brakeman 5.4.1 → 6.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +14 -0
- data/README.md +2 -2
- data/bundle/load.rb +3 -4
- data/bundle/ruby/3.1.0/gems/parallel-1.23.0/lib/parallel/version.rb +4 -0
- data/bundle/ruby/3.1.0/gems/{parallel-1.22.1 → parallel-1.23.0}/lib/parallel.rb +43 -3
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/History.rdoc +38 -0
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/Manifest.txt +2 -0
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/README.rdoc +2 -1
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/compare/normalize.rb +1 -0
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby20_parser.rb +4267 -4284
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby20_parser.y +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby21_parser.rb +4241 -4240
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby21_parser.y +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby22_parser.rb +4289 -4290
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby22_parser.y +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby23_parser.rb +4274 -4243
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby23_parser.y +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby24_parser.rb +4279 -4298
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby24_parser.y +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby25_parser.rb +4270 -4289
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby25_parser.y +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby26_parser.rb +4270 -4289
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby26_parser.y +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby27_parser.rb +4173 -4206
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby27_parser.y +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby30_parser.rb +6029 -5971
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby30_parser.y +135 -86
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby31_parser.rb +6195 -6184
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby31_parser.y +136 -87
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.20.3/lib/ruby32_parser.rb +13601 -0
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2/lib/ruby3_parser.yy → ruby_parser-3.20.3/lib/ruby32_parser.y} +158 -163
- data/bundle/ruby/3.1.0/gems/ruby_parser-3.20.3/lib/ruby3_parser.yy +3635 -0
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_lexer.rb +15 -7
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_lexer.rex.rb +1 -1
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_lexer_strings.rb +2 -2
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_parser.rb +2 -0
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_parser.yy +50 -26
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_parser_extras.rb +25 -19
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/tools/munge.rb +8 -2
- data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/tools/ripper.rb +14 -12
- data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/History.rdoc +13 -0
- data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/pt_testcase.rb +3 -3
- data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/sexp.rb +8 -2
- data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/strict_sexp.rb +6 -5
- data/lib/brakeman/app_tree.rb +0 -1
- data/lib/brakeman/checks/check_content_tag.rb +8 -5
- data/lib/brakeman/checks/check_eol_ruby.rb +3 -1
- data/lib/brakeman/report/report_github.rb +1 -1
- data/lib/brakeman/scanner.rb +0 -1
- data/lib/brakeman/tracker/config.rb +15 -11
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman.rb +6 -2
- metadata +56 -68
- data/bundle/ruby/3.1.0/gems/parallel-1.22.1/lib/parallel/processor_count.rb +0 -44
- data/bundle/ruby/3.1.0/gems/parallel-1.22.1/lib/parallel/version.rb +0 -4
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/History.rdoc +0 -6
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/Manifest.txt +0 -19
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/README.rdoc +0 -54
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.rb +0 -5794
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby18_parser.y +0 -1909
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.rb +0 -6186
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby19_parser.y +0 -2117
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rb +0 -1412
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex +0 -179
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_lexer.rex.rb +0 -323
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb +0 -30
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser_extras.rb +0 -1388
- data/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy.rb +0 -5
- /data/bundle/ruby/3.1.0/gems/{parallel-1.22.1 → parallel-1.23.0}/MIT-LICENSE.txt +0 -0
- /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/debugging.md +0 -0
- /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/gauntlet.md +0 -0
- /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/rp_extensions.rb +0 -0
- /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/rp_stringscanner.rb +0 -0
- /data/bundle/ruby/3.1.0/gems/{ruby_parser-3.19.2 → ruby_parser-3.20.3}/lib/ruby_lexer.rex +0 -0
- /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/Manifest.txt +0 -0
- /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/README.rdoc +0 -0
- /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/composite_sexp_processor.rb +0 -0
- /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/sexp_matcher.rb +0 -0
- /data/bundle/ruby/3.1.0/gems/{sexp_processor-4.16.1 → sexp_processor-4.17.0}/lib/unique.rb +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3bfe97a2a21052a6b89113eba0488d389790be712085e953b0661bfdad31f5ea
|
4
|
+
data.tar.gz: 9155ab4eb06b34c7e8294a63bc1878f4e754087f4c7eebc10ff0232f9b62ad14
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 67f98784f2eff71cde186b940d6c7bae38495529d1f3882eee6f92103b9c44fb06caa62dd5e6ed2cfaab82b01e7a1c41b951b2529fd4b04e54e6c2ca89a65a91
|
7
|
+
data.tar.gz: a35a4a539a877bdf2eb2150ef4556d31f995be90ce23a2b2d9697ffae41bb2ec2d7fefbfcb853c10897849f554d87b6c03e9a24265fd965158815df8f445a79b
|
data/CHANGES.md
CHANGED
@@ -1,3 +1,17 @@
|
|
1
|
+
# 6.0.1 - 2023-07-20
|
2
|
+
|
3
|
+
* Accept strings for `load_defaults` version
|
4
|
+
|
5
|
+
# 6.0.0 - 2023-05-24
|
6
|
+
|
7
|
+
* Add obsolete fingerprints to comparison report
|
8
|
+
* Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
|
9
|
+
* Scan directories that include the word `public`
|
10
|
+
* Raise minimum Ruby version to 3.0
|
11
|
+
* Drop support for Ruby 1.8/1.9 syntax
|
12
|
+
* Fix end-of-life dates for Ruby
|
13
|
+
* Fix false positive with `content_tag` in newer Rails
|
14
|
+
|
1
15
|
# 5.4.1 - 2023-02-21
|
2
16
|
|
3
17
|
* Fix file/line location for EOL software warnings
|
data/README.md
CHANGED
@@ -66,7 +66,7 @@ Outside of Rails root (note that the output file is relative to path/to/rails/ap
|
|
66
66
|
|
67
67
|
Brakeman should work with any version of Rails from 2.3.x to 7.x.
|
68
68
|
|
69
|
-
Brakeman can analyze code written with Ruby
|
69
|
+
Brakeman can analyze code written with Ruby 2.0 syntax and newer, but requires at least Ruby 3.0.0 to run.
|
70
70
|
|
71
71
|
# Basic Options
|
72
72
|
|
@@ -182,7 +182,7 @@ There is a [plugin available](http://brakemanscanner.org/docs/jenkins/) for Jenk
|
|
182
182
|
|
183
183
|
For even more continuous testing, try the [Guard plugin](https://github.com/guard/guard-brakeman).
|
184
184
|
|
185
|
-
There are a couple [
|
185
|
+
There are a couple [GitHub Actions](https://github.com/marketplace?type=actions&query=brakeman) available.
|
186
186
|
|
187
187
|
# Building
|
188
188
|
|
data/bundle/load.rb
CHANGED
@@ -2,13 +2,12 @@ path = File.expand_path('../..', __FILE__)
|
|
2
2
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/erubis-2.7.0/lib"
|
3
3
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/haml-5.2.2/lib"
|
4
4
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/highline-2.1.0/lib"
|
5
|
-
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/parallel-1.
|
5
|
+
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/parallel-1.23.0/lib"
|
6
6
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/rexml-3.2.5/lib"
|
7
7
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/ruby2ruby-2.4.4/lib"
|
8
|
-
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/ruby_parser-3.
|
9
|
-
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/ruby_parser-legacy-1.0.0/lib"
|
8
|
+
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/ruby_parser-3.20.3/lib"
|
10
9
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib"
|
11
|
-
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/sexp_processor-4.
|
10
|
+
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/sexp_processor-4.17.0/lib"
|
12
11
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/slim-4.1.0/lib"
|
13
12
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/temple-0.8.2/lib"
|
14
13
|
$:.unshift "#{path}/bundle/ruby/3.1.0/gems/terminal-table-1.8.0/lib"
|
@@ -1,11 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
require 'rbconfig'
|
3
3
|
require 'parallel/version'
|
4
|
-
require 'parallel/processor_count'
|
5
4
|
|
6
5
|
module Parallel
|
7
|
-
extend ProcessorCount
|
8
|
-
|
9
6
|
Stop = Object.new.freeze
|
10
7
|
|
11
8
|
class DeadWorker < StandardError
|
@@ -307,6 +304,49 @@ module Parallel
|
|
307
304
|
map(*args, &block).flatten(1)
|
308
305
|
end
|
309
306
|
|
307
|
+
def filter_map(*args, &block)
|
308
|
+
map(*args, &block).compact
|
309
|
+
end
|
310
|
+
|
311
|
+
# Number of physical processor cores on the current system.
|
312
|
+
def physical_processor_count
|
313
|
+
@physical_processor_count ||= begin
|
314
|
+
ppc =
|
315
|
+
case RbConfig::CONFIG["target_os"]
|
316
|
+
when /darwin[12]/
|
317
|
+
IO.popen("/usr/sbin/sysctl -n hw.physicalcpu").read.to_i
|
318
|
+
when /linux/
|
319
|
+
cores = {} # unique physical ID / core ID combinations
|
320
|
+
phy = 0
|
321
|
+
File.read("/proc/cpuinfo").scan(/^physical id.*|^core id.*/) do |ln|
|
322
|
+
if ln.start_with?("physical")
|
323
|
+
phy = ln[/\d+/]
|
324
|
+
elsif ln.start_with?("core")
|
325
|
+
cid = "#{phy}:#{ln[/\d+/]}"
|
326
|
+
cores[cid] = true unless cores[cid]
|
327
|
+
end
|
328
|
+
end
|
329
|
+
cores.count
|
330
|
+
when /mswin|mingw/
|
331
|
+
require 'win32ole'
|
332
|
+
result_set = WIN32OLE.connect("winmgmts://").ExecQuery(
|
333
|
+
"select NumberOfCores from Win32_Processor"
|
334
|
+
)
|
335
|
+
result_set.to_enum.collect(&:NumberOfCores).reduce(:+)
|
336
|
+
else
|
337
|
+
processor_count
|
338
|
+
end
|
339
|
+
# fall back to logical count if physical info is invalid
|
340
|
+
ppc > 0 ? ppc : processor_count
|
341
|
+
end
|
342
|
+
end
|
343
|
+
|
344
|
+
# Number of processors seen by the OS, used for process scheduling
|
345
|
+
def processor_count
|
346
|
+
require 'etc'
|
347
|
+
@processor_count ||= Integer(ENV['PARALLEL_PROCESSOR_COUNT'] || Etc.nprocessors)
|
348
|
+
end
|
349
|
+
|
310
350
|
def worker_number
|
311
351
|
Thread.current[:parallel_worker_number]
|
312
352
|
end
|
@@ -1,3 +1,41 @@
|
|
1
|
+
=== 3.20.3 / 2023-07-11
|
2
|
+
|
3
|
+
* 2 minor enhancements:
|
4
|
+
|
5
|
+
* Added Parser#in_argdef and integrated into 3.x parsers.
|
6
|
+
* Improved tools/munge.rb to handler MRI 3.2 output
|
7
|
+
|
8
|
+
* 2 bug fixes:
|
9
|
+
|
10
|
+
* Fixed process_dots to properly deal with paren-less forward_args. (eric1234)
|
11
|
+
* Fixed tools/ripper.rb to properly print ripper sexp at the end
|
12
|
+
|
13
|
+
=== 3.20.2 / 2023-06-06
|
14
|
+
|
15
|
+
* 1 bug fix:
|
16
|
+
|
17
|
+
* 3.2: fixed parsing of f(*) and f(**). (agrobbin)
|
18
|
+
|
19
|
+
=== 3.20.1 / 2023-05-16
|
20
|
+
|
21
|
+
* 1 minor enhancement:
|
22
|
+
|
23
|
+
* Fixes Sexp#line_max in parser for many constructs: paren_args, arrays of various sorts, calls, classes, modules, etc.
|
24
|
+
|
25
|
+
=== 3.20.0 / 2023-03-04
|
26
|
+
|
27
|
+
* 1 major enhancement:
|
28
|
+
|
29
|
+
* Added tentative 3.2 support.
|
30
|
+
|
31
|
+
* 1 minor enhancement:
|
32
|
+
|
33
|
+
* Change minimum ruby version to 2.6. (want higher)
|
34
|
+
|
35
|
+
* 1 bug fix:
|
36
|
+
|
37
|
+
* Fix up compare tasks for ruby 3.2 differences.
|
38
|
+
|
1
39
|
=== 3.19.2 / 2022-12-03
|
2
40
|
|
3
41
|
* 5 bug fixes:
|
@@ -68,8 +68,9 @@ To add a new version:
|
|
68
68
|
* New parser should be generated from lib/ruby[3]_parser.yy.
|
69
69
|
* Extend lib/ruby[3]_parser.yy with new class name.
|
70
70
|
* Add new version number to V2/V3 in Rakefile for rule creation.
|
71
|
-
* Add new
|
71
|
+
* Add new `ruby_parse "x.y.z"` line to Rakefile for rake compare (line ~300).
|
72
72
|
* Require generated parser in lib/ruby_parser.rb.
|
73
|
+
* Add new V## = ::Ruby##Parser; end to ruby_parser.rb (bottom of file).
|
73
74
|
* Add empty TestRubyParserShared##Plus module and TestRubyParserV## to test/test_ruby_parser.rb.
|
74
75
|
* Extend Manifest.txt with generated file names.
|
75
76
|
* Add new version number to sexp_processor's pt_testcase.rb in all_versions
|