brakeman 6.2.1 → 6.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (141) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +10 -0
  3. data/README.md +0 -1
  4. data/bundle/load.rb +3 -4
  5. data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/Changelog.md +6 -0
  6. data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/Gemfile +1 -0
  7. data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/README.md +3 -0
  8. data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/version.rb +1 -1
  9. data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline.rb +9 -1
  10. data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/config.rb +19 -24
  11. data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/face.rb +1 -1
  12. data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/io/ansi.rb +8 -0
  13. data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/io/windows.rb +24 -14
  14. data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/line_editor.rb +39 -48
  15. data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/terminfo.rb +1 -1
  16. data/bundle/ruby/3.1.0/gems/reline-0.5.10/lib/reline/unicode/east_asian_width.rb +1267 -0
  17. data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/unicode.rb +14 -39
  18. data/bundle/ruby/3.1.0/gems/reline-0.5.10/lib/reline/version.rb +3 -0
  19. data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline.rb +7 -4
  20. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/NEWS.md +43 -0
  21. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/attribute.rb +3 -2
  22. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/document.rb +5 -1
  23. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/entity.rb +5 -2
  24. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parsers/baseparser.rb +9 -4
  25. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parsers/pullparser.rb +8 -0
  26. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parsers/sax2parser.rb +10 -0
  27. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parsers/streamparser.rb +8 -0
  28. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/rexml.rb +1 -1
  29. data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/text.rb +5 -3
  30. data/lib/brakeman/checks/check_eol_rails.rb +6 -0
  31. data/lib/brakeman/checks/check_execute.rb +28 -0
  32. data/lib/brakeman/version.rb +1 -1
  33. metadata +115 -133
  34. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/README.md +0 -46
  35. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/ext/io/console/Makefile +0 -270
  36. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/ext/io/console/console.c +0 -1838
  37. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/ext/io/console/console.o +0 -0
  38. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/ext/io/console/console.so +0 -0
  39. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/ext/io/console/extconf.rb +0 -43
  40. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/ext/io/console/win32_vk.inc +0 -1391
  41. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/lib/io/console/size.rb +0 -23
  42. data/bundle/ruby/3.1.0/gems/io-console-0.7.2/lib/io/console.so +0 -0
  43. data/bundle/ruby/3.1.0/gems/reline-0.5.9/lib/reline/unicode/east_asian_width.rb +0 -1196
  44. data/bundle/ruby/3.1.0/gems/reline-0.5.9/lib/reline/version.rb +0 -3
  45. data/bundle/ruby/3.1.0/gems/rexml-3.3.6/LICENSE.txt +0 -22
  46. data/bundle/ruby/3.1.0/gems/strscan-3.1.0/COPYING +0 -56
  47. data/bundle/ruby/3.1.0/gems/strscan-3.1.0/LICENSE.txt +0 -22
  48. data/bundle/ruby/3.1.0/gems/strscan-3.1.0/ext/strscan/Makefile +0 -268
  49. data/bundle/ruby/3.1.0/gems/strscan-3.1.0/ext/strscan/extconf.rb +0 -10
  50. data/bundle/ruby/3.1.0/gems/strscan-3.1.0/ext/strscan/strscan.c +0 -1741
  51. data/bundle/ruby/3.1.0/gems/strscan-3.1.0/ext/strscan/strscan.o +0 -0
  52. data/bundle/ruby/3.1.0/gems/strscan-3.1.0/ext/strscan/strscan.so +0 -0
  53. data/bundle/ruby/3.1.0/gems/strscan-3.1.0/lib/strscan.so +0 -0
  54. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/AUTHORS +0 -0
  55. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/COPYING +0 -0
  56. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/LICENSE +0 -0
  57. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/TODO +0 -0
  58. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/highline.gemspec +0 -0
  59. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/builtin_styles.rb +0 -0
  60. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/color_scheme.rb +0 -0
  61. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/compatibility.rb +0 -0
  62. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/custom_errors.rb +0 -0
  63. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/import.rb +0 -0
  64. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/io_console_compatible.rb +0 -0
  65. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/list.rb +0 -0
  66. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/list_renderer.rb +0 -0
  67. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/menu/item.rb +0 -0
  68. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/menu.rb +0 -0
  69. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/paginator.rb +0 -0
  70. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/question/answer_converter.rb +0 -0
  71. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/question.rb +0 -0
  72. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/question_asker.rb +0 -0
  73. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/simulate.rb +0 -0
  74. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/statement.rb +0 -0
  75. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/string.rb +0 -0
  76. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/string_extensions.rb +0 -0
  77. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/style.rb +0 -0
  78. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/template_renderer.rb +0 -0
  79. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/terminal/io_console.rb +0 -0
  80. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/terminal/ncurses.rb +0 -0
  81. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/terminal/unix_stty.rb +0 -0
  82. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/terminal.rb +0 -0
  83. /data/bundle/ruby/3.1.0/gems/{highline-3.1.0 → highline-3.1.1}/lib/highline/wrapper.rb +0 -0
  84. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/BSDL +0 -0
  85. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/COPYING +0 -0
  86. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/README.md +0 -0
  87. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/history.rb +0 -0
  88. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/io/dumb.rb +0 -0
  89. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/io.rb +0 -0
  90. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/key_actor/base.rb +0 -0
  91. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/key_actor/composite.rb +0 -0
  92. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/key_actor/emacs.rb +0 -0
  93. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/key_actor/vi_command.rb +0 -0
  94. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/key_actor/vi_insert.rb +0 -0
  95. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/key_actor.rb +0 -0
  96. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/key_stroke.rb +0 -0
  97. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/lib/reline/kill_ring.rb +0 -0
  98. /data/bundle/ruby/3.1.0/gems/{reline-0.5.9 → reline-0.5.10}/license_of_rb-readline +0 -0
  99. /data/bundle/ruby/3.1.0/gems/{io-console-0.7.2 → rexml-3.3.8}/LICENSE.txt +0 -0
  100. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/README.md +0 -0
  101. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/attlistdecl.rb +0 -0
  102. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/cdata.rb +0 -0
  103. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/child.rb +0 -0
  104. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/comment.rb +0 -0
  105. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/doctype.rb +0 -0
  106. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/dtd/attlistdecl.rb +0 -0
  107. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/dtd/dtd.rb +0 -0
  108. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/dtd/elementdecl.rb +0 -0
  109. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/dtd/entitydecl.rb +0 -0
  110. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/dtd/notationdecl.rb +0 -0
  111. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/element.rb +0 -0
  112. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/encoding.rb +0 -0
  113. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/formatters/default.rb +0 -0
  114. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/formatters/pretty.rb +0 -0
  115. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/formatters/transitive.rb +0 -0
  116. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/functions.rb +0 -0
  117. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/instruction.rb +0 -0
  118. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/light/node.rb +0 -0
  119. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/namespace.rb +0 -0
  120. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/node.rb +0 -0
  121. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/output.rb +0 -0
  122. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parent.rb +0 -0
  123. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parseexception.rb +0 -0
  124. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parsers/lightparser.rb +0 -0
  125. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parsers/treeparser.rb +0 -0
  126. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parsers/ultralightparser.rb +0 -0
  127. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/parsers/xpathparser.rb +0 -0
  128. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/quickpath.rb +0 -0
  129. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/sax2listener.rb +0 -0
  130. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/security.rb +0 -0
  131. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/source.rb +0 -0
  132. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/streamlistener.rb +0 -0
  133. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/undefinednamespaceexception.rb +0 -0
  134. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/validation/relaxng.rb +0 -0
  135. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/validation/validation.rb +0 -0
  136. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/validation/validationexception.rb +0 -0
  137. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/xmldecl.rb +0 -0
  138. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/xmltokens.rb +0 -0
  139. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/xpath.rb +0 -0
  140. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml/xpath_parser.rb +0 -0
  141. /data/bundle/ruby/3.1.0/gems/{rexml-3.3.6 → rexml-3.3.8}/lib/rexml.rb +0 -0
@@ -56,51 +56,26 @@ class Reline::Unicode
56
56
 
57
57
  require 'reline/unicode/east_asian_width'
58
58
 
59
- HalfwidthDakutenHandakuten = /[\u{FF9E}\u{FF9F}]/
60
-
61
- MBCharWidthRE = /
62
- (?<width_2_1>
63
- [#{ EscapedChars.map {|c| "\\x%02x" % c.ord }.join }] (?# ^ + char, such as ^M, ^H, ^[, ...)
64
- )
65
- | (?<width_3>^\u{2E3B}) (?# THREE-EM DASH)
66
- | (?<width_0>^\p{M})
67
- | (?<width_2_2>
68
- #{ EastAsianWidth::TYPE_F }
69
- | #{ EastAsianWidth::TYPE_W }
70
- )
71
- | (?<width_1>
72
- #{ EastAsianWidth::TYPE_H }
73
- | #{ EastAsianWidth::TYPE_NA }
74
- | #{ EastAsianWidth::TYPE_N }
75
- )(?!#{ HalfwidthDakutenHandakuten })
76
- | (?<width_2_3>
77
- (?: #{ EastAsianWidth::TYPE_H }
78
- | #{ EastAsianWidth::TYPE_NA }
79
- | #{ EastAsianWidth::TYPE_N })
80
- #{ HalfwidthDakutenHandakuten }
81
- )
82
- | (?<ambiguous_width>
83
- #{EastAsianWidth::TYPE_A}
84
- )
85
- /x
86
-
87
59
  def self.get_mbchar_width(mbchar)
88
60
  ord = mbchar.ord
89
- if (0x00 <= ord and ord <= 0x1F) # in EscapedPairs
61
+ if ord <= 0x1F # in EscapedPairs
90
62
  return 2
91
- elsif (0x20 <= ord and ord <= 0x7E) # printable ASCII chars
63
+ elsif ord <= 0x7E # printable ASCII chars
92
64
  return 1
93
65
  end
94
- m = mbchar.encode(Encoding::UTF_8).match(MBCharWidthRE)
95
- case
96
- when m.nil? then 1 # TODO should be U+FFFD � REPLACEMENT CHARACTER
97
- when m[:width_2_1], m[:width_2_2], m[:width_2_3] then 2
98
- when m[:width_3] then 3
99
- when m[:width_0] then 0
100
- when m[:width_1] then 1
101
- when m[:ambiguous_width] then Reline.ambiguous_width
66
+ utf8_mbchar = mbchar.encode(Encoding::UTF_8)
67
+ ord = utf8_mbchar.ord
68
+ chunk_index = EastAsianWidth::CHUNK_LAST.bsearch_index { |o| ord <= o }
69
+ size = EastAsianWidth::CHUNK_WIDTH[chunk_index]
70
+ if size == -1
71
+ Reline.ambiguous_width
72
+ elsif size == 1 && utf8_mbchar.size >= 2
73
+ second_char_ord = utf8_mbchar[1].ord
74
+ # Halfwidth Dakuten Handakuten
75
+ # Only these two character has Letter Modifier category and can be combined in a single grapheme cluster
76
+ (second_char_ord == 0xFF9E || second_char_ord == 0xFF9F) ? 2 : 1
102
77
  else
103
- nil
78
+ size
104
79
  end
105
80
  end
106
81
 
@@ -0,0 +1,3 @@
1
+ module Reline
2
+ VERSION = '0.5.10'
3
+ end
@@ -324,14 +324,17 @@ module Reline
324
324
  line_editor.prompt_proc = prompt_proc
325
325
  line_editor.auto_indent_proc = auto_indent_proc
326
326
  line_editor.dig_perfect_match_proc = dig_perfect_match_proc
327
+
328
+ # Readline calls pre_input_hook just after printing the first prompt.
329
+ line_editor.print_nomultiline_prompt
327
330
  pre_input_hook&.call
331
+
328
332
  unless Reline::IOGate.dumb?
329
333
  @dialog_proc_list.each_pair do |name_sym, d|
330
334
  line_editor.add_dialog_proc(name_sym, d.dialog_proc, d.context)
331
335
  end
332
336
  end
333
337
 
334
- line_editor.print_nomultiline_prompt(prompt)
335
338
  line_editor.update_dialogs
336
339
  line_editor.rerender
337
340
 
@@ -343,7 +346,7 @@ module Reline
343
346
  inputs.each do |key|
344
347
  if key.char == :bracketed_paste_start
345
348
  text = io_gate.read_bracketed_paste
346
- line_editor.insert_pasted_text(text)
349
+ line_editor.insert_multiline_text(text)
347
350
  line_editor.scroll_into_view
348
351
  else
349
352
  line_editor.update(key)
@@ -457,8 +460,8 @@ module Reline
457
460
  def_single_delegator :line_editor, :byte_pointer, :point
458
461
  def_single_delegator :line_editor, :byte_pointer=, :point=
459
462
 
460
- def self.insert_text(*args, &block)
461
- line_editor.insert_text(*args, &block)
463
+ def self.insert_text(text)
464
+ line_editor.insert_multiline_text(text)
462
465
  self
463
466
  end
464
467
 
@@ -1,5 +1,48 @@
1
1
  # News
2
2
 
3
+ ## 3.3.8 - 2024-09-29 {#version-3-3-8}
4
+
5
+ ### Improvements
6
+
7
+ * SAX2: Improve parse performance.
8
+ * GH-207
9
+ * Patch by NAITOH Jun.
10
+
11
+ ### Fixes
12
+
13
+ * Fixed a bug that unexpected attribute namespace conflict error for
14
+ the predefined "xml" namespace is reported.
15
+ * GH-208
16
+ * Patch by KITAITI Makoto
17
+
18
+ ### Thanks
19
+
20
+ * NAITOH Jun
21
+
22
+ * KITAITI Makoto
23
+
24
+ ## 3.3.7 - 2024-09-04 {#version-3-3-7}
25
+
26
+ ### Improvements
27
+
28
+ * Added local entity expansion limit methods
29
+ * GH-192
30
+ * GH-202
31
+ * Reported by takuya kodama.
32
+ * Patch by NAITOH Jun.
33
+
34
+ * Removed explicit strscan dependency
35
+ * GH-204
36
+ * Patch by Bo Anderson.
37
+
38
+ ### Thanks
39
+
40
+ * takuya kodama
41
+
42
+ * NAITOH Jun
43
+
44
+ * Bo Anderson
45
+
3
46
  ## 3.3.6 - 2024-08-22 {#version-3-3-6}
4
47
 
5
48
  ### Improvements
@@ -148,8 +148,9 @@ module REXML
148
148
  # have been expanded to their values
149
149
  def value
150
150
  return @unnormalized if @unnormalized
151
- @unnormalized = Text::unnormalize( @normalized, doctype )
152
- @unnormalized
151
+
152
+ @unnormalized = Text::unnormalize(@normalized, doctype,
153
+ entity_expansion_text_limit: @element&.document&.entity_expansion_text_limit)
153
154
  end
154
155
 
155
156
  # The normalized value of this attribute. That is, the attribute with
@@ -91,6 +91,8 @@ module REXML
91
91
  #
92
92
  def initialize( source = nil, context = {} )
93
93
  @entity_expansion_count = 0
94
+ @entity_expansion_limit = Security.entity_expansion_limit
95
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
94
96
  super()
95
97
  @context = context
96
98
  return if source.nil?
@@ -431,10 +433,12 @@ module REXML
431
433
  end
432
434
 
433
435
  attr_reader :entity_expansion_count
436
+ attr_writer :entity_expansion_limit
437
+ attr_accessor :entity_expansion_text_limit
434
438
 
435
439
  def record_entity_expansion
436
440
  @entity_expansion_count += 1
437
- if @entity_expansion_count > Security.entity_expansion_limit
441
+ if @entity_expansion_count > @entity_expansion_limit
438
442
  raise "number of entity expansions exceeded, processing aborted."
439
443
  end
440
444
  end
@@ -71,9 +71,12 @@ module REXML
71
71
  # Evaluates to the unnormalized value of this entity; that is, replacing
72
72
  # &ent; entities.
73
73
  def unnormalized
74
- document.record_entity_expansion unless document.nil?
74
+ document&.record_entity_expansion
75
+
75
76
  return nil if @value.nil?
76
- @unnormalized = Text::unnormalize(@value, parent)
77
+
78
+ @unnormalized = Text::unnormalize(@value, parent,
79
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
77
80
  end
78
81
 
79
82
  #once :unnormalized
@@ -156,6 +156,7 @@ module REXML
156
156
  default_entities.each do |term|
157
157
  DEFAULT_ENTITIES_PATTERNS[term] = /&#{term};/
158
158
  end
159
+ XML_PREFIXED_NAMESPACE = "http://www.w3.org/XML/1998/namespace"
159
160
  end
160
161
  private_constant :Private
161
162
 
@@ -164,6 +165,8 @@ module REXML
164
165
  @listeners = []
165
166
  @prefixes = Set.new
166
167
  @entity_expansion_count = 0
168
+ @entity_expansion_limit = Security.entity_expansion_limit
169
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
167
170
  end
168
171
 
169
172
  def add_listener( listener )
@@ -172,6 +175,8 @@ module REXML
172
175
 
173
176
  attr_reader :source
174
177
  attr_reader :entity_expansion_count
178
+ attr_writer :entity_expansion_limit
179
+ attr_writer :entity_expansion_text_limit
175
180
 
176
181
  def stream=( source )
177
182
  @source = SourceFactory.create_from( source )
@@ -181,7 +186,7 @@ module REXML
181
186
  @tags = []
182
187
  @stack = []
183
188
  @entities = []
184
- @namespaces = {}
189
+ @namespaces = {"xml" => Private::XML_PREFIXED_NAMESPACE}
185
190
  @namespaces_restore_stack = []
186
191
  end
187
192
 
@@ -585,7 +590,7 @@ module REXML
585
590
  end
586
591
  re = Private::DEFAULT_ENTITIES_PATTERNS[entity_reference] || /&#{entity_reference};/
587
592
  rv.gsub!( re, entity_value )
588
- if rv.bytesize > Security.entity_expansion_text_limit
593
+ if rv.bytesize > @entity_expansion_text_limit
589
594
  raise "entity expansion has grown too large"
590
595
  end
591
596
  else
@@ -627,7 +632,7 @@ module REXML
627
632
 
628
633
  def record_entity_expansion(delta=1)
629
634
  @entity_expansion_count += delta
630
- if @entity_expansion_count > Security.entity_expansion_limit
635
+ if @entity_expansion_count > @entity_expansion_limit
631
636
  raise "number of entity expansions exceeded, processing aborted."
632
637
  end
633
638
  end
@@ -786,7 +791,7 @@ module REXML
786
791
  @source.match(/\s*/um, true)
787
792
  if prefix == "xmlns"
788
793
  if local_part == "xml"
789
- if value != "http://www.w3.org/XML/1998/namespace"
794
+ if value != Private::XML_PREFIXED_NAMESPACE
790
795
  msg = "The 'xml' prefix must not be bound to any other namespace "+
791
796
  "(http://www.w3.org/TR/REC-xml-names/#ns-decl)"
792
797
  raise REXML::ParseException.new( msg, @source, self )
@@ -51,6 +51,14 @@ module REXML
51
51
  @parser.entity_expansion_count
52
52
  end
53
53
 
54
+ def entity_expansion_limit=( limit )
55
+ @parser.entity_expansion_limit = limit
56
+ end
57
+
58
+ def entity_expansion_text_limit=( limit )
59
+ @parser.entity_expansion_text_limit = limit
60
+ end
61
+
54
62
  def each
55
63
  while has_next?
56
64
  yield self.pull
@@ -26,6 +26,14 @@ module REXML
26
26
  @parser.entity_expansion_count
27
27
  end
28
28
 
29
+ def entity_expansion_limit=( limit )
30
+ @parser.entity_expansion_limit = limit
31
+ end
32
+
33
+ def entity_expansion_text_limit=( limit )
34
+ @parser.entity_expansion_text_limit = limit
35
+ end
36
+
29
37
  def add_listener( listener )
30
38
  @parser.add_listener( listener )
31
39
  end
@@ -251,6 +259,8 @@ module REXML
251
259
  end
252
260
 
253
261
  def get_namespace( prefix )
262
+ return nil if @namespace_stack.empty?
263
+
254
264
  uris = (@namespace_stack.find_all { |ns| not ns[prefix].nil? }) ||
255
265
  (@namespace_stack.find { |ns| not ns[nil].nil? })
256
266
  uris[-1][prefix] unless uris.nil? or 0 == uris.size
@@ -18,6 +18,14 @@ module REXML
18
18
  @parser.entity_expansion_count
19
19
  end
20
20
 
21
+ def entity_expansion_limit=( limit )
22
+ @parser.entity_expansion_limit = limit
23
+ end
24
+
25
+ def entity_expansion_text_limit=( limit )
26
+ @parser.entity_expansion_text_limit = limit
27
+ end
28
+
21
29
  def parse
22
30
  # entity string
23
31
  while true
@@ -31,7 +31,7 @@
31
31
  module REXML
32
32
  COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
33
33
  DATE = "2008/019"
34
- VERSION = "3.3.6"
34
+ VERSION = "3.3.8"
35
35
  REVISION = ""
36
36
 
37
37
  Copyright = COPYRIGHT
@@ -268,7 +268,8 @@ module REXML
268
268
  # u = Text.new( "sean russell", false, nil, true )
269
269
  # u.value #-> "sean russell"
270
270
  def value
271
- @unnormalized ||= Text::unnormalize( @string, doctype )
271
+ @unnormalized ||= Text::unnormalize(@string, doctype,
272
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
272
273
  end
273
274
 
274
275
  # Sets the contents of this text node. This expects the text to be
@@ -411,11 +412,12 @@ module REXML
411
412
  end
412
413
 
413
414
  # Unescapes all possible entities
414
- def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
415
+ def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: nil )
416
+ entity_expansion_text_limit ||= Security.entity_expansion_text_limit
415
417
  sum = 0
416
418
  string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
417
419
  s = Text.expand($&, doctype, filter)
418
- if sum + s.bytesize > Security.entity_expansion_text_limit
420
+ if sum + s.bytesize > entity_expansion_text_limit
419
421
  raise "entity expansion has grown too large"
420
422
  else
421
423
  sum += s.bytesize
@@ -11,6 +11,8 @@ class Brakeman::CheckEOLRails < Brakeman::EOLCheck
11
11
  check_eol_version :rails, RAILS_EOL_DATES
12
12
  end
13
13
 
14
+ # https://rubyonrails.org/maintenance
15
+ # https://endoflife.date/rails
14
16
  RAILS_EOL_DATES = {
15
17
  ['2.0.0', '2.3.99'] => Date.new(2013, 6, 25),
16
18
  ['3.0.0', '3.2.99'] => Date.new(2016, 6, 30),
@@ -19,5 +21,9 @@ class Brakeman::CheckEOLRails < Brakeman::EOLCheck
19
21
  ['5.1.0', '5.1.99'] => Date.new(2019, 8, 25),
20
22
  ['5.2.0', '5.2.99'] => Date.new(2022, 6, 1),
21
23
  ['6.0.0', '6.0.99'] => Date.new(2023, 6, 1),
24
+ ['6.1.0', '6.1.99'] => Date.new(2024, 10, 1),
25
+ ['7.0.0', '7.0.99'] => Date.new(2025, 4, 1),
26
+ ['7.1.0', '7.1.99'] => Date.new(2025, 10, 1),
27
+ ['7.2.0', '7.2.99'] => Date.new(2026, 8, 9),
22
28
  }
23
29
  end
@@ -53,6 +53,7 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
53
53
  call = result[:call]
54
54
  args = call.arglist
55
55
  first_arg = call.first_arg
56
+ failure = nil
56
57
 
57
58
  case call.method
58
59
  when :popen
@@ -71,6 +72,33 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
71
72
  dangerous_interp?(first_arg[3]) ||
72
73
  dangerous_string_building?(first_arg[3])
73
74
  end
75
+ when :pipeline, :pipline_r, :pipeline_rw, :pipeline_w, :pipeline_start
76
+ # Since these pipeline commands pipe together several commands,
77
+ # need to check each argument. If it's an array, check first argument
78
+ # (the command) and also check for `bash -c`. Otherwise check the argument
79
+ # as a unit.
80
+
81
+ args.each do |arg|
82
+ next unless sexp? arg
83
+
84
+ if array?(arg)
85
+ # Check first element of array
86
+ failure = include_user_input?(arg[1]) ||
87
+ dangerous_interp?(arg[1]) ||
88
+ dangerous_string_building?(arg[1])
89
+
90
+ # Check for ['bash', '-c', user_input]
91
+ if dash_c_shell_command?(arg[1], arg[2])
92
+ failure = include_user_input?(arg[3]) ||
93
+ dangerous_interp?(arg[3]) ||
94
+ dangerous_string_building?(arg[3])
95
+ end
96
+ else
97
+ failure = include_user_input?(arg)
98
+ end
99
+
100
+ break if failure
101
+ end
74
102
  when :system, :exec
75
103
  # Normally, if we're in a `system` or `exec` call, we only are worried
76
104
  # about shell injection when there's a single argument, because comma-
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "6.2.1"
2
+ Version = "6.2.2"
3
3
  end