RubyGems - brakeman - Versions diffs - 7.1.2 → 8.0.0 - Mend

brakeman 7.1.2 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/creole.rb DELETED Viewed

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'creole'
-warn 'tilt/creole is deprecated, as creole requires modifying string literals', uplevel: 1
-allowed_opts = [:allowed_schemes, :extensions, :no_escape].freeze
-# Creole implementation. See: http://www.wikicreole.org/
-Tilt::CreoleTemplate = Tilt::StaticTemplate.subclass do
-  opts = {}
-  allowed_opts.each do |k|
-    opts[k] = @options[k] if @options[k]
-  end
-  Creole::Parser.new(@data, opts).to_html
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/csv.rb DELETED Viewed

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'csv'
-module Tilt
-  # CSV Template implementation. See:
-  # http://ruby-doc.org/stdlib/libdoc/csv/rdoc/CSV.html
-  #
-  # == Example
-  #
-  #    # Example of csv template
-  #    tpl = <<-EOS
-  #      # header
-  #      csv << ['NAME', 'ID']
-  #
-  #      # data rows
-  #      @people.each do |person|
-  #        csv << [person[:name], person[:id]]
-  #      end
-  #    EOS
-  #
-  #    @people = [
-  #      {:name => "Joshua Peek", :id => 1},
-  #      {:name => "Ryan Tomayko", :id => 2},
-  #      {:name => "Simone Carletti", :id => 3}
-  #    ]
-  #
-  #    template = Tilt::CSVTemplate.new { tpl }
-  #    template.render(self)
-  #
-  class CSVTemplate < Template
-    self.default_mime_type = 'text/csv'
-    def prepare
-      @outvar = @options.delete(:outvar) || '_csvout'
-    end
-    def precompiled_template(locals)
-      <<-RUBY
-        #{@outvar} = CSV.generate(**#{@options}) do |csv|
-          #{@data}
-        end
-      RUBY
-    end
-    def precompiled(locals)
-      source, offset = super
-      [source, offset + 1]
-    end
-  end
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/erb.rb DELETED Viewed

@@ -1,65 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'erb'
-module Tilt
-  # ERB template implementation. See:
-  # http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/classes/ERB.html
-  class ERBTemplate < Template
-    SUPPORTS_KVARGS = ::ERB.instance_method(:initialize).parameters.assoc(:key) rescue false
-    def prepare
-      @freeze_string_literals = !!@options[:freeze]
-      @outvar = @options[:outvar] || '_erbout'
-      trim = case @options[:trim]
-      when false
-        nil
-      when nil, true
-        '<>'
-      else
-        @options[:trim]
-      end
-      @engine = if SUPPORTS_KVARGS
-        ::ERB.new(@data, trim_mode: trim, eoutvar: @outvar)
-      # :nocov:
-      else
-        ::ERB.new(@data, options[:safe], trim, @outvar)
-      # :nocov:
-      end
-    end
-    def precompiled_template(locals)
-      source = @engine.src
-      source
-    end
-    def precompiled_preamble(locals)
-      <<-RUBY
-        begin
-          __original_outvar = #{@outvar} if defined?(#{@outvar})
-          #{super}
-      RUBY
-    end
-    def precompiled_postamble(locals)
-      <<-RUBY
-          #{super}
-        ensure
-          #{@outvar} = __original_outvar
-        end
-      RUBY
-    end
-    # ERB generates a line to specify the character coding of the generated
-    # source in 1.9. Account for this in the line offset.
-    def precompiled(locals)
-      source, offset = super
-      [source, offset + 1]
-    end
-    def freeze_string_literals?
-      @freeze_string_literals
-    end
-  end
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/kramdown.rb DELETED Viewed

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'kramdown'
-dumb_quotes = [39, 39, 34, 34].freeze
-# Kramdown Markdown implementation. See: https://kramdown.gettalong.org/
-Tilt::KramdownTemplate = Tilt::StaticTemplate.subclass do
-  # dup as Krawmdown modifies the passed option with map!
-  @options[:smart_quotes] = dumb_quotes.dup unless @options[:smartypants]
-  Kramdown::Document.new(@data, @options).to_html
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/liquid.rb DELETED Viewed

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'liquid'
-module Tilt
-  # Liquid template implementation. See:
-  # http://liquidmarkup.org/
-  #
-  # Liquid is designed to be a *safe* template system and therefore
-  # does not provide direct access to execuatable scopes. In order to
-  # support a +scope+, the +scope+ must be able to represent itself
-  # as a hash by responding to #to_h. If the +scope+ does not respond
-  # to #to_h it will be ignored.
-  #
-  # LiquidTemplate does not support yield blocks.
-  class LiquidTemplate < Template
-    def prepare
-      @options[:line_numbers] = true unless @options.has_key?(:line_numbers)
-      @engine = ::Liquid::Template.parse(@data, @options)
-    end
-    def evaluate(scope, locs)
-      locals = {}
-      if scope.respond_to?(:to_h)
-        scope.to_h.each{|k, v| locals[k.to_s] = v}
-      end
-      locs.each{|k, v| locals[k.to_s] = v}
-      locals['yield'] = block_given? ? yield : ''
-      locals['content'] = locals['yield']
-      @engine.render(locals)
-    end
-    def allows_script?
-      false
-    end
-  end
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/pandoc.rb DELETED Viewed

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'pandoc-ruby'
-# Pandoc markdown implementation. See: http://pandoc.org/
-Tilt::PandocTemplate = Tilt::StaticTemplate.subclass do
-  # turn options hash into an array
-  # Map tilt options to pandoc options
-  # Replace hash keys with value true with symbol for key
-  # Remove hash keys with value false
-  # Leave other hash keys untouched
-  pandoc_options = []
-  from = "markdown"
-  smart_extension = "-smart"
-  @options.each do |k,v|
-    case k
-    when :smartypants
-      smart_extension = "+smart" if v
-    when :escape_html
-      from = "markdown-raw_html" if v
-    when :commonmark
-      from = "commonmark" if v
-    when :markdown_strict
-      from = "markdown_strict" if v
-    else
-      case v
-      when true
-        pandoc_options << k
-      when false
-        # do nothing
-      else
-        pandoc_options << { k => v }
-      end
-    end
-  end
-  pandoc_options << { :f => from + smart_extension }
-  PandocRuby.new(@data, *pandoc_options).to_html.strip
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/radius.rb DELETED Viewed

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'radius'
-module Tilt
-  # Radius Template
-  # http://github.com/jlong/radius/
-  class RadiusTemplate < Template
-    class ContextClass < Radius::Context
-      attr_accessor :tilt_scope
-      def tag_missing(name, attributes)
-        tilt_scope.__send__(name)
-      end
-      def dup
-        i = super
-        i.tilt_scope = tilt_scope
-        i
-      end
-    end
-    def evaluate(scope, locals, &block)
-      context = ContextClass.new
-      context.tilt_scope = scope
-      context.define_tag("yield", &block) if block
-      locals.each do |tag, value|
-        context.define_tag(tag) do
-          value
-        end
-      end
-      @options[:tag_prefix] = 'r' unless @options.has_key?(:tag_prefix)
-      Radius::Parser.new(context, @options).parse(@data)
-    end
-    def allows_script?
-      false
-    end
-  end
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/rdiscount.rb DELETED Viewed

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'rdiscount'
-aliases = {
-  :escape_html => :filter_html,
-  :smartypants => :smart
-}.freeze
-_flags = [:smart, :filter_html, :smartypants, :escape_html].freeze
-# Discount Markdown implementation. See:
-# http://github.com/rtomayko/rdiscount
-#
-# RDiscount is a simple text filter. It does not support +scope+ or
-# +locals+. The +:smart+ and +:filter_html+ options may be set true
-# to enable those flags on the underlying RDiscount object.
-Tilt::RDiscountTemplate = Tilt::StaticTemplate.subclass do
-  flags = _flags.select { |flag| @options[flag] }.
-    map! { |flag| aliases[flag] || flag }
-  RDiscount.new(@data, *flags).to_html
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/rdoc.rb DELETED Viewed

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'rdoc'
-require 'rdoc/markup'
-require 'rdoc/markup/to_html'
-require 'rdoc/options'
-# RDoc template. See: https://github.com/ruby/rdoc
-Tilt::RDocTemplate = Tilt::StaticTemplate.subclass do
-  RDoc::Markup::ToHtml.new(RDoc::Options.new, nil).convert(@data).to_s
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/redcarpet.rb DELETED Viewed

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'redcarpet'
-aliases = {:escape_html => :filter_html, :smartypants => :smart}.freeze
-Tilt::RedcarpetTemplate = Tilt::StaticTemplate.subclass do
-  aliases.each do |opt, aka|
-    if options.key?(aka) || !@options.key?(opt)
-      @options[opt] = @options.delete(aka)
-    end
-  end
-  # only raise an exception if someone is trying to enable :escape_html
-  @options.delete(:escape_html) unless @options[:escape_html]
-  renderer = @options.delete(:renderer) || ::Redcarpet::Render::HTML.new(@options)
-  if options.delete(:smartypants) && !(renderer.is_a?(Class) && renderer <= ::Redcarpet::Render::SmartyPants)
-    renderer = if renderer == ::Redcarpet::Render::XHTML
-      ::Redcarpet::Render::SmartyHTML.new(:xhtml => true)
-    elsif renderer == ::Redcarpet::Render::HTML
-      ::Redcarpet::Render::SmartyHTML
-    elsif renderer.is_a? Class
-      Class.new(renderer) { include ::Redcarpet::Render::SmartyPants }
-    else
-      renderer.extend ::Redcarpet::Render::SmartyPants
-    end
-  end
-  Redcarpet::Markdown.new(renderer, @options).render(@data)
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/redcloth.rb DELETED Viewed

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'redcloth'
-# RedCloth implementation. See: https://github.com/jgarber/redcloth
-Tilt::RedClothTemplate = Tilt::StaticTemplate.subclass do
-  engine = RedCloth.new(@data)
-  @options.each  do |k, v|
-    m = :"#{k}="
-    engine.send(m, v) if engine.respond_to? m
-  end
-  engine.to_html
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/rst-pandoc.rb DELETED Viewed

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require_relative 'pandoc'
-rst = {:f => "rst"}.freeze
-# Pandoc reStructuredText implementation. See: # http://pandoc.org/
-Tilt::RstPandocTemplate = Tilt::StaticTemplate.subclass do
-  PandocRuby.new(@data, rst).to_html.strip
-end

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/slim.rb DELETED Viewed

@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'slim'
-Tilt::SlimTemplate = Slim::Template

data/bundle/ruby/3.2.0/gems/tilt-2.6.1/lib/tilt/yajl.rb DELETED Viewed

@@ -1,81 +0,0 @@
-# frozen_string_literal: true
-require_relative 'template'
-require 'yajl'
-module Tilt
-  # Yajl Template implementation
-  #
-  # Yajl is a fast JSON parsing and encoding library for Ruby
-  # See https://github.com/brianmario/yajl-ruby
-  #
-  # The template source is evaluated as a Ruby string,
-  # and the result is converted #to_json.
-  #
-  # == Example
-  #
-  #    # This is a template example.
-  #    # The template can contain any Ruby statement.
-  #    tpl <<-EOS
-  #      @counter = 0
-  #
-  #      # The json variable represents the buffer
-  #      # and holds the data to be serialized into json.
-  #      # It defaults to an empty hash, but you can override it at any time.
-  #      json = {
-  #        :"user#{@counter += 1}" => { :name => "Joshua Peek", :id => @counter },
-  #        :"user#{@counter += 1}" => { :name => "Ryan Tomayko", :id => @counter },
-  #        :"user#{@counter += 1}" => { :name => "Simone Carletti", :id => @counter },
-  #      }
-  #
-  #      # Since the json variable is a Hash,
-  #      # you can use conditional statements or any other Ruby statement
-  #      # to populate it.
-  #      json[:"user#{@counter += 1}"] = { :name => "Unknown" } if 1 == 2
-  #
-  #      # The last line doesn't affect the returned value.
-  #      nil
-  #    EOS
-  #
-  #    template = Tilt::YajlTemplate.new { tpl }
-  #    template.render(self)
-  #
-  class YajlTemplate < Template
-    self.default_mime_type = 'application/json'
-    def evaluate(scope, locals, &block)
-      decorate(super)
-    end
-    def precompiled_preamble(locals)
-      return super if locals.include? :json
-      "json = {}\n#{super}"
-    end
-    def precompiled_postamble(locals)
-      "Yajl::Encoder.new.encode(json)"
-    end
-    def precompiled_template(locals)
-      @data.to_str
-    end
-    # Decorates the +json+ input according to given +options+.
-    #
-    # json    - The json String to decorate.
-    # options - The option Hash to customize the behavior.
-    #
-    # Returns the decorated String.
-    def decorate(json)
-      callback, variable = @options[:callback], @options[:variable]
-      if callback && variable
-        "var #{variable} = #{json}; #{callback}(#{variable});"
-      elsif variable
-        "var #{variable} = #{json};"
-      elsif callback
-        "#{callback}(#{json});"
-      else
-        json
-      end
-    end
-  end
-end

data/lib/brakeman/parsers/erubis_patch.rb DELETED Viewed

@@ -1,11 +0,0 @@
-module Brakeman::ErubisPatch
-  # Simple patch to make `erubis` compatible with frozen string literals
-  def convert(input)
-    codebuf = +"" # Modified line, the rest is identitical
-    @preamble.nil? ? add_preamble(codebuf) : (@preamble && (codebuf << @preamble))
-    convert_input(codebuf, input)
-    @postamble.nil? ? add_postamble(codebuf) : (@postamble && (codebuf << @postamble))
-    @_proc = nil    # clear cached proc object
-    return codebuf  # or codebuf.join()
-  end
-end

data/lib/brakeman/parsers/rails2_erubis.rb DELETED Viewed

@@ -1,9 +0,0 @@
-Brakeman.load_brakeman_dependency 'erubis'
-require 'brakeman/parsers/erubis_patch'
-#Erubis processor which ignores any output which is plain text.
-class Brakeman::ScannerErubis < Erubis::Eruby
-  include Erubis::NoTextEnhancer
-  include Brakeman::ErubisPatch
-end

data/lib/brakeman/parsers/rails2_xss_plugin_erubis.rb DELETED Viewed

@@ -1,52 +0,0 @@
-Brakeman.load_brakeman_dependency 'erubis'
-require 'brakeman/parsers/erubis_patch'
-#This is from the rails_xss plugin for Rails 2
-class Brakeman::Rails2XSSPluginErubis < ::Erubis::Eruby
-  include Brakeman::ErubisPatch
-  def add_preamble(src)
-    #src << "@output_buffer = ActiveSupport::SafeBuffer.new;"
-  end
-  #This is different from rails_xss - fixes some line number issues
-  def add_text(src, text)
-    if text == "\n"
-      src << "\n"
-    elsif text.include? "\n"
-      lines = text.split("\n")
-      if text.match(/\n\z/)
-        lines.each do |line|
-          src << "@output_buffer.safe_concat('" << escape_text(line) << "');\n"
-        end
-      else
-        lines[0..-2].each do |line|
-          src << "@output_buffer.safe_concat('" << escape_text(line) << "');\n"
-        end
-        src << "@output_buffer.safe_concat('" << escape_text(lines.last) << "');"
-      end
-    else
-      src << "@output_buffer.safe_concat('" << escape_text(text) << "');"
-    end
-  end
-  BLOCK_EXPR = /\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/
-  def add_expr_literal(src, code)
-    if code =~ BLOCK_EXPR
-      src << "@output_buffer.safe_concat((" << $1 << ").to_s);"
-    else
-      src << '@output_buffer << ((' << code << ').to_s);'
-    end
-  end
-  def add_expr_escaped(src, code)
-    src << '@output_buffer << ' << escaped_expr(code) << ';'
-  end
-  def add_postamble(src)
-    #src << '@output_buffer.to_s'
-  end
-end

data/lib/brakeman/parsers/rails3_erubis.rb DELETED Viewed

@@ -1,85 +0,0 @@
-Brakeman.load_brakeman_dependency 'erubis'
-require 'brakeman/parsers/erubis_patch'
-# This is from Rails 5 version of the Erubis handler
-# https://github.com/rails/rails/blob/ec608107801b1e505db03ba76bae4a326a5804ca/actionview/lib/action_view/template/handlers/erb.rb#L7-L73
-class Brakeman::Rails3Erubis < ::Erubis::Eruby
-  include Brakeman::ErubisPatch
-  def add_preamble(src)
-    @newline_pending = 0
-    src << "_this_is_to_make_yields_syntactally_correct {"
-    src << "@output_buffer = output_buffer || ActionView::OutputBuffer.new;"
-  end
-  def add_text(src, text)
-    return if text.empty?
-    if text == "\n"
-      @newline_pending += 1
-    else
-      src << "@output_buffer.safe_append='"
-      src << "\n" * @newline_pending if @newline_pending > 0
-      src << escape_text(text)
-      src << "'.freeze;"
-      @newline_pending = 0
-    end
-  end
-  # Erubis toggles <%= and <%== behavior when escaping is enabled.
-  # We override to always treat <%== as escaped.
-  def add_expr(src, code, indicator)
-    case indicator
-    when '=='
-      add_expr_escaped(src, code)
-    else
-      super
-    end
-  end
-  BLOCK_EXPR = /\s*((\s+|\))do|\{)(\s*\|[^|]*\|)?\s*\Z/
-  def add_expr_literal(src, code)
-    flush_newline_if_pending(src)
-    if code =~ BLOCK_EXPR
-      src << '@output_buffer.append= ' << code
-    else
-      src << '@output_buffer.append=(' << code << ');'
-    end
-  end
-  def add_expr_escaped(src, code)
-    flush_newline_if_pending(src)
-    if code =~ BLOCK_EXPR
-      src << "@output_buffer.safe_expr_append= " << code
-    else
-      src << "@output_buffer.safe_expr_append=(" << code << ");"
-    end
-  end
-  def add_stmt(src, code)
-    flush_newline_if_pending(src)
-    super
-  end
-  def add_postamble(src)
-    flush_newline_if_pending(src)
-    src << '@output_buffer.to_s; }'
-  end
-  def flush_newline_if_pending(src)
-    if @newline_pending > 0
-      src << "@output_buffer.safe_append='#{"\n" * @newline_pending}'.freeze;"
-      @newline_pending = 0
-    end
-  end
-  # This is borrowed from graphql's erb plugin:
-  # https://github.com/github/graphql-client/blob/51e76bd8d8b2ac0021d8fef7468b9a294e4bd6e8/lib/graphql/client/erubis.rb#L33-L38
-  def convert_input(src, input)
-    input = input.gsub(/<%graphql/, "<%#")
-    super(src, input)
-  end
-end

/data/bundle/ruby/3.2.0/gems/{tilt-2.6.1 → tilt-2.7.0}/COPYING RENAMED Viewed

File without changes

/data/bundle/ruby/3.2.0/gems/{tilt-2.6.1 → tilt-2.7.0}/lib/tilt/_emacs_org.rb RENAMED Viewed

File without changes

/data/bundle/ruby/3.2.0/gems/{tilt-2.6.1 → tilt-2.7.0}/lib/tilt/_handlebars.rb RENAMED Viewed

File without changes

/data/bundle/ruby/3.2.0/gems/{tilt-2.6.1 → tilt-2.7.0}/lib/tilt/_jbuilder.rb RENAMED Viewed

File without changes

/data/bundle/ruby/3.2.0/gems/{tilt-2.6.1 → tilt-2.7.0}/lib/tilt/_org.rb RENAMED Viewed

File without changes

/data/bundle/ruby/3.2.0/gems/{tilt-2.6.1 → tilt-2.7.0}/lib/tilt/cli.rb RENAMED Viewed

File without changes