brakeman 5.2.2 → 5.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +5 -0
- data/bundle/load.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/History.rdoc +6 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb +7 -3
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_matcher.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/strict_sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/unique.rb +0 -0
- data/lib/brakeman/processors/alias_processor.rb +24 -1
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/version.rb +1 -1
- metadata +12 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2ae08a71e19d6c694a9e567fda5793a56ab174d106f44b178f7e9f69c3057814
|
4
|
+
data.tar.gz: fd24750e512d528b3fd9cecb344f4788a58e1aa8ffd6b28ff7c88bc7f034a3e8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e0e2d7fde5907d8158b21803876b0dd77e659ce8cae42c25e23021b46bd2c9d8c5d0dd13edff64f7fd721a8d1bca92af4a9fbbf2505e47c791557a3316c0f3d2
|
7
|
+
data.tar.gz: 38f894b42f893a6ce45db047f2d21c1529b63de0dd19e00a69475a72cbb4c2d9738f0f25edc60460d61607182d5a5c01ccbb77a6ae6eeae69ec4e88f9345a2e1
|
data/CHANGES.md
CHANGED
data/bundle/load.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
path = File.expand_path('../..', __FILE__)
|
2
2
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib"
|
3
3
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
|
4
|
-
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
|
5
4
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
|
6
5
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib"
|
7
6
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/slim-4.1.0/lib"
|
@@ -10,6 +9,7 @@ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
|
|
10
9
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
|
11
10
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
|
12
11
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib"
|
12
|
+
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib"
|
13
13
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
|
14
14
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
|
15
15
|
$:.unshift "#{path}/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib"
|
File without changes
|
File without changes
|
File without changes
|
data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/pt_testcase.rb
RENAMED
@@ -34,6 +34,12 @@ class Examples
|
|
34
34
|
end
|
35
35
|
|
36
36
|
class ParseTreeTestCase < Minitest::Test
|
37
|
+
all_versions = %w[18 19 20 21 22 23 24 25 26 27 30 31]
|
38
|
+
most_versions = all_versions.drop(1)
|
39
|
+
|
40
|
+
TEST_SUFFIX = "_#{most_versions.join "_"}"
|
41
|
+
VER_RE = /(#{Regexp.union(*all_versions)})/
|
42
|
+
|
37
43
|
attr_accessor :processor # to be defined by subclass
|
38
44
|
|
39
45
|
def setup
|
@@ -77,7 +83,7 @@ class ParseTreeTestCase < Minitest::Test
|
|
77
83
|
end
|
78
84
|
|
79
85
|
def self.add_19tests name, hash
|
80
|
-
add_tests "#{name}
|
86
|
+
add_tests "#{name}_#{TEST_SUFFIX}", hash # HACK?
|
81
87
|
end
|
82
88
|
|
83
89
|
def self.add_19edgecases ruby, sexp, cases
|
@@ -102,8 +108,6 @@ class ParseTreeTestCase < Minitest::Test
|
|
102
108
|
testcases[verbose][klass] = testcases[nonverbose][klass]
|
103
109
|
end
|
104
110
|
|
105
|
-
VER_RE = "(1[89]|2[01234567]|3[0])"
|
106
|
-
|
107
111
|
def self.generate_test klass, node, data, input_name, output_name
|
108
112
|
klass.send :define_method, "test_#{node}" do
|
109
113
|
flunk "Processor is nil" if processor.nil?
|
File without changes
|
data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/sexp_matcher.rb
RENAMED
File without changes
|
data/bundle/ruby/2.7.0/gems/{sexp_processor-4.16.0 → sexp_processor-4.16.1}/lib/strict_sexp.rb
RENAMED
File without changes
|
File without changes
|
@@ -703,7 +703,30 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
703
703
|
end
|
704
704
|
end
|
705
705
|
|
706
|
-
|
706
|
+
# Return early unless there might be short-hand syntax,
|
707
|
+
# since handling it is kind of expensive.
|
708
|
+
return exp unless exp.any? { |e| e.nil? }
|
709
|
+
|
710
|
+
# Need to handle short-hand hash syntax
|
711
|
+
new_hash = [:hash]
|
712
|
+
hash_iterate(exp) do |key, value|
|
713
|
+
# e.g. { a: }
|
714
|
+
if value.nil? and symbol? key
|
715
|
+
# Only handling local variables for now, not calls
|
716
|
+
lvar = s(:lvar, key.value)
|
717
|
+
if var_value = env[lvar]
|
718
|
+
new_hash << key << var_value.deep_clone(key.line || 0)
|
719
|
+
else
|
720
|
+
# If the value is unknown, assume it was a call
|
721
|
+
# and set the value to a call
|
722
|
+
new_hash.concat << key << s(:call, nil, key.value).line(key.line || 0)
|
723
|
+
end
|
724
|
+
else
|
725
|
+
new_hash.concat << key << value
|
726
|
+
end
|
727
|
+
end
|
728
|
+
|
729
|
+
Sexp.from_array(new_hash).line(exp.line || 0)
|
707
730
|
end
|
708
731
|
|
709
732
|
#Merge values into hash when processing
|
data/lib/brakeman/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.2.
|
4
|
+
version: 5.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-05-01 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
14
14
|
via static analysis.
|
@@ -275,16 +275,16 @@ files:
|
|
275
275
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
|
276
276
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
|
277
277
|
- bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
|
278
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
279
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
280
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
281
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
282
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
283
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
284
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
285
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
286
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
287
|
-
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.
|
278
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/History.rdoc
|
279
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/Manifest.txt
|
280
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/README.rdoc
|
281
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/composite_sexp_processor.rb
|
282
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/pt_testcase.rb
|
283
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp.rb
|
284
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_matcher.rb
|
285
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_processor.rb
|
286
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/strict_sexp.rb
|
287
|
+
- bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/unique.rb
|
288
288
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
|
289
289
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
|
290
290
|
- bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE
|