brakeman 5.2.2 → 5.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +17 -0
- data/bundle/load.rb +2 -2
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/History.rdoc +6 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb +7 -3
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_matcher.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/strict_sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/unique.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/COPYING +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/asciidoc.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/babel.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/bluecloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/builder.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/coffee.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/commonmarker.rb +11 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/creole.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/csv.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/dummy.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erb.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubi.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubis.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/etanni.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/haml.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/kramdown.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/less.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/liquid.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/livescript.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/mapping.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/markaby.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/maruku.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/nokogiri.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/pandoc.rb +23 -15
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/plain.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/prawn.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/radius.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdiscount.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdoc.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcarpet.rb +5 -2
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +23 -0
- data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sass.rb +78 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/sigil.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/string.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/template.rb +12 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/typescript.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/wikicloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/yajl.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt.rb +2 -1
- data/lib/brakeman/app_tree.rb +9 -1
- data/lib/brakeman/checks/check_basic_auth.rb +4 -2
- data/lib/brakeman/checks/check_basic_auth_timing_attack.rb +2 -1
- data/lib/brakeman/checks/check_content_tag.rb +8 -4
- data/lib/brakeman/checks/check_cookie_serialization.rb +2 -1
- data/lib/brakeman/checks/check_create_with.rb +4 -2
- data/lib/brakeman/checks/check_cross_site_scripting.rb +6 -3
- data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +2 -1
- data/lib/brakeman/checks/check_default_routes.rb +6 -3
- data/lib/brakeman/checks/check_deserialize.rb +2 -1
- data/lib/brakeman/checks/check_detailed_exceptions.rb +4 -2
- data/lib/brakeman/checks/check_digest_dos.rb +2 -1
- data/lib/brakeman/checks/check_divide_by_zero.rb +2 -1
- data/lib/brakeman/checks/check_dynamic_finders.rb +2 -1
- data/lib/brakeman/checks/check_escape_function.rb +2 -1
- data/lib/brakeman/checks/check_evaluation.rb +2 -1
- data/lib/brakeman/checks/check_execute.rb +6 -3
- data/lib/brakeman/checks/check_file_access.rb +2 -1
- data/lib/brakeman/checks/check_file_disclosure.rb +2 -1
- data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
- data/lib/brakeman/checks/check_force_ssl.rb +2 -1
- data/lib/brakeman/checks/check_forgery_setting.rb +4 -2
- data/lib/brakeman/checks/check_header_dos.rb +2 -1
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -1
- data/lib/brakeman/checks/check_jruby_xml.rb +2 -1
- data/lib/brakeman/checks/check_json_encoding.rb +2 -1
- data/lib/brakeman/checks/check_json_entity_escape.rb +4 -2
- data/lib/brakeman/checks/check_json_parsing.rb +4 -2
- data/lib/brakeman/checks/check_link_to.rb +2 -1
- data/lib/brakeman/checks/check_link_to_href.rb +4 -2
- data/lib/brakeman/checks/check_mail_to.rb +2 -1
- data/lib/brakeman/checks/check_mass_assignment.rb +6 -3
- data/lib/brakeman/checks/check_mime_type_dos.rb +2 -1
- data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -1
- data/lib/brakeman/checks/check_model_attributes.rb +4 -2
- data/lib/brakeman/checks/check_model_serialize.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +2 -1
- data/lib/brakeman/checks/check_number_to_currency.rb +4 -2
- data/lib/brakeman/checks/check_page_caching_cve.rb +2 -1
- data/lib/brakeman/checks/check_permit_attributes.rb +2 -1
- data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
- data/lib/brakeman/checks/check_redirect.rb +2 -1
- data/lib/brakeman/checks/check_regex_dos.rb +2 -1
- data/lib/brakeman/checks/check_render.rb +4 -2
- data/lib/brakeman/checks/check_render_dos.rb +2 -1
- data/lib/brakeman/checks/check_render_inline.rb +4 -2
- data/lib/brakeman/checks/check_response_splitting.rb +2 -1
- data/lib/brakeman/checks/check_reverse_tabnabbing.rb +2 -1
- data/lib/brakeman/checks/check_route_dos.rb +2 -1
- data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_sanitize_config_cve.rb +120 -0
- data/lib/brakeman/checks/check_sanitize_methods.rb +6 -3
- data/lib/brakeman/checks/check_secrets.rb +2 -1
- data/lib/brakeman/checks/check_select_tag.rb +2 -1
- data/lib/brakeman/checks/check_select_vulnerability.rb +2 -1
- data/lib/brakeman/checks/check_send.rb +2 -1
- data/lib/brakeman/checks/check_session_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_session_settings.rb +6 -3
- data/lib/brakeman/checks/check_simple_format.rb +4 -2
- data/lib/brakeman/checks/check_single_quotes.rb +2 -1
- data/lib/brakeman/checks/check_skip_before_filter.rb +4 -2
- data/lib/brakeman/checks/check_sprockets_path_traversal.rb +2 -1
- data/lib/brakeman/checks/check_sql.rb +4 -2
- data/lib/brakeman/checks/check_sql_cves.rb +4 -2
- data/lib/brakeman/checks/check_ssl_verify.rb +2 -1
- data/lib/brakeman/checks/check_strip_tags.rb +6 -3
- data/lib/brakeman/checks/check_symbol_dos.rb +2 -1
- data/lib/brakeman/checks/check_symbol_dos_cve.rb +2 -1
- data/lib/brakeman/checks/check_template_injection.rb +2 -1
- data/lib/brakeman/checks/check_translate_bug.rb +2 -1
- data/lib/brakeman/checks/check_unsafe_reflection.rb +2 -1
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +2 -1
- data/lib/brakeman/checks/check_unscoped_find.rb +2 -1
- data/lib/brakeman/checks/check_validation_regex.rb +2 -1
- data/lib/brakeman/checks/check_verb_confusion.rb +2 -1
- data/lib/brakeman/checks/check_weak_hash.rb +6 -3
- data/lib/brakeman/checks/check_without_protection.rb +2 -1
- data/lib/brakeman/checks/check_xml_dos.rb +2 -1
- data/lib/brakeman/checks/check_yaml_parsing.rb +4 -2
- data/lib/brakeman/checks/eol_check.rb +4 -2
- data/lib/brakeman/options.rb +1 -1
- data/lib/brakeman/processors/alias_processor.rb +24 -1
- data/lib/brakeman/processors/lib/find_all_calls.rb +1 -0
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/report/report_csv.rb +2 -0
- data/lib/brakeman/report/report_junit.rb +2 -2
- data/lib/brakeman/report/report_table.rb +5 -5
- data/lib/brakeman/report/report_text.rb +2 -0
- data/lib/brakeman/report/templates/controller_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/ignored_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/model_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/security_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/view_warnings.html.erb +2 -0
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +5 -2
- data/lib/brakeman/warning_codes.rb +1 -0
- metadata +53 -52
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rst-pandoc.rb +0 -18
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sass.rb +0 -52
|
@@ -98,7 +98,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
|
|
|
98
98
|
render_warnings generic_warnings,
|
|
99
99
|
:warning,
|
|
100
100
|
'security_warnings',
|
|
101
|
-
["Confidence", "Class", "Method", "Warning Type", "Message"],
|
|
101
|
+
["Confidence", "Class", "Method", "Warning Type", "CWE ID", "Message"],
|
|
102
102
|
'Class'
|
|
103
103
|
end
|
|
104
104
|
|
|
@@ -107,7 +107,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
|
|
|
107
107
|
render_warnings template_warnings,
|
|
108
108
|
:template,
|
|
109
109
|
'view_warnings',
|
|
110
|
-
['Confidence', 'Template', 'Warning Type', 'Message'],
|
|
110
|
+
['Confidence', 'Template', 'Warning Type', "CWE ID", 'Message'],
|
|
111
111
|
'Template'
|
|
112
112
|
|
|
113
113
|
end
|
|
@@ -117,7 +117,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
|
|
|
117
117
|
render_warnings model_warnings,
|
|
118
118
|
:model,
|
|
119
119
|
'model_warnings',
|
|
120
|
-
['Confidence', 'Model', 'Warning Type', 'Message'],
|
|
120
|
+
['Confidence', 'Model', 'Warning Type', "CWE ID", 'Message'],
|
|
121
121
|
'Model'
|
|
122
122
|
end
|
|
123
123
|
|
|
@@ -126,7 +126,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
|
|
|
126
126
|
render_warnings controller_warnings,
|
|
127
127
|
:controller,
|
|
128
128
|
'controller_warnings',
|
|
129
|
-
['Confidence', 'Controller', 'Warning Type', 'Message'],
|
|
129
|
+
['Confidence', 'Controller', 'Warning Type', "CWE ID", 'Message'],
|
|
130
130
|
'Controller'
|
|
131
131
|
end
|
|
132
132
|
|
|
@@ -134,7 +134,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
|
|
|
134
134
|
render_warnings ignored_warnings,
|
|
135
135
|
:ignored,
|
|
136
136
|
'ignored_warnings',
|
|
137
|
-
['Confidence', 'Warning Type', 'File', 'Message'],
|
|
137
|
+
['Confidence', 'Warning Type', "CWE ID", 'File', 'Message'],
|
|
138
138
|
'Warning Type'
|
|
139
139
|
end
|
|
140
140
|
|
|
@@ -159,6 +159,8 @@ class Brakeman::Report::Text < Brakeman::Report::Base
|
|
|
159
159
|
label('Confidence', confidence(w.confidence))
|
|
160
160
|
when :category
|
|
161
161
|
label('Category', w.warning_type.to_s)
|
|
162
|
+
when :cwe
|
|
163
|
+
label('CWE', w.cwe_id.join(', '))
|
|
162
164
|
when :check
|
|
163
165
|
label('Check', w.check_name)
|
|
164
166
|
when :message
|
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
<th>Confidence</th>
|
|
6
6
|
<th>Controller</th>
|
|
7
7
|
<th>Warning Type</th>
|
|
8
|
+
<th>CWE ID</th>
|
|
8
9
|
<th>Message</th>
|
|
9
10
|
</tr>
|
|
10
11
|
</thead>
|
|
@@ -14,6 +15,7 @@
|
|
|
14
15
|
<td><%= warning['Confidence']%></td>
|
|
15
16
|
<td><%= warning['Controller']%></td>
|
|
16
17
|
<td><%= warning['Warning Type']%></td>
|
|
18
|
+
<td><%= warning['CWE ID']%></td>
|
|
17
19
|
<td><%= warning['Message']%></td>
|
|
18
20
|
</tr>
|
|
19
21
|
<% end %>
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
<th>Confidence</th>
|
|
7
7
|
<th>File</th>
|
|
8
8
|
<th>Warning Type</th>
|
|
9
|
+
<th>CWE ID</th>
|
|
9
10
|
<th>Message</th>
|
|
10
11
|
<th>Note</th>
|
|
11
12
|
</tr>
|
|
@@ -16,6 +17,7 @@
|
|
|
16
17
|
<td><%= warning['Confidence']%></td>
|
|
17
18
|
<td><%= warning['File']%></td>
|
|
18
19
|
<td><%= warning['Warning Type']%></td>
|
|
20
|
+
<td><%= warning['CWE ID']%></td>
|
|
19
21
|
<td><%= warning['Message']%></td>
|
|
20
22
|
<td><%= warning['Note']%></td>
|
|
21
23
|
</tr>
|
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
<th>Confidence</th>
|
|
6
6
|
<th>Model</th>
|
|
7
7
|
<th>Warning Type</th>
|
|
8
|
+
<th>CWE ID</th>
|
|
8
9
|
<th>Message</th>
|
|
9
10
|
</tr>
|
|
10
11
|
</thead>
|
|
@@ -14,6 +15,7 @@
|
|
|
14
15
|
<td><%= warning['Confidence']%></td>
|
|
15
16
|
<td><%= warning['Model']%></td>
|
|
16
17
|
<td><%= warning['Warning Type']%></td>
|
|
18
|
+
<td><%= warning['CWE ID']%></td>
|
|
17
19
|
<td><%= warning['Message']%></td>
|
|
18
20
|
</tr>
|
|
19
21
|
<% end %>
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
<th>Class</th>
|
|
7
7
|
<th>Method</th>
|
|
8
8
|
<th>Warning Type</th>
|
|
9
|
+
<th>CWE ID</th>
|
|
9
10
|
<th>Message</th>
|
|
10
11
|
</tr>
|
|
11
12
|
</thead>
|
|
@@ -16,6 +17,7 @@
|
|
|
16
17
|
<td><%= warning['Class']%></td>
|
|
17
18
|
<td><%= warning['Method']%></td>
|
|
18
19
|
<td><%= warning['Warning Type']%></td>
|
|
20
|
+
<td><%= warning['CWE ID']%></td>
|
|
19
21
|
<td><%= warning['Message']%></td>
|
|
20
22
|
</tr>
|
|
21
23
|
<% end %>
|
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
<th>Confidence</th>
|
|
6
6
|
<th>Template</th>
|
|
7
7
|
<th>Warning Type</th>
|
|
8
|
+
<th>CWE ID</th>
|
|
8
9
|
<th>Message</th>
|
|
9
10
|
</tr>
|
|
10
11
|
</thead>
|
|
@@ -27,6 +28,7 @@
|
|
|
27
28
|
<% end %>
|
|
28
29
|
</td>
|
|
29
30
|
<td><%= warning['Warning Type']%></td>
|
|
31
|
+
<td><%= warning['CWE ID']%></td>
|
|
30
32
|
<td><%= warning['Message']%></td>
|
|
31
33
|
</tr>
|
|
32
34
|
<% end %>
|
data/lib/brakeman/version.rb
CHANGED
data/lib/brakeman/warning.rb
CHANGED
|
@@ -5,7 +5,7 @@ require 'brakeman/messages'
|
|
|
5
5
|
|
|
6
6
|
#The Warning class stores information about warnings
|
|
7
7
|
class Brakeman::Warning
|
|
8
|
-
attr_reader :called_from, :check, :class, :confidence, :controller,
|
|
8
|
+
attr_reader :called_from, :check, :class, :confidence, :controller, :cwe_id,
|
|
9
9
|
:line, :method, :model, :template, :user_input, :user_input_type,
|
|
10
10
|
:warning_code, :warning_set, :warning_type
|
|
11
11
|
|
|
@@ -31,6 +31,7 @@ class Brakeman::Warning
|
|
|
31
31
|
:class => :@class,
|
|
32
32
|
:code => :@code,
|
|
33
33
|
:controller => :@controller,
|
|
34
|
+
:cwe_id => :@cwe_id,
|
|
34
35
|
:file => :@file,
|
|
35
36
|
:gem_info => :@gem_info,
|
|
36
37
|
:line => :@line,
|
|
@@ -219,6 +220,7 @@ class Brakeman::Warning
|
|
|
219
220
|
def to_row type = :warning
|
|
220
221
|
@row = { "Confidence" => TEXT_CONFIDENCE[self.confidence],
|
|
221
222
|
"Warning Type" => self.warning_type.to_s,
|
|
223
|
+
"CWE ID" => self.cwe_id,
|
|
222
224
|
"Message" => self.message }
|
|
223
225
|
|
|
224
226
|
case type
|
|
@@ -302,7 +304,8 @@ class Brakeman::Warning
|
|
|
302
304
|
:render_path => render_path,
|
|
303
305
|
:location => self.location(false),
|
|
304
306
|
:user_input => (@user_input && self.format_user_input(false)),
|
|
305
|
-
:confidence => self.confidence_name
|
|
307
|
+
:confidence => self.confidence_name,
|
|
308
|
+
:cwe_id => cwe_id
|
|
306
309
|
}
|
|
307
310
|
end
|
|
308
311
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.
|
|
4
|
+
version: 5.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Justin Collins
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-08-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
|
14
14
|
via static analysis.
|
|
@@ -275,16 +275,16 @@ files:
|
|
|
275
275
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
|
|
276
276
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
|
|
277
277
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
|
|
278
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
279
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
280
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
281
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
282
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
283
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
284
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
285
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
286
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
287
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
|
278
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/History.rdoc
|
|
279
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/Manifest.txt
|
|
280
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/README.rdoc
|
|
281
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/composite_sexp_processor.rb
|
|
282
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/pt_testcase.rb
|
|
283
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp.rb
|
|
284
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_matcher.rb
|
|
285
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_processor.rb
|
|
286
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/strict_sexp.rb
|
|
287
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/unique.rb
|
|
288
288
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
|
|
289
289
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
|
|
290
290
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE
|
|
@@ -387,46 +387,46 @@ files:
|
|
|
387
387
|
- bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb
|
|
388
388
|
- bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib/terminal-table/version.rb
|
|
389
389
|
- bundle/ruby/2.7.0/gems/terminal-table-1.8.0/terminal-table.gemspec
|
|
390
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
391
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
392
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
393
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
394
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
395
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
396
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
397
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
398
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
399
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
400
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
401
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
402
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
403
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
404
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
405
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
406
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
407
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
408
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
409
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
410
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
411
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
412
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
413
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
414
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
415
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
416
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
417
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
418
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
419
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
420
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
421
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
422
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
423
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
424
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
425
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
426
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
427
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
428
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
429
|
-
- bundle/ruby/2.7.0/gems/tilt-2.0.
|
|
390
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/COPYING
|
|
391
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt.rb
|
|
392
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/asciidoc.rb
|
|
393
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/babel.rb
|
|
394
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/bluecloth.rb
|
|
395
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/builder.rb
|
|
396
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/coffee.rb
|
|
397
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/commonmarker.rb
|
|
398
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/creole.rb
|
|
399
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/csv.rb
|
|
400
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/dummy.rb
|
|
401
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erb.rb
|
|
402
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erubi.rb
|
|
403
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/erubis.rb
|
|
404
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/etanni.rb
|
|
405
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/haml.rb
|
|
406
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/kramdown.rb
|
|
407
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/less.rb
|
|
408
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/liquid.rb
|
|
409
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/livescript.rb
|
|
410
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/mapping.rb
|
|
411
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/markaby.rb
|
|
412
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/maruku.rb
|
|
413
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/nokogiri.rb
|
|
414
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/pandoc.rb
|
|
415
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/plain.rb
|
|
416
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/prawn.rb
|
|
417
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/radius.rb
|
|
418
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rdiscount.rb
|
|
419
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rdoc.rb
|
|
420
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/redcarpet.rb
|
|
421
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/redcloth.rb
|
|
422
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb
|
|
423
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sass.rb
|
|
424
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sigil.rb
|
|
425
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/string.rb
|
|
426
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/template.rb
|
|
427
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/typescript.rb
|
|
428
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/wikicloth.rb
|
|
429
|
+
- bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/yajl.rb
|
|
430
430
|
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/CHANGELOG.md
|
|
431
431
|
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt
|
|
432
432
|
- bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/README.md
|
|
@@ -493,6 +493,7 @@ files:
|
|
|
493
493
|
- lib/brakeman/checks/check_reverse_tabnabbing.rb
|
|
494
494
|
- lib/brakeman/checks/check_route_dos.rb
|
|
495
495
|
- lib/brakeman/checks/check_safe_buffer_manipulation.rb
|
|
496
|
+
- lib/brakeman/checks/check_sanitize_config_cve.rb
|
|
496
497
|
- lib/brakeman/checks/check_sanitize_methods.rb
|
|
497
498
|
- lib/brakeman/checks/check_secrets.rb
|
|
498
499
|
- lib/brakeman/checks/check_select_tag.rb
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
require 'tilt/template'
|
|
2
|
-
require 'tilt/pandoc'
|
|
3
|
-
|
|
4
|
-
module Tilt
|
|
5
|
-
# Pandoc reStructuredText implementation. See:
|
|
6
|
-
# http://pandoc.org/
|
|
7
|
-
# Use PandocTemplate and specify input format
|
|
8
|
-
class RstPandocTemplate < PandocTemplate
|
|
9
|
-
def tilt_to_pandoc_mapping
|
|
10
|
-
{ :smartypants => :smart }
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def pandoc_options
|
|
14
|
-
options.merge!(f: 'rst')
|
|
15
|
-
super
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
end
|
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
require 'tilt/template'
|
|
2
|
-
|
|
3
|
-
module Tilt
|
|
4
|
-
# Sass template implementation. See:
|
|
5
|
-
# http://haml.hamptoncatlin.com/
|
|
6
|
-
#
|
|
7
|
-
# Sass templates do not support object scopes, locals, or yield.
|
|
8
|
-
class SassTemplate < Template
|
|
9
|
-
self.default_mime_type = 'text/css'
|
|
10
|
-
|
|
11
|
-
begin
|
|
12
|
-
require 'sassc'
|
|
13
|
-
Sass = ::SassC
|
|
14
|
-
rescue LoadError => err
|
|
15
|
-
begin
|
|
16
|
-
require 'sass'
|
|
17
|
-
Sass = ::Sass
|
|
18
|
-
rescue LoadError
|
|
19
|
-
raise err
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def prepare
|
|
24
|
-
@engine = Sass::Engine.new(data, sass_options)
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
def evaluate(scope, locals, &block)
|
|
28
|
-
@output ||= @engine.render
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def allows_script?
|
|
32
|
-
false
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
private
|
|
36
|
-
def sass_options
|
|
37
|
-
options.merge(:filename => eval_file, :line => line, :syntax => :sass)
|
|
38
|
-
end
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
# Sass's new .scss type template implementation.
|
|
42
|
-
class ScssTemplate < SassTemplate
|
|
43
|
-
self.default_mime_type = 'text/css'
|
|
44
|
-
|
|
45
|
-
private
|
|
46
|
-
def sass_options
|
|
47
|
-
options.merge(:filename => eval_file, :line => line, :syntax => :scss)
|
|
48
|
-
end
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
end
|
|
52
|
-
|