RubyGems - ruby-zoom - Versions diffs - 4.5.4 → 4.5.5 - Mend

ruby-zoom 4.5.4 → 4.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/zoom/profile/unsafe_c.rb +1 -0
data/lib/zoom/profile/unsafe_java.rb +10 -2
data/lib/zoom/profile/unsafe_js.rb +9 -1
data/lib/zoom/profile/unsafe_php.rb +11 -4
data/lib/zoom/profile/unsafe_python.rb +3 -1
data/lib/zoom/profile/unsafe_ruby.rb +11 -4
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 329434cae677eeac8fd10517aa29c429bf75a67f
-  data.tar.gz: b785b487f1a4d6ca7c6665d2b92793829b105a34
+  metadata.gz: 141e398dfd381970365f9a7ac9d006d12fbb5e78
+  data.tar.gz: 6cfe24ba6b90cb368bd24eed6a58805be9ee5c1f
 SHA512:
-  metadata.gz: 284c3e9edf33bc66af8402665613eab5d9984d3b4982ced5f72f157c1f3c2ac90e359820bdf9f0fc083ca7047671820f9088f60942551aeee1351f1b052bd83b
-  data.tar.gz: 1a999fe2c8290b85429f9f7fd7fc9b900a5ddaf6be69d12ce6c3e23ee3fcccd0a24fbd07bb0bada16249c2b7fa2a715373db18e76159e05ebcf45b34de204b09
+  metadata.gz: '099bd9cdefabd22a413ec96781aafd202b21e498a7c9cc8cac0024398a02590ce55cf0b2ea6425ed3e9a80ee5aa4cc53e4e8b16b46bd067f884cf8f56961d83e'
+  data.tar.gz: ad060d42f0f9d2e64010460cd17ce9b9cb938958e9227a6b8b21822d0f3cc9525daf6a4f0e362847853f42297dba9800c881a620e85ddfcf6b02478b19280b05

data/lib/zoom/profile/unsafe_c.rb CHANGED

@@ -11,6 +11,7 @@ class Zoom::SecurityProfile::UnsafeC < Zoom::SecurityProfile
         super(n, nil, f, b, a)
         @pattern = [
+            "(^|[^\\nA-Za-z_])",
             "(",
             [
                 "_splitpath",

data/lib/zoom/profile/unsafe_java.rb CHANGED

@@ -16,8 +16,16 @@ class Zoom::SecurityProfile::UnsafeJava < Zoom::SecurityProfile
         super(n, nil, f, b, a)
         @pattern = [
             "(sun\\.misc\\.)?Unsafe",
-            "(\\.getRuntime|readObject|Runtime)\\("
-        ].join("|")
+            "|",
+            "(",
+            [
+                "\\.getRuntime",
+                "readObject",
+                "Runtime"
+            ].join("|"),
+            ")",
+            "\\("
+        ].join
         @taggable = true
     end
 end

data/lib/zoom/profile/unsafe_js.rb CHANGED

@@ -10,7 +10,15 @@ class Zoom::SecurityProfile::UnsafeJs < Zoom::SecurityProfile
         end
         super(n, nil, f, b, a)
-        @pattern = "\\.((append|eval|html)\\(|innerHTML)"
+        @pattern = [
+            "\\.",
+            "(",
+            [
+                "(append|eval|html)\\(",
+                "innerHTML"
+            ].join("|"),
+            ")"
+        ].join
         @taggable = true
     end
 end

data/lib/zoom/profile/unsafe_php.rb CHANGED

@@ -18,9 +18,14 @@ class Zoom::SecurityProfile::UnsafePhp < Zoom::SecurityProfile
         # From here: https://www.eukhost.com/blog/webhosting/dangerous-php-functions-must-be-disabled/
         # OMG is anything safe?!
         @pattern = [
-            "\\`|",
-            "\\$_GET\\[|",
-            "(include|require)(_once)?|",
+            "\\`",
+            "|",
+            "\\$_GET\\[",
+            "|",
+            "(^|[^\\nA-Za-z_])",
+            "(",
+            "(include|require)(_once)?",
+            "|",
             "(",
             [
                 "apache_(child_terminate|setenv)",
@@ -48,7 +53,9 @@ class Zoom::SecurityProfile::UnsafePhp < Zoom::SecurityProfile
                 "sys(log|tem)",
                 "xmlrpc_entity_decode"
             ].join("|"),
-            ")\\("
+            ")",
+            "\\(",
+            ")"
         ].join
         @taggable = true
     end

data/lib/zoom/profile/unsafe_python.rb CHANGED

@@ -11,6 +11,7 @@ class Zoom::SecurityProfile::UnsafePython < Zoom::SecurityProfile
         super(n, nil, f, b, a)
         @pattern = [
+            "(^|[^\\nA-Za-z_])",
             "(",
             [
                 "c?[Pp]ickle\\.loads?",
@@ -20,7 +21,8 @@ class Zoom::SecurityProfile::UnsafePython < Zoom::SecurityProfile
                 "subprocess\\.call",
                 "yaml\\.load"
             ].join("|"),
-            ")\\("
+            ")",
+            "\\("
         ].join
         @taggable = true
     end

data/lib/zoom/profile/unsafe_ruby.rb CHANGED

@@ -25,11 +25,18 @@ class Zoom::SecurityProfile::UnsafeRuby < Zoom::SecurityProfile
         super(n, nil, f, b, a)
         @pattern = [
             "%x\\(",
+            "|",
             "\\.constantize",
-            "instance_eval",
-            "(public_)?send",
-            "system"
-        ].join("|")
+            "|",
+            "(^|[^\\nA-Za-z_])",
+            "(",
+            [
+                "instance_eval",
+                "(public_)?send",
+                "system",
+            ].join("|"),
+            ")"
+        ].join
         @taggable = true
     end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-zoom
 version: !ruby/object:Gem::Version
-  version: 4.5.4
+  version: 4.5.5
 platform: ruby
 authors:
 - Miles Whittaker
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-11-11 00:00:00.000000000 Z
+date: 2016-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest