19.1/lib/ruby31_parser.y} +110 -105
  36. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby3_parser.yy +3536 -0
  37. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rb +0 -0
  38. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rex +0 -0
  39. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rex.rb +0 -0
  40. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer_strings.rb +0 -0
  41. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser.rb +2 -0
  42. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser.yy +19 -41
  43. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser_extras.rb +55 -2
  44. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/tools/munge.rb +0 -0
  45. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/tools/ripper.rb +0 -0
  46. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/History.rdoc +6 -0
  47. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/Manifest.txt +0 -0
  48. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/README.rdoc +0 -0
  49. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/composite_sexp_processor.rb +0 -0
  50. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb +7 -3
  51. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp.rb +0 -0
  52. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_matcher.rb +0 -0
  53. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_processor.rb +1 -1
  54. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/strict_sexp.rb +0 -0
  55. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/unique.rb +0 -0
  56. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/COPYING +0 -0
  57. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/asciidoc.rb +0 -0
  58. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/babel.rb +0 -0
  59. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/bluecloth.rb +0 -0
  60. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/builder.rb +0 -0
  61. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/coffee.rb +0 -0
  62. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/commonmarker.rb +11 -1
  63. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/creole.rb +0 -0
  64. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/csv.rb +1 -1
  65. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/dummy.rb +0 -0
  66. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erb.rb +0 -0
  67. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubi.rb +0 -0
  68. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubis.rb +0 -0
  69. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/etanni.rb +0 -0
  70. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/haml.rb +0 -0
  71. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/kramdown.rb +0 -0
  72. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/less.rb +0 -0
  73. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/liquid.rb +0 -0
  74. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/livescript.rb +0 -0
  75. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/mapping.rb +0 -0
  76. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/markaby.rb +0 -0
  77. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/maruku.rb +0 -0
  78. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/nokogiri.rb +0 -0
  79. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/pandoc.rb +23 -15
  80. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/plain.rb +0 -0
  81. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/prawn.rb +0 -0
  82. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/radius.rb +0 -0
  83. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdiscount.rb +0 -0
  84. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdoc.rb +0 -0
  85. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcarpet.rb +5 -2
  86. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcloth.rb +0 -0
  87. data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +23 -0
  88. data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sass.rb +78 -0
  89. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/sigil.rb +0 -0
  90. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/string.rb +0 -0
  91. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/template.rb +12 -1
  92. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/typescript.rb +0 -0
  93. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/wikicloth.rb +0 -0
  94. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/yajl.rb +0 -0
  95. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt.rb +2 -1
  96. data/lib/brakeman/app_tree.rb +9 -1
  97. data/lib/brakeman/checks/check_basic_auth.rb +4 -2
  98. data/lib/brakeman/checks/check_basic_auth_timing_attack.rb +2 -1
  99. data/lib/brakeman/checks/check_content_tag.rb +8 -4
  100. data/lib/brakeman/checks/check_cookie_serialization.rb +2 -1
  101. data/lib/brakeman/checks/check_create_with.rb +4 -2
  102. data/lib/brakeman/checks/check_cross_site_scripting.rb +6 -3
  103. data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +2 -1
  104. data/lib/brakeman/checks/check_default_routes.rb +6 -3
  105. data/lib/brakeman/checks/check_deserialize.rb +2 -1
  106. data/lib/brakeman/checks/check_detailed_exceptions.rb +4 -2
  107. data/lib/brakeman/checks/check_digest_dos.rb +2 -1
  108. data/lib/brakeman/checks/check_divide_by_zero.rb +2 -1
  109. data/lib/brakeman/checks/check_dynamic_finders.rb +2 -1
  110. data/lib/brakeman/checks/check_escape_function.rb +2 -1
  111. data/lib/brakeman/checks/check_evaluation.rb +2 -1
  112. data/lib/brakeman/checks/check_execute.rb +6 -3
  113. data/lib/brakeman/checks/check_file_access.rb +2 -1
  114. data/lib/brakeman/checks/check_file_disclosure.rb +2 -1
  115. data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
  116. data/lib/brakeman/checks/check_force_ssl.rb +2 -1
  117. data/lib/brakeman/checks/check_forgery_setting.rb +4 -2
  118. data/lib/brakeman/checks/check_header_dos.rb +2 -1
  119. data/lib/brakeman/checks/check_i18n_xss.rb +2 -1
  120. data/lib/brakeman/checks/check_jruby_xml.rb +2 -1
  121. data/lib/brakeman/checks/check_json_encoding.rb +2 -1
  122. data/lib/brakeman/checks/check_json_entity_escape.rb +4 -2
  123. data/lib/brakeman/checks/check_json_parsing.rb +4 -2
  124. data/lib/brakeman/checks/check_link_to.rb +2 -1
  125. data/lib/brakeman/checks/check_link_to_href.rb +4 -2
  126. data/lib/brakeman/checks/check_mail_to.rb +2 -1
  127. data/lib/brakeman/checks/check_mass_assignment.rb +6 -3
  128. data/lib/brakeman/checks/check_mime_type_dos.rb +2 -1
  129. data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -1
  130. data/lib/brakeman/checks/check_model_attributes.rb +4 -2
  131. data/lib/brakeman/checks/check_model_serialize.rb +2 -1
  132. data/lib/brakeman/checks/check_nested_attributes.rb +2 -1
  133. data/lib/brakeman/checks/check_nested_attributes_bypass.rb +2 -1
  134. data/lib/brakeman/checks/check_number_to_currency.rb +4 -2
  135. data/lib/brakeman/checks/check_page_caching_cve.rb +2 -1
  136. data/lib/brakeman/checks/check_permit_attributes.rb +2 -1
  137. data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
  138. data/lib/brakeman/checks/check_redirect.rb +2 -1
  139. data/lib/brakeman/checks/check_regex_dos.rb +2 -1
  140. data/lib/brakeman/checks/check_render.rb +4 -2
  141. data/lib/brakeman/checks/check_render_dos.rb +2 -1
  142. data/lib/brakeman/checks/check_render_inline.rb +4 -2
  143. data/lib/brakeman/checks/check_response_splitting.rb +2 -1
  144. data/lib/brakeman/checks/check_reverse_tabnabbing.rb +2 -1
  145. data/lib/brakeman/checks/check_route_dos.rb +2 -1
  146. data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +2 -1
  147. data/lib/brakeman/checks/check_sanitize_config_cve.rb +120 -0
  148. data/lib/brakeman/checks/check_sanitize_methods.rb +6 -3
  149. data/lib/brakeman/checks/check_secrets.rb +2 -1
  150. data/lib/brakeman/checks/check_select_tag.rb +2 -1
  151. data/lib/brakeman/checks/check_select_vulnerability.rb +2 -1
  152. data/lib/brakeman/checks/check_send.rb +2 -1
  153. data/lib/brakeman/checks/check_session_manipulation.rb +2 -1
  154. data/lib/brakeman/checks/check_session_settings.rb +6 -3
  155. data/lib/brakeman/checks/check_simple_format.rb +4 -2
  156. data/lib/brakeman/checks/check_single_quotes.rb +2 -1
  157. data/lib/brakeman/checks/check_skip_before_filter.rb +4 -2
  158. data/lib/brakeman/checks/check_sprockets_path_traversal.rb +2 -1
  159. data/lib/brakeman/checks/check_sql.rb +7 -4
  160. data/lib/brakeman/checks/check_sql_cves.rb +4 -2
  161. data/lib/brakeman/checks/check_ssl_verify.rb +2 -1
  162. data/lib/brakeman/checks/check_strip_tags.rb +6 -3
  163. data/lib/brakeman/checks/check_symbol_dos.rb +2 -1
  164. data/lib/brakeman/checks/check_symbol_dos_cve.rb +2 -1
  165. data/lib/brakeman/checks/check_template_injection.rb +2 -1
  166. data/lib/brakeman/checks/check_translate_bug.rb +2 -1
  167. data/lib/brakeman/checks/check_unsafe_reflection.rb +9 -3
  168. data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +2 -1
  169. data/lib/brakeman/checks/check_unscoped_find.rb +2 -1
  170. data/lib/brakeman/checks/check_validation_regex.rb +2 -1
  171. data/lib/brakeman/checks/check_verb_confusion.rb +2 -1
  172. data/lib/brakeman/checks/check_weak_hash.rb +6 -3
  173. data/lib/brakeman/checks/check_without_protection.rb +2 -1
  174. data/lib/brakeman/checks/check_xml_dos.rb +2 -1
  175. data/lib/brakeman/checks/check_yaml_parsing.rb +4 -2
  176. data/lib/brakeman/checks/eol_check.rb +4 -2
  177. data/lib/brakeman/options.rb +1 -1
  178. data/lib/brakeman/processors/alias_processor.rb +41 -2
  179. data/lib/brakeman/processors/lib/find_all_calls.rb +1 -0
  180. data/lib/brakeman/report/ignore/interactive.rb +2 -2
  181. data/lib/brakeman/report/report_csv.rb +2 -0
  182. data/lib/brakeman/report/report_junit.rb +2 -2
  183. data/lib/brakeman/report/report_table.rb +5 -5
  184. data/lib/brakeman/report/report_text.rb +2 -0
  185. data/lib/brakeman/report/templates/controller_warnings.html.erb +2 -0
  186. data/lib/brakeman/report/templates/ignored_warnings.html.erb +2 -0
  187. data/lib/brakeman/report/templates/model_warnings.html.erb +2 -0
  188. data/lib/brakeman/report/templates/security_warnings.html.erb +2 -0
  189. data/lib/brakeman/report/templates/view_warnings.html.erb +2 -0
  190. data/lib/brakeman/version.rb +1 -1
  191. data/lib/brakeman/warning.rb +5 -2
  192. data/lib/brakeman/warning_codes.rb +1 -0
  193. metadata +95 -92
  194. data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +0 -4
  195. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb +0 -7128
  196. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb +0 -7182
  197. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb +0 -7228
  198. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb +0 -7237
  199. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb +0 -7268
  200. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb +0 -7268
  201. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb +0 -7287
  202. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb +0 -8517
  203. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb +0 -8751
  204. data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rst-pandoc.rb +0 -18
  205. data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sass.rb +0 -52
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b6672aa0a7532078f913b27574846fc26abd9fc624af178b9017f2de885f5505
4
- data.tar.gz: a3eeda0729d72d601bc94f4296f4f878e2cd970ef089f38dd0fcaad2e361f36c
3
+ metadata.gz: 828d560cb256d564c8e79fc7222e7c7edea911639a6c4b45699901371d0c750b
4
+ data.tar.gz: c9e8791df7f77b1e6a8d3bfe9cf0f5b753325171021fdafac3531f96edd3b7e1
5
5
  SHA512:
6
- metadata.gz: 700ed2e62792a1d2a38222199f2030f29aafee865f79e0b57be17fbbc718f6bbc1dadc1f5e3ceab4b961635f165f1fdcd9303520a4e5a897044e682319aca200
7
- data.tar.gz: 2f030bd82e1c7bccd70610151c8baec7a0ed4723226e41f9cd0104d56c51cc443ace66ac9ac43381aaee4f27d5ffad807476060eca2d308d5f878370e0bd7874
6
+ metadata.gz: 8d29d985cdba9407830c4881372dc4c8ba4cd635c1c48c6cfb16c6fc6b0ef7993816460af301cdf5ca51b096bfdf30699286d6d9fffaae79fff042160b481a87
7
+ data.tar.gz: 5d1824dba9dfd9661eccc7ed2a2bb9d2fd1c8d80e131bf0f97ab31cebc738f920682fe7204a8b84ee49c884c8730c2425ef20bd15f2b53c3ada1a2332d75779e
data/CHANGES.md CHANGED
@@ -1,3 +1,28 @@
1
+ # 5.3.1 - 2022-08-09
2
+
3
+ * Fix version range for CVE-2022-32209
4
+
5
+ # 5.3.0 - 2022-08-09
6
+
7
+ * Include explicit engine or lib paths in vendor/ (Joe Rafaniello)
8
+ * Load rexml as a Brakeman dependency
9
+ * Fix "full call" information propagating unnecessarily
10
+ * Add check for CVE-2022-32209
11
+ * Add CWE information to warnings (Stephen Aghaulor)
12
+
13
+ # 5.2.3 - 2022-05-01
14
+
15
+ * Fix error with hash shorthand syntax
16
+ * Match order of interactive options with help message (Rory O'Kane)
17
+
18
+ # 5.2.2 - 2022-04-06
19
+
20
+ * Update `ruby_parser` for Ruby 3.1 support (Merek Skubela)
21
+ * Handle `nil` when joining values (Dan Buettner)
22
+ * Update message for unsafe reflection (Pedro Baracho)
23
+ * Add additional String methods for SQL injection check
24
+ * Respect equality in `if` conditions
25
+
1
26
  # 5.2.1 - 2022-01-30
2
27
 
3
28
  * Add warning codes for EOL software warnings
data/bundle/load.rb CHANGED
@@ -1,15 +1,15 @@
1
1
  path = File.expand_path('../..', __FILE__)
2
- $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib"
2
+ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib"
3
3
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
4
- $:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
5
- $:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
6
4
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib"
7
5
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/slim-4.1.0/lib"
8
6
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/highline-2.0.3/lib"
9
7
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
10
8
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
11
9
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
12
- $:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib"
10
+ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib"
11
+ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib"
12
+ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib"
13
13
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
14
14
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
15
15
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib"
@@ -1,11 +1,10 @@
1
1
  # frozen_string_literal: true
2
- require 'etc'
3
-
4
2
  module Parallel
5
3
  # TODO: inline this method into parallel.rb and kill physical_processor_count in next major release
6
4
  module ProcessorCount
7
5
  # Number of processors seen by the OS, used for process scheduling
8
6
  def processor_count
7
+ require 'etc'
9
8
  @processor_count ||= Integer(ENV['PARALLEL_PROCESSOR_COUNT'] || Etc.nprocessors)
10
9
  end
11
10
 
@@ -19,7 +18,7 @@ module Parallel
19
18
  when /linux/
20
19
  cores = {} # unique physical ID / core ID combinations
21
20
  phy = 0
22
- IO.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
21
+ File.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
23
22
  if ln.start_with?("physical")
24
23
  phy = ln[/\d+/]
25
24
  elsif ln.start_with?("core")
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+ module Parallel
3
+ VERSION = Version = '1.22.1' # rubocop:disable Naming/ConstantName
4
+ end
@@ -264,6 +264,9 @@ module Parallel
264
264
  elsif options[:in_threads]
265
265
  method = :in_threads
266
266
  size = options[method]
267
+ elsif options[:in_ractors]
268
+ method = :in_ractors
269
+ size = options[method]
267
270
  else
268
271
  method = :in_processes
269
272
  if Process.respond_to?(:fork)
@@ -285,6 +288,8 @@ module Parallel
285
288
  work_direct(job_factory, options, &block)
286
289
  elsif method == :in_threads
287
290
  work_in_threads(job_factory, options.merge(count: size), &block)
291
+ elsif method == :in_ractors
292
+ work_in_ractors(job_factory, options.merge(count: size), &block)
288
293
  else
289
294
  work_in_processes(job_factory, options.merge(count: size), &block)
290
295
  end
@@ -382,6 +387,72 @@ module Parallel
382
387
  exception || results
383
388
  end
384
389
 
390
+ def work_in_ractors(job_factory, options)
391
+ exception = nil
392
+ results = []
393
+ results_mutex = Mutex.new # arrays are not thread-safe on jRuby
394
+
395
+ callback = options[:ractor]
396
+ if block_given? || !callback
397
+ raise ArgumentError, "pass the code you want to execute as `ractor: [ClassName, :method_name]`"
398
+ end
399
+
400
+ # build
401
+ ractors = Array.new(options.fetch(:count)) do
402
+ Ractor.new do
403
+ loop do
404
+ got = receive
405
+ (klass, method_name), item, index = got
406
+ break if index == :break
407
+ begin
408
+ Ractor.yield [nil, klass.send(method_name, item), item, index]
409
+ rescue StandardError => e
410
+ Ractor.yield [e, nil, item, index]
411
+ end
412
+ end
413
+ end
414
+ end
415
+
416
+ # start
417
+ ractors.dup.each do |ractor|
418
+ if set = job_factory.next
419
+ item, index = set
420
+ instrument_start item, index, options
421
+ ractor.send [callback, item, index]
422
+ else
423
+ ractor.send([[nil, nil], nil, :break]) # stop the ractor
424
+ ractors.delete ractor
425
+ end
426
+ end
427
+
428
+ # replace with new items
429
+ while set = job_factory.next
430
+ item_next, index_next = set
431
+ done, (exception, result, item, index) = Ractor.select(*ractors)
432
+ if exception
433
+ ractors.delete done
434
+ break
435
+ end
436
+ instrument_finish item, index, result, options
437
+ results_mutex.synchronize { results[index] = (options[:preserve_results] == false ? nil : result) }
438
+
439
+ instrument_start item_next, index_next, options
440
+ done.send([callback, item_next, index_next])
441
+ end
442
+
443
+ # finish
444
+ ractors.each do |ractor|
445
+ (new_exception, result, item, index) = ractor.take
446
+ exception ||= new_exception
447
+ next if new_exception
448
+ instrument_finish item, index, result, options
449
+ results_mutex.synchronize { results[index] = (options[:preserve_results] == false ? nil : result) }
450
+ ractor.send([[nil, nil], nil, :break]) # stop the ractor
451
+ end
452
+
453
+ exception || results
454
+ end
455
+
385
456
  def work_in_processes(job_factory, options, &blk)
386
457
  workers = create_workers(job_factory, options, &blk)
387
458
  results = []
@@ -426,6 +497,7 @@ module Parallel
426
497
  end
427
498
  end
428
499
  end
500
+
429
501
  exception || results
430
502
  end
431
503
 
@@ -521,12 +593,20 @@ module Parallel
521
593
  end
522
594
 
523
595
  def with_instrumentation(item, index, options)
524
- on_start = options[:start]
525
- on_finish = options[:finish]
526
- options[:mutex].synchronize { on_start.call(item, index) } if on_start
596
+ instrument_start(item, index, options)
527
597
  result = yield
528
- options[:mutex].synchronize { on_finish.call(item, index, result) } if on_finish
598
+ instrument_finish(item, index, result, options)
529
599
  result unless options[:preserve_results] == false
530
600
  end
601
+
602
+ def instrument_finish(item, index, result, options)
603
+ return unless on_finish = options[:finish]
604
+ options[:mutex].synchronize { on_finish.call(item, index, result) }
605
+ end
606
+
607
+ def instrument_start(item, index, options)
608
+ return unless on_start = options[:start]
609
+ options[:mutex].synchronize { on_start.call(item, index) }
610
+ end
531
611
  end
532
612
  end
@@ -1,3 +1,31 @@
1
+ === 3.19.1 / 2022-04-05
2
+
3
+ * 2 bug fixes:
4
+
5
+ * Added comments to endless defn and defs. (mvz)
6
+ * Fixed endless method bug handling attrset names.
7
+
8
+ === 3.19.0 / 2022-03-29
9
+
10
+ * 1 major enhancement:
11
+
12
+ * Added tentative 3.1 support.
13
+
14
+ * 7 minor enhancements:
15
+
16
+ * 3.1: bare RHS assoc: { y: } => s(:hash, s(:lit, :y), nil)
17
+ * 3.1: calls w/ unnamed block args (bare &)
18
+ * 3.1: endless defn/defs w/ paren-less calls (aka commands)
19
+ * 3.1: pattern capture to nonlocal vars, eg: ^@a, ^$b, ^@@c
20
+ * 3.1: pattern: ^(expr) => expr
21
+ * Improved steps for adding new versions.
22
+ * Improved steps for running gauntlets.
23
+
24
+ * 2 bug fixes:
25
+
26
+ * Bumped 2.6+ cached versions for rake compare.
27
+ * Skip test_regexp_esc_C_slash on ruby 3.1.0 because of MRI bug.
28
+
1
29
  === 3.18.1 / 2021-11-10
2
30
 
3
31
  * 1 minor enhancement:
@@ -29,6 +29,8 @@ lib/ruby27_parser.rb
29
29
  lib/ruby27_parser.y
30
30
  lib/ruby30_parser.rb
31
31
  lib/ruby30_parser.y
32
+ lib/ruby31_parser.rb
33
+ lib/ruby31_parser.y
32
34
  lib/ruby3_parser.yy
33
35
  lib/ruby_lexer.rb
34
36
  lib/ruby_lexer.rex
@@ -33,6 +33,9 @@ Tested against 801,039 files from the latest of all rubygems (as of 2013-05):
33
33
  * 1.9 parser is at 99.9940% accuracy, 4.013 sigma
34
34
  * 2.0 parser is at 99.9939% accuracy, 4.008 sigma
35
35
  * 2.6 parser is at 99.9972% accuracy, 4.191 sigma
36
+ * 3.0 parser has a 100% parse rate.
37
+ * Tested against 2,672,412 unique ruby files across 167k gems.
38
+ * As do all the others now, basically.
36
39
 
37
40
  == FEATURES/PROBLEMS:
38
41
 
@@ -62,15 +65,14 @@ You can also use Ruby19Parser, Ruby18Parser, or RubyParser.for_current_ruby:
62
65
 
63
66
  To add a new version:
64
67
 
65
- * New parser should be generated from lib/ruby_parser.yy.
66
- * Extend lib/ruby_parser.yy with new class name.
67
- * Add new version number to V2 in Rakefile for rule creation.
68
+ * New parser should be generated from lib/ruby[3]_parser.yy.
69
+ * Extend lib/ruby[3]_parser.yy with new class name.
70
+ * Add new version number to V2/V3 in Rakefile for rule creation.
71
+ * Add new (full) version to `ruby_parse` section of Rakefile for rake compare
68
72
  * Require generated parser in lib/ruby_parser.rb.
69
73
  * Add empty TestRubyParserShared##Plus module and TestRubyParserV## to test/test_ruby_parser.rb.
70
74
  * Extend Manifest.txt with generated file names.
71
- * Extend sexp_processor's pt_testcase.rb to match version
72
- * add_19tests needs to have the version added
73
- * VER_RE needs to have the regexp expanded
75
+ * Add new version number to sexp_processor's pt_testcase.rb in all_versions
74
76
 
75
77
  Until all of these are done, you won't have a clean test run.
76
78
 
@@ -19,10 +19,10 @@ an external disk. Here is the config:
19
19
  And I update using rake:
20
20
 
21
21
  ```
22
- % cd ~/Work/git/rubygems/rubygems-mirror
22
+ % cd GIT/rubygems/rubygems-mirror
23
23
  % git down
24
24
  % rake mirror:latest
25
- % /Volumes/StuffA/gauntlet/bin/cleanup.rb
25
+ % /Volumes/StuffA/gauntlet/bin/cleanup.rb -y -v
26
26
  ```
27
27
 
28
28
  This rather quickly updates my mirror to the latest versions of
@@ -34,22 +34,23 @@ bit, but it is pretty minimal (currently ~20 bad gems).
34
34
  ## Curating an Archive of Ruby Files
35
35
 
36
36
  Next, I process the gem mirror into a much more digestable structure
37
- using `hash.rb` (TODO: needs a better name):
37
+ using `unpack_gems.rb`.
38
38
 
39
39
  ```
40
- % cd RP
41
- % /Volumes/StuffA/gauntlet/bin/unpack_gems.rb
40
+ % cd RP/gauntlet
41
+ % time caffeinate /Volumes/StuffA/gauntlet/bin/unpack_gems.rb -v [-a] ; say done
42
42
  ... waaaait ...
43
- % mv hashed.noindex gauntlet.$(today).noindex
44
- % lrztar gauntlet.$(today).noindex
45
- % mv gauntlet.$(today).noindex.lrz /Volumes/StuffA/gauntlet/
43
+ % DIR=gauntlet.$(today).(all|new).noindex
44
+ % mv hashed.noindex $DIR
45
+ % tar vc -T <(fd -tf . $DIR | sort) | zstd -5 -T0 --long > archives/$DIR.tar.zst ; say done
46
+ % ./bin/sync.sh
46
47
  ```
47
48
 
48
- This script filters all the newer gems (TODO: WHY?), unpacks them,
49
- finds all the files that look like they're valid ruby, ensures they're
50
- valid ruby (using the current version of ruby to compile them), and
51
- then moves them into a SHA dir structure that looks something like
52
- this:
49
+ This script filters all the newer (< 1 year old) gems (unless `-a` is
50
+ used), unpacks them, finds all the files that look like they're valid
51
+ ruby, ensures they're valid ruby (using the current version of ruby to
52
+ compile them), and then moves them into a SHA dir structure that looks
53
+ something like this:
53
54
 
54
55
  ```
55
56
  hashed.noindex/a/b/c/<full_file_sha>.rb
@@ -64,8 +65,8 @@ Unpacking, validating, SHA'ing everything is disk and CPU intensive.
64
65
  The `.noindex` extension stops spotlight from indexing the continous
65
66
  churn of files being unpacked and moved and saves time.
66
67
 
67
- Finally, I rename and archive it all up (currently using lrztar, but
68
- I'm not in love with it).
68
+ Finally, I rename and archive it all up (currently using zstd to
69
+ compress).
69
70
 
70
71
  ### Stats
71
72
 
@@ -73,7 +74,7 @@ I'm not in love with it).
73
74
  9696 % find gauntlet.$(today).noindex -type f | lc
74
75
  561270
75
76
  3.5G gauntlet.2021-08-06.noindex
76
- 239M gauntlet.2021-08-06.noindex.tar.lrz
77
+ 239M gauntlet.2021-08-06.noindex.tar.zst
77
78
  ```
78
79
 
79
80
  So I wind up with a little over half a million unique ruby files to
@@ -84,7 +85,7 @@ parse. It's about 3.5g but compresses very nicely down to 240m
84
85
  Assuming you're starting from scratch, unpack the archive once:
85
86
 
86
87
  ```
87
- % lrzuntar gauntlet.$(today).noindex.lrz
88
+ % zstdcat gauntlet.$(today).noindex.tar.zst | tar x
88
89
  ```
89
90
 
90
91
  Then, either run a single process (easier to read):
@@ -96,7 +97,7 @@ Then, either run a single process (easier to read):
96
97
  Or max out your machine using xargs (note the `-P 16` and choose accordingly):
97
98
 
98
99
  ```
99
- % ls -d gauntlet/*.noindex/?/? | xargs -n 1 -P 16 ./gauntlet/bin/gauntlet.rb
100
+ % ls -d gauntlet/*.noindex/?/? | time xargs -n 1 -P 16 ./gauntlet/bin/gauntlet.rb
100
101
  ```
101
102
 
102
103
  In another terminal I usually monitor the progress like so: