brakeman 5.2.2 → 5.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7673373d923b1d6b2e4c2158a94681d01de5e5c8eb29561795c9fbe8bd879f6b
4
- data.tar.gz: 44e5c623eb5fd6fe62ec7d0956a32cee82082a2c5983012ff7c172b10c6dc79a
3
+ metadata.gz: 2ae08a71e19d6c694a9e567fda5793a56ab174d106f44b178f7e9f69c3057814
4
+ data.tar.gz: fd24750e512d528b3fd9cecb344f4788a58e1aa8ffd6b28ff7c88bc7f034a3e8
5
5
  SHA512:
6
- metadata.gz: 2e3132eaffeb28f50ab40afda87c7a1f2b209044c71614bd6d68f55632479a148e08ac4dc995f370b75de352c896711ed09698056fa763b3449d2776e2ba2fb3
7
- data.tar.gz: 31e069689731927b3f096fd39cb0f1f4bf9c7269e7af4487eed12b34e3a7711de77b353423975b3625f5883c4a3b4c5f9785ddf44ca4d4367007b9d44ee51205
6
+ metadata.gz: e0e2d7fde5907d8158b21803876b0dd77e659ce8cae42c25e23021b46bd2c9d8c5d0dd13edff64f7fd721a8d1bca92af4a9fbbf2505e47c791557a3316c0f3d2
7
+ data.tar.gz: 38f894b42f893a6ce45db047f2d21c1529b63de0dd19e00a69475a72cbb4c2d9738f0f25edc60460d61607182d5a5c01ccbb77a6ae6eeae69ec4e88f9345a2e1
data/CHANGES.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 5.2.3 - 2022-05-01
2
+
3
+ * Fix error with hash shorthand syntax
4
+ * Match order of interactive options with help message (Rory O'Kane)
5
+
1
6
  # 5.2.2 - 2022-04-06
2
7
 
3
8
  * Update `ruby_parser` for Ruby 3.1 support (Merek Skubela)
data/bundle/load.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  path = File.expand_path('../..', __FILE__)
2
2
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-3.19.1/lib"
3
3
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/temple-0.8.2/lib"
4
- $:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib"
5
4
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib"
6
5
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/unicode-display_width-1.8.0/lib"
7
6
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/slim-4.1.0/lib"
@@ -10,6 +9,7 @@ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/lib"
10
9
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/terminal-table-1.8.0/lib"
11
10
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/haml-5.2.2/lib"
12
11
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/parallel-1.22.1/lib"
12
+ $:.unshift "#{path}/bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib"
13
13
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/ruby_parser-legacy-1.0.0/lib"
14
14
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/erubis-2.7.0/lib"
15
15
  $:.unshift "#{path}/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib"
@@ -1,3 +1,9 @@
1
+ === 4.16.1 / 2022-04-09
2
+
3
+ * 1 minor enhancement:
4
+
5
+ * Reworked ParseTreeTestCase's notion of versions to make it easier to extend.
6
+
1
7
  === 4.16.0 / 2021-10-27
2
8
 
3
9
  * 4 minor enhancements:
@@ -34,6 +34,12 @@ class Examples
34
34
  end
35
35
 
36
36
  class ParseTreeTestCase < Minitest::Test
37
+ all_versions = %w[18 19 20 21 22 23 24 25 26 27 30 31]
38
+ most_versions = all_versions.drop(1)
39
+
40
+ TEST_SUFFIX = "_#{most_versions.join "_"}"
41
+ VER_RE = /(#{Regexp.union(*all_versions)})/
42
+
37
43
  attr_accessor :processor # to be defined by subclass
38
44
 
39
45
  def setup
@@ -77,7 +83,7 @@ class ParseTreeTestCase < Minitest::Test
77
83
  end
78
84
 
79
85
  def self.add_19tests name, hash
80
- add_tests "#{name}__19_20_21_22_23_24_25_26_27_30", hash # HACK?
86
+ add_tests "#{name}_#{TEST_SUFFIX}", hash # HACK?
81
87
  end
82
88
 
83
89
  def self.add_19edgecases ruby, sexp, cases
@@ -102,8 +108,6 @@ class ParseTreeTestCase < Minitest::Test
102
108
  testcases[verbose][klass] = testcases[nonverbose][klass]
103
109
  end
104
110
 
105
- VER_RE = "(1[89]|2[01234567]|3[0])"
106
-
107
111
  def self.generate_test klass, node, data, input_name, output_name
108
112
  klass.send :define_method, "test_#{node}" do
109
113
  flunk "Processor is nil" if processor.nil?
@@ -34,7 +34,7 @@ require "sexp"
34
34
  class SexpProcessor
35
35
 
36
36
  # duh
37
- VERSION = "4.16.0"
37
+ VERSION = "4.16.1"
38
38
 
39
39
  ##
40
40
  # Automatically shifts off the Sexp type before handing the
@@ -703,7 +703,30 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
703
703
  end
704
704
  end
705
705
 
706
- exp
706
+ # Return early unless there might be short-hand syntax,
707
+ # since handling it is kind of expensive.
708
+ return exp unless exp.any? { |e| e.nil? }
709
+
710
+ # Need to handle short-hand hash syntax
711
+ new_hash = [:hash]
712
+ hash_iterate(exp) do |key, value|
713
+ # e.g. { a: }
714
+ if value.nil? and symbol? key
715
+ # Only handling local variables for now, not calls
716
+ lvar = s(:lvar, key.value)
717
+ if var_value = env[lvar]
718
+ new_hash << key << var_value.deep_clone(key.line || 0)
719
+ else
720
+ # If the value is unknown, assume it was a call
721
+ # and set the value to a call
722
+ new_hash.concat << key << s(:call, nil, key.value).line(key.line || 0)
723
+ end
724
+ else
725
+ new_hash.concat << key << value
726
+ end
727
+ end
728
+
729
+ Sexp.from_array(new_hash).line(exp.line || 0)
707
730
  end
708
731
 
709
732
  #Merge values into hash when processing
@@ -88,10 +88,10 @@ module Brakeman
88
88
 
89
89
  m.choice "i"
90
90
  m.choice "n"
91
- m.choice "k"
91
+ m.choice "s"
92
92
  m.choice "u"
93
93
  m.choice "a"
94
- m.choice "s"
94
+ m.choice "k"
95
95
  m.choice "q"
96
96
  m.choice "?" do
97
97
  show_help
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "5.2.2"
2
+ Version = "5.2.3"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.2
4
+ version: 5.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-06 00:00:00.000000000 Z
11
+ date: 2022-05-01 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Brakeman detects security vulnerabilities in Ruby on Rails applications
14
14
  via static analysis.
@@ -275,16 +275,16 @@ files:
275
275
  - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb
276
276
  - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh
277
277
  - bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec
278
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/History.rdoc
279
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/Manifest.txt
280
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/README.rdoc
281
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/composite_sexp_processor.rb
282
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/pt_testcase.rb
283
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp.rb
284
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_matcher.rb
285
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/sexp_processor.rb
286
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/strict_sexp.rb
287
- - bundle/ruby/2.7.0/gems/sexp_processor-4.16.0/lib/unique.rb
278
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/History.rdoc
279
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/Manifest.txt
280
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/README.rdoc
281
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/composite_sexp_processor.rb
282
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/pt_testcase.rb
283
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp.rb
284
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_matcher.rb
285
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/sexp_processor.rb
286
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/strict_sexp.rb
287
+ - bundle/ruby/2.7.0/gems/sexp_processor-4.16.1/lib/unique.rb
288
288
  - bundle/ruby/2.7.0/gems/slim-4.1.0/CHANGES
289
289
  - bundle/ruby/2.7.0/gems/slim-4.1.0/Gemfile
290
290
  - bundle/ruby/2.7.0/gems/slim-4.1.0/LICENSE