brakeman 6.0.1 → 6.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (416) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +13 -0
  3. data/bundle/load.rb +14 -14
  4. data/bundle/ruby/3.0.0/gems/parallel-1.24.0/lib/parallel/version.rb +4 -0
  5. data/bundle/ruby/{3.1.0/gems/parallel-1.23.0 → 3.0.0/gems/parallel-1.24.0}/lib/parallel.rb +25 -1
  6. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/NEWS.md +100 -2
  7. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/README.md +10 -1
  8. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/attribute.rb +14 -9
  9. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/document.rb +1 -1
  10. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/element.rb +3 -3
  11. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/entity.rb +25 -15
  12. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/formatters/pretty.rb +2 -2
  13. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/namespace.rb +8 -4
  14. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parsers/xpathparser.rb +136 -86
  15. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/rexml.rb +3 -1
  16. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/text.rb +6 -4
  17. data/lib/brakeman/checks/check_ransack.rb +53 -0
  18. data/lib/brakeman/checks/check_sql.rb +1 -1
  19. data/lib/brakeman/options.rb +4 -0
  20. data/lib/brakeman/processors/alias_processor.rb +1 -2
  21. data/lib/brakeman/processors/lib/module_helper.rb +31 -1
  22. data/lib/brakeman/processors/library_processor.rb +6 -0
  23. data/lib/brakeman/scanner.rb +104 -42
  24. data/lib/brakeman/tracker/controller.rb +14 -10
  25. data/lib/brakeman/tracker.rb +1 -1
  26. data/lib/brakeman/version.rb +1 -1
  27. data/lib/brakeman/warning_codes.rb +1 -0
  28. metadata +419 -404
  29. data/bundle/ruby/3.1.0/gems/parallel-1.23.0/lib/parallel/version.rb +0 -4
  30. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/CHANGES.txt +0 -0
  31. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/MIT-LICENSE +0 -0
  32. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/README.txt +0 -0
  33. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/contrib/erubis +0 -0
  34. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/contrib/erubis-run.rb +0 -0
  35. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/contrib/inline-require +0 -0
  36. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/context.rb +0 -0
  37. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/converter.rb +0 -0
  38. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/ec.rb +0 -0
  39. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/ecpp.rb +0 -0
  40. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/ejava.rb +0 -0
  41. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/ejavascript.rb +0 -0
  42. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/enhanced.rb +0 -0
  43. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/eperl.rb +0 -0
  44. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/ephp.rb +0 -0
  45. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/eruby.rb +0 -0
  46. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/escheme.rb +0 -0
  47. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine/optimized.rb +0 -0
  48. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/engine.rb +0 -0
  49. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/enhancer.rb +0 -0
  50. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/error.rb +0 -0
  51. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/evaluator.rb +0 -0
  52. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/generator.rb +0 -0
  53. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/helper.rb +0 -0
  54. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_form_helper.rb +0 -0
  55. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_helper.rb +0 -0
  56. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/local-setting.rb +0 -0
  57. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/main.rb +0 -0
  58. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/preprocessing.rb +0 -0
  59. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/tiny.rb +0 -0
  60. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis/util.rb +0 -0
  61. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/lib/erubis.rb +0 -0
  62. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/erubis-2.7.0/setup.rb +0 -0
  63. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/CHANGELOG.md +0 -0
  64. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/FAQ.md +0 -0
  65. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/Gemfile +0 -0
  66. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/MIT-LICENSE +0 -0
  67. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/README.md +0 -0
  68. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/REFERENCE.md +0 -0
  69. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/TODO +0 -0
  70. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/haml.gemspec +0 -0
  71. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/attribute_builder.rb +0 -0
  72. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/attribute_compiler.rb +0 -0
  73. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/attribute_parser.rb +0 -0
  74. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/buffer.rb +0 -0
  75. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/compiler.rb +0 -0
  76. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/engine.rb +0 -0
  77. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/error.rb +0 -0
  78. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/escapable.rb +0 -0
  79. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/exec.rb +0 -0
  80. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/filters.rb +0 -0
  81. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/generator.rb +0 -0
  82. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_extensions.rb +0 -0
  83. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_mods.rb +0 -0
  84. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_xss_mods.rb +0 -0
  85. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubi_template.rb +0 -0
  86. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubis_template.rb +0 -0
  87. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/helpers/xss_mods.rb +0 -0
  88. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/helpers.rb +0 -0
  89. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/options.rb +0 -0
  90. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/parser.rb +0 -0
  91. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/plugin.rb +0 -0
  92. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/railtie.rb +0 -0
  93. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/sass_rails_filter.rb +0 -0
  94. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/template/options.rb +0 -0
  95. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/template.rb +0 -0
  96. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/temple_engine.rb +0 -0
  97. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/temple_line_counter.rb +0 -0
  98. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/util.rb +0 -0
  99. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml/version.rb +0 -0
  100. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/lib/haml.rb +0 -0
  101. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/yard/default/fulldoc/html/css/common.sass +0 -0
  102. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/haml-5.2.2/yard/default/layout/html/footer.erb +0 -0
  103. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/AUTHORS +0 -0
  104. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/COPYING +0 -0
  105. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/Changelog.md +0 -0
  106. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/Gemfile +0 -0
  107. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/LICENSE +0 -0
  108. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/README.md +0 -0
  109. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/TODO +0 -0
  110. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/highline.gemspec +0 -0
  111. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/builtin_styles.rb +0 -0
  112. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/color_scheme.rb +0 -0
  113. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/compatibility.rb +0 -0
  114. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/custom_errors.rb +0 -0
  115. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/import.rb +0 -0
  116. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/io_console_compatible.rb +0 -0
  117. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/list.rb +0 -0
  118. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/list_renderer.rb +0 -0
  119. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/menu/item.rb +0 -0
  120. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/menu.rb +0 -0
  121. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/paginator.rb +0 -0
  122. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/question/answer_converter.rb +0 -0
  123. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/question.rb +0 -0
  124. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/question_asker.rb +0 -0
  125. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/simulate.rb +0 -0
  126. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/statement.rb +0 -0
  127. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/string.rb +0 -0
  128. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/string_extensions.rb +0 -0
  129. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/style.rb +0 -0
  130. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/template_renderer.rb +0 -0
  131. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/terminal/io_console.rb +0 -0
  132. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/terminal/ncurses.rb +0 -0
  133. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/terminal/unix_stty.rb +0 -0
  134. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/terminal.rb +0 -0
  135. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/version.rb +0 -0
  136. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline/wrapper.rb +0 -0
  137. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/highline-2.1.0/lib/highline.rb +0 -0
  138. /data/bundle/ruby/{3.1.0/gems/parallel-1.23.0 → 3.0.0/gems/parallel-1.24.0}/MIT-LICENSE.txt +0 -0
  139. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/LICENSE.txt +0 -0
  140. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/attlistdecl.rb +0 -0
  141. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/cdata.rb +0 -0
  142. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/child.rb +0 -0
  143. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/comment.rb +0 -0
  144. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/doctype.rb +0 -0
  145. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/dtd/attlistdecl.rb +0 -0
  146. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/dtd/dtd.rb +0 -0
  147. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/dtd/elementdecl.rb +0 -0
  148. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/dtd/entitydecl.rb +0 -0
  149. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/dtd/notationdecl.rb +0 -0
  150. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/encoding.rb +0 -0
  151. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/formatters/default.rb +0 -0
  152. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/formatters/transitive.rb +0 -0
  153. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/functions.rb +0 -0
  154. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/instruction.rb +0 -0
  155. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/light/node.rb +0 -0
  156. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/node.rb +0 -0
  157. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/output.rb +0 -0
  158. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parent.rb +0 -0
  159. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parseexception.rb +0 -0
  160. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parsers/baseparser.rb +0 -0
  161. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parsers/lightparser.rb +0 -0
  162. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parsers/pullparser.rb +0 -0
  163. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parsers/sax2parser.rb +0 -0
  164. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parsers/streamparser.rb +0 -0
  165. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parsers/treeparser.rb +0 -0
  166. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/parsers/ultralightparser.rb +0 -0
  167. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/quickpath.rb +0 -0
  168. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/sax2listener.rb +0 -0
  169. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/security.rb +0 -0
  170. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/source.rb +0 -0
  171. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/streamlistener.rb +0 -0
  172. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/undefinednamespaceexception.rb +0 -0
  173. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/validation/relaxng.rb +0 -0
  174. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/validation/validation.rb +0 -0
  175. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/validation/validationexception.rb +0 -0
  176. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/xmldecl.rb +0 -0
  177. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/xmltokens.rb +0 -0
  178. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/xpath.rb +0 -0
  179. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml/xpath_parser.rb +0 -0
  180. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.0.0/gems/rexml-3.2.6}/lib/rexml.rb +0 -0
  181. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby2ruby-2.4.4/History.rdoc +0 -0
  182. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby2ruby-2.4.4/Manifest.txt +0 -0
  183. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby2ruby-2.4.4/README.rdoc +0 -0
  184. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb +0 -0
  185. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/History.rdoc +0 -0
  186. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/Manifest.txt +0 -0
  187. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/README.rdoc +0 -0
  188. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/compare/normalize.rb +0 -0
  189. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/debugging.md +0 -0
  190. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/gauntlet.md +0 -0
  191. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/rp_extensions.rb +0 -0
  192. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/rp_stringscanner.rb +0 -0
  193. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby20_parser.rb +0 -0
  194. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby20_parser.y +0 -0
  195. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby21_parser.rb +0 -0
  196. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby21_parser.y +0 -0
  197. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby22_parser.rb +0 -0
  198. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby22_parser.y +0 -0
  199. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby23_parser.rb +0 -0
  200. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby23_parser.y +0 -0
  201. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby24_parser.rb +0 -0
  202. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby24_parser.y +0 -0
  203. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby25_parser.rb +0 -0
  204. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby25_parser.y +0 -0
  205. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby26_parser.rb +0 -0
  206. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby26_parser.y +0 -0
  207. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby27_parser.rb +0 -0
  208. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby27_parser.y +0 -0
  209. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby30_parser.rb +0 -0
  210. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby30_parser.y +0 -0
  211. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby31_parser.rb +0 -0
  212. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby31_parser.y +0 -0
  213. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby32_parser.rb +0 -0
  214. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby32_parser.y +0 -0
  215. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby3_parser.yy +0 -0
  216. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby_lexer.rb +0 -0
  217. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby_lexer.rex +0 -0
  218. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby_lexer.rex.rb +0 -0
  219. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby_lexer_strings.rb +0 -0
  220. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby_parser.rb +0 -0
  221. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby_parser.yy +0 -0
  222. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/lib/ruby_parser_extras.rb +0 -0
  223. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/tools/munge.rb +0 -0
  224. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/ruby_parser-3.20.3/tools/ripper.rb +0 -0
  225. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/CHANGES.md +0 -0
  226. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/Gemfile +0 -0
  227. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/LICENSE.txt +0 -0
  228. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/README.md +0 -0
  229. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/bundle_install_all_ruby_versions.sh +0 -0
  230. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/deep.rb +0 -0
  231. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/libyaml_checker.rb +0 -0
  232. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/load.rb +0 -0
  233. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/date.rb +0 -0
  234. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/hexadecimal.rb +0 -0
  235. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/sexagesimal.rb +0 -0
  236. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_handler.rb +0 -0
  237. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_resolver.rb +0 -0
  238. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/resolver.rb +0 -0
  239. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/safe_to_ruby_visitor.rb +0 -0
  240. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb +0 -0
  241. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_hack.rb +0 -0
  242. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_node_monkeypatch.rb +0 -0
  243. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_resolver.rb +0 -0
  244. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_boolean.rb +0 -0
  245. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_date.rb +0 -0
  246. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_float.rb +0 -0
  247. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_integer.rb +0 -0
  248. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_nil.rb +0 -0
  249. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_symbol.rb +0 -0
  250. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/transformation_map.rb +0 -0
  251. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/transform.rb +0 -0
  252. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb +0 -0
  253. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/lib/safe_yaml.rb +0 -0
  254. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh +0 -0
  255. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/safe_yaml-1.0.5/safe_yaml.gemspec +0 -0
  256. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/History.rdoc +0 -0
  257. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/Manifest.txt +0 -0
  258. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/README.rdoc +0 -0
  259. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/lib/composite_sexp_processor.rb +0 -0
  260. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/lib/pt_testcase.rb +0 -0
  261. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/lib/sexp.rb +0 -0
  262. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/lib/sexp_matcher.rb +0 -0
  263. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/lib/sexp_processor.rb +0 -0
  264. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/lib/strict_sexp.rb +0 -0
  265. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/sexp_processor-4.17.0/lib/unique.rb +0 -0
  266. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/CHANGES +0 -0
  267. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/Gemfile +0 -0
  268. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/LICENSE +0 -0
  269. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/README.jp.md +0 -0
  270. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/README.md +0 -0
  271. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/code_attributes.rb +0 -0
  272. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/command.rb +0 -0
  273. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/controls.rb +0 -0
  274. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/do_inserter.rb +0 -0
  275. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/embedded.rb +0 -0
  276. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/end_inserter.rb +0 -0
  277. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/engine.rb +0 -0
  278. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/erb_converter.rb +0 -0
  279. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/filter.rb +0 -0
  280. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/grammar.rb +0 -0
  281. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/include.rb +0 -0
  282. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/interpolation.rb +0 -0
  283. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/logic_less/context.rb +0 -0
  284. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/logic_less/filter.rb +0 -0
  285. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/logic_less.rb +0 -0
  286. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/parser.rb +0 -0
  287. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/smart/escaper.rb +0 -0
  288. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/smart/filter.rb +0 -0
  289. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/smart/parser.rb +0 -0
  290. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/smart.rb +0 -0
  291. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/splat/builder.rb +0 -0
  292. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/splat/filter.rb +0 -0
  293. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/template.rb +0 -0
  294. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/translator.rb +0 -0
  295. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim/version.rb +0 -0
  296. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/lib/slim.rb +0 -0
  297. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/slim-4.1.0/slim.gemspec +0 -0
  298. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/CHANGES +0 -0
  299. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/EXPRESSIONS.md +0 -0
  300. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/Gemfile +0 -0
  301. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/LICENSE +0 -0
  302. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/README.md +0 -0
  303. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/engine.rb +0 -0
  304. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/erb/engine.rb +0 -0
  305. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/erb/parser.rb +0 -0
  306. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/erb/template.rb +0 -0
  307. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/erb/trimming.rb +0 -0
  308. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/exceptions.rb +0 -0
  309. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filter.rb +0 -0
  310. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/code_merger.rb +0 -0
  311. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/control_flow.rb +0 -0
  312. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/dynamic_inliner.rb +0 -0
  313. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/encoding.rb +0 -0
  314. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/eraser.rb +0 -0
  315. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/escapable.rb +0 -0
  316. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/multi_flattener.rb +0 -0
  317. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/remove_bom.rb +0 -0
  318. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/static_analyzer.rb +0 -0
  319. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/static_merger.rb +0 -0
  320. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/string_splitter.rb +0 -0
  321. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/filters/validator.rb +0 -0
  322. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/generator.rb +0 -0
  323. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/generators/array.rb +0 -0
  324. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/generators/array_buffer.rb +0 -0
  325. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/generators/erb.rb +0 -0
  326. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/generators/rails_output_buffer.rb +0 -0
  327. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/generators/string_buffer.rb +0 -0
  328. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/grammar.rb +0 -0
  329. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/html/attribute_merger.rb +0 -0
  330. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/html/attribute_remover.rb +0 -0
  331. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/html/attribute_sorter.rb +0 -0
  332. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/html/dispatcher.rb +0 -0
  333. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/html/fast.rb +0 -0
  334. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/html/filter.rb +0 -0
  335. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/html/pretty.rb +0 -0
  336. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/html/safe.rb +0 -0
  337. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/map.rb +0 -0
  338. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/mixins/dispatcher.rb +0 -0
  339. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/mixins/engine_dsl.rb +0 -0
  340. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/mixins/grammar_dsl.rb +0 -0
  341. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/mixins/options.rb +0 -0
  342. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/mixins/template.rb +0 -0
  343. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/parser.rb +0 -0
  344. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/static_analyzer.rb +0 -0
  345. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/templates/rails.rb +0 -0
  346. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/templates/tilt.rb +0 -0
  347. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/templates.rb +0 -0
  348. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/utils.rb +0 -0
  349. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple/version.rb +0 -0
  350. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/lib/temple.rb +0 -0
  351. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/temple-0.8.2/temple.gemspec +0 -0
  352. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/Gemfile +0 -0
  353. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/History.rdoc +0 -0
  354. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/LICENSE.txt +0 -0
  355. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/Manifest +0 -0
  356. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/README.rdoc +0 -0
  357. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/Todo.rdoc +0 -0
  358. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table/cell.rb +0 -0
  359. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table/import.rb +0 -0
  360. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table/row.rb +0 -0
  361. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table/separator.rb +0 -0
  362. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table/style.rb +0 -0
  363. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table/table.rb +0 -0
  364. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb +0 -0
  365. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table/version.rb +0 -0
  366. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/lib/terminal-table.rb +0 -0
  367. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/terminal-table-1.8.0/terminal-table.gemspec +0 -0
  368. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/COPYING +0 -0
  369. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/asciidoc.rb +0 -0
  370. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/babel.rb +0 -0
  371. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/bluecloth.rb +0 -0
  372. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/builder.rb +0 -0
  373. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/coffee.rb +0 -0
  374. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/commonmarker.rb +0 -0
  375. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/creole.rb +0 -0
  376. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/csv.rb +0 -0
  377. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/dummy.rb +0 -0
  378. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/erb.rb +0 -0
  379. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/erubi.rb +0 -0
  380. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/erubis.rb +0 -0
  381. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/etanni.rb +0 -0
  382. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/haml.rb +0 -0
  383. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/kramdown.rb +0 -0
  384. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/less.rb +0 -0
  385. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/liquid.rb +0 -0
  386. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/livescript.rb +0 -0
  387. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/mapping.rb +0 -0
  388. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/markaby.rb +0 -0
  389. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/maruku.rb +0 -0
  390. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/nokogiri.rb +0 -0
  391. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/pandoc.rb +0 -0
  392. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/plain.rb +0 -0
  393. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/prawn.rb +0 -0
  394. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/radius.rb +0 -0
  395. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/rdiscount.rb +0 -0
  396. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/rdoc.rb +0 -0
  397. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/redcarpet.rb +0 -0
  398. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/redcloth.rb +0 -0
  399. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +0 -0
  400. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/sass.rb +0 -0
  401. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/sigil.rb +0 -0
  402. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/string.rb +0 -0
  403. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/template.rb +0 -0
  404. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/typescript.rb +0 -0
  405. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/wikicloth.rb +0 -0
  406. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt/yajl.rb +0 -0
  407. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/tilt-2.0.11/lib/tilt.rb +0 -0
  408. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/CHANGELOG.md +0 -0
  409. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt +0 -0
  410. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/README.md +0 -0
  411. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz +0 -0
  412. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/constants.rb +0 -0
  413. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/index.rb +0 -0
  414. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/no_string_ext.rb +0 -0
  415. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/string_ext.rb +0 -0
  416. /data/bundle/ruby/{3.1.0 → 3.0.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width.rb +0 -0
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: false
2
+
2
3
  require_relative '../namespace'
3
4
  require_relative '../xmltokens'
4
5
 
@@ -38,108 +39,143 @@ module REXML
38
39
  parsed
39
40
  end
40
41
 
41
- def abbreviate( path )
42
- path = path.kind_of?(String) ? parse( path ) : path
43
- string = ""
44
- document = false
45
- while path.size > 0
46
- op = path.shift
42
+ def abbreviate(path_or_parsed)
43
+ if path_or_parsed.kind_of?(String)
44
+ parsed = parse(path_or_parsed)
45
+ else
46
+ parsed = path_or_parsed
47
+ end
48
+ components = []
49
+ component = nil
50
+ while parsed.size > 0
51
+ op = parsed.shift
47
52
  case op
48
53
  when :node
54
+ component << "node()"
49
55
  when :attribute
50
- string << "/" if string.size > 0
51
- string << "@"
56
+ component = "@"
57
+ components << component
52
58
  when :child
53
- string << "/" if string.size > 0
59
+ component = ""
60
+ components << component
54
61
  when :descendant_or_self
55
- string << "/"
62
+ next_op = parsed[0]
63
+ if next_op == :node
64
+ parsed.shift
65
+ component = ""
66
+ components << component
67
+ else
68
+ component = "descendant-or-self::"
69
+ components << component
70
+ end
56
71
  when :self
57
- string << "."
72
+ next_op = parsed[0]
73
+ if next_op == :node
74
+ parsed.shift
75
+ components << "."
76
+ else
77
+ component = "self::"
78
+ components << component
79
+ end
58
80
  when :parent
59
- string << ".."
81
+ next_op = parsed[0]
82
+ if next_op == :node
83
+ parsed.shift
84
+ components << ".."
85
+ else
86
+ component = "parent::"
87
+ components << component
88
+ end
60
89
  when :any
61
- string << "*"
90
+ component << "*"
62
91
  when :text
63
- string << "text()"
92
+ component << "text()"
64
93
  when :following, :following_sibling,
65
94
  :ancestor, :ancestor_or_self, :descendant,
66
95
  :namespace, :preceding, :preceding_sibling
67
- string << "/" unless string.size == 0
68
- string << op.to_s.tr("_", "-")
69
- string << "::"
96
+ component = op.to_s.tr("_", "-") << "::"
97
+ components << component
70
98
  when :qname
71
- prefix = path.shift
72
- name = path.shift
73
- string << prefix+":" if prefix.size > 0
74
- string << name
99
+ prefix = parsed.shift
100
+ name = parsed.shift
101
+ component << prefix+":" if prefix.size > 0
102
+ component << name
75
103
  when :predicate
76
- string << '['
77
- string << predicate_to_string( path.shift ) {|x| abbreviate( x ) }
78
- string << ']'
104
+ component << '['
105
+ component << predicate_to_path(parsed.shift) {|x| abbreviate(x)}
106
+ component << ']'
79
107
  when :document
80
- document = true
108
+ components << ""
81
109
  when :function
82
- string << path.shift
83
- string << "( "
84
- string << predicate_to_string( path.shift[0] ) {|x| abbreviate( x )}
85
- string << " )"
110
+ component << parsed.shift
111
+ component << "( "
112
+ component << predicate_to_path(parsed.shift[0]) {|x| abbreviate(x)}
113
+ component << " )"
86
114
  when :literal
87
- string << %Q{ "#{path.shift}" }
115
+ component << quote_literal(parsed.shift)
88
116
  else
89
- string << "/" unless string.size == 0
90
- string << "UNKNOWN("
91
- string << op.inspect
92
- string << ")"
117
+ component << "UNKNOWN("
118
+ component << op.inspect
119
+ component << ")"
93
120
  end
94
121
  end
95
- string = "/"+string if document
96
- return string
122
+ case components
123
+ when [""]
124
+ "/"
125
+ when ["", ""]
126
+ "//"
127
+ else
128
+ components.join("/")
129
+ end
97
130
  end
98
131
 
99
- def expand( path )
100
- path = path.kind_of?(String) ? parse( path ) : path
101
- string = ""
132
+ def expand(path_or_parsed)
133
+ if path_or_parsed.kind_of?(String)
134
+ parsed = parse(path_or_parsed)
135
+ else
136
+ parsed = path_or_parsed
137
+ end
138
+ path = ""
102
139
  document = false
103
- while path.size > 0
104
- op = path.shift
140
+ while parsed.size > 0
141
+ op = parsed.shift
105
142
  case op
106
143
  when :node
107
- string << "node()"
144
+ path << "node()"
108
145
  when :attribute, :child, :following, :following_sibling,
109
146
  :ancestor, :ancestor_or_self, :descendant, :descendant_or_self,
110
147
  :namespace, :preceding, :preceding_sibling, :self, :parent
111
- string << "/" unless string.size == 0
112
- string << op.to_s.tr("_", "-")
113
- string << "::"
148
+ path << "/" unless path.size == 0
149
+ path << op.to_s.tr("_", "-")
150
+ path << "::"
114
151
  when :any
115
- string << "*"
152
+ path << "*"
116
153
  when :qname
117
- prefix = path.shift
118
- name = path.shift
119
- string << prefix+":" if prefix.size > 0
120
- string << name
154
+ prefix = parsed.shift
155
+ name = parsed.shift
156
+ path << prefix+":" if prefix.size > 0
157
+ path << name
121
158
  when :predicate
122
- string << '['
123
- string << predicate_to_string( path.shift ) { |x| expand(x) }
124
- string << ']'
159
+ path << '['
160
+ path << predicate_to_path( parsed.shift ) { |x| expand(x) }
161
+ path << ']'
125
162
  when :document
126
163
  document = true
127
164
  else
128
- string << "/" unless string.size == 0
129
- string << "UNKNOWN("
130
- string << op.inspect
131
- string << ")"
165
+ path << "UNKNOWN("
166
+ path << op.inspect
167
+ path << ")"
132
168
  end
133
169
  end
134
- string = "/"+string if document
135
- return string
170
+ path = "/"+path if document
171
+ path
136
172
  end
137
173
 
138
- def predicate_to_string( path, &block )
139
- string = ""
140
- case path[0]
174
+ def predicate_to_path(parsed, &block)
175
+ path = ""
176
+ case parsed[0]
141
177
  when :and, :or, :mult, :plus, :minus, :neq, :eq, :lt, :gt, :lteq, :gteq, :div, :mod, :union
142
- op = path.shift
178
+ op = parsed.shift
143
179
  case op
144
180
  when :eq
145
181
  op = "="
@@ -156,36 +192,50 @@ module REXML
156
192
  when :union
157
193
  op = "|"
158
194
  end
159
- left = predicate_to_string( path.shift, &block )
160
- right = predicate_to_string( path.shift, &block )
161
- string << " "
162
- string << left
163
- string << " "
164
- string << op.to_s
165
- string << " "
166
- string << right
167
- string << " "
195
+ left = predicate_to_path( parsed.shift, &block )
196
+ right = predicate_to_path( parsed.shift, &block )
197
+ path << left
198
+ path << " "
199
+ path << op.to_s
200
+ path << " "
201
+ path << right
168
202
  when :function
169
- path.shift
170
- name = path.shift
171
- string << name
172
- string << "( "
173
- string << predicate_to_string( path.shift, &block )
174
- string << " )"
203
+ parsed.shift
204
+ name = parsed.shift
205
+ path << name
206
+ path << "("
207
+ parsed.shift.each_with_index do |argument, i|
208
+ path << ", " if i > 0
209
+ path << predicate_to_path(argument, &block)
210
+ end
211
+ path << ")"
175
212
  when :literal
176
- path.shift
177
- string << " "
178
- string << path.shift.inspect
179
- string << " "
213
+ parsed.shift
214
+ path << quote_literal(parsed.shift)
180
215
  else
181
- string << " "
182
- string << yield( path )
183
- string << " "
216
+ path << yield( parsed )
184
217
  end
185
- return string.squeeze(" ")
218
+ return path.squeeze(" ")
186
219
  end
220
+ # For backward compatibility
221
+ alias_method :preciate_to_string, :predicate_to_path
187
222
 
188
223
  private
224
+ def quote_literal( literal )
225
+ case literal
226
+ when String
227
+ # XPath 1.0 does not support escape characters.
228
+ # Assumes literal does not contain both single and double quotes.
229
+ if literal.include?("'")
230
+ "\"#{literal}\""
231
+ else
232
+ "'#{literal}'"
233
+ end
234
+ else
235
+ literal.inspect
236
+ end
237
+ end
238
+
189
239
  #LocationPath
190
240
  # | RelativeLocationPath
191
241
  # | '/' RelativeLocationPath?
@@ -26,10 +26,12 @@
26
26
  # - REXML::Document.
27
27
  # - REXML::Element.
28
28
  #
29
+ # There's also an {REXML tutorial}[doc/rexml/tutorial_rdoc.html].
30
+ #
29
31
  module REXML
30
32
  COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
31
33
  DATE = "2008/019"
32
- VERSION = "3.2.5"
34
+ VERSION = "3.2.6"
33
35
  REVISION = ""
34
36
 
35
37
  Copyright = COPYRIGHT
@@ -1,4 +1,4 @@
1
- # frozen_string_literal: false
1
+ # frozen_string_literal: true
2
2
  require_relative 'security'
3
3
  require_relative 'entity'
4
4
  require_relative 'doctype'
@@ -131,7 +131,7 @@ module REXML
131
131
  def Text.check string, pattern, doctype
132
132
 
133
133
  # illegal anywhere
134
- if string !~ VALID_XML_CHARS
134
+ if !string.match?(VALID_XML_CHARS)
135
135
  if String.method_defined? :encode
136
136
  string.chars.each do |c|
137
137
  case c.ord
@@ -371,7 +371,7 @@ module REXML
371
371
  copy = input.to_s
372
372
  # Doing it like this rather than in a loop improves the speed
373
373
  #copy = copy.gsub( EREFERENCE, '&amp;' )
374
- copy = copy.gsub( "&", "&amp;" )
374
+ copy = copy.gsub( "&", "&amp;" ) if copy.include?("&")
375
375
  if doctype
376
376
  # Replace all ampersands that aren't part of an entity
377
377
  doctype.entities.each_value do |entity|
@@ -382,7 +382,9 @@ module REXML
382
382
  else
383
383
  # Replace all ampersands that aren't part of an entity
384
384
  DocType::DEFAULT_ENTITIES.each_value do |entity|
385
- copy = copy.gsub(entity.value, "&#{entity.name};" )
385
+ if copy.include?(entity.value)
386
+ copy = copy.gsub(entity.value, "&#{entity.name};" )
387
+ end
386
388
  end
387
389
  end
388
390
  copy
@@ -0,0 +1,53 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ class Brakeman::CheckRansack < Brakeman::BaseCheck
4
+ Brakeman::Checks.add self
5
+
6
+ @description = "Checks for dangerous use of the Ransack library"
7
+
8
+ def run_check
9
+ return unless version_between? "0.0.0", "3.99", tracker.config.gem_version(:ransack)
10
+ check_ransack_calls
11
+ end
12
+
13
+ def check_ransack_calls
14
+ tracker.find_call(method: :ransack, nested: true).each do |result|
15
+ next unless original? result
16
+
17
+ call = result[:call]
18
+ arg = call.first_arg
19
+
20
+ # If an allow list is defined anywhere in the
21
+ # class or super classes, consider it safe
22
+ class_name = result[:chain].first
23
+
24
+ next if ransackable_allow_list?(class_name)
25
+
26
+ if input = has_immediate_user_input?(arg)
27
+ confidence = if tracker.find_class(class_name).nil?
28
+ confidence = :low
29
+ elsif result[:location][:file].relative.include? 'admin'
30
+ confidence = :medium
31
+ else
32
+ confidence = :high
33
+ end
34
+
35
+ message = msg('Unrestricted search using ', msg_code('ransack'), ' library called with ', msg_input(input), '. Limit search by defining ', msg_code('ransackable_attributes'), ' and ', msg_code('ransackable_associations'), ' methods in class or upgrade Ransack to version 4.0.0 or newer')
36
+
37
+ warn result: result,
38
+ warning_type: 'Missing Authorization',
39
+ warning_code: :ransack_search,
40
+ message: message,
41
+ user_input: input,
42
+ confidence: confidence,
43
+ cwe_id: [862],
44
+ link: 'https://positive.security/blog/ransack-data-exfiltration'
45
+ end
46
+ end
47
+ end
48
+
49
+ def ransackable_allow_list? class_name
50
+ tracker.find_method(:ransackable_attributes, class_name, :class) and
51
+ tracker.find_method(:ransackable_associations, class_name, :class)
52
+ end
53
+ end
@@ -591,7 +591,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
591
591
  :sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
592
592
  :sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
593
593
  :to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,
594
- :where_values_hash, :foreign_key, :uuid
594
+ :where_values_hash, :foreign_key, :uuid, :escape, :escape_string
595
595
  ]
596
596
 
597
597
  def ignore_methods_in_sql
@@ -244,6 +244,10 @@ module Brakeman::Options
244
244
  options[:debug] = true
245
245
  end
246
246
 
247
+ opts.on "--timing", "Measure time for scan steps" do
248
+ options[:show_timing] = true
249
+ end
250
+
247
251
  opts.on "-f",
248
252
  "--format TYPE",
249
253
  [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit, :sarif, :sonar, :github],
@@ -529,8 +529,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
529
529
 
530
530
  #Process a method definition on self.
531
531
  def process_defs exp
532
- env.scope do
533
- set_env_defaults
532
+ meth_env do
534
533
  exp.body = process_all! exp.body
535
534
  end
536
535
  exp
@@ -84,6 +84,9 @@ module Brakeman::ModuleHelper
84
84
  res.line(exp.line)
85
85
  @current_method = nil
86
86
 
87
+ # TODO: if target is not self/nil, then
88
+ # the method should be added to `target`, not current class
89
+
87
90
  if @current_class
88
91
  @current_class.add_method @visibility, name, res, @current_file
89
92
  elsif @current_module
@@ -96,7 +99,13 @@ module Brakeman::ModuleHelper
96
99
  name = exp.method_name
97
100
 
98
101
  @current_method = name
99
- res = Sexp.new :defn, name, exp.formal_args, *process_all!(exp.body)
102
+
103
+ if @inside_sclass
104
+ res = Sexp.new :defs, s(:self), name, exp.formal_args, *process_all!(exp.body)
105
+ else
106
+ res = Sexp.new :defn, name, exp.formal_args, *process_all!(exp.body)
107
+ end
108
+
100
109
  res.line(exp.line)
101
110
  @current_method = nil
102
111
 
@@ -108,4 +117,25 @@ module Brakeman::ModuleHelper
108
117
 
109
118
  res
110
119
  end
120
+
121
+ # class << self
122
+ def process_sclass exp
123
+ @inside_sclass = true
124
+
125
+ process_all! exp
126
+
127
+ exp
128
+ ensure
129
+ @inside_sclass = false
130
+ end
131
+
132
+ def make_defs exp
133
+ # 'What if' there was some crazy code that had a
134
+ # defs inside a def inside an sclass? :|
135
+ return exp if node_type? exp, :defs
136
+
137
+ raise "Unexpected node type: #{exp.node_type}" unless node_type? exp, :defn
138
+
139
+ Sexp.new(:defs, s(:self), exp.method_name, exp.formal_args, *exp.body).line(exp.line)
140
+ end
111
141
  end
@@ -30,6 +30,12 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
30
30
  end
31
31
 
32
32
  def process_defn exp
33
+ # TODO: Why is this different from ModuleHelper?
34
+
35
+ if @inside_sclass
36
+ exp = make_defs(exp)
37
+ end
38
+
33
39
  if exp.method_name == :initialize
34
40
  @alias_processor.process_safely exp.body_list
35
41
  @initializer_env = @alias_processor.only_ivars