brakeman 5.2.2 → 5.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7673373d923b1d6b2e4c2158a94681d01de5e5c8eb29561795c9fbe8bd879f6b
-  data.tar.gz: 44e5c623eb5fd6fe62ec7d0956a32cee82082a2c5983012ff7c172b10c6dc79a
+  metadata.gz: 2ae08a71e19d6c694a9e567fda5793a56ab174d106f44b178f7e9f69c3057814
+  data.tar.gz: fd24750e512d528b3fd9cecb344f4788a58e1aa8ffd6b28ff7c88bc7f034a3e8
 SHA512:
-  metadata.gz: 2e3132eaffeb28f50ab40afda87c7a1f2b209044c71614bd6d68f55632479a148e08ac4dc995f370b75de352c896711ed09698056fa763b3449d2776e2ba2fb3
-  data.tar.gz: 31e069689731927b3f096fd39cb0f1f4bf9c7269e7af4487eed12b34e3a7711de77b353423975b3625f5883c4a3b4c5f9785ddf44ca4d4367007b9d44ee51205
+  metadata.gz: e0e2d7fde5907d8158b21803876b0dd77e659ce8cae42c25e23021b46bd2c9d8c5d0dd13edff64f7fd721a8d1bca92af4a9fbbf2505e47c791557a3316c0f3d2
+  data.tar.gz: 38f894b42f893a6ce45db047f2d21c1529b63de0dd19e00a69475a72cbb4c2d9738f0f25edc60460d61607182d5a5c01ccbb77a6ae6eeae69ec4e88f9345a2e1

data/CHANGES.md

@@ -1,3 +1,8 @@
+# 5.2.3 - 2022-05-01
+
+* Fix error with hash shorthand syntax
+* Match order of interactive options with help message (Rory O'Kane)
+
 # 5.2.2 - 2022-04-06
 
 * Update `ruby_parser` for Ruby 3.1 support (Merek Skubela)

data/bundle/load.rb

@@ -1,7 +1,6 @@
 path = File.expand_path('../..', __FILE__)
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
-$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/slim-4.1.0/lib"
@@ -10,6 +9,7 @@ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib"
+$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
 $:.unshift "#{path}/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib"

data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/History.rdoc

@@ -1,3 +1,9 @@
+=== 4.16.1 / 2022-04-09
+
+* 1 minor enhancement:
+
+  * Reworked ParseTreeTestCase's notion of versions to make it easier to extend.
+
 === 4.16.0 / 2021-10-27
 
 * 4 minor enhancements:

data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb

@@ -34,6 +34,12 @@ class Examples
 end
 
 class ParseTreeTestCase < Minitest::Test
+  all_versions  = %w[18 19 20 21 22 23 24 25 26 27 30 31]
+  most_versions = all_versions.drop(1)
+
+  TEST_SUFFIX = "_#{most_versions.join "_"}"
+  VER_RE      = /(#{Regexp.union(*all_versions)})/
+
   attr_accessor :processor # to be defined by subclass
 
   def setup
@@ -77,7 +83,7 @@ class ParseTreeTestCase < Minitest::Test
   end
 
   def self.add_19tests name, hash
-    add_tests "#{name}__19_20_21_22_23_24_25_26_27_30", hash # HACK?
+    add_tests "#{name}_#{TEST_SUFFIX}", hash # HACK?
   end
 
   def self.add_19edgecases ruby, sexp, cases
@@ -102,8 +108,6 @@ class ParseTreeTestCase < Minitest::Test
     testcases[verbose][klass] = testcases[nonverbose][klass]
   end
 
-  VER_RE = "(1[89]|2[01234567]|3[0])"
-
   def self.generate_test klass, node, data, input_name, output_name
     klass.send :define_method, "test_#{node}" do
       flunk "Processor is nil" if processor.nil?

data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_processor.rb

@@ -34,7 +34,7 @@ require "sexp"
 class SexpProcessor
 
   # duh
-  VERSION = "4.16.0"
+  VERSION = "4.16.1"
 
   ##
   # Automatically shifts off the Sexp type before handing the

data/lib/brakeman/processors/alias_processor.rb

@@ -703,7 +703,30 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
       end
     end
 
-    exp
+    # Return early unless there might be short-hand syntax,
+    # since handling it is kind of expensive.
+    return exp unless exp.any? { |e| e.nil? }
+
+    # Need to handle short-hand hash syntax
+    new_hash = [:hash]
+    hash_iterate(exp) do |key, value|
+      # e.g. { a: }
+      if value.nil? and symbol? key
+        # Only handling local variables for now, not calls
+        lvar = s(:lvar, key.value)
+        if var_value = env[lvar]
+          new_hash << key << var_value.deep_clone(key.line || 0)
+        else
+          # If the value is unknown, assume it was a call
+          # and set the value to a call
+          new_hash.concat << key << s(:call, nil, key.value).line(key.line || 0)
+        end
+      else
+        new_hash.concat << key << value
+      end
+    end
+
+    Sexp.from_array(new_hash).line(exp.line || 0)
   end
 
   #Merge values into hash when processing

data/lib/brakeman/report/ignore/interactive.rb

@@ -88,10 +88,10 @@ module Brakeman
 
         m.choice "i"
         m.choice "n"
-        m.choice "k"
+        m.choice "s"
         m.choice "u"
         m.choice "a"
-        m.choice "s"
+        m.choice "k"
         m.choice "q"
         m.choice "?" do
           show_help

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "5.2.2"
+  Version = "5.2.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman
 version: !ruby/object:Gem::Version
-  version: 5.2.2
+  version: 5.2.3
 platform: ruby
 authors:
 - Justin Collins
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-06 00:00:00.000000000 Z
+date: 2022-05-01 00:00:00.000000000 Z
 dependencies: []
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications
   via static analysis.
@@ -275,16 +275,16 @@ files:
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
 - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/History.rdoc
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/Manifest.txt
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/README.rdoc
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/composite_sexp_processor.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/pt_testcase.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_matcher.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_processor.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/strict_sexp.rb
-- bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/unique.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/History.rdoc
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/Manifest.txt
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/README.rdoc
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/composite_sexp_processor.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/pt_testcase.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_matcher.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_processor.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/strict_sexp.rb
+- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/unique.rb
 - bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
 - bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
 - bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE