brakeman 5.4.1 → 6.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +14 -0
  3. data/README.md +2 -2
  4. data/bundle/load.rb +3 -4
  5. data/bundle/ruby/3.1.0/gems/parallel-1.23.0/lib/parallel/version.rb +4 -0
  6. data/bundle/ruby/3.1.0/gems/{parallel-1.22.1 → parallel-1.23.0}/lib/parallel.rb +43 -3
  7. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/History.rdoc +38 -0
  8. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/Manifest.txt +2 -0
  9. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/README.rdoc +2 -1
  10. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/compare/normalize.rb +1 -0
  11. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby20_parser.rb +4267 -4284
  12. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby20_parser.y +50 -26
  13. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby21_parser.rb +4241 -4240
  14. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby21_parser.y +50 -26
  15. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby22_parser.rb +4289 -4290
  16. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby22_parser.y +50 -26
  17. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby23_parser.rb +4274 -4243
  18. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby23_parser.y +50 -26
  19. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby24_parser.rb +4279 -4298
  20. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby24_parser.y +50 -26
  21. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby25_parser.rb +4270 -4289
  22. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby25_parser.y +50 -26
  23. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby26_parser.rb +4270 -4289
  24. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby26_parser.y +50 -26
  25. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby27_parser.rb +4173 -4206
  26. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby27_parser.y +50 -26
  27. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby30_parser.rb +6029 -5971
  28. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby30_parser.y +135 -86
  29. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby31_parser.rb +6195 -6184
  30. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby31_parser.y +136 -87
  31. data/bundle/ruby/3.1.0/gems/ruby_parser-3.20.3/lib/ruby32_parser.rb +13601 -0
  32. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2/lib/ruby3_parser.yy → ruby_parser-3.20.3/lib/ruby32_parser.y} +158 -163
  33. data/bundle/ruby/3.1.0/gems/ruby_parser-3.20.3/lib/ruby3_parser.yy +3635 -0
  34. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_lexer.rb +15 -7
  35. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_lexer.rex.rb +1 -1
  36. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_lexer_strings.rb +2 -2
  37. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_parser.rb +2 -0
  38. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_parser.yy +50 -26
  39. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_parser_extras.rb +25 -19
  40. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/tools/munge.rb +8 -2
  41. data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/tools/ripper.rb +14 -12
  42. data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/History.rdoc +13 -0
  43. data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/pt_testcase.rb +3 -3
  44. data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/sexp.rb +8 -2
  45. data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/sexp_processor.rb +1 -1
  46. data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/strict_sexp.rb +6 -5
  47. data/lib/brakeman/app_tree.rb +0 -1
  48. data/lib/brakeman/checks/check_content_tag.rb +8 -5
  49. data/lib/brakeman/checks/check_eol_ruby.rb +3 -1
  50. data/lib/brakeman/report/report_github.rb +1 -1
  51. data/lib/brakeman/scanner.rb +0 -1
  52. data/lib/brakeman/tracker/config.rb +15 -11
  53. data/lib/brakeman/version.rb +1 -1
  54. data/lib/brakeman.rb +6 -2
  55. metadata +56 -68
  56. data/bundle/ruby/3.1.0/gems/parallel-1.22.1/lib/parallel/processor_count.rb +0 -44
  57. data/bundle/ruby/3.1.0/gems/parallel-1.22.1/lib/parallel/version.rb +0 -4
  58. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/History.rdoc +0 -6
  59. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt +0 -19
  60. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/README.rdoc +0 -54
  61. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.rb +0 -5794
  62. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.y +0 -1909
  63. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.rb +0 -6186
  64. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.y +0 -2117
  65. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rb +0 -1412
  66. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex +0 -179
  67. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex.rb +0 -323
  68. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb +0 -30
  69. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser_extras.rb +0 -1388
  70. data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy.rb +0 -5
  71. /data/bundle/ruby/3.1.0/gems/{parallel-1.22.1 → parallel-1.23.0}/MIT-LICENSE.txt +0 -0
  72. /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/debugging.md +0 -0
  73. /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/gauntlet.md +0 -0
  74. /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/rp_extensions.rb +0 -0
  75. /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/rp_stringscanner.rb +0 -0
  76. /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_lexer.rex +0 -0
  77. /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/Manifest.txt +0 -0
  78. /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/README.rdoc +0 -0
  79. /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/composite_sexp_processor.rb +0 -0
  80. /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/sexp_matcher.rb +0 -0
  81. /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/unique.rb +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 88049c2c49d114a2921ded02a16ae8be8cb9717976aa026d14a8386046668702
4
- data.tar.gz: 2d3bbf4de0df432415432657e0ff658eddd7edb860a29def3d1ae707e968b143
3
+ metadata.gz: 3bfe97a2a21052a6b89113eba0488d389790be712085e953b0661bfdad31f5ea
4
+ data.tar.gz: 9155ab4eb06b34c7e8294a63bc1878f4e754087f4c7eebc10ff0232f9b62ad14
5
5
  SHA512:
6
- metadata.gz: 3910fabad6692126c5080485901629763cebd2355107fe821c2077af74fe2e1566cf936e7135e5d2c301bf43b8f95f6534c06cabfa56638a839e86a1202fbd40
7
- data.tar.gz: d012ad0ee09eb897912350f399d0ff12589a2bf46f63a7dc9459f88dfa39c3aee9da6dd751c4636cd6e0b050781e0bef5e7471587da7a3446f66a196e81549c6
6
+ metadata.gz: 67f98784f2eff71cde186b940d6c7bae38495529d1f3882eee6f92103b9c44fb06caa62dd5e6ed2cfaab82b01e7a1c41b951b2529fd4b04e54e6c2ca89a65a91
7
+ data.tar.gz: a35a4a539a877bdf2eb2150ef4556d31f995be90ce23a2b2d9697ffae41bb2ec2d7fefbfcb853c10897849f554d87b6c03e9a24265fd965158815df8f445a79b
data/CHANGES.md CHANGED
@@ -1,3 +1,17 @@
1
+ # 6.0.1 - 2023-07-20
2
+
3
+ * Accept strings for `load_defaults` version
4
+
5
+ # 6.0.0 - 2023-05-24
6
+
7
+ * Add obsolete fingerprints to comparison report
8
+ * Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
9
+ * Scan directories that include the word `public`
10
+ * Raise minimum Ruby version to 3.0
11
+ * Drop support for Ruby 1.8/1.9 syntax
12
+ * Fix end-of-life dates for Ruby
13
+ * Fix false positive with `content_tag` in newer Rails
14
+
1
15
  # 5.4.1 - 2023-02-21
2
16
 
3
17
  * Fix file/line location for EOL software warnings
data/README.md CHANGED
@@ -66,7 +66,7 @@ Outside of Rails root (note that the output file is relative to path/to/rails/ap
66
66
 
67
67
  Brakeman should work with any version of Rails from 2.3.x to 7.x.
68
68
 
69
- Brakeman can analyze code written with Ruby 1.8 syntax and newer, but requires at least Ruby 2.5.0 to run.
69
+ Brakeman can analyze code written with Ruby 2.0 syntax and newer, but requires at least Ruby 3.0.0 to run.
70
70
 
71
71
  # Basic Options
72
72
 
@@ -182,7 +182,7 @@ There is a [plugin available](http://brakemanscanner.org/docs/jenkins/) for Jenk
182
182
 
183
183
  For even more continuous testing, try the [Guard plugin](https://github.com/guard/guard-brakeman).
184
184
 
185
- There are a couple [Github Actions](https://github.com/marketplace?type=actions&query=brakeman) available.
185
+ There are a couple [GitHub Actions](https://github.com/marketplace?type=actions&query=brakeman) available.
186
186
 
187
187
  # Building
188
188
 
data/bundle/load.rb CHANGED
@@ -2,13 +2,12 @@ path = File.expand_path('../..', __FILE__)
2
2
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/erubis-2.7.0/lib"
3
3
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/haml-5.2.2/lib"
4
4
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/highline-2.1.0/lib"
5
- $:.unshift "#{path}/bundle/ruby/3.1.0/gems/parallel-1.22.1/lib"
5
+ $:.unshift "#{path}/bundle/ruby/3.1.0/gems/parallel-1.23.0/lib"
6
6
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/rexml-3.2.5/lib"
7
7
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/ruby2ruby-2.4.4/lib"
8
- $:.unshift "#{path}/bundle/ruby/3.1.0/gems/ruby_parser-3.19.2/lib"
9
- $:.unshift "#{path}/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib"
8
+ $:.unshift "#{path}/bundle/ruby/3.1.0/gems/ruby_parser-3.20.3/lib"
10
9
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib"
11
- $:.unshift "#{path}/bundle/ruby/3.1.0/gems/sexp_processor-4.16.1/lib"
10
+ $:.unshift "#{path}/bundle/ruby/3.1.0/gems/sexp_processor-4.17.0/lib"
12
11
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/slim-4.1.0/lib"
13
12
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/temple-0.8.2/lib"
14
13
  $:.unshift "#{path}/bundle/ruby/3.1.0/gems/terminal-table-1.8.0/lib"
data/bundle/ruby/3.1.0/gems/parallel-1.23.0/lib/parallel/version.rb ADDED
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+ module Parallel
3
+ VERSION = Version = '1.23.0' # rubocop:disable Naming/ConstantName
4
+ end
data/bundle/ruby/3.1.0/gems/{parallel-1.22.1 → parallel-1.23.0}/lib/parallel.rb RENAMED
@@ -1,11 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
  require 'rbconfig'
3
3
  require 'parallel/version'
4
- require 'parallel/processor_count'
5
4
 
6
5
  module Parallel
7
- extend ProcessorCount
8
-
9
6
  Stop = Object.new.freeze
10
7
 
11
8
  class DeadWorker < StandardError
@@ -307,6 +304,49 @@ module Parallel
307
304
  map(*args, &block).flatten(1)
308
305
  end
309
306
 
307
+ def filter_map(*args, &block)
308
+ map(*args, &block).compact
309
+ end
310
+
311
+ # Number of physical processor cores on the current system.
312
+ def physical_processor_count
313
+ @physical_processor_count ||= begin
314
+ ppc =
315
+ case RbConfig::CONFIG["target_os"]
316
+ when /darwin[12]/
317
+ IO.popen("/usr/sbin/sysctl -n hw.physicalcpu").read.to_i
318
+ when /linux/
319
+ cores = {} # unique physical ID / core ID combinations
320
+ phy = 0
321
+ File.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
322
+ if ln.start_with?("physical")
323
+ phy = ln[/\d+/]
324
+ elsif ln.start_with?("core")
325
+ cid = "#{phy}:#{ln[/\d+/]}"
326
+ cores[cid] = true unless cores[cid]
327
+ end
328
+ end
329
+ cores.count
330
+ when /mswin|mingw/
331
+ require 'win32ole'
332
+ result_set = WIN32OLE.connect("winmgmts://").ExecQuery(
333
+ "select NumberOfCores from Win32_Processor"
334
+ )
335
+ result_set.to_enum.collect(&:NumberOfCores).reduce(:+)
336
+ else
337
+ processor_count
338
+ end
339
+ # fall back to logical count if physical info is invalid
340
+ ppc > 0 ? ppc : processor_count
341
+ end
342
+ end
343
+
344
+ # Number of processors seen by the OS, used for process scheduling
345
+ def processor_count
346
+ require 'etc'
347
+ @processor_count ||= Integer(ENV['PARALLEL_PROCESSOR_COUNT'] || Etc.nprocessors)
348
+ end
349
+
310
350
  def worker_number
311
351
  Thread.current[:parallel_worker_number]
312
352
  end
data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/History.rdoc RENAMED
@@ -1,3 +1,41 @@
1
+ === 3.20.3 / 2023-07-11
2
+
3
+ * 2 minor enhancements:
4
+
5
+ * Added Parser#in_argdef and integrated into 3.x parsers.
6
+ * Improved tools/munge.rb to handler MRI 3.2 output
7
+
8
+ * 2 bug fixes:
9
+
10
+ * Fixed process_dots to properly deal with paren-less forward_args. (eric1234)
11
+ * Fixed tools/ripper.rb to properly print ripper sexp at the end
12
+
13
+ === 3.20.2 / 2023-06-06
14
+
15
+ * 1 bug fix:
16
+
17
+ * 3.2: fixed parsing of f(*) and f(**). (agrobbin)
18
+
19
+ === 3.20.1 / 2023-05-16
20
+
21
+ * 1 minor enhancement:
22
+
23
+ * Fixes Sexp#line_max in parser for many constructs: paren_args, arrays of various sorts, calls, classes, modules, etc.
24
+
25
+ === 3.20.0 / 2023-03-04
26
+
27
+ * 1 major enhancement:
28
+
29
+ * Added tentative 3.2 support.
30
+
31
+ * 1 minor enhancement:
32
+
33
+ * Change minimum ruby version to 2.6. (want higher)
34
+
35
+ * 1 bug fix:
36
+
37
+ * Fix up compare tasks for ruby 3.2 differences.
38
+
1
39
  === 3.19.2 / 2022-12-03
2
40
 
3
41
  * 5 bug fixes:
data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/Manifest.txt RENAMED
@@ -31,6 +31,8 @@ lib/ruby30_parser.rb
31
31
  lib/ruby30_parser.y
32
32
  lib/ruby31_parser.rb
33
33
  lib/ruby31_parser.y
34
+ lib/ruby32_parser.rb
35
+ lib/ruby32_parser.y
34
36
  lib/ruby3_parser.yy
35
37
  lib/ruby_lexer.rb
36
38
  lib/ruby_lexer.rex
data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/README.rdoc RENAMED
@@ -68,8 +68,9 @@ To add a new version:
68
68
  * New parser should be generated from lib/ruby[3]_parser.yy.
69
69
  * Extend lib/ruby[3]_parser.yy with new class name.
70
70
  * Add new version number to V2/V3 in Rakefile for rule creation.
71
- * Add new (full) version to `ruby_parse` section of Rakefile for rake compare
71
+ * Add new `ruby_parse "x.y.z"` line to Rakefile for rake compare (line ~300).
72
72
  * Require generated parser in lib/ruby_parser.rb.
73
+ * Add new V## = ::Ruby##Parser; end to ruby_parser.rb (bottom of file).
73
74
  * Add empty TestRubyParserShared##Plus module and TestRubyParserV## to test/test_ruby_parser.rb.
74
75
  * Extend Manifest.txt with generated file names.
75
76
  * Add new version number to sexp_processor's pt_testcase.rb in all_versions
data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/compare/normalize.rb RENAMED
@@ -84,6 +84,7 @@ def munge s
84
84
 
85
85
  "' '", "tSPACE", # needs to be later to avoid bad hits
86
86
 
87
+ "ε", "none", # bison 3+
87
88
  "%empty", "none", # newer bison
88
89
  "/* empty */", "none",
89
90
  /^\s*$/, "none",