brakeman 5.2.2 → 5.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +5 -0
- data/bundle/load.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/History.rdoc +6 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb +7 -3
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_matcher.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/strict_sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/unique.rb +0 -0
- data/lib/brakeman/processors/alias_processor.rb +24 -1
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/version.rb +1 -1
- metadata +12 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2ae08a71e19d6c694a9e567fda5793a56ab174d106f44b178f7e9f69c3057814
|
4
|
+
data.tar.gz: fd24750e512d528b3fd9cecb344f4788a58e1aa8ffd6b28ff7c88bc7f034a3e8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e0e2d7fde5907d8158b21803876b0dd77e659ce8cae42c25e23021b46bd2c9d8c5d0dd13edff64f7fd721a8d1bca92af4a9fbbf2505e47c791557a3316c0f3d2
|
7
|
+
data.tar.gz: 38f894b42f893a6ce45db047f2d21c1529b63de0dd19e00a69475a72cbb4c2d9738f0f25edc60460d61607182d5a5c01ccbb77a6ae6eeae69ec4e88f9345a2e1
|
data/CHANGES.md
CHANGED
data/bundle/load.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
path = File.expand_path('../..', __FILE__)
|
2
2
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib"
|
3
3
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
|
4
|
-
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
|
5
4
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
|
6
5
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib"
|
7
6
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/slim-4.1.0/lib"
|
@@ -10,6 +9,7 @@ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
|
|
10
9
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
|
11
10
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
|
12
11
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib"
|
12
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib"
|
13
13
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
|
14
14
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
|
15
15
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib"
|
File without changes
|
File without changes
|
File without changes
|
data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb
RENAMED
@@ -34,6 +34,12 @@ class Examples
|
|
34
34
|
end
|
35
35
|
|
36
36
|
class ParseTreeTestCase < Minitest::Test
|
37
|
+
all_versions = %w[18 19 20 21 22 23 24 25 26 27 30 31]
|
38
|
+
most_versions = all_versions.drop(1)
|
39
|
+
|
40
|
+
TEST_SUFFIX = "_#{most_versions.join "_"}"
|
41
|
+
VER_RE = /(#{Regexp.union(*all_versions)})/
|
42
|
+
|
37
43
|
attr_accessor :processor # to be defined by subclass
|
38
44
|
|
39
45
|
def setup
|
@@ -77,7 +83,7 @@ class ParseTreeTestCase < Minitest::Test
|
|
77
83
|
end
|
78
84
|
|
79
85
|
def self.add_19tests name, hash
|
80
|
-
add_tests "#{name}
|
86
|
+
add_tests "#{name}_#{TEST_SUFFIX}", hash # HACK?
|
81
87
|
end
|
82
88
|
|
83
89
|
def self.add_19edgecases ruby, sexp, cases
|
@@ -102,8 +108,6 @@ class ParseTreeTestCase < Minitest::Test
|
|
102
108
|
testcases[verbose][klass] = testcases[nonverbose][klass]
|
103
109
|
end
|
104
110
|
|
105
|
-
VER_RE = "(1[89]|2[01234567]|3[0])"
|
106
|
-
|
107
111
|
def self.generate_test klass, node, data, input_name, output_name
|
108
112
|
klass.send :define_method, "test_#{node}" do
|
109
113
|
flunk "Processor is nil" if processor.nil?
|
File without changes
|
data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_matcher.rb
RENAMED
File without changes
|
data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/strict_sexp.rb
RENAMED
File without changes
|
File without changes
|
@@ -703,7 +703,30 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
703
703
|
end
|
704
704
|
end
|
705
705
|
|
706
|
-
|
706
|
+
# Return early unless there might be short-hand syntax,
|
707
|
+
# since handling it is kind of expensive.
|
708
|
+
return exp unless exp.any? { |e| e.nil? }
|
709
|
+
|
710
|
+
# Need to handle short-hand hash syntax
|
711
|
+
new_hash = [:hash]
|
712
|
+
hash_iterate(exp) do |key, value|
|
713
|
+
# e.g. { a: }
|
714
|
+
if value.nil? and symbol? key
|
715
|
+
# Only handling local variables for now, not calls
|
716
|
+
lvar = s(:lvar, key.value)
|
717
|
+
if var_value = env[lvar]
|
718
|
+
new_hash << key << var_value.deep_clone(key.line || 0)
|
719
|
+
else
|
720
|
+
# If the value is unknown, assume it was a call
|
721
|
+
# and set the value to a call
|
722
|
+
new_hash.concat << key << s(:call, nil, key.value).line(key.line || 0)
|
723
|
+
end
|
724
|
+
else
|
725
|
+
new_hash.concat << key << value
|
726
|
+
end
|
727
|
+
end
|
728
|
+
|
729
|
+
Sexp.from_array(new_hash).line(exp.line || 0)
|
707
730
|
end
|
708
731
|
|
709
732
|
#Merge values into hash when processing
|
data/lib/brakeman/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.2.
|
4
|
+
version: 5.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-05-01 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
14
14
|
via static analysis.
|
@@ -275,16 +275,16 @@ files:
|
|
275
275
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
|
276
276
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
|
277
277
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
|
278
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
279
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
280
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
281
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
282
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
283
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
284
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
285
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
286
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
287
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
278
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/History.rdoc
|
279
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/Manifest.txt
|
280
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/README.rdoc
|
281
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/composite_sexp_processor.rb
|
282
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/pt_testcase.rb
|
283
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp.rb
|
284
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_matcher.rb
|
285
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_processor.rb
|
286
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/strict_sexp.rb
|
287
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/unique.rb
|
288
288
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
|
289
289
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
|
290
290
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE
|