brakeman 6.0.0 → 6.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +13 -0
- data/bundle/load.rb +14 -14
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/NEWS.md +100 -2
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/README.md +10 -1
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/attribute.rb +14 -9
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/document.rb +1 -1
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/element.rb +3 -3
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/entity.rb +25 -15
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/formatters/pretty.rb +2 -2
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/namespace.rb +8 -4
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parsers/xpathparser.rb +136 -86
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/rexml.rb +3 -1
- data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/text.rb +6 -4
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/History.rdoc +18 -0
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/compare/normalize.rb +1 -0
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby20_parser.rb +4220 -4273
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby20_parser.y +0 -10
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby21_parser.rb +4203 -4238
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby21_parser.y +0 -10
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby22_parser.rb +4239 -4276
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby22_parser.y +0 -10
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby23_parser.rb +4235 -4240
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1/lib/ruby24_parser.y → 3.1.0/gems/ruby_parser-3.20.3/lib/ruby23_parser.y} +1 -19
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby24_parser.rb +4229 -4284
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1/lib/ruby23_parser.y → 3.1.0/gems/ruby_parser-3.20.3/lib/ruby24_parser.y} +9 -11
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby25_parser.rb +4220 -4275
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby25_parser.y +0 -10
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby26_parser.rb +4221 -4276
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby26_parser.y +0 -10
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby27_parser.rb +4138 -4207
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby27_parser.y +0 -10
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby30_parser.rb +5989 -5957
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby30_parser.y +95 -72
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby31_parser.rb +6157 -6172
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby31_parser.y +96 -73
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby32_parser.rb +6251 -6314
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby32_parser.y +117 -93
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby3_parser.yy +132 -73
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby_lexer.rb +15 -7
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby_lexer.rex.rb +1 -1
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby_lexer_strings.rb +2 -2
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby_parser.yy +0 -10
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby_parser_extras.rb +9 -9
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/tools/munge.rb +8 -2
- data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/tools/ripper.rb +14 -12
- data/lib/brakeman/checks/check_ransack.rb +53 -0
- data/lib/brakeman/checks/check_sql.rb +1 -1
- data/lib/brakeman/options.rb +4 -0
- data/lib/brakeman/processors/alias_processor.rb +1 -2
- data/lib/brakeman/processors/lib/module_helper.rb +31 -1
- data/lib/brakeman/processors/library_processor.rb +6 -0
- data/lib/brakeman/scanner.rb +104 -42
- data/lib/brakeman/tracker/config.rb +14 -8
- data/lib/brakeman/tracker/controller.rb +14 -10
- data/lib/brakeman/tracker.rb +1 -1
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning_codes.rb +1 -0
- metadata +404 -403
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/CHANGES.txt +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/MIT-LICENSE +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/README.txt +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/contrib/erubis +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/contrib/erubis-run.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/contrib/inline-require +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/context.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/converter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ec.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ecpp.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ejava.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ejavascript.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/enhanced.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/eperl.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/ephp.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/eruby.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/escheme.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine/optimized.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/engine.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/enhancer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/error.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/evaluator.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/generator.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helper.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_form_helper.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_helper.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/local-setting.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/main.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/preprocessing.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/tiny.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis/util.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/lib/erubis.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/erubis-2.7.0/setup.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/CHANGELOG.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/FAQ.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/Gemfile +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/MIT-LICENSE +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/README.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/REFERENCE.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/TODO +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/haml.gemspec +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_builder.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_compiler.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/attribute_parser.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/buffer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/compiler.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/engine.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/error.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/escapable.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/exec.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/filters.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/generator.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_extensions.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_mods.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_xss_mods.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubi_template.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubis_template.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers/xss_mods.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/helpers.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/options.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/parser.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/plugin.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/railtie.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/sass_rails_filter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/template/options.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/template.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/temple_engine.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/temple_line_counter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/util.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml/version.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/lib/haml.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/yard/default/fulldoc/html/css/common.sass +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/haml-5.2.2/yard/default/layout/html/footer.erb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/AUTHORS +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/COPYING +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/Changelog.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/Gemfile +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/LICENSE +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/README.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/TODO +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/highline.gemspec +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/builtin_styles.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/color_scheme.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/compatibility.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/custom_errors.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/import.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/io_console_compatible.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/list.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/list_renderer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/menu/item.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/menu.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/paginator.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/question/answer_converter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/question.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/question_asker.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/simulate.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/statement.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/string.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/string_extensions.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/style.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/template_renderer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/terminal/io_console.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/terminal/ncurses.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/terminal/unix_stty.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/terminal.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/version.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline/wrapper.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/highline-2.1.0/lib/highline.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/parallel-1.23.0/MIT-LICENSE.txt +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/parallel-1.23.0/lib/parallel/version.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/parallel-1.23.0/lib/parallel.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/LICENSE.txt +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/attlistdecl.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/cdata.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/child.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/comment.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/doctype.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/dtd/attlistdecl.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/dtd/dtd.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/dtd/elementdecl.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/dtd/entitydecl.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/dtd/notationdecl.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/encoding.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/formatters/default.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/formatters/transitive.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/functions.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/instruction.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/light/node.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/node.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/output.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parent.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parseexception.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parsers/baseparser.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parsers/lightparser.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parsers/pullparser.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parsers/sax2parser.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parsers/streamparser.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parsers/treeparser.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/parsers/ultralightparser.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/quickpath.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/sax2listener.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/security.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/source.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/streamlistener.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/undefinednamespaceexception.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/validation/relaxng.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/validation/validation.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/validation/validationexception.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/xmldecl.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/xmltokens.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/xpath.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml/xpath_parser.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.2.6}/lib/rexml.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/ruby2ruby-2.4.4/History.rdoc +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/ruby2ruby-2.4.4/Manifest.txt +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/ruby2ruby-2.4.4/README.rdoc +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/Manifest.txt +0 -0
- /data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/README.rdoc +0 -0
- /data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/debugging.md +0 -0
- /data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/gauntlet.md +0 -0
- /data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/rp_extensions.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/rp_stringscanner.rb +0 -0
- /data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby_lexer.rex +0 -0
- /data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby_parser.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/CHANGES.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/Gemfile +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/LICENSE.txt +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/README.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/bundle_install_all_ruby_versions.sh +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/deep.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/libyaml_checker.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/load.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/date.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/hexadecimal.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/sexagesimal.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_handler.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_resolver.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/resolver.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/safe_to_ruby_visitor.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_hack.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_node_monkeypatch.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_resolver.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_boolean.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_date.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_float.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_integer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_nil.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_symbol.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/transformation_map.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/lib/safe_yaml.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/safe_yaml-1.0.5/safe_yaml.gemspec +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/History.rdoc +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/Manifest.txt +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/README.rdoc +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/lib/composite_sexp_processor.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/lib/pt_testcase.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/lib/sexp.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/lib/sexp_matcher.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/lib/sexp_processor.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/lib/strict_sexp.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/sexp_processor-4.17.0/lib/unique.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/CHANGES +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/Gemfile +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/LICENSE +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/README.jp.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/README.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/code_attributes.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/command.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/controls.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/do_inserter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/embedded.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/end_inserter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/engine.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/erb_converter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/filter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/grammar.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/include.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/interpolation.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less/context.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less/filter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/logic_less.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/parser.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/escaper.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/filter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart/parser.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/smart.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/splat/builder.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/splat/filter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/template.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/translator.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim/version.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/lib/slim.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/slim-4.1.0/slim.gemspec +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/CHANGES +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/EXPRESSIONS.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/Gemfile +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/LICENSE +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/README.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/engine.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/engine.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/parser.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/template.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/erb/trimming.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/exceptions.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/code_merger.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/control_flow.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/dynamic_inliner.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/encoding.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/eraser.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/escapable.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/multi_flattener.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/remove_bom.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/static_analyzer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/static_merger.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/string_splitter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/filters/validator.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generator.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/array.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/array_buffer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/erb.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/rails_output_buffer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/generators/string_buffer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/grammar.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_merger.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_remover.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/attribute_sorter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/dispatcher.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/fast.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/filter.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/pretty.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/html/safe.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/map.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/dispatcher.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/engine_dsl.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/grammar_dsl.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/options.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/mixins/template.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/parser.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/static_analyzer.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates/rails.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates/tilt.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/templates.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/utils.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple/version.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/lib/temple.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/temple-0.8.2/temple.gemspec +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/Gemfile +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/History.rdoc +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/LICENSE.txt +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/Manifest +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/README.rdoc +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/Todo.rdoc +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/cell.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/import.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/row.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/separator.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/style.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/table.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table/version.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/lib/terminal-table.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/terminal-table-1.8.0/terminal-table.gemspec +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/COPYING +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/asciidoc.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/babel.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/bluecloth.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/builder.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/coffee.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/commonmarker.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/creole.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/csv.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/dummy.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/erb.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/erubi.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/erubis.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/etanni.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/haml.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/kramdown.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/less.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/liquid.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/livescript.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/mapping.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/markaby.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/maruku.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/nokogiri.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/pandoc.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/plain.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/prawn.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/radius.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/rdiscount.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/rdoc.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/redcarpet.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/redcloth.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/sass.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/sigil.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/string.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/template.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/typescript.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/wikicloth.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt/yajl.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/tilt-2.0.11/lib/tilt.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/CHANGELOG.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/README.md +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/constants.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/index.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/no_string_ext.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/string_ext.rb +0 -0
- /data/bundle/ruby/{3.0.0 → 3.1.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width.rb +0 -0
data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/lib/ruby_parser.yy
RENAMED
@@ -1293,7 +1293,6 @@ rule
|
|
1293
1293
|
| k_begin
|
1294
1294
|
{
|
1295
1295
|
lexer.cmdarg.push false
|
1296
|
-
result = self.lexer.lineno
|
1297
1296
|
}
|
1298
1297
|
bodystmt k_end
|
1299
1298
|
{
|
@@ -1458,9 +1457,6 @@ rule
|
|
1458
1457
|
result = new_for iter, var, body
|
1459
1458
|
}
|
1460
1459
|
| k_class
|
1461
|
-
{
|
1462
|
-
result = self.lexer.lineno
|
1463
|
-
}
|
1464
1460
|
cpath superclass
|
1465
1461
|
{
|
1466
1462
|
if (self.in_def || self.in_single > 0) then
|
@@ -1475,9 +1471,6 @@ rule
|
|
1475
1471
|
self.lexer.ignore_body_comments
|
1476
1472
|
}
|
1477
1473
|
| k_class tLSHFT
|
1478
|
-
{
|
1479
|
-
result = self.lexer.lineno
|
1480
|
-
}
|
1481
1474
|
expr
|
1482
1475
|
{
|
1483
1476
|
result = self.in_def
|
@@ -1496,9 +1489,6 @@ rule
|
|
1496
1489
|
self.lexer.ignore_body_comments
|
1497
1490
|
}
|
1498
1491
|
| k_module
|
1499
|
-
{
|
1500
|
-
result = self.lexer.lineno
|
1501
|
-
}
|
1502
1492
|
cpath
|
1503
1493
|
{
|
1504
1494
|
yyerror "module definition in method body" if
|
@@ -30,9 +30,9 @@ class Sexp
|
|
30
30
|
end
|
31
31
|
|
32
32
|
module RubyParserStuff
|
33
|
-
VERSION = "3.20.
|
33
|
+
VERSION = "3.20.3"
|
34
34
|
|
35
|
-
attr_accessor :lexer, :in_def, :in_single, :file
|
35
|
+
attr_accessor :lexer, :in_def, :in_single, :file, :in_argdef
|
36
36
|
attr_accessor :in_kwarg
|
37
37
|
attr_reader :env, :comments
|
38
38
|
|
@@ -122,6 +122,7 @@ module RubyParserStuff
|
|
122
122
|
self.lexer = RubyLexer.new v && v.to_i
|
123
123
|
self.lexer.parser = self
|
124
124
|
self.in_kwarg = false
|
125
|
+
self.in_argdef = false
|
125
126
|
|
126
127
|
@env = RubyParserStuff::Environment.new
|
127
128
|
@comments = []
|
@@ -824,10 +825,10 @@ module RubyParserStuff
|
|
824
825
|
end
|
825
826
|
|
826
827
|
def new_begin val
|
827
|
-
_,
|
828
|
+
(_, line), _, body, _ = val
|
828
829
|
|
829
830
|
result = body ? s(:begin, body) : s(:nil)
|
830
|
-
result.line
|
831
|
+
result.line line
|
831
832
|
|
832
833
|
result
|
833
834
|
end
|
@@ -928,8 +929,7 @@ module RubyParserStuff
|
|
928
929
|
end
|
929
930
|
|
930
931
|
def new_class val
|
931
|
-
|
932
|
-
_, line, path, superclass, _, body, (_, line_max) = val
|
932
|
+
(_, line), path, superclass, _, body, (_, line_max) = val
|
933
933
|
|
934
934
|
path = path.first if path.instance_of? Array
|
935
935
|
|
@@ -1209,7 +1209,7 @@ module RubyParserStuff
|
|
1209
1209
|
end
|
1210
1210
|
|
1211
1211
|
def new_module val
|
1212
|
-
(_, line_min),
|
1212
|
+
(_, line_min), path, _, body, (_, line_max) = val
|
1213
1213
|
|
1214
1214
|
path = path.first if path.instance_of? Array
|
1215
1215
|
|
@@ -1367,7 +1367,7 @@ module RubyParserStuff
|
|
1367
1367
|
end
|
1368
1368
|
|
1369
1369
|
def new_sclass val
|
1370
|
-
|
1370
|
+
(_, line), _, recv, in_def, _, in_single, body, _ = val
|
1371
1371
|
|
1372
1372
|
result = s(:sclass, recv)
|
1373
1373
|
|
@@ -1379,7 +1379,7 @@ module RubyParserStuff
|
|
1379
1379
|
end
|
1380
1380
|
end
|
1381
1381
|
|
1382
|
-
result.line =
|
1382
|
+
result.line = line
|
1383
1383
|
self.in_def = in_def
|
1384
1384
|
self.in_single = in_single
|
1385
1385
|
result
|
data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/tools/munge.rb
RENAMED
@@ -174,6 +174,10 @@ ARGF.each_line do |line|
|
|
174
174
|
last_token = token
|
175
175
|
when /^Reading a token: / then
|
176
176
|
next # skip
|
177
|
+
when /^Reading a token$/ then # wtf?
|
178
|
+
next # skip
|
179
|
+
when /^(?:add_delayed_token|parser_dispatch)/ then # dunno what this is yet
|
180
|
+
next # skip
|
177
181
|
when /^read\s+:(\w+)/ then # read :tNL(tNL) nil
|
178
182
|
token = munge $1
|
179
183
|
next if last_token == token
|
@@ -212,7 +216,9 @@ ARGF.each_line do |line|
|
|
212
216
|
reduce_line = nil
|
213
217
|
stack.clear
|
214
218
|
when /^reduce/ then # ruby_parser side
|
215
|
-
|
219
|
+
s = munge line.chomp
|
220
|
+
next if s =~ /reduce\s+(\w+) --> \1/
|
221
|
+
puts s
|
216
222
|
puts
|
217
223
|
when /^(\w+_stack)\.(\w+)/ then
|
218
224
|
# TODO: make pretty, but still informative w/ line numbers etc
|
@@ -223,7 +229,7 @@ ARGF.each_line do |line|
|
|
223
229
|
# puts line
|
224
230
|
# TODO: make pretty, but still informative w/ line numbers etc
|
225
231
|
puts line.gsub("true", "1").gsub("false", "0")
|
226
|
-
when /^lex_state: :?([\w|]+) -> :?([\w|]+)(?: (?:at|from) (.*))?/ then
|
232
|
+
when /^lex_state: :?([\w|()]+) -> :?([\w|]+)(?: (?:at|from) (.*))?/ then
|
227
233
|
a, b, c = $1.upcase, $2.upcase, $3
|
228
234
|
a.gsub!(/EXPR_/, "")
|
229
235
|
b.gsub!(/EXPR_/, "")
|
data/bundle/ruby/{3.0.0/gems/ruby_parser-3.20.1 → 3.1.0/gems/ruby_parser-3.20.3}/tools/ripper.rb
RENAMED
@@ -21,18 +21,20 @@ end
|
|
21
21
|
ARGV.each do |path|
|
22
22
|
src = path == "-" ? $stdin.read : File.read(path)
|
23
23
|
|
24
|
-
sexp =
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
24
|
+
sexp = nil
|
25
|
+
|
26
|
+
if $b then
|
27
|
+
sexp = Ripper.sexp src
|
28
|
+
else
|
29
|
+
rip = MySexpBuilder.new src
|
30
|
+
rip.yydebug = $d
|
31
|
+
sexp = rip.parse
|
32
|
+
|
33
|
+
if rip.error? then
|
34
|
+
warn "skipping"
|
35
|
+
next
|
36
|
+
end
|
37
|
+
end
|
36
38
|
|
37
39
|
puts "accept"
|
38
40
|
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'brakeman/checks/base_check'
|
2
|
+
|
3
|
+
class Brakeman::CheckRansack < Brakeman::BaseCheck
|
4
|
+
Brakeman::Checks.add self
|
5
|
+
|
6
|
+
@description = "Checks for dangerous use of the Ransack library"
|
7
|
+
|
8
|
+
def run_check
|
9
|
+
return unless version_between? "0.0.0", "3.99", tracker.config.gem_version(:ransack)
|
10
|
+
check_ransack_calls
|
11
|
+
end
|
12
|
+
|
13
|
+
def check_ransack_calls
|
14
|
+
tracker.find_call(method: :ransack, nested: true).each do |result|
|
15
|
+
next unless original? result
|
16
|
+
|
17
|
+
call = result[:call]
|
18
|
+
arg = call.first_arg
|
19
|
+
|
20
|
+
# If an allow list is defined anywhere in the
|
21
|
+
# class or super classes, consider it safe
|
22
|
+
class_name = result[:chain].first
|
23
|
+
|
24
|
+
next if ransackable_allow_list?(class_name)
|
25
|
+
|
26
|
+
if input = has_immediate_user_input?(arg)
|
27
|
+
confidence = if tracker.find_class(class_name).nil?
|
28
|
+
confidence = :low
|
29
|
+
elsif result[:location][:file].relative.include? 'admin'
|
30
|
+
confidence = :medium
|
31
|
+
else
|
32
|
+
confidence = :high
|
33
|
+
end
|
34
|
+
|
35
|
+
message = msg('Unrestricted search using ', msg_code('ransack'), ' library called with ', msg_input(input), '. Limit search by defining ', msg_code('ransackable_attributes'), ' and ', msg_code('ransackable_associations'), ' methods in class or upgrade Ransack to version 4.0.0 or newer')
|
36
|
+
|
37
|
+
warn result: result,
|
38
|
+
warning_type: 'Missing Authorization',
|
39
|
+
warning_code: :ransack_search,
|
40
|
+
message: message,
|
41
|
+
user_input: input,
|
42
|
+
confidence: confidence,
|
43
|
+
cwe_id: [862],
|
44
|
+
link: 'https://positive.security/blog/ransack-data-exfiltration'
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def ransackable_allow_list? class_name
|
50
|
+
tracker.find_method(:ransackable_attributes, class_name, :class) and
|
51
|
+
tracker.find_method(:ransackable_associations, class_name, :class)
|
52
|
+
end
|
53
|
+
end
|
@@ -591,7 +591,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
591
591
|
:sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
|
592
592
|
:sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
|
593
593
|
:to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,
|
594
|
-
:where_values_hash, :foreign_key, :uuid
|
594
|
+
:where_values_hash, :foreign_key, :uuid, :escape, :escape_string
|
595
595
|
]
|
596
596
|
|
597
597
|
def ignore_methods_in_sql
|
data/lib/brakeman/options.rb
CHANGED
@@ -244,6 +244,10 @@ module Brakeman::Options
|
|
244
244
|
options[:debug] = true
|
245
245
|
end
|
246
246
|
|
247
|
+
opts.on "--timing", "Measure time for scan steps" do
|
248
|
+
options[:show_timing] = true
|
249
|
+
end
|
250
|
+
|
247
251
|
opts.on "-f",
|
248
252
|
"--format TYPE",
|
249
253
|
[:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit, :sarif, :sonar, :github],
|
@@ -84,6 +84,9 @@ module Brakeman::ModuleHelper
|
|
84
84
|
res.line(exp.line)
|
85
85
|
@current_method = nil
|
86
86
|
|
87
|
+
# TODO: if target is not self/nil, then
|
88
|
+
# the method should be added to `target`, not current class
|
89
|
+
|
87
90
|
if @current_class
|
88
91
|
@current_class.add_method @visibility, name, res, @current_file
|
89
92
|
elsif @current_module
|
@@ -96,7 +99,13 @@ module Brakeman::ModuleHelper
|
|
96
99
|
name = exp.method_name
|
97
100
|
|
98
101
|
@current_method = name
|
99
|
-
|
102
|
+
|
103
|
+
if @inside_sclass
|
104
|
+
res = Sexp.new :defs, s(:self), name, exp.formal_args, *process_all!(exp.body)
|
105
|
+
else
|
106
|
+
res = Sexp.new :defn, name, exp.formal_args, *process_all!(exp.body)
|
107
|
+
end
|
108
|
+
|
100
109
|
res.line(exp.line)
|
101
110
|
@current_method = nil
|
102
111
|
|
@@ -108,4 +117,25 @@ module Brakeman::ModuleHelper
|
|
108
117
|
|
109
118
|
res
|
110
119
|
end
|
120
|
+
|
121
|
+
# class << self
|
122
|
+
def process_sclass exp
|
123
|
+
@inside_sclass = true
|
124
|
+
|
125
|
+
process_all! exp
|
126
|
+
|
127
|
+
exp
|
128
|
+
ensure
|
129
|
+
@inside_sclass = false
|
130
|
+
end
|
131
|
+
|
132
|
+
def make_defs exp
|
133
|
+
# 'What if' there was some crazy code that had a
|
134
|
+
# defs inside a def inside an sclass? :|
|
135
|
+
return exp if node_type? exp, :defs
|
136
|
+
|
137
|
+
raise "Unexpected node type: #{exp.node_type}" unless node_type? exp, :defn
|
138
|
+
|
139
|
+
Sexp.new(:defs, s(:self), exp.method_name, exp.formal_args, *exp.body).line(exp.line)
|
140
|
+
end
|
111
141
|
end
|
@@ -30,6 +30,12 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def process_defn exp
|
33
|
+
# TODO: Why is this different from ModuleHelper?
|
34
|
+
|
35
|
+
if @inside_sclass
|
36
|
+
exp = make_defs(exp)
|
37
|
+
end
|
38
|
+
|
33
39
|
if exp.method_name == :initialize
|
34
40
|
@alias_processor.process_safely exp.body_list
|
35
41
|
@initializer_env = @alias_processor.only_ivars
|
data/lib/brakeman/scanner.rb
CHANGED
@@ -30,6 +30,7 @@ class Brakeman::Scanner
|
|
30
30
|
end
|
31
31
|
|
32
32
|
@processor = processor || Brakeman::Processor.new(@app_tree, options)
|
33
|
+
@show_timing = tracker.options[:debug] || tracker.options[:show_timing]
|
33
34
|
end
|
34
35
|
|
35
36
|
#Returns the Tracker generated from the scan
|
@@ -37,35 +38,89 @@ class Brakeman::Scanner
|
|
37
38
|
@processor.tracked_events
|
38
39
|
end
|
39
40
|
|
41
|
+
def process_step description
|
42
|
+
Brakeman.notify "#{description}...".ljust(40)
|
43
|
+
|
44
|
+
if @show_timing
|
45
|
+
start_t = Time.now
|
46
|
+
yield
|
47
|
+
duration = Time.now - start_t
|
48
|
+
|
49
|
+
Brakeman.notify "(#{description}) Duration: #{duration} seconds"
|
50
|
+
else
|
51
|
+
yield
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def process_step_file description
|
56
|
+
if @show_timing
|
57
|
+
Brakeman.notify "Processing #{description}"
|
58
|
+
|
59
|
+
start_t = Time.now
|
60
|
+
yield
|
61
|
+
duration = Time.now - start_t
|
62
|
+
|
63
|
+
Brakeman.notify "(#{description}) Duration: #{duration} seconds"
|
64
|
+
else
|
65
|
+
yield
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
40
69
|
#Process everything in the Rails application
|
41
70
|
def process
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
71
|
+
process_step 'Processing gems' do
|
72
|
+
process_gems
|
73
|
+
end
|
74
|
+
|
75
|
+
process_step 'Processing configuration' do
|
76
|
+
guess_rails_version
|
77
|
+
process_config
|
78
|
+
end
|
79
|
+
|
80
|
+
process_step 'Parsing files' do
|
81
|
+
parse_files
|
82
|
+
end
|
83
|
+
|
84
|
+
process_step 'Detecting file types' do
|
85
|
+
detect_file_types
|
86
|
+
end
|
87
|
+
|
88
|
+
process_step 'Processing initializers' do
|
89
|
+
process_initializers
|
90
|
+
end
|
91
|
+
|
92
|
+
process_step 'Processing libs' do
|
93
|
+
process_libs
|
94
|
+
end
|
95
|
+
|
96
|
+
process_step 'Processing routes' do
|
97
|
+
process_routes
|
98
|
+
end
|
99
|
+
|
100
|
+
process_step 'Processing templates' do
|
101
|
+
process_templates
|
102
|
+
end
|
103
|
+
|
104
|
+
process_step 'Processing data flow in templates' do
|
105
|
+
process_template_data_flows
|
106
|
+
end
|
107
|
+
|
108
|
+
process_step 'Processing models' do
|
109
|
+
process_models
|
110
|
+
end
|
111
|
+
|
112
|
+
process_step 'Processing controllers' do
|
113
|
+
process_controllers
|
114
|
+
end
|
115
|
+
|
116
|
+
process_step 'Processing data flow in controllers' do
|
117
|
+
process_controller_data_flows
|
118
|
+
end
|
119
|
+
|
120
|
+
process_step 'Indexing call sites' do
|
121
|
+
index_call_sites
|
122
|
+
end
|
123
|
+
|
69
124
|
tracker
|
70
125
|
end
|
71
126
|
|
@@ -214,8 +269,9 @@ class Brakeman::Scanner
|
|
214
269
|
#Adds parsed information to tracker.initializers
|
215
270
|
def process_initializers
|
216
271
|
track_progress @file_list[:initializers] do |init|
|
217
|
-
|
218
|
-
|
272
|
+
process_step_file init[:path] do
|
273
|
+
process_initializer init
|
274
|
+
end
|
219
275
|
end
|
220
276
|
end
|
221
277
|
|
@@ -234,8 +290,9 @@ class Brakeman::Scanner
|
|
234
290
|
end
|
235
291
|
|
236
292
|
track_progress @file_list[:libs] do |lib|
|
237
|
-
|
238
|
-
|
293
|
+
process_step_file lib.path do
|
294
|
+
process_lib lib
|
295
|
+
end
|
239
296
|
end
|
240
297
|
end
|
241
298
|
|
@@ -266,8 +323,9 @@ class Brakeman::Scanner
|
|
266
323
|
#Adds processed controllers to tracker.controllers
|
267
324
|
def process_controllers
|
268
325
|
track_progress @file_list[:controllers] do |controller|
|
269
|
-
|
270
|
-
|
326
|
+
process_step_file controller.path do
|
327
|
+
process_controller controller
|
328
|
+
end
|
271
329
|
end
|
272
330
|
end
|
273
331
|
|
@@ -275,9 +333,10 @@ class Brakeman::Scanner
|
|
275
333
|
controllers = tracker.controllers.sort_by { |name, _| name.to_s }
|
276
334
|
|
277
335
|
track_progress controllers, "controllers" do |name, controller|
|
278
|
-
|
279
|
-
|
280
|
-
|
336
|
+
process_step_file name do
|
337
|
+
controller.src.each do |file, src|
|
338
|
+
@processor.process_controller_alias name, src, nil, file
|
339
|
+
end
|
281
340
|
end
|
282
341
|
end
|
283
342
|
|
@@ -300,8 +359,9 @@ class Brakeman::Scanner
|
|
300
359
|
templates = @file_list[:templates].sort_by { |t| t[:path] }
|
301
360
|
|
302
361
|
track_progress templates, "templates" do |template|
|
303
|
-
|
304
|
-
|
362
|
+
process_step_file template[:path] do
|
363
|
+
process_template template
|
364
|
+
end
|
305
365
|
end
|
306
366
|
end
|
307
367
|
|
@@ -313,8 +373,9 @@ class Brakeman::Scanner
|
|
313
373
|
templates = tracker.templates.sort_by { |name, _| name.to_s }
|
314
374
|
|
315
375
|
track_progress templates, "templates" do |name, template|
|
316
|
-
|
317
|
-
|
376
|
+
process_step_file name do
|
377
|
+
@processor.process_template_alias template
|
378
|
+
end
|
318
379
|
end
|
319
380
|
end
|
320
381
|
|
@@ -323,8 +384,9 @@ class Brakeman::Scanner
|
|
323
384
|
#Adds the processed models to tracker.models
|
324
385
|
def process_models
|
325
386
|
track_progress @file_list[:models] do |model|
|
326
|
-
|
327
|
-
|
387
|
+
process_step_file model[:path] do
|
388
|
+
process_model model[:path], model[:ast]
|
389
|
+
end
|
328
390
|
end
|
329
391
|
end
|
330
392
|
|
@@ -189,13 +189,19 @@ module Brakeman
|
|
189
189
|
# Load defaults based on config.load_defaults value
|
190
190
|
# as documented here: https://guides.rubyonrails.org/configuring.html#results-of-config-load-defaults
|
191
191
|
def load_rails_defaults
|
192
|
-
return unless
|
192
|
+
return unless node_type? tracker.config.rails[:load_defaults], :lit, :str
|
193
|
+
|
194
|
+
version = tracker.config.rails[:load_defaults].value.to_s
|
195
|
+
|
196
|
+
unless version.match? /^\d+\.\d+$/
|
197
|
+
Brakeman.debug "[Notice] Unknown version: #{tracker.config.rails[:load_defaults]}"
|
198
|
+
return
|
199
|
+
end
|
193
200
|
|
194
|
-
version = tracker.config.rails[:load_defaults].value
|
195
201
|
true_value = Sexp.new(:true)
|
196
202
|
false_value = Sexp.new(:false)
|
197
203
|
|
198
|
-
if version >= 5.0
|
204
|
+
if version >= '5.0'
|
199
205
|
set_rails_config(value: true_value, path: [:action_controller, :per_form_csrf_tokens])
|
200
206
|
set_rails_config(value: true_value, path: [:action_controller, :forgery_protection_origin_check])
|
201
207
|
set_rails_config(value: true_value, path: [:active_record, :belongs_to_required_by_default])
|
@@ -203,12 +209,12 @@ module Brakeman
|
|
203
209
|
set_rails_config(value: true_value, path: [:ssl_options, :hsts, :subdomains])
|
204
210
|
end
|
205
211
|
|
206
|
-
if version >= 5.1
|
212
|
+
if version >= '5.1'
|
207
213
|
set_rails_config(value: false_value, path: [:assets, :unknown_asset_fallback])
|
208
214
|
set_rails_config(value: true_value, path: [:action_view, :form_with_generates_remote_forms])
|
209
215
|
end
|
210
216
|
|
211
|
-
if version >= 5.2
|
217
|
+
if version >= '5.2'
|
212
218
|
set_rails_config(value: true_value, path: [:active_record, :cache_versioning])
|
213
219
|
set_rails_config(value: true_value, path: [:action_dispatch, :use_authenticated_cookie_encryption])
|
214
220
|
set_rails_config(value: true_value, path: [:active_support, :use_authenticated_message_encryption])
|
@@ -217,7 +223,7 @@ module Brakeman
|
|
217
223
|
set_rails_config(value: true_value, path: [:action_view, :form_with_generates_ids])
|
218
224
|
end
|
219
225
|
|
220
|
-
if version >= 6.0
|
226
|
+
if version >= '6.0'
|
221
227
|
set_rails_config(value: Sexp.new(:lit, :zeitwerk), path: [:autoloader])
|
222
228
|
set_rails_config(value: false_value, path: [:action_view, :default_enforce_utf8])
|
223
229
|
set_rails_config(value: true_value, path: [:action_dispatch, :use_cookies_with_metadata])
|
@@ -230,7 +236,7 @@ module Brakeman
|
|
230
236
|
set_rails_config(value: true_value, path: [:active_record, :collection_cache_versioning])
|
231
237
|
end
|
232
238
|
|
233
|
-
if version >= 6.1
|
239
|
+
if version >= '6.1'
|
234
240
|
set_rails_config(value: true_value, path: [:action_controller, :urlsafe_csrf_tokens])
|
235
241
|
set_rails_config(value: Sexp.new(:lit, :lax), path: [:action_dispatch, :cookies_same_site_protection])
|
236
242
|
set_rails_config(value: Sexp.new(:lit, 308), path: [:action_dispatch, :ssl_default_redirect_status])
|
@@ -242,7 +248,7 @@ module Brakeman
|
|
242
248
|
set_rails_config(value: true_value, path: [:active_storage, :track_variants])
|
243
249
|
end
|
244
250
|
|
245
|
-
if version >= 7.0
|
251
|
+
if version >= '7.0'
|
246
252
|
video_args =
|
247
253
|
Sexp.new(:str, "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1' -frames:v 1 -f image2")
|
248
254
|
hash_class = s(:colon2, s(:colon2, s(:const, :OpenSSL), :Digest), :SHA256)
|
@@ -120,16 +120,20 @@ module Brakeman
|
|
120
120
|
filter[:methods] << a[1] if a.node_type == :lit
|
121
121
|
end
|
122
122
|
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
123
|
+
options = args.last
|
124
|
+
|
125
|
+
if hash? options
|
126
|
+
# Probably only one option,
|
127
|
+
# but this also avoids issues with kwsplats
|
128
|
+
hash_iterate(options) do |option, value|
|
129
|
+
case value.node_type
|
130
|
+
when :array
|
131
|
+
filter[option.value] = value.sexp_body.map {|v| v[1] }
|
132
|
+
when :lit, :str
|
133
|
+
filter[option.value] = value[1]
|
134
|
+
else
|
135
|
+
Brakeman.debug "[Notice] Unknown before_filter value: #{option} => #{value}"
|
136
|
+
end
|
133
137
|
end
|
134
138
|
else
|
135
139
|
filter[:all] = true
|
data/lib/brakeman/tracker.rb
CHANGED
@@ -245,7 +245,7 @@ class Brakeman::Tracker
|
|
245
245
|
end
|
246
246
|
|
247
247
|
# Not in any included modules, check the parent
|
248
|
-
@method_cache[cache_key] = find_method(method_name, klass.parent)
|
248
|
+
@method_cache[cache_key] = find_method(method_name, klass.parent, method_type)
|
249
249
|
end
|
250
250
|
end
|
251
251
|
|
data/lib/brakeman/version.rb
CHANGED