brakeman 6.2.2 → 7.0.0

data/bundle/ruby/3.1.0/gems/{unicode-display_width-1.8.0 → unicode-display_width-2.6.0}/README.md

@@ -1,12 +1,39 @@
-## Unicode::DisplayWidth [![[version]](https://badge.fury.io/rb/unicode-display_width.svg)](https://badge.fury.io/rb/unicode-display_width) [<img src="https://travis-ci.org/janlelis/unicode-display_width.png" />](https://travis-ci.org/janlelis/unicode-display_width)
+## Unicode::DisplayWidth [![[version]](https://badge.fury.io/rb/unicode-display_width.svg)](https://badge.fury.io/rb/unicode-display_width) [<img src="https://github.com/janlelis/unicode-display_width/workflows/Test/badge.svg" />](https://github.com/janlelis/unicode-display_width/actions?query=workflow%3ATest)
 
-Determines the monospace display width of a string in Ruby. Implementation based on [EastAsianWidth.txt](https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt) and other data, 100% in Ruby. Other than [wcwidth()](https://github.com/janlelis/wcswidth-ruby), which fulfills a similar purpose, it does not rely on the OS vendor to provide an up-to-date method for measuring string width.
+Determines the monospace display width of a string in Ruby. Useful for all kinds of terminal-based applications. Implementation based on [EastAsianWidth.txt](https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt) and other data, 100% in Ruby. It does not rely on the OS vendor (like [wcwidth()](https://github.com/janlelis/wcswidth-ruby)) to provide an up-to-date method for measuring string width.
 
-Unicode version: **14.0.0** (September 2021)
+Unicode version: **16.0.0** (September 2024)
 
-Supported Rubies: **2.7**, **2.6**, **2.5**, **2.4**
+Supported Rubies: **3.3**, **3.2**, **3.1**, **3.0**
 
-Old Rubies that might still work: **2.3**, **2.2**, **2.1**, **2.0**, **1.9**
+Old Rubies which might still work: **2.7**, **2.6**, **2.5**, **2.4**, **2.3**
+
+For even older Rubies, use version 2.3.0 of this gem: **2.3**, **2.2**, **2.1**, **2.0**, **1.9**
+
+## Version 2.4.2 — Performance Updates
+
+**If you use this gem, you should really upgrade to 2.4.2 or newer. It's often 100x faster, sometimes even 1000x and more!**
+
+This is possible because the gem now detects if you use very basic (and common) characters, like ASCII characters. Furthermore, the charachter width lookup code has been optimized, so even when full-width characters are involved, the gem is much faster now.
+
+## Version 2.0 — Breaking Changes
+
+Some features of this library were marked deprecated for a long time and have been removed with Version 2.0:
+
+- Aliases of display_width (…\_size, …\_length) have been removed
+- Auto-loading of string core extension has been removed:
+
+If you are relying on the `String#display_width` string extension to be automatically loaded (old behavior), please load it explicitly now:
+
+```ruby
+require "unicode/display_width/string_ext"
+```
+
+You could also change your `Gemfile` line to achieve this:
+
+```ruby
+gem "unicode-display_width", require: "unicode/display_width/string_ext"
+```
 
 ## Introduction to Character Widths
 
@@ -20,12 +47,12 @@ Width  | Characters                   | Comment
 -------|------------------------------|--------------------------------------------------
 X      | (user defined)               | Overwrites any other values
 -1     | `"\b"`                       | Backspace (total width never below 0)
-0      | `"\0"`, `"\x05"`, `"\a"`, `"\n"`, `"\v"`, `"\f"`, `"\r"`, `"\x0E"`, `"\x0F"` | [C0 control codes](https://en.wikipedia.org/wiki/C0_and_C1_control_codes#C0_.28ASCII_and_derivatives.29) that do not change horizontal width
+0      | `"\0"`, `"\x05"`, `"\a"`, `"\n"`, `"\v"`, `"\f"`, `"\r"`, `"\x0E"`, `"\x0F"` | [C0 control codes](https://en.wikipedia.org/wiki/C0_and_C1_control_codes#C0_.28ASCII_and_derivatives.29) which do not change horizontal width
 1      | `"\u{00AD}"`                 | SOFT HYPHEN
 2      | `"\u{2E3A}"`                 | TWO-EM DASH
 3      | `"\u{2E3B}"`                 | THREE-EM DASH
 0      | General Categories: Mn, Me, Cf (non-arabic) | Excludes ARABIC format characters
-0      | `"\u{1160}".."\u{11FF}"`     | HANGUL JUNGSEONG
+0      | `"\u{1160}".."\u{11FF}"`, `"\u{D7B0}".."\u{D7FF}"`     | HANGUL JUNGSEONG
 0      | `"\u{2060}".."\u{206F}"`, `"\u{FFF0}".."\u{FFF8}"`, `"\u{E0000}".."\u{E0FFF}"` | Ignorable ranges
 2      | East Asian Width: F, W       | Full-width characters
 2      | `"\u{3400}".."\u{4DBF}"`, `"\u{4E00}".."\u{9FFF}"`, `"\u{F900}".."\u{FAFF}"`, `"\u{20000}".."\u{2FFFD}"`, `"\u{30000}".."\u{3FFFD}"` | Full-width ranges
@@ -44,6 +71,8 @@ Or add to your Gemfile:
 
 ## Usage
 
+### Classic API
+
 ```ruby
 require 'unicode/display_width'
 
@@ -51,7 +80,7 @@ Unicode::DisplayWidth.of("⚀") # => 1
 Unicode::DisplayWidth.of("一") # => 2
 ```
 
-### Ambiguous Characters
+#### Ambiguous Characters
 
 The second parameter defines the value returned by characters defined as ambiguous:
 
@@ -60,42 +89,59 @@ Unicode::DisplayWidth.of("·", 1) # => 1
 Unicode::DisplayWidth.of("·", 2) # => 2
 ```
 
-### Custom Overwrites
+#### Custom Overwrites
 
 You can overwrite how to handle specific code points by passing a hash (or even a proc) as third parameter:
 
 ```ruby
-Unicode::DisplayWidth.of("a\tb", 1, 0x09 => 10)) # => 12
+Unicode::DisplayWidth.of("a\tb", 1, "\t".ord => 10)) # => tab counted as 10, so result is 12
 ```
 
-### Emoji Support
+Please note that using overwrites disables some perfomance optimizations of this gem.
+
 
-Experimental emoji support is included. It will adjust the string's size for modifier and zero-width joiner sequences. You will need to add the [unicode-emoji](https://github.com/janlelis/unicode-emoji) gem to your Gemfile:
+#### Emoji Support
+
+Emoji width support is included, but in must be activated manually. It will adjust the string's size for modifier and zero-width joiner sequences. You also need to add the [unicode-emoji](https://github.com/janlelis/unicode-emoji) gem to your Gemfile:
 
 ```ruby
 gem 'unicode-display_width'
 gem 'unicode-emoji'
 ```
 
-You can then activate the emoji string width adjustments by passing `emoji: true` as fourth parameter:
+Enable the emoji string width adjustments by passing `emoji: true` as fourth parameter:
 
 ```ruby
 Unicode::DisplayWidth.of "🤾🏽‍♀️" # => 5
 Unicode::DisplayWidth.of "🤾🏽‍♀️", 1, {}, emoji: true # => 2
 ```
 
-### Usage with String Extension
-
-Activated by default. Will be deactivated in version 2.0:
+#### Usage with String Extension
 
 ```ruby
 require 'unicode/display_width/string_ext'
 
-"⚀".display_width #=> 1
-'一'.display_width #=> 2
+"⚀".display_width # => 1
+'一'.display_width # => 2
 ```
 
-You can actively opt-out from the string extension with: `require 'unicode/display_width/no_string_ext'`
+### Modern API: Keyword-arguments Based Config Object
+
+Version 2.0 introduces a keyword-argument based API, which allows you to save your configuration for later-reuse. This requires an extra line of code, but has the advantage that you'll need to define your string-width options only once:
+
+```ruby
+require 'unicode/display_width'
+
+display_width = Unicode::DisplayWidth.new(
+  # ambiguous: 1,
+  overwrite: { "A".ord => 100 },
+  emoji: true,
+)
+
+display_width.of "⚀" # => 1
+display_width.of "🤾🏽‍♀️" # => 2
+display_width.of "A" # => 100
+```
 
 ### Usage From the CLI
 
@@ -113,12 +159,13 @@ Replace "一" with the actual string to measure
 - JavaScript: https://github.com/mycoboco/wcwidth.js
 - C: https://www.cl.cam.ac.uk/~mgk25/ucs/wcwidth.c
 - C for Julia: https://github.com/JuliaLang/utf8proc/issues/2
+- Golang: https://github.com/rivo/uniseg
 
 See [unicode-x](https://github.com/janlelis/unicode-x) for more Unicode related micro libraries.
 
 ## Copyright & Info
 
-- Copyright (c) 2011, 2015-2020 Jan Lelis, https://janlelis.com, released under the MIT
+- Copyright (c) 2011, 2015-2024 Jan Lelis, https://janlelis.com, released under the MIT
 license
 - Early versions based on runpaint's unicode-data interface: Copyright (c) 2009 Run Paint Run Run
 - Unicode data: https://www.unicode.org/copyright.html#Exhibit1

data/bundle/ruby/3.1.0/gems/unicode-display_width-2.6.0/lib/unicode/display_width/constants.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Unicode
+  class DisplayWidth
+    VERSION = "2.6.0"
+    UNICODE_VERSION = "16.0.0"
+    DATA_DIRECTORY = File.expand_path(File.dirname(__FILE__) + "/../../../data/")
+    INDEX_FILENAME = DATA_DIRECTORY + "/display_width.marshal.gz"
+  end
+end

data/bundle/ruby/3.1.0/gems/unicode-display_width-2.6.0/lib/unicode/display_width/index.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require "zlib"
+require_relative "constants"
+
+module Unicode
+  class DisplayWidth
+    File.open(INDEX_FILENAME, "rb") do |file|
+      serialized_data = Zlib::GzipReader.new(file).read
+      serialized_data.force_encoding Encoding::BINARY
+      INDEX = Marshal.load(serialized_data)
+    end
+
+    def self.decompress_index(index, level)
+      index.flat_map{ |value|
+        if level > 0
+          if value.instance_of?(Array)
+            value[15] ||= nil
+            decompress_index(value, level - 1)
+          else
+            decompress_index([value] * 16, level - 1)
+          end
+        else
+          if value.instance_of?(Array)
+            value[15] ||= nil
+            value
+          else
+            [value] * 16
+          end
+        end
+      }
+    end
+  end
+end

data/bundle/ruby/3.1.0/gems/unicode-display_width-2.6.0/lib/unicode/display_width/no_string_ext.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+warn "You are loading 'unicode-display_width/no_string_ext'\n" \
+     "Beginning with version 2.0, this is not necessary anymore\n"\
+     "You can just require 'unicode-display_width' now and no\n"\
+     "string extension will be loaded"
+
+require_relative "../display_width"

data/bundle/ruby/3.1.0/gems/unicode-display_width-2.6.0/lib/unicode/display_width/string_ext.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require_relative "../display_width" unless defined? Unicode::DisplayWidth
+
+class String
+  def display_width(ambiguous = 1, overwrite = {}, options = {})
+    Unicode::DisplayWidth.of(self, ambiguous, overwrite, options)
+  end
+end

data/bundle/ruby/3.1.0/gems/unicode-display_width-2.6.0/lib/unicode/display_width.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+require_relative "display_width/constants"
+require_relative "display_width/index"
+
+module Unicode
+  class DisplayWidth
+    INITIAL_DEPTH = 0x10000
+    ASCII_NON_ZERO_REGEX = /[\0\x05\a\b\n\v\f\r\x0E\x0F]/
+    FIRST_4096 = decompress_index(INDEX[0][0], 1)
+
+    def self.of(string, ambiguous = 1, overwrite = {}, options = {})
+      if overwrite.empty?
+        # Optimization for ASCII-only strings without certain control symbols
+        if string.ascii_only?
+          if string.match?(ASCII_NON_ZERO_REGEX)
+            res = string.gsub(ASCII_NON_ZERO_REGEX, "").size - string.count("\b")
+            res < 0 ? 0 : res
+          else
+            string.size
+          end
+        else
+          width_no_overwrite(string, ambiguous, options)
+        end
+      else
+        width_all_features(string, ambiguous, overwrite, options)
+      end
+    end
+
+    def self.width_no_overwrite(string, ambiguous, options = {})
+      # Sum of all chars widths
+      res = string.codepoints.sum{ |codepoint|
+        if codepoint > 15 && codepoint < 161 # very common
+          next 1
+        elsif codepoint < 0x1001
+          width = FIRST_4096[codepoint]
+        else
+          width = INDEX
+          depth = INITIAL_DEPTH
+          while (width = width[codepoint / depth]).instance_of? Array
+            codepoint %= depth
+            depth /= 16
+          end
+        end
+
+        width == :A ? ambiguous : (width || 1)
+      }
+
+      # Substract emoji error
+      res -= emoji_extra_width_of(string, ambiguous) if options[:emoji]
+
+      # Return result + prevent negative lengths
+      res < 0 ? 0 : res
+    end
+
+    # Same as .width_no_overwrite - but with applying overwrites for each char
+    def self.width_all_features(string, ambiguous, overwrite, options)
+      # Sum of all chars widths
+      res = string.codepoints.sum{ |codepoint|
+        next overwrite[codepoint] if overwrite[codepoint]
+
+        if codepoint > 15 && codepoint < 161 # very common
+          next 1
+        elsif codepoint < 0x1001
+          width = FIRST_4096[codepoint]
+        else
+          width = INDEX
+          depth = INITIAL_DEPTH
+          while (width = width[codepoint / depth]).instance_of? Array
+            codepoint %= depth
+            depth /= 16
+          end
+        end
+
+        width == :A ? ambiguous : (width || 1)
+      }
+
+      # Substract emoji error
+      res -= emoji_extra_width_of(string, ambiguous, overwrite) if options[:emoji]
+
+      # Return result + prevent negative lengths
+      res < 0 ? 0 : res
+    end
+
+
+    def self.emoji_extra_width_of(string, ambiguous = 1, overwrite = {}, _ = {})
+      require "unicode/emoji"
+
+      extra_width = 0
+      modifier_regex = /[#{ Unicode::Emoji::EMOJI_MODIFIERS.pack("U*") }]/
+      zwj_regex = /(?<=#{ [Unicode::Emoji::ZWJ].pack("U") })./
+
+      string.scan(Unicode::Emoji::REGEX){ |emoji|
+        extra_width += 2 * emoji.scan(modifier_regex).size
+
+        emoji.scan(zwj_regex){ |zwj_succ|
+          extra_width += self.of(zwj_succ, ambiguous, overwrite)
+        }
+      }
+
+      extra_width
+    end
+
+    def initialize(ambiguous: 1, overwrite: {}, emoji: false)
+      @ambiguous = ambiguous
+      @overwrite = overwrite
+      @emoji     = emoji
+    end
+
+    def get_config(**kwargs)
+      [
+        kwargs[:ambiguous] || @ambiguous,
+        kwargs[:overwrite] || @overwrite,
+        { emoji: kwargs[:emoji] || @emoji },
+      ]
+    end
+
+    def of(string, **kwargs)
+      self.class.of(string, *get_config(**kwargs))
+    end
+  end
+end
+

data/lib/brakeman/app_tree.rb

@@ -22,6 +22,8 @@ module Brakeman
       init_options[:additional_libs_path] = options[:additional_libs_path]
       init_options[:engine_paths] = options[:engine_paths]
       init_options[:skip_vendor] = options[:skip_vendor]
+      init_options[:follow_symlinks] = options[:follow_symlinks]
+
       new(root, init_options)
     end
 
@@ -64,6 +66,7 @@ module Brakeman
       @absolute_engine_paths = @engine_paths.select { |path| path.start_with?(File::SEPARATOR) }
       @relative_engine_paths = @engine_paths - @absolute_engine_paths
       @skip_vendor = init_options[:skip_vendor]
+      @follow_symlinks = init_options[:follow_symlinks]
       @gemspec = nil
       @root_search_pattern = nil
     end
@@ -161,21 +164,26 @@ module Brakeman
     end
 
     def glob_files(directory, name, extensions = ".rb")
-      root_directory = "#{root_search_pattern}#{directory}"
-      patterns = ["#{root_directory}/**/#{name}#{extensions}"]
-
-      Dir.glob("#{root_directory}/**/*", File::FNM_DOTMATCH).each do |path|
-        if File.symlink?(path) && File.directory?(path)
-          symlink_target = File.readlink(path)
-          if Pathname.new(symlink_target).relative?
-            symlink_target = File.join(File.dirname(path), symlink_target)
+      if @follow_symlinks
+        root_directory = "#{root_search_pattern}#{directory}"
+        patterns = ["#{root_directory}/**/#{name}#{extensions}"]
+
+        Dir.glob("#{root_directory}/**/*", File::FNM_DOTMATCH).each do |path|
+          if File.symlink?(path) && File.directory?(path)
+            symlink_target = File.readlink(path)
+            if Pathname.new(symlink_target).relative?
+              symlink_target = File.join(File.dirname(path), symlink_target)
+            end
+            patterns << "#{search_pattern(symlink_target)}/**/#{name}#{extensions}"
           end
-          patterns << "#{search_pattern(symlink_target)}/**/#{name}#{extensions}"
         end
-      end
 
-      files = patterns.flat_map { |pattern| Dir.glob(pattern) }
-      files.uniq
+        files = patterns.flat_map { |pattern| Dir.glob(pattern) }
+        files.uniq
+      else
+        pattern = "#{root_search_pattern}#{directory}/**/#{name}#{extensions}"
+        Dir.glob(pattern)
+      end
     end
 
     def select_files(paths)
@@ -201,15 +209,14 @@ module Brakeman
       end
     end
 
-    EXCLUDED_PATHS = %w[
-      /generators/
+    EXCLUDED_PATHS = regex_for_paths %w[
+      generators/
       lib/tasks/
       lib/templates/
       db/
       spec/
       test/
       tmp/
-      log/
     ]
 
     def reject_global_excludes(paths)
@@ -219,9 +226,7 @@ module Brakeman
         if @skip_vendor and relative_path.include? 'vendor/' and !in_engine_paths?(path) and !in_add_libs_paths?(path)
           true
         else
-          EXCLUDED_PATHS.any? do |excluded|
-            relative_path.include? excluded
-          end
+          match_path EXCLUDED_PATHS, path
         end
       end
     end

data/lib/brakeman/checks/check_deserialize.rb

@@ -76,10 +76,13 @@ class Brakeman::CheckDeserialize < Brakeman::BaseCheck
       confidence = :high
     elsif input = include_user_input?(arg)
       confidence = :medium
+    elsif target == :Marshal
+      confidence = :low
+      message = msg("Use of ", msg_code("#{target}.#{method}"), " may be dangerous")
     end
 
     if confidence
-      message = msg(msg_code("#{target}.#{method}"), " called with ", msg_input(input))
+      message ||= msg(msg_code("#{target}.#{method}"), " called with ", msg_input(input))
 
       warn :result => result,
         :warning_type => "Remote Code Execution",

data/lib/brakeman/checks/check_evaluation.rb

@@ -23,13 +23,31 @@ class Brakeman::CheckEvaluation < Brakeman::BaseCheck
     return unless original? result
 
     if input = include_user_input?(result[:call].arglist)
+      confidence = :high
+      message = msg(msg_input(input), " evaluated as code")
+    elsif string_evaluation? result[:call].first_arg
+      confidence = :low
+      message = "Dynamic string evaluated as code"
+    elsif safe_literal? result[:call].first_arg
+      # don't warn
+    elsif result[:call].method == :eval
+      confidence = :low
+      message = "Dynamic code evaluation"
+    end
+
+    if confidence
       warn :result => result,
         :warning_type => "Dangerous Eval",
         :warning_code => :code_eval,
-        :message => "User input in eval",
+        :message => message,
         :user_input => input,
-        :confidence => :high,
+        :confidence => confidence,
         :cwe_id => [913, 95]
     end
   end
+
+  def string_evaluation? exp
+    string_interp? exp or
+      (call? exp and string? exp.target)
+  end
 end

data/lib/brakeman/checks/check_model_attr_accessible.rb

@@ -33,6 +33,7 @@ class Brakeman::CheckModelAttrAccessible < Brakeman::BaseCheck
               :confidence => confidence,
               :code => Sexp.new(:lit, attribute),
               :cwe_id => [915]
+
             break # Prevent from matching single attr multiple times
           end
         end

data/lib/brakeman/file_parser.rb

@@ -13,8 +13,9 @@ module Brakeman
       if @use_prism
         begin
           require 'prism'
+          Brakeman.debug '[Notice] Using Prism parser'
         rescue LoadError => e
-          Brakeman.debug "Asked to use Prism, but failed to load: #{e}"
+          Brakeman.debug "[Notice] Asked to use Prism, but failed to load: #{e}"
           @use_prism = false
         end
       end

data/lib/brakeman/options.rb

@@ -161,14 +161,13 @@ module Brakeman::Options
 
         opts.on "--[no-]prism", "Use the Prism parser" do |use_prism|
           if use_prism
-            prism_version = '0.30'
+            min_prism_version = '1.0.0'
 
             begin
-              # Specifying minimum version here,
-              # since it can't be in the gem dependency list because it is optional
-              gem 'prism', "~>#{prism_version}"
+              gem 'prism', ">=#{min_prism_version}"
+              require 'prism'
             rescue Gem::MissingSpecVersionError, Gem::MissingSpecError, Gem::LoadError => e
-              $stderr.puts "Please install `prism` version #{prism_version} or newer:"
+              $stderr.puts "Please install `prism` version #{min_prism_version} or newer:"
               raise e
             end
           end
@@ -223,6 +222,10 @@ module Brakeman::Options
           options[:engine_paths].merge paths
         end
 
+        opts.on '--[no-]follow-symlinks', 'Follow symbolic links for directions' do |follow_symlinks|
+          options[:follow_symlinks] = follow_symlinks
+        end
+
         opts.on "-E", "--enable Check1,Check2,etc", Array, "Enable the specified checks" do |checks|
           checks.map! do |check|
             if check.start_with? "Check"

data/lib/brakeman/processors/alias_processor.rb

@@ -97,6 +97,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
   end
 
   def process_bracket_call exp
+    # TODO: What is even happening in this method?
     r = replace(exp)
 
     if r != exp
@@ -127,7 +128,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
         return r
       end
     else
-      t = nil
+      t = exp.target # put it back?
     end
 
     if hash? t
@@ -242,6 +243,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
         exp = math_op(method, target, first_arg, exp)
       end
     when :[]
+      # TODO: This might never be used because of process_bracket_call above
       if array? target
         exp = process_array_access(target, exp.args, exp)
       elsif hash? target
@@ -666,7 +668,9 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     end
 
     unless array? exp[1] and array? exp[2]
-      return process_default(exp)
+      # Already processed RHS, don't do it again
+      # https://github.com/presidentbeef/brakeman/issues/1877
+      return exp
     end
 
     vars = exp[1].dup

data/lib/brakeman/processors/lib/file_type_detector.rb

@@ -13,7 +13,7 @@ module Brakeman
         @file_type = guess_from_path(file.path.relative)
       end
 
-      @file_type || :libs
+      @file_type || :lib
     end
 
     MODEL_CLASSES = [
@@ -26,10 +26,10 @@ module Brakeman
       parent = class_name(exp.parent_name)
 
       if name.match(/Controller$/)
-        @file_type = :controllers
+        @file_type = :controller
         return exp
       elsif MODEL_CLASSES.include? parent
-        @file_type = :models
+        @file_type = :model
         return exp
       end
 
@@ -39,19 +39,21 @@ module Brakeman
     def guess_from_path path
       case
       when path.include?('app/models')
-        :models
+        :model
       when path.include?('app/controllers')
-        :controllers
+        :controller
       when path.include?('config/initializers')
-        :initializers
+        :initializer
       when path.include?('lib/')
-        :libs
+        :lib
       when path.match?(%r{config/environments/(?!production\.rb)$})
         :skip
       when path.match?(%r{environments/production\.rb$})
         :skip
       when path.match?(%r{application\.rb$})
         :skip
+      when path.match?(%r{config/routes\.rb$})
+        :skip
       end
     end
 

data/lib/brakeman/report/ignore/config.rb

@@ -130,7 +130,6 @@ module Brakeman
 
       output = {
         :ignored_warnings => warnings,
-        :updated => Time.now.to_s,
         :brakeman_version => Brakeman::Version
       }