RubyGems - sqreen - Versions diffs - 1.8.4 → 1.8.5 - Mend

sqreen 1.8.4 → 1.8.5

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/sqreen/rules_callbacks/reflected_xss.rb +5 -5
data/lib/sqreen/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b98e63dada1f42cf20026dd3cc0c9785716fbffc
-  data.tar.gz: fe78cceafb93d57e06919df9fb7f7021007d9426
+  metadata.gz: 3f399192916d62e32ac7dc431d7f9567451b3b4c
+  data.tar.gz: c50f2371cedb78ea513b13773da2fcab80786994
 SHA512:
-  metadata.gz: 97edd909e427fbf02d791c05633dc4d3a4d997093030511d6f4b0ee5c085a9792b3c6c3f7ad1e35bebb57a87236fce7e34a718c7e896efcd91e4354ab3c34dcc
-  data.tar.gz: ce0cfcdf70964f359da9efa7a7b9a3ab3cbab223a2a8ae7e284715e01a2f25215aeff270b957254addfac01ff9c90e0a7215ce3d074031fef3ea97111735b89c
+  metadata.gz: 98569486b7c5344745d4542f0a856673db74431f703ee96c192c0b28efda36ddefc6ee88978ef93f4bea7a7a92264c9eba55c52a3b03de16ed461bec4d88b3a0
+  data.tar.gz: 16bc37bfdbf917d013f66559cf34431e1ac39c62678cd3ad9aab2c66d2f6b8ac084dc15fea24b2f00e8da2b9aeff81938f2f6418c5e325e98d5c9a8b2be2c16f

data/lib/sqreen/rules_callbacks/reflected_xss.rb CHANGED

@@ -90,7 +90,7 @@ module Sqreen
         if escape_html == false &&
            text.respond_to?(:include?) &&
            !text.include?('html_escape')
-          args[0].replace("Sqreen.escape_haml(#{args[0]})")
+          args[0].replace("Sqreen.escape_haml((#{args[0]}))")
         end
         nil
       end
@@ -104,7 +104,7 @@ module Sqreen
         if tag.value[:escape_html] == false &&
            tag.value[:value].respond_to?(:include?) &&
            !tag.value[:value].include?('html_escape')
-          tag.value[:value] = "Sqreen.escape_haml(#{tag.value[:value]})"
+          tag.value[:value] = "Sqreen.escape_haml((#{tag.value[:value]}))"
           return { :status => :override, :new_return_value => tag }
         end
         nil
@@ -126,7 +126,7 @@ module Sqreen
           else
             content = eval('"' + Haml::Util.balance(scan, '{', '}', 1)[0][0...-1] + '"')
             content = "Haml::Helpers.html_escape((#{content}))" if escape_html
-            res << '#{Sqreen.escape_haml(' + content + ')}' # Use eval to get rid of string escapes
+            res << '#{Sqreen.escape_haml((' + content + '))}' # Use eval to get rid of string escapes
           end
         end
         { :status => :skip, :new_return_value => res + rest }
@@ -180,7 +180,7 @@ module Sqreen
     class Haml5EscapableHookCB < RuleCB
       def pre(_inst, *args, &_block)
-        args[0] = "Sqreen.escape_haml(#{args[0]})"
+        args[0] = "Sqreen.escape_haml((#{args[0]}))"
         { :status => :modify_args, :args => args }
       end
     end
@@ -188,7 +188,7 @@ module Sqreen
     # Hook into temple template rendering
     class TempleEscapableHookCB < RuleCB
       def post(ret, _inst, *_args, &_block)
-        ret[1] = "Sqreen.escape_temple(#{ret[1]})"
+        ret[1] = "Sqreen.escape_temple((#{ret[1]}))"
         { :status => :override, :new_return_value => ret }
       end
     end

data/lib/sqreen/version.rb CHANGED

@@ -1,5 +1,5 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 module Sqreen
-  VERSION = '1.8.4'.freeze
+  VERSION = '1.8.5'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.8.4
+  version: 1.8.5
 platform: ruby
 authors:
 - Sqreen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-17 00:00:00.000000000 Z
+date: 2017-10-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: execjs