brakeman 2.4.1 → 2.4.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fa10d1e40ad21da6e7335bf11387cf68af65f9bf
+  data.tar.gz: 8a7d730a72e848072e145c779bc48054d1dbefce
+SHA512:
+  metadata.gz: fdcb48dfaec2e78d0b4fea0a4fa0816ec2036c66c6fa89f3c0b1436f492249ee35851ead8ccaab4db5427360be2aaafc26a6508e951ce2572ddf0abd6ef45b93
+  data.tar.gz: 3ce802f6bcd0111c00ea4f6d3ad64213068b7cd09a1aa3f565413e68d535a4b47d87c69334d14aaf68183f197fe69c42a53afc03a3c4ead0e452f544925bb18b

data/CHANGES

@@ -1,3 +1,12 @@
+# 2.4.2
+
+ * Remove `rescue Exception`
+ * Fix duplicate warnings about sanitize CVE
+ * Reuse duplicate call location information
+ * Only track original template output locations
+ * Skip identically rendered templates
+ * Fix HAML template processing
+
 # 2.4.1
 
  * Add check for CVE-2014-0082

data/lib/brakeman/checks.rb

@@ -100,7 +100,7 @@ class Brakeman::Checks
 
         begin
           check.run_check
-        rescue Exception => e
+        rescue => e
           tracker.error e
         end
 
@@ -138,7 +138,7 @@ class Brakeman::Checks
 
           begin
             check.run_check
-          rescue Exception => e
+          rescue => e
             error_mutex.synchronize do
               tracker.error e
             end

data/lib/brakeman/checks/check_sanitize_methods.rb

@@ -35,6 +35,9 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
 
   def check_for_cve method, code, link
     tracker.find_call(:target => false, :method => method).each do |result|
+      next if duplicate? result
+      add_result result
+
       message = "Rails #{tracker.config[:rails_version]} has a vulnerability in #{method}: upgrade to #{@fix_version} or patch"
 
       if include_user_input? result[:call]

data/lib/brakeman/processors/alias_processor.rb

@@ -58,7 +58,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
           e
         end
       end
-    rescue Exception => err
+    rescue => err
       @tracker.error err if @tracker
     end
 

data/lib/brakeman/processors/erb_template_processor.rb

@@ -20,7 +20,7 @@ class Brakeman::ErbTemplateProcessor < Brakeman::TemplateProcessor
         @inside_concat = false
 
         if exp.second_arg
-          raise Exception.new("Did not expect more than a single argument to _erbout.concat")
+          raise "Did not expect more than a single argument to _erbout.concat"
         end
 
         arg = exp.first_arg

data/lib/brakeman/processors/haml_template_processor.rb

@@ -3,6 +3,7 @@ require 'brakeman/processors/template_processor'
 #Processes HAML templates.
 class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
   HAML_FORMAT_METHOD = /format_script_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)/
+  HAML_HELPERS = s(:colon2, s(:const, :Haml), :Helpers)
   
   #Processes call, looking for template output
   def process_call exp
@@ -29,7 +30,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
                 out = exp.first_arg = process(arg)
                 @inside_concat = false
               else
-                raise Exception.new("Empty _hamlout.#{method}()?")
+                raise "Empty _hamlout.#{method}()?"
               end
 
               if string? out
@@ -37,9 +38,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
               else
                 case method.to_s
                 when "push_text"
-                  s = Sexp.new(:output, out)
-                  @current_template[:outputs] << s
-                  s
+                  build_output_from_push_text(out)
                 when HAML_FORMAT_METHOD
                   if $4 == "true"
                     Sexp.new :format_escaped, out
@@ -47,7 +46,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
                     Sexp.new :format, out
                   end
                 else
-                  raise Exception.new("Unrecognized action on _hamlout: #{method}")
+                  raise "Unrecognized action on _hamlout: #{method}"
                 end
               end
 
@@ -117,4 +116,52 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
     exp.target.value == :_hamlout and
     exp.method == :buffer
   end
+
+  #HAML likes to put interpolated values into _hamlout.push_text
+  #but we want to handle those individually
+  def build_output_from_push_text exp
+    if node_type? exp, :string_interp, :dstr
+      exp.map! do |e|
+        if sexp? e
+          if node_type? e, :string_eval, :evstr
+            e = e.value
+          end
+
+          get_pushed_value e
+        else
+          e
+        end
+      end
+    end
+  end
+
+  #Gets outputs from values interpolated into _hamlout.push_text
+  def get_pushed_value exp
+    return exp unless sexp? exp
+    
+    case exp.node_type
+    when :format
+      exp.node_type = :output
+      @current_template[:outputs] << exp
+      exp
+    when :format_escaped
+      exp.node_type = :escaped_output
+      @current_template[:outputs] << exp
+      exp
+    when :str, :ignore, :output, :escaped_output
+      exp
+    when :block, :rlist, :string_interp, :dstr
+      exp.map! { |e| get_pushed_value e }
+    else
+      if call? exp and exp.target == HAML_HELPERS and exp.method == :html_escape
+        s = Sexp.new(:escaped_output, exp.first_arg)
+      else
+        s = Sexp.new(:output, exp)
+      end
+
+      s.line(exp.line)
+      @current_template[:outputs] << s
+      s
+    end
+  end
 end

data/lib/brakeman/processors/lib/find_all_calls.rb

@@ -9,6 +9,7 @@ class Brakeman::FindAllCalls < Brakeman::BaseProcessor
     @current_method = nil
     @in_target = false
     @calls = []
+    @cache = {}
   end
 
   #Process the given source. Provide either class and method being searched
@@ -145,11 +146,18 @@ class Brakeman::FindAllCalls < Brakeman::BaseProcessor
 
   def make_location
     if @current_template
-      { :type => :template,
+      key = [@current_template, @current_file]
+      cached = @cache[key]
+      return cached if cached
+
+      @cache[key] = { :type => :template,
         :template => @current_template,
         :file => @current_file }
     else
-      { :type => :class,
+      key = [@current_class, @current_method, @current_file]
+      cached = @cache[key]
+      return cached if cached
+      @cache[key] = { :type => :class,
         :class => @current_class,
         :method => @current_method,
         :file => @current_file }

data/lib/brakeman/processors/lib/render_helper.rb

@@ -129,6 +129,14 @@ module Brakeman::RenderHelper
       #TODO: Add in :locals => { ... } to environment
       src = Brakeman::TemplateAliasProcessor.new(@tracker, template, called_from).process_safely(template[:src], template_env)
 
+      digest = Digest::SHA1.new.update(name + src.to_s).to_s.to_sym
+
+      if @tracker.template_cache.include? digest
+        return
+      else
+        @tracker.template_cache << digest
+      end
+
       #Run alias-processed src through the template processor to pull out
       #information and outputs.
       #This information will be stored in tracker.templates, but with a name

data/lib/brakeman/processors/output_processor.rb

@@ -18,7 +18,7 @@ class Brakeman::OutputProcessor < Ruby2Ruby
   def process exp
     begin
       super exp if sexp? exp and not exp.empty?
-    rescue Exception => e
+    rescue => e
       Brakeman.debug "While formatting #{exp}: #{e}\n#{e.backtrace.join("\n")}"
     end
   end

data/lib/brakeman/processors/template_processor.rb

@@ -26,7 +26,7 @@ class Brakeman::TemplateProcessor < Brakeman::BaseProcessor
   def process exp
     begin
       super
-    rescue Exception => e
+    rescue => e
       except = e.exception("Error when processing #{@current_template[:name]}: #{e.message}")
       except.set_backtrace(e.backtrace)
       raise except
@@ -48,7 +48,7 @@ class Brakeman::TemplateProcessor < Brakeman::BaseProcessor
   #Adds output to the list of outputs.
   def process_output exp
     exp.value = process exp.value
-    @current_template[:outputs] << exp
+    @current_template[:outputs] << exp unless exp.original_line
     exp
   end
 

data/lib/brakeman/scanner.rb

@@ -95,7 +95,7 @@ class Brakeman::Scanner
       @processor.process_config(parse_ruby(@app_tree.read(path)))
     end
 
-  rescue Exception => e
+  rescue => e
     Brakeman.notify "[Notice] Error while processing #{path}"
     tracker.error e.exception(e.message + "\nwhile processing #{path}"), e.backtrace
   end
@@ -111,7 +111,7 @@ class Brakeman::Scanner
         @processor.process_gems(parse_ruby(@app_tree.read("Gemfile")))
       end
     end
-  rescue Exception => e
+  rescue => e
     Brakeman.notify "[Notice] Error while processing Gemfile."
     tracker.error e.exception(e.message + "\nWhile processing Gemfile"), e.backtrace
   end
@@ -131,7 +131,7 @@ class Brakeman::Scanner
       @processor.process_initializer(path, parse_ruby(@app_tree.read_path(path)))
     rescue Racc::ParseError => e
       tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
-    rescue Exception => e
+    rescue => e
       tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
     end
   end
@@ -162,7 +162,7 @@ class Brakeman::Scanner
       @processor.process_lib parse_ruby(@app_tree.read_path(path)), path
     rescue Racc::ParseError => e
       tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
-    rescue Exception => e
+    rescue => e
       tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
     end
   end
@@ -174,7 +174,7 @@ class Brakeman::Scanner
     if @app_tree.exists?("config/routes.rb")
       begin
         @processor.process_routes parse_ruby(@app_tree.read("config/routes.rb"))
-      rescue Exception => e
+      rescue => e
         tracker.error e.exception(e.message + "\nWhile processing routes.rb"), e.backtrace
         Brakeman.notify "[Notice] Error while processing routes - assuming all public controller methods are actions."
         options[:assume_all_routes] = true
@@ -219,7 +219,7 @@ class Brakeman::Scanner
       @processor.process_controller(parse_ruby(@app_tree.read_path(path)), path)
     rescue Racc::ParseError => e
       tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
-    rescue Exception => e
+    rescue => e
       tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
     end
   end
@@ -305,7 +305,7 @@ class Brakeman::Scanner
       tracker.error e, "could not parse #{path}"
     rescue Haml::Error => e
       tracker.error e, ["While compiling HAML in #{path}"] << e.backtrace
-    rescue Exception => e
+    rescue StandardError, LoadError => e
       tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
     end
   end
@@ -339,7 +339,7 @@ class Brakeman::Scanner
       @processor.process_model(parse_ruby(@app_tree.read_path(path)), path)
     rescue Racc::ParseError => e
       tracker.error e, "could not parse #{path}"
-    rescue Exception => e
+    rescue => e
       tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
     end
   end

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "2.4.1"
+  Version = "2.4.2"
 end

data/lib/ruby_parser/bm_sexp_processor.rb

@@ -88,7 +88,7 @@ class Brakeman::SexpProcessor
   def error_handler(type, exp=nil) # :nodoc:
     begin
       return yield
-    rescue StandardError => err
+    rescue => err
       warn "#{err.class} Exception thrown while processing #{type} for sexp #{exp.inspect} #{caller.inspect}" if $DEBUG
       raise
     end

metadata

@@ -1,228 +1,186 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: brakeman
-version: !ruby/object:Gem::Version 
-  hash: 29
-  prerelease: 
-  segments: 
-  - 2
-  - 4
-  - 1
-  version: 2.4.1
+version: !ruby/object:Gem::Version
+  version: 2.4.2
 platform: ruby
-authors: 
+authors:
 - Justin Collins
 autorequire: 
 bindir: bin
-cert_chain: 
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIDLjCCAhagAwIBAgIBADANBgkqhkiG9w0BAQUFADA9MQwwCgYDVQQDDANnZW0x
-  GDAWBgoJkiaJk/IsZAEZFghicmFrZW1hbjETMBEGCgmSJomT8ixkARkWA29yZzAe
-  Fw0xMzEyMTIwMDMxNTdaFw0xNDEyMTIwMDMxNTdaMD0xDDAKBgNVBAMMA2dlbTEY
-  MBYGCgmSJomT8ixkARkWCGJyYWtlbWFuMRMwEQYKCZImiZPyLGQBGRYDb3JnMIIB
-  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCHmXCaAcZ4bVjijKoyQFx4N
-  dyN7B7bqY8wOXy6f/UZ6mdC8IRAj82KaWQjNE2LT/ObFUWpCRyLdrwjkDjdFDyOT
-  mZCZkiOeEy2ZxYGfxXMI/xg24c8r5Xmh16ErsYuprRcg+/KZ6s4UjseBNTARmBK4
-  IHcqIdnoWbYa3BWHoflJPaJUIaU+/yTclzFQHpswU7ka8ftIAWeoDQo22gasP/4N
-  HtJvAIyg1DcWPLcn0qbZmdehg8HZv8C+2MuLKX/2qZG9eseegMqMlHHabwwEy9Vv
-  f/t/+ltLjC0CRa2TqZ2EuQ5EEzbOsqAftaZJFmwv9Ut1UhjmdvR5RfN6dWMQ5QID
-  AQABozkwNzALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFPyEKeRy09i8qSr+9KFbeTqw
-  kMCSMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBALEk8/Wnl2VAqchxWlbg
-  RN0MkVUWMf8L0xxUiVKo5QeL4NBViALMBrU6IS4y6zyn+FoULAMEawUjZlZf4Hcg
-  S9unev3p+RTWUyksAnA27wHZs/NRIkW34s1ZI5NNE/xyu4ULOQjfh1wOjlWzyHu9
-  0t41/CtpgNPM2uAjG3RIqlp7QKXlby50cQqWJQCgTH3JNjMhmROEhTsI6COoApvd
-  Ce7Br39yjeoarvekq0wCXBYakUBw/DdZCG7mFZ6xgh01eqnZUsNd8vM+6V6v23Vu
-  jk2tMjFT4L1dA3MEsz3+MP144PDhPCh7tPe6yy81BOvyYTVkKzrAkgKwHD1CuvsH
-  bdw=
-  -----END CERTIFICATE-----
-
-date: 2014-02-19 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+cert_chain:
+- brakeman-public_cert.pem
+date: 2014-03-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: ruby_parser
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 3
-        - 4
-        - 0
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
         version: 3.4.0
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: ruby2ruby
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 2
-        - 0
-        - 5
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+- !ruby/object:Gem::Dependency
+  name: ruby2ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
         version: 2.0.5
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: terminal-table
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 1
-        - 4
-        version: "1.4"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.5
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: fastercsv
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 1
-        - 5
-        version: "1.5"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: fastercsv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: highline
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 39
-        segments: 
-        - 1
-        - 6
-        - 20
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
         version: 1.6.20
   type: :runtime
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: erubis
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 2
-        - 6
-        version: "2.6"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.6.20
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
   type: :runtime
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: haml
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: haml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
-    - - <
-      - !ruby/object:Gem::Version 
-        hash: 31
-        segments: 
-        - 5
-        - 0
-        version: "5.0"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
   type: :runtime
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: sass
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: sass
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency 
-  name: slim
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: slim
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 3
-        - 6
+      - !ruby/object:Gem::Version
         version: 1.3.6
-    - - <
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency 
-  name: multi_json
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id010
-description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+description: Brakeman detects security vulnerabilities in Ruby on Rails applications
+  via static analysis.
 email: gem@brakeman.org
-executables: 
+executables:
 - brakeman
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
-- bin/brakeman
+files:
 - CHANGES
-- WARNING_TYPES
 - FEATURES
 - README.md
+- WARNING_TYPES
+- bin/brakeman
+- lib/brakeman.rb
 - lib/brakeman/app_tree.rb
 - lib/brakeman/brakeman.rake
 - lib/brakeman/call_index.rb
+- lib/brakeman/checks.rb
 - lib/brakeman/checks/base_check.rb
 - lib/brakeman/checks/check_basic_auth.rb
 - lib/brakeman/checks/check_content_tag.rb
@@ -274,7 +232,6 @@ files:
 - lib/brakeman/checks/check_validation_regex.rb
 - lib/brakeman/checks/check_without_protection.rb
 - lib/brakeman/checks/check_yaml_parsing.rb
-- lib/brakeman/checks.rb
 - lib/brakeman/differ.rb
 - lib/brakeman/format/style.css
 - lib/brakeman/options.rb
@@ -308,6 +265,7 @@ files:
 - lib/brakeman/processors/slim_template_processor.rb
 - lib/brakeman/processors/template_alias_processor.rb
 - lib/brakeman/processors/template_processor.rb
+- lib/brakeman/report.rb
 - lib/brakeman/report/ignore/config.rb
 - lib/brakeman/report/ignore/interactive.rb
 - lib/brakeman/report/initializers/faster_csv.rb
@@ -331,7 +289,6 @@ files:
 - lib/brakeman/report/templates/template_overview.html.erb
 - lib/brakeman/report/templates/view_warnings.html.erb
 - lib/brakeman/report/templates/warning_overview.html.erb
-- lib/brakeman/report.rb
 - lib/brakeman/rescanner.rb
 - lib/brakeman/scanner.rb
 - lib/brakeman/tracker.rb
@@ -339,41 +296,30 @@ files:
 - lib/brakeman/version.rb
 - lib/brakeman/warning.rb
 - lib/brakeman/warning_codes.rb
-- lib/brakeman.rb
 - lib/ruby_parser/bm_sexp.rb
 - lib/ruby_parser/bm_sexp_processor.rb
 homepage: http://brakemanscanner.org
-licenses: 
+licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.8.15
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Security vulnerability scanner for Ruby on Rails.
 test_files: []
-

data.tar.gz.sig

@@ -1 +0,0 @@
-aW8K��JN���Y�0���'O�T֍�C��	@��C7�S��-X��Ȯ�TRd��������}�Ծ* �x(�����д�L�-�/�<#��*�$�ϯ"���Fb���������[�K��u��#���oaO^��^}�����g�f��$N�M`���.S`X�LO���_V|��g>�j1jK���ԧ����^w5�*���+��-�^H����X�\�a5	`#>2wƧ��6x����L�ڡ�