RubyGems - railroader - Versions diffs - 4.3.4 - Mend

railroader 4.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (165) hide show

checksums.yaml +7 -0
data/CHANGES.md +1091 -0
data/FEATURES +16 -0
data/README.md +174 -0
data/bin/railroader +8 -0
data/lib/railroader/app_tree.rb +191 -0
data/lib/railroader/call_index.rb +219 -0
data/lib/railroader/checks/base_check.rb +505 -0
data/lib/railroader/checks/check_basic_auth.rb +88 -0
data/lib/railroader/checks/check_basic_auth_timing_attack.rb +33 -0
data/lib/railroader/checks/check_content_tag.rb +200 -0
data/lib/railroader/checks/check_create_with.rb +74 -0
data/lib/railroader/checks/check_cross_site_scripting.rb +381 -0
data/lib/railroader/checks/check_default_routes.rb +86 -0
data/lib/railroader/checks/check_deserialize.rb +56 -0
data/lib/railroader/checks/check_detailed_exceptions.rb +55 -0
data/lib/railroader/checks/check_digest_dos.rb +38 -0
data/lib/railroader/checks/check_divide_by_zero.rb +42 -0
data/lib/railroader/checks/check_dynamic_finders.rb +48 -0
data/lib/railroader/checks/check_escape_function.rb +21 -0
data/lib/railroader/checks/check_evaluation.rb +35 -0
data/lib/railroader/checks/check_execute.rb +189 -0
data/lib/railroader/checks/check_file_access.rb +71 -0
data/lib/railroader/checks/check_file_disclosure.rb +35 -0
data/lib/railroader/checks/check_filter_skipping.rb +31 -0
data/lib/railroader/checks/check_forgery_setting.rb +81 -0
data/lib/railroader/checks/check_header_dos.rb +31 -0
data/lib/railroader/checks/check_i18n_xss.rb +48 -0
data/lib/railroader/checks/check_jruby_xml.rb +36 -0
data/lib/railroader/checks/check_json_encoding.rb +47 -0
data/lib/railroader/checks/check_json_parsing.rb +107 -0
data/lib/railroader/checks/check_link_to.rb +132 -0
data/lib/railroader/checks/check_link_to_href.rb +146 -0
data/lib/railroader/checks/check_mail_to.rb +49 -0
data/lib/railroader/checks/check_mass_assignment.rb +196 -0
data/lib/railroader/checks/check_mime_type_dos.rb +39 -0
data/lib/railroader/checks/check_model_attr_accessible.rb +55 -0
data/lib/railroader/checks/check_model_attributes.rb +119 -0
data/lib/railroader/checks/check_model_serialize.rb +67 -0
data/lib/railroader/checks/check_nested_attributes.rb +38 -0
data/lib/railroader/checks/check_nested_attributes_bypass.rb +58 -0
data/lib/railroader/checks/check_number_to_currency.rb +74 -0
data/lib/railroader/checks/check_permit_attributes.rb +43 -0
data/lib/railroader/checks/check_quote_table_name.rb +40 -0
data/lib/railroader/checks/check_redirect.rb +256 -0
data/lib/railroader/checks/check_regex_dos.rb +68 -0
data/lib/railroader/checks/check_render.rb +97 -0
data/lib/railroader/checks/check_render_dos.rb +37 -0
data/lib/railroader/checks/check_render_inline.rb +53 -0
data/lib/railroader/checks/check_response_splitting.rb +21 -0
data/lib/railroader/checks/check_route_dos.rb +42 -0
data/lib/railroader/checks/check_safe_buffer_manipulation.rb +31 -0
data/lib/railroader/checks/check_sanitize_methods.rb +112 -0
data/lib/railroader/checks/check_secrets.rb +40 -0
data/lib/railroader/checks/check_select_tag.rb +59 -0
data/lib/railroader/checks/check_select_vulnerability.rb +60 -0
data/lib/railroader/checks/check_send.rb +47 -0
data/lib/railroader/checks/check_send_file.rb +19 -0
data/lib/railroader/checks/check_session_manipulation.rb +35 -0
data/lib/railroader/checks/check_session_settings.rb +176 -0
data/lib/railroader/checks/check_simple_format.rb +58 -0
data/lib/railroader/checks/check_single_quotes.rb +101 -0
data/lib/railroader/checks/check_skip_before_filter.rb +60 -0
data/lib/railroader/checks/check_sql.rb +700 -0
data/lib/railroader/checks/check_sql_cves.rb +106 -0
data/lib/railroader/checks/check_ssl_verify.rb +48 -0
data/lib/railroader/checks/check_strip_tags.rb +89 -0
data/lib/railroader/checks/check_symbol_dos.rb +71 -0
data/lib/railroader/checks/check_symbol_dos_cve.rb +30 -0
data/lib/railroader/checks/check_translate_bug.rb +45 -0
data/lib/railroader/checks/check_unsafe_reflection.rb +50 -0
data/lib/railroader/checks/check_unscoped_find.rb +57 -0
data/lib/railroader/checks/check_validation_regex.rb +116 -0
data/lib/railroader/checks/check_weak_hash.rb +148 -0
data/lib/railroader/checks/check_without_protection.rb +80 -0
data/lib/railroader/checks/check_xml_dos.rb +45 -0
data/lib/railroader/checks/check_yaml_parsing.rb +121 -0
data/lib/railroader/checks.rb +209 -0
data/lib/railroader/codeclimate/engine_configuration.rb +97 -0
data/lib/railroader/commandline.rb +179 -0
data/lib/railroader/differ.rb +66 -0
data/lib/railroader/file_parser.rb +54 -0
data/lib/railroader/format/style.css +133 -0
data/lib/railroader/options.rb +339 -0
data/lib/railroader/parsers/rails2_erubis.rb +6 -0
data/lib/railroader/parsers/rails2_xss_plugin_erubis.rb +48 -0
data/lib/railroader/parsers/rails3_erubis.rb +81 -0
data/lib/railroader/parsers/template_parser.rb +108 -0
data/lib/railroader/processor.rb +102 -0
data/lib/railroader/processors/alias_processor.rb +1229 -0
data/lib/railroader/processors/base_processor.rb +295 -0
data/lib/railroader/processors/config_processor.rb +14 -0
data/lib/railroader/processors/controller_alias_processor.rb +278 -0
data/lib/railroader/processors/controller_processor.rb +249 -0
data/lib/railroader/processors/erb_template_processor.rb +77 -0
data/lib/railroader/processors/erubis_template_processor.rb +92 -0
data/lib/railroader/processors/gem_processor.rb +64 -0
data/lib/railroader/processors/haml_template_processor.rb +191 -0
data/lib/railroader/processors/lib/basic_processor.rb +37 -0
data/lib/railroader/processors/lib/call_conversion_helper.rb +90 -0
data/lib/railroader/processors/lib/find_all_calls.rb +224 -0
data/lib/railroader/processors/lib/find_call.rb +183 -0
data/lib/railroader/processors/lib/find_return_value.rb +166 -0
data/lib/railroader/processors/lib/module_helper.rb +111 -0
data/lib/railroader/processors/lib/processor_helper.rb +88 -0
data/lib/railroader/processors/lib/rails2_config_processor.rb +145 -0
data/lib/railroader/processors/lib/rails2_route_processor.rb +313 -0
data/lib/railroader/processors/lib/rails3_config_processor.rb +132 -0
data/lib/railroader/processors/lib/rails3_route_processor.rb +308 -0
data/lib/railroader/processors/lib/render_helper.rb +181 -0
data/lib/railroader/processors/lib/render_path.rb +107 -0
data/lib/railroader/processors/lib/route_helper.rb +68 -0
data/lib/railroader/processors/lib/safe_call_helper.rb +16 -0
data/lib/railroader/processors/library_processor.rb +74 -0
data/lib/railroader/processors/model_processor.rb +91 -0
data/lib/railroader/processors/output_processor.rb +144 -0
data/lib/railroader/processors/route_processor.rb +17 -0
data/lib/railroader/processors/slim_template_processor.rb +111 -0
data/lib/railroader/processors/template_alias_processor.rb +118 -0
data/lib/railroader/processors/template_processor.rb +85 -0
data/lib/railroader/report/config/remediation.yml +71 -0
data/lib/railroader/report/ignore/config.rb +153 -0
data/lib/railroader/report/ignore/interactive.rb +362 -0
data/lib/railroader/report/pager.rb +112 -0
data/lib/railroader/report/renderer.rb +24 -0
data/lib/railroader/report/report_base.rb +292 -0
data/lib/railroader/report/report_codeclimate.rb +79 -0
data/lib/railroader/report/report_csv.rb +55 -0
data/lib/railroader/report/report_hash.rb +23 -0
data/lib/railroader/report/report_html.rb +216 -0
data/lib/railroader/report/report_json.rb +45 -0
data/lib/railroader/report/report_markdown.rb +107 -0
data/lib/railroader/report/report_table.rb +117 -0
data/lib/railroader/report/report_tabs.rb +17 -0
data/lib/railroader/report/report_text.rb +198 -0
data/lib/railroader/report/templates/controller_overview.html.erb +22 -0
data/lib/railroader/report/templates/controller_warnings.html.erb +21 -0
data/lib/railroader/report/templates/error_overview.html.erb +29 -0
data/lib/railroader/report/templates/header.html.erb +58 -0
data/lib/railroader/report/templates/ignored_warnings.html.erb +25 -0
data/lib/railroader/report/templates/model_warnings.html.erb +21 -0
data/lib/railroader/report/templates/overview.html.erb +38 -0
data/lib/railroader/report/templates/security_warnings.html.erb +23 -0
data/lib/railroader/report/templates/template_overview.html.erb +21 -0
data/lib/railroader/report/templates/view_warnings.html.erb +34 -0
data/lib/railroader/report/templates/warning_overview.html.erb +17 -0
data/lib/railroader/report.rb +88 -0
data/lib/railroader/rescanner.rb +483 -0
data/lib/railroader/scanner.rb +321 -0
data/lib/railroader/tracker/collection.rb +93 -0
data/lib/railroader/tracker/config.rb +154 -0
data/lib/railroader/tracker/constants.rb +171 -0
data/lib/railroader/tracker/controller.rb +161 -0
data/lib/railroader/tracker/library.rb +17 -0
data/lib/railroader/tracker/model.rb +90 -0
data/lib/railroader/tracker/template.rb +33 -0
data/lib/railroader/tracker.rb +362 -0
data/lib/railroader/util.rb +503 -0
data/lib/railroader/version.rb +3 -0
data/lib/railroader/warning.rb +294 -0
data/lib/railroader/warning_codes.rb +117 -0
data/lib/railroader.rb +544 -0
data/lib/ruby_parser/bm_sexp.rb +626 -0
data/lib/ruby_parser/bm_sexp_processor.rb +116 -0
metadata +386 -0

data/lib/railroader/util.rb ADDED Viewed

@@ -0,0 +1,503 @@
+require 'set'
+require 'pathname'
+#This is a mixin containing utility methods.
+module Railroader::Util
+  QUERY_PARAMETERS = Sexp.new(:call, Sexp.new(:call, nil, :request), :query_parameters)
+  PATH_PARAMETERS = Sexp.new(:call, Sexp.new(:call, nil, :request), :path_parameters)
+  REQUEST_PARAMETERS = Sexp.new(:call, Sexp.new(:call, nil, :request), :request_parameters)
+  REQUEST_PARAMS = Sexp.new(:call, Sexp.new(:call, nil, :request), :parameters)
+  REQUEST_ENV = Sexp.new(:call, Sexp.new(:call, nil, :request), :env)
+  PARAMETERS = Sexp.new(:call, nil, :params)
+  COOKIES = Sexp.new(:call, nil, :cookies)
+  REQUEST_COOKIES = s(:call, s(:call, nil, :request), :cookies)
+  SESSION = Sexp.new(:call, nil, :session)
+  ALL_PARAMETERS = Set[PARAMETERS, QUERY_PARAMETERS, PATH_PARAMETERS, REQUEST_PARAMETERS, REQUEST_PARAMS]
+  ALL_COOKIES = Set[COOKIES, REQUEST_COOKIES]
+  SAFE_LITERAL = s(:lit, :BRAKEMAN_SAFE_LITERAL)
+  #Convert a string from "something_like_this" to "SomethingLikeThis"
+  #
+  #Taken from ActiveSupport.
+  def camelize lower_case_and_underscored_word
+    lower_case_and_underscored_word.to_s.gsub(/\/(.?)/) { "::#{$1.upcase}" }.gsub(/(?:^|_)(.)/) { $1.upcase }
+  end
+  #Convert a string from "Something::LikeThis" to "something/like_this"
+  #
+  #Taken from ActiveSupport.
+  def underscore camel_cased_word
+    camel_cased_word.to_s.gsub(/::/, '/').
+      gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
+      gsub(/([a-z\d])([A-Z])/,'\1_\2').
+      tr("-", "_").
+      downcase
+  end
+  # stupid simple, used to delegate to ActiveSupport
+  def pluralize word
+    word + "s"
+  end
+  #Returns a class name as a Symbol.
+  #If class name cannot be determined, returns _exp_.
+  def class_name exp
+    case exp
+    when Sexp
+      case exp.node_type
+      when :const
+        exp.value
+      when :lvar
+        exp.value.to_sym
+      when :colon2
+        "#{class_name(exp.lhs)}::#{exp.rhs}".to_sym
+      when :colon3
+        "::#{exp.value}".to_sym
+      when :self
+        @current_class || @current_module || nil
+      else
+        exp
+      end
+    when Symbol
+      exp
+    when nil
+      nil
+    else
+      exp
+    end
+  end
+  #Takes an Sexp like
+  # (:hash, (:lit, :key), (:str, "value"))
+  #and yields the key and value pairs to the given block.
+  #
+  #For example:
+  #
+  # h = Sexp.new(:hash, (:lit, :name), (:str, "bob"), (:lit, :name), (:str, "jane"))
+  # names = []
+  # hash_iterate(h) do |key, value|
+  #   if symbol? key and key[1] == :name
+  #     names << value[1]
+  #   end
+  # end
+  # names #["bob"]
+  def hash_iterate hash
+    1.step(hash.length - 1, 2) do |i|
+      yield hash[i], hash[i + 1]
+    end
+  end
+  #Insert value into Hash Sexp
+  def hash_insert hash, key, value
+    index = 1
+    hash_iterate hash.dup do |k,v|
+      if k == key
+        hash[index + 1] = value
+        return hash
+      end
+      index += 2
+    end
+    hash << key << value
+    hash
+  end
+  #Get value from hash using key.
+  #
+  #If _key_ is a Symbol, it will be converted to a Sexp(:lit, key).
+  def hash_access hash, key
+    if key.is_a? Symbol
+      key = Sexp.new(:lit, key)
+    end
+    if index = hash.find_index(key) and index > 0
+      return hash[index + 1]
+    end
+    nil
+  end
+  #These are never modified
+  PARAMS_SEXP = Sexp.new(:params)
+  SESSION_SEXP = Sexp.new(:session)
+  COOKIES_SEXP = Sexp.new(:cookies)
+  #Adds params, session, and cookies to environment
+  #so they can be replaced by their respective Sexps.
+  def set_env_defaults
+    @env[PARAMETERS] = PARAMS_SEXP
+    @env[SESSION] = SESSION_SEXP
+    @env[COOKIES] = COOKIES_SEXP
+  end
+  #Check if _exp_ represents a hash: s(:hash, {...})
+  #This also includes pseudo hashes params, session, and cookies.
+  def hash? exp
+    exp.is_a? Sexp and (exp.node_type == :hash or
+                        exp.node_type == :params or
+                        exp.node_type == :session or
+                        exp.node_type == :cookies)
+  end
+  #Check if _exp_ represents an array: s(:array, [...])
+  def array? exp
+    exp.is_a? Sexp and exp.node_type == :array
+  end
+  #Check if _exp_ represents a String: s(:str, "...")
+  def string? exp
+    exp.is_a? Sexp and exp.node_type == :str
+  end
+  def string_interp? exp
+    exp.is_a? Sexp and exp.node_type == :dstr
+  end
+  #Check if _exp_ represents a Symbol: s(:lit, :...)
+  def symbol? exp
+    exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Symbol
+  end
+  #Check if _exp_ represents a method call: s(:call, ...)
+  def call? exp
+    exp.is_a? Sexp and
+      (exp.node_type == :call or exp.node_type == :safe_call)
+  end
+  #Check if _exp_ represents a Regexp: s(:lit, /.../)
+  def regexp? exp
+    exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Regexp
+  end
+  #Check if _exp_ represents an Integer: s(:lit, ...)
+  def integer? exp
+    exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Integer
+  end
+  #Check if _exp_ represents a number: s(:lit, ...)
+  def number? exp
+    exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Numeric
+  end
+  #Check if _exp_ represents a result: s(:result, ...)
+  def result? exp
+    exp.is_a? Sexp and exp.node_type == :result
+  end
+  #Check if _exp_ represents a :true, :lit, or :string node
+  def true? exp
+    exp.is_a? Sexp and (exp.node_type == :true or
+                        exp.node_type == :lit or
+                        exp.node_type == :string)
+  end
+  #Check if _exp_ represents a :false or :nil node
+  def false? exp
+    exp.is_a? Sexp and (exp.node_type == :false or
+                        exp.node_type == :nil)
+  end
+  #Check if _exp_ represents a block of code
+  def block? exp
+    exp.is_a? Sexp and (exp.node_type == :block or
+                        exp.node_type == :rlist)
+  end
+  #Check if _exp_ is a params hash
+  def params? exp
+    if exp.is_a? Sexp
+      return true if exp.node_type == :params or ALL_PARAMETERS.include? exp
+      if call? exp
+        if params? exp[1]
+          return true
+        elsif exp[2] == :[]
+          return params? exp[1]
+        end
+      end
+    end
+    false
+  end
+  def cookies? exp
+    if exp.is_a? Sexp
+      return true if exp.node_type == :cookies or ALL_COOKIES.include? exp
+      if call? exp
+        if cookies? exp[1]
+          return true
+        elsif exp[2] == :[]
+          return cookies? exp[1]
+        end
+      end
+    end
+    false
+  end
+  def request_env? exp
+    call? exp and (exp == REQUEST_ENV or exp[1] == REQUEST_ENV)
+  end
+  #Check if exp is params, cookies, or request_env
+  def request_value? exp
+    params? exp or
+    cookies? exp or
+    request_env? exp
+  end
+  def constant? exp
+    node_type? exp, :const, :colon2, :colon3
+  end
+  #Check if _exp_ is a Sexp.
+  def sexp? exp
+    exp.is_a? Sexp
+  end
+  #Check if _exp_ is a Sexp and the node type matches one of the given types.
+  def node_type? exp, *types
+    exp.is_a? Sexp and types.include? exp.node_type
+  end
+  #Returns true if the given _exp_ contains a :class node.
+  #
+  #Useful for checking if a module is just a module or if it is a namespace.
+  def contains_class? exp
+    todo = [exp]
+    until todo.empty?
+      current = todo.shift
+      if node_type? current, :class
+        return true
+      elsif sexp? current
+        todo = current[1..-1].concat todo
+      end
+    end
+    false
+  end
+  def make_call target, method, *args
+    call = Sexp.new(:call, target, method)
+    if args.empty? or args.first.empty?
+      #nothing to do
+    elsif node_type? args.first, :arglist
+      call.concat args.first[1..-1]
+    elsif args.first.node_type.is_a? Sexp #just a list of args
+      call.concat args.first
+    else
+      call.concat args
+    end
+    call
+  end
+  def safe_literal line = nil
+    s(:lit, :BRAKEMAN_SAFE_LITERAL).line(line || 0)
+  end
+  def safe_literal? exp
+    exp == SAFE_LITERAL
+  end
+  def safe_literal_target? exp
+    if call? exp
+      safe_literal_target? exp.target
+    else
+      safe_literal? exp
+    end
+  end
+  def rails_version
+    @tracker.config.rails_version
+  end
+  #Return file name related to given warning. Uses +warning.file+ if it exists
+  def file_for warning, tracker = nil
+    if tracker.nil?
+      tracker = @tracker || self.tracker
+    end
+    if warning.file
+      File.expand_path warning.file, tracker.app_path
+    elsif warning.template and warning.template.file
+      warning.template.file
+    else
+      case warning.warning_set
+      when :controller
+        file_by_name warning.controller, :controller, tracker
+      when :template
+        file_by_name warning.template.name, :template, tracker
+      when :model
+        file_by_name warning.model, :model, tracker
+      when :warning
+        file_by_name warning.class, nil, tracker
+      else
+        nil
+      end
+    end
+  end
+  #Attempt to determine path to context file based on the reported name
+  #in the warning.
+  #
+  #For example,
+  #
+  #  file_by_name FileController #=> "/rails/root/app/controllers/file_controller.rb
+  def file_by_name name, type, tracker = nil
+    return nil unless name
+    string_name = name.to_s
+    name = name.to_sym
+    unless type
+      if string_name =~ /Controller$/
+        type = :controller
+      elsif camelize(string_name) == string_name # This is not always true
+        type = :model
+      else
+        type = :template
+      end
+    end
+    path = tracker.app_path
+    case type
+    when :controller
+      if tracker.controllers[name]
+        path = tracker.controllers[name].file
+      else
+        path += "/app/controllers/#{underscore(string_name)}.rb"
+      end
+    when :model
+      if tracker.models[name]
+        path = tracker.models[name].file
+      else
+        path += "/app/models/#{underscore(string_name)}.rb"
+      end
+    when :template
+      if tracker.templates[name] and tracker.templates[name].file
+        path = tracker.templates[name].file
+      elsif string_name.include? " "
+        name = string_name.split[0].to_sym
+        path = file_for tracker, name, :template
+      else
+        path = nil
+      end
+    end
+    path
+  end
+  #Return array of lines surrounding the warning location from the original
+  #file.
+  def context_for app_tree, warning, tracker = nil
+    file = file_for warning, tracker
+    context = []
+    return context unless warning.line and file and @app_tree.path_exists? file
+    current_line = 0
+    start_line = warning.line - 5
+    end_line = warning.line + 5
+    start_line = 1 if start_line < 0
+    File.open file do |f|
+      f.each_line do |line|
+        current_line += 1
+        next if line.strip == ""
+        if current_line > end_line
+          break
+        end
+        if current_line >= start_line
+          context << [current_line, line]
+        end
+      end
+    end
+    context
+  end
+  def relative_path file
+    pname = Pathname.new file
+    if file and not file.empty? and pname.absolute?
+      pname.relative_path_from(Pathname.new(@tracker.app_path)).to_s
+    else
+      file
+    end
+  end
+  #Convert path/filename to view name
+  #
+  # views/test/something.html.erb -> test/something
+  def template_path_to_name path
+    names = path.split("/")
+    names.last.gsub!(/(\.(html|js)\..*|\.(rhtml|haml|erb|slim))$/, '')
+    names[(names.index("views") + 1)..-1].join("/").to_sym
+  end
+  def github_url file, line=nil
+    if repo_url = @tracker.options[:github_url] and file and not file.empty? and file.start_with? '/'
+      url = "#{repo_url}/#{relative_path(file)}"
+      url << "#L#{line}" if line
+    else
+      nil
+    end
+  end
+  def truncate_table str
+    @terminal_width ||= if @tracker.options[:table_width]
+                          @tracker.options[:table_width]
+                        elsif $stdin && $stdin.tty?
+                          Railroader.load_railroader_dependency 'highline'
+                          ::HighLine.new.terminal_size[0]
+                        else
+                          80
+                        end
+    lines = str.lines
+    lines.map do |line|
+      if line.chomp.length > @terminal_width
+        line[0..(@terminal_width - 3)] + ">>\n"
+      else
+        line
+      end
+    end.join
+  end
+  # rely on Terminal::Table to build the structure, extract the data out in CSV format
+  def table_to_csv table
+    return "" unless table
+    Railroader.load_railroader_dependency 'terminal-table'
+    headings = table.headings
+    if headings.is_a? Array
+      headings = headings.first
+    end
+    output = CSV.generate_line(headings.cells.map{|cell| cell.to_s.strip})
+    table.rows.each do |row|
+      output << CSV.generate_line(row.cells.map{|cell| cell.to_s.strip})
+    end
+    output
+  end
+end

data/lib/railroader/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Railroader
+  Version = "4.3.4"
+end