brakeman 5.2.1 → 5.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (205) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +25 -0
  3. data/bundle/load.rb +4 -4
  4. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/MIT-LICENSE.txt +0 -0
  5. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel/processor_count.rb +2 -3
  6. data/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib/parallel/version.rb +4 -0
  7. data/bundle/ruby/2.7.0/gems/{parallel-1.21.0 → parallel-1.22.1}/lib/parallel.rb +84 -4
  8. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/History.rdoc +28 -0
  9. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/Manifest.txt +2 -0
  10. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/README.rdoc +8 -6
  11. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/compare/normalize.rb +0 -0
  12. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/debugging.md +0 -0
  13. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/gauntlet.md +19 -18
  14. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/rp_extensions.rb +0 -0
  15. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/rp_stringscanner.rb +0 -0
  16. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby20_parser.rb +10973 -0
  17. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby20_parser.y +14 -27
  18. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby21_parser.rb +10980 -0
  19. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby21_parser.y +14 -27
  20. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby22_parser.rb +11123 -0
  21. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby22_parser.y +14 -27
  22. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby23_parser.rb +11132 -0
  23. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby23_parser.y +14 -27
  24. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby24_parser.rb +11231 -0
  25. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby24_parser.y +14 -27
  26. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby25_parser.rb +11231 -0
  27. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby25_parser.y +14 -27
  28. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby26_parser.rb +11253 -0
  29. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby26_parser.y +14 -27
  30. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby27_parser.rb +12980 -0
  31. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby27_parser.y +19 -41
  32. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby30_parser.rb +13242 -0
  33. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby30_parser.y +65 -90
  34. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby31_parser.rb +13622 -0
  35. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1/lib/ruby3_parser.yy → ruby_parser-3.19.1/lib/ruby31_parser.y} +110 -105
  36. data/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib/ruby3_parser.yy +3536 -0
  37. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rb +0 -0
  38. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rex +0 -0
  39. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer.rex.rb +0 -0
  40. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_lexer_strings.rb +0 -0
  41. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser.rb +2 -0
  42. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser.yy +19 -41
  43. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/lib/ruby_parser_extras.rb +55 -2
  44. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/tools/munge.rb +0 -0
  45. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.18.1 → ruby_parser-3.19.1}/tools/ripper.rb +0 -0
  46. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/History.rdoc +6 -0
  47. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/Manifest.txt +0 -0
  48. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/README.rdoc +0 -0
  49. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/composite_sexp_processor.rb +0 -0
  50. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb +7 -3
  51. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp.rb +0 -0
  52. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_matcher.rb +0 -0
  53. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_processor.rb +1 -1
  54. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/strict_sexp.rb +0 -0
  55. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/unique.rb +0 -0
  56. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/COPYING +0 -0
  57. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/asciidoc.rb +0 -0
  58. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/babel.rb +0 -0
  59. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/bluecloth.rb +0 -0
  60. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/builder.rb +0 -0
  61. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/coffee.rb +0 -0
  62. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/commonmarker.rb +11 -1
  63. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/creole.rb +0 -0
  64. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/csv.rb +1 -1
  65. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/dummy.rb +0 -0
  66. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erb.rb +0 -0
  67. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubi.rb +0 -0
  68. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubis.rb +0 -0
  69. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/etanni.rb +0 -0
  70. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/haml.rb +0 -0
  71. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/kramdown.rb +0 -0
  72. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/less.rb +0 -0
  73. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/liquid.rb +0 -0
  74. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/livescript.rb +0 -0
  75. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/mapping.rb +0 -0
  76. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/markaby.rb +0 -0
  77. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/maruku.rb +0 -0
  78. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/nokogiri.rb +0 -0
  79. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/pandoc.rb +23 -15
  80. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/plain.rb +0 -0
  81. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/prawn.rb +0 -0
  82. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/radius.rb +0 -0
  83. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdiscount.rb +0 -0
  84. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdoc.rb +0 -0
  85. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcarpet.rb +5 -2
  86. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcloth.rb +0 -0
  87. data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +23 -0
  88. data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sass.rb +78 -0
  89. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/sigil.rb +0 -0
  90. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/string.rb +0 -0
  91. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/template.rb +12 -1
  92. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/typescript.rb +0 -0
  93. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/wikicloth.rb +0 -0
  94. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/yajl.rb +0 -0
  95. data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt.rb +2 -1
  96. data/lib/brakeman/app_tree.rb +9 -1
  97. data/lib/brakeman/checks/check_basic_auth.rb +4 -2
  98. data/lib/brakeman/checks/check_basic_auth_timing_attack.rb +2 -1
  99. data/lib/brakeman/checks/check_content_tag.rb +8 -4
  100. data/lib/brakeman/checks/check_cookie_serialization.rb +2 -1
  101. data/lib/brakeman/checks/check_create_with.rb +4 -2
  102. data/lib/brakeman/checks/check_cross_site_scripting.rb +6 -3
  103. data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +2 -1
  104. data/lib/brakeman/checks/check_default_routes.rb +6 -3
  105. data/lib/brakeman/checks/check_deserialize.rb +2 -1
  106. data/lib/brakeman/checks/check_detailed_exceptions.rb +4 -2
  107. data/lib/brakeman/checks/check_digest_dos.rb +2 -1
  108. data/lib/brakeman/checks/check_divide_by_zero.rb +2 -1
  109. data/lib/brakeman/checks/check_dynamic_finders.rb +2 -1
  110. data/lib/brakeman/checks/check_escape_function.rb +2 -1
  111. data/lib/brakeman/checks/check_evaluation.rb +2 -1
  112. data/lib/brakeman/checks/check_execute.rb +6 -3
  113. data/lib/brakeman/checks/check_file_access.rb +2 -1
  114. data/lib/brakeman/checks/check_file_disclosure.rb +2 -1
  115. data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
  116. data/lib/brakeman/checks/check_force_ssl.rb +2 -1
  117. data/lib/brakeman/checks/check_forgery_setting.rb +4 -2
  118. data/lib/brakeman/checks/check_header_dos.rb +2 -1
  119. data/lib/brakeman/checks/check_i18n_xss.rb +2 -1
  120. data/lib/brakeman/checks/check_jruby_xml.rb +2 -1
  121. data/lib/brakeman/checks/check_json_encoding.rb +2 -1
  122. data/lib/brakeman/checks/check_json_entity_escape.rb +4 -2
  123. data/lib/brakeman/checks/check_json_parsing.rb +4 -2
  124. data/lib/brakeman/checks/check_link_to.rb +2 -1
  125. data/lib/brakeman/checks/check_link_to_href.rb +4 -2
  126. data/lib/brakeman/checks/check_mail_to.rb +2 -1
  127. data/lib/brakeman/checks/check_mass_assignment.rb +6 -3
  128. data/lib/brakeman/checks/check_mime_type_dos.rb +2 -1
  129. data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -1
  130. data/lib/brakeman/checks/check_model_attributes.rb +4 -2
  131. data/lib/brakeman/checks/check_model_serialize.rb +2 -1
  132. data/lib/brakeman/checks/check_nested_attributes.rb +2 -1
  133. data/lib/brakeman/checks/check_nested_attributes_bypass.rb +2 -1
  134. data/lib/brakeman/checks/check_number_to_currency.rb +4 -2
  135. data/lib/brakeman/checks/check_page_caching_cve.rb +2 -1
  136. data/lib/brakeman/checks/check_permit_attributes.rb +2 -1
  137. data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
  138. data/lib/brakeman/checks/check_redirect.rb +2 -1
  139. data/lib/brakeman/checks/check_regex_dos.rb +2 -1
  140. data/lib/brakeman/checks/check_render.rb +4 -2
  141. data/lib/brakeman/checks/check_render_dos.rb +2 -1
  142. data/lib/brakeman/checks/check_render_inline.rb +4 -2
  143. data/lib/brakeman/checks/check_response_splitting.rb +2 -1
  144. data/lib/brakeman/checks/check_reverse_tabnabbing.rb +2 -1
  145. data/lib/brakeman/checks/check_route_dos.rb +2 -1
  146. data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +2 -1
  147. data/lib/brakeman/checks/check_sanitize_config_cve.rb +120 -0
  148. data/lib/brakeman/checks/check_sanitize_methods.rb +6 -3
  149. data/lib/brakeman/checks/check_secrets.rb +2 -1
  150. data/lib/brakeman/checks/check_select_tag.rb +2 -1
  151. data/lib/brakeman/checks/check_select_vulnerability.rb +2 -1
  152. data/lib/brakeman/checks/check_send.rb +2 -1
  153. data/lib/brakeman/checks/check_session_manipulation.rb +2 -1
  154. data/lib/brakeman/checks/check_session_settings.rb +6 -3
  155. data/lib/brakeman/checks/check_simple_format.rb +4 -2
  156. data/lib/brakeman/checks/check_single_quotes.rb +2 -1
  157. data/lib/brakeman/checks/check_skip_before_filter.rb +4 -2
  158. data/lib/brakeman/checks/check_sprockets_path_traversal.rb +2 -1
  159. data/lib/brakeman/checks/check_sql.rb +7 -4
  160. data/lib/brakeman/checks/check_sql_cves.rb +4 -2
  161. data/lib/brakeman/checks/check_ssl_verify.rb +2 -1
  162. data/lib/brakeman/checks/check_strip_tags.rb +6 -3
  163. data/lib/brakeman/checks/check_symbol_dos.rb +2 -1
  164. data/lib/brakeman/checks/check_symbol_dos_cve.rb +2 -1
  165. data/lib/brakeman/checks/check_template_injection.rb +2 -1
  166. data/lib/brakeman/checks/check_translate_bug.rb +2 -1
  167. data/lib/brakeman/checks/check_unsafe_reflection.rb +9 -3
  168. data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +2 -1
  169. data/lib/brakeman/checks/check_unscoped_find.rb +2 -1
  170. data/lib/brakeman/checks/check_validation_regex.rb +2 -1
  171. data/lib/brakeman/checks/check_verb_confusion.rb +2 -1
  172. data/lib/brakeman/checks/check_weak_hash.rb +6 -3
  173. data/lib/brakeman/checks/check_without_protection.rb +2 -1
  174. data/lib/brakeman/checks/check_xml_dos.rb +2 -1
  175. data/lib/brakeman/checks/check_yaml_parsing.rb +4 -2
  176. data/lib/brakeman/checks/eol_check.rb +4 -2
  177. data/lib/brakeman/options.rb +1 -1
  178. data/lib/brakeman/processors/alias_processor.rb +41 -2
  179. data/lib/brakeman/processors/lib/find_all_calls.rb +1 -0
  180. data/lib/brakeman/report/ignore/interactive.rb +2 -2
  181. data/lib/brakeman/report/report_csv.rb +2 -0
  182. data/lib/brakeman/report/report_junit.rb +2 -2
  183. data/lib/brakeman/report/report_table.rb +5 -5
  184. data/lib/brakeman/report/report_text.rb +2 -0
  185. data/lib/brakeman/report/templates/controller_warnings.html.erb +2 -0
  186. data/lib/brakeman/report/templates/ignored_warnings.html.erb +2 -0
  187. data/lib/brakeman/report/templates/model_warnings.html.erb +2 -0
  188. data/lib/brakeman/report/templates/security_warnings.html.erb +2 -0
  189. data/lib/brakeman/report/templates/view_warnings.html.erb +2 -0
  190. data/lib/brakeman/version.rb +1 -1
  191. data/lib/brakeman/warning.rb +5 -2
  192. data/lib/brakeman/warning_codes.rb +1 -0
  193. metadata +95 -92
  194. data/bundle/ruby/2.7.0/gems/parallel-1.21.0/lib/parallel/version.rb +0 -4
  195. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby20_parser.rb +0 -7128
  196. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby21_parser.rb +0 -7182
  197. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby22_parser.rb +0 -7228
  198. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby23_parser.rb +0 -7237
  199. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby24_parser.rb +0 -7268
  200. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby25_parser.rb +0 -7268
  201. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby26_parser.rb +0 -7287
  202. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby27_parser.rb +0 -8517
  203. data/bundle/ruby/2.7.0/gems/ruby_parser-3.18.1/lib/ruby30_parser.rb +0 -8751
  204. data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rst-pandoc.rb +0 -18
  205. data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sass.rb +0 -52

There are too many changes on this page to be displayed.

The amount of changes on this page would crash your brower.

You can still verify the content by downloading the gem file manually.