tainted_love 0.1.3

data/.ruby-version

@@ -0,0 +1 @@
+2.5.3

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.5.3
+before_install: gem install bundler -v 1.17.3

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,73 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at opensource@shopify.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct/
+
+[homepage]: https://www.contributor-covenant.org

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in tainted_love.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,57 @@
+PATH
+  remote: .
+  specs:
+    tainted_love (0.1.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.0)
+    diff-lcs (1.3)
+    jaro_winkler (1.5.2)
+    parallel (1.14.0)
+    parser (2.6.0.0)
+      ast (~> 2.4.0)
+    powerpack (0.1.2)
+    psych (3.1.0)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    rubocop (0.65.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      powerpack (~> 0.1)
+      psych (>= 3.1.0)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.4.0)
+    ruby-progressbar (1.10.0)
+    unicode-display_width (1.4.1)
+    yard (0.9.18)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.17)
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  rubocop (~> 0.65.0)
+  tainted_love!
+  yard (~> 0.9.18)
+
+BUNDLED WITH
+   1.17.3

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Shopify
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,85 @@
+# TaintedLove
+
+TaintedLove is a dynamic security analysis tool for Ruby. It leverages Ruby's object tainting and monkey patching features to identify vulnerable code paths at runtime.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'tainted_love'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install tainted_love
+
+
+## Usage
+
+TaintedLove needs to replace multiple functions. It is ideal to enable it when the application has all of its dependencies loaded and is ready to use.
+
+To enable TaintedLove in your project:
+
+```ruby
+TaintedLove.enable! do |config|
+  # This is the default configuration
+  # config.logger = Logger.new
+  # config.replacers = TaintedLove::Replacer::Base.replacers
+  # config.validators = TaintedLove::Validator::Base.validators
+  # config.reporter = TaintedLove::Reporter::StdoutReporter.new
+end
+```
+
+In Ruby on Rails, this could be done in an initializer file `config/initializer/tainted_love.rb`
+
+```ruby
+TaintedLove.enable! do |config|
+  config.logger = Rails.logger
+end
+```
+
+Start your application! The default reporter will output into the console.
+
+## Detected Patterns
+TaintedLove currently detects the following patterns. If the execution of the application ever encounters these function calls, TaintedLove will report it.
+
+```ruby
+Object#send(tainted_input_1, tainted_input_2)
+File.read(tainted_input).taint
+File.write(tainted_input, _)
+Kernel#eval(tainted_input)
+Kernel#system(tainted_input)
+Kernel#`(tainted_input)
+Kernel#open("|" + tainted_input)
+Marshal.load(tainted_input)
+YAML.load(tainted_input)
+
+# Rails specific patterns
+render(tainted_input)
+render(inline: tainted_input)
+render(file: tainted_input)
+<%= tainted_input.html_safe %>
+Model.where(tainted_input)
+Model.select(tainted_input)
+Model.find_by_sql(tainted_input)
+Model.count_by_sql(tainted_input)
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/Shopify/tainted_love.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task(default: :spec)

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'tainted_love'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+cd example
+
+bundle install

data/bin/test

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -e
+
+bundle exec rake
+cd example
+rails test

data/dev.yml

@@ -0,0 +1,28 @@
+name: tainted-love
+
+type: ruby
+
+up:
+  - homebrew:
+    - openssl
+  - ruby: 2.5.3
+  - bundler
+  - bundler:
+      gemfile: example/Gemfile
+
+commands:
+  console:
+    desc:   'start a console'
+    run:    bin/console
+
+  test:
+    desc:   'run the tests'
+    run:    bin/test
+
+  docs:
+    desc:   'generate the documentation'
+    run:    bundle exec yard -o docs
+
+  style:
+    desc:   'run rubocop'
+    run:    bundle exec rubocop

data/docs/TaintedLove.html

@@ -0,0 +1,482 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>
+  Module: TaintedLove
+  
+    &mdash; Documentation by YARD 0.9.18
+  
+</title>
+
+  <link rel="stylesheet" href="css/style.css" type="text/css" charset="utf-8" />
+
+  <link rel="stylesheet" href="css/common.css" type="text/css" charset="utf-8" />
+
+<script type="text/javascript" charset="utf-8">
+  pathId = "TaintedLove";
+  relpath = '';
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div class="nav_wrap">
+      <iframe id="nav" src="class_list.html?1"></iframe>
+      <div id="resizer"></div>
+    </div>
+
+    <div id="main" tabindex="-1">
+      <div id="header">
+        <div id="menu">
+  
+    <a href="_index.html">Index (T)</a> &raquo;
+    
+    
+    <span class="title">TaintedLove</span>
+  
+</div>
+
+        <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="class_list.html">
+
+        <svg width="24" height="24">
+          <rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
+        </svg>
+    </a>
+  
+</div>
+        <div class="clear"></div>
+      </div>
+
+      <div id="content"><h1>Module: TaintedLove
+  
+  
+  
+</h1>
+<div class="box_info">
+  
+
+  
+  
+  <dl>
+      <dt>Extended by:</dt>
+      <dd><span class='object_link'><a href="TaintedLove/Utils.html" title="TaintedLove::Utils (module)">Utils</a></span></dd>
+  </dl>
+  
+  
+  
+  
+
+  
+
+  
+  <dl>
+    <dt>Defined in:</dt>
+    <dd>lib/tainted_love.rb<span class="defines">,<br />
+  lib/tainted_love/utils.rb,<br /> lib/tainted_love/version.rb,<br /> lib/tainted_love/warning.rb,<br /> lib/tainted_love/stack_trace.rb,<br /> lib/tainted_love/configuration.rb,<br /> lib/tainted_love/replacer/base.rb,<br /> lib/tainted_love/reporter/base.rb,<br /> lib/tainted_love/validator/base.rb,<br /> lib/tainted_love/validator/erb_eval.rb,<br /> lib/tainted_love/replacer/replace_file.rb,<br /> lib/tainted_love/replacer/replace_digest.rb,<br /> lib/tainted_love/replacer/replace_kernel.rb,<br /> lib/tainted_love/replacer/replace_object.rb,<br /> lib/tainted_love/replacer/replace_marshal.rb,<br /> lib/tainted_love/reporter/stdout_reporter.rb,<br /> lib/tainted_love/replacer/replace_sprokets.rb,<br /> lib/tainted_love/reporter/sinatra_reporter.rb,<br /> lib/tainted_love/validator/sprokets_marshal.rb,<br /> lib/tainted_love/replacer/replace_action_view.rb,<br /> lib/tainted_love/replacer/replace_active_record.rb,<br /> lib/tainted_love/replacer/replace_rails_user_input.rb,<br /> lib/tainted_love/validator/action_view_object_send.rb,<br /> lib/tainted_love/replacer/replace_action_controller.rb,<br /> lib/tainted_love/validator/redis_store_serialization.rb</span>
+</dd>
+  </dl>
+  
+</div>
+
+<h2>Defined Under Namespace</h2>
+<p class="children">
+  
+    
+      <strong class="modules">Modules:</strong> <span class='object_link'><a href="TaintedLove/Replacer.html" title="TaintedLove::Replacer (module)">Replacer</a></span>, <span class='object_link'><a href="TaintedLove/Reporter.html" title="TaintedLove::Reporter (module)">Reporter</a></span>, <span class='object_link'><a href="TaintedLove/Utils.html" title="TaintedLove::Utils (module)">Utils</a></span>, <span class='object_link'><a href="TaintedLove/Validator.html" title="TaintedLove::Validator (module)">Validator</a></span>
+    
+  
+    
+      <strong class="classes">Classes:</strong> <span class='object_link'><a href="TaintedLove/Configuration.html" title="TaintedLove::Configuration (class)">Configuration</a></span>, <span class='object_link'><a href="TaintedLove/StackTrace.html" title="TaintedLove::StackTrace (class)">StackTrace</a></span>, <span class='object_link'><a href="TaintedLove/Warning.html" title="TaintedLove::Warning (class)">Warning</a></span>
+    
+  
+</p>
+
+  
+    <h2>
+      Constant Summary
+      <small><a href="#" class="constants_summary_toggle">collapse</a></small>
+    </h2>
+
+    <dl class="constants">
+      
+        <dt id="VERSION-constant" class="">VERSION =
+          
+        </dt>
+        <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0.1.3</span><span class='tstring_end'>&#39;</span></span></pre></dd>
+      
+    </dl>
+  
+
+
+
+
+  <h2>Class Attribute Summary <small><a href="#" class="summary_toggle">collapse</a></small></h2>
+  <ul class="summary">
+    
+      <li class="public ">
+  <span class="summary_signature">
+    
+      <a href="#configuration-class_method" title="configuration (class method)">.<strong>configuration</strong>  &#x21d2; Object </a>
+    
+
+    
+  </span>
+  
+  
+  
+    
+      <span class="note title readonly">readonly</span>
+    
+    
+  
+  
+  
+  
+  
+
+  
+    <span class="summary_desc"><div class='inline'>
+<p>Returns the value of attribute configuration.</p>
+</div></span>
+  
+</li>
+
+    
+  </ul>
+
+
+
+
+  
+    <h2>
+      Class Method Summary
+      <small><a href="#" class="summary_toggle">collapse</a></small>
+    </h2>
+
+    <ul class="summary">
+      
+        <li class="public ">
+  <span class="summary_signature">
+    
+      <a href="#enable!-class_method" title="enable! (class method)">.<strong>enable!</strong> {|TaintedLove::Configuration| ... } &#x21d2; Object </a>
+    
+
+    
+  </span>
+  
+  
+  
+  
+  
+  
+  
+
+  
+    <span class="summary_desc"><div class='inline'>
+<p>Enables TaintedLove.</p>
+</div></span>
+  
+</li>
+
+      
+        <li class="public ">
+  <span class="summary_signature">
+    
+      <a href="#report-class_method" title="report (class method)">.<strong>report</strong>(replacer, tainted_input)  &#x21d2; Object </a>
+    
+
+    
+  </span>
+  
+  
+  
+  
+  
+  
+  
+
+  
+    <span class="summary_desc"><div class='inline'>
+<p>Report tainted input.</p>
+</div></span>
+  
+</li>
+
+      
+    </ul>
+  
+
+
+  
+  
+  
+  
+  
+  
+  
+  
+  <h3 class="inherited">Methods included from <span class='object_link'><a href="TaintedLove/Utils.html" title="TaintedLove::Utils (module)">Utils</a></span></h3>
+  <p class="inherited"><span class='object_link'><a href="TaintedLove/Utils.html#add_tracking-instance_method" title="TaintedLove::Utils#add_tracking (method)">add_tracking</a></span>, <span class='object_link'><a href="TaintedLove/Utils.html#hash-instance_method" title="TaintedLove::Utils#hash (method)">hash</a></span>, <span class='object_link'><a href="TaintedLove/Utils.html#proxy_method-instance_method" title="TaintedLove::Utils#proxy_method (method)">proxy_method</a></span></p>
+
+  <div id="class_attr_details" class="attr_details">
+    <h2>Class Attribute Details</h2>
+    
+      
+      <span id=""></span>
+      <div class="method_details first">
+  <h3 class="signature first" id="configuration-class_method">
+  
+    .<strong>configuration</strong>  &#x21d2; <tt>Object</tt>  <span class="extras">(readonly)</span>
+  
+
+  
+
+  
+</h3><div class="docstring">
+  <div class="discussion">
+    
+<p>Returns the value of attribute configuration</p>
+
+
+  </div>
+</div>
+<div class="tags">
+  
+
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+
+
+9
+10
+11</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/tainted_love.rb', line 9</span>
+
+<span class='kw'>def</span> <span class='id identifier rubyid_configuration'>configuration</span>
+  <span class='ivar'>@configuration</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+    
+  </div>
+
+
+  <div id="class_method_details" class="method_details_list">
+    <h2>Class Method Details</h2>
+
+    
+      <div class="method_details first">
+  <h3 class="signature first" id="enable!-class_method">
+  
+    .<strong>enable!</strong> {|TaintedLove::Configuration| ... } &#x21d2; <tt>Object</tt> 
+  
+
+  
+
+  
+</h3><div class="docstring">
+  <div class="discussion">
+    
+<p>Enables TaintedLove. Use a block to configure the
+TaintedLove::Configuration</p>
+
+
+  </div>
+</div>
+<div class="tags">
+  
+<p class="tag_title">Yields:</p>
+<ul class="yield">
+  
+    <li>
+      
+      
+        <span class='type'>(<tt><span class='object_link'><a href="TaintedLove/Configuration.html" title="TaintedLove::Configuration (class)">TaintedLove::Configuration</a></span></tt>)</span>
+      
+      
+      
+    </li>
+  
+</ul>
+
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+
+
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/tainted_love.rb', line 15</span>
+
+<span class='kw'>def</span> <span class='id identifier rubyid_enable!'>enable!</span>
+  <span class='id identifier rubyid_configuration'>configuration</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="" title="TaintedLove (module)">TaintedLove</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/Configuration.html" title="TaintedLove::Configuration (class)">Configuration</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="TaintedLove/Configuration.html#initialize-instance_method" title="TaintedLove::Configuration#initialize (method)">new</a></span></span>
+
+  <span class='id identifier rubyid_configuration'>configuration</span><span class='period'>.</span><span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_info'>info</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>TaintedLove is enabled</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_configuration'>configuration</span><span class='period'>.</span><span class='id identifier rubyid_replacers'>replacers</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="" title="TaintedLove (module)">TaintedLove</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/Replacer.html" title="TaintedLove::Replacer (module)">Replacer</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/Replacer/Base.html" title="TaintedLove::Replacer::Base (class)">Base</a></span></span><span class='period'>.</span><span class='id identifier rubyid_replacers'><span class='object_link'><a href="TaintedLove/Replacer/Base.html#replacers-class_method" title="TaintedLove::Replacer::Base.replacers (method)">replacers</a></span></span>
+  <span class='id identifier rubyid_configuration'>configuration</span><span class='period'>.</span><span class='id identifier rubyid_validators'>validators</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="" title="TaintedLove (module)">TaintedLove</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/Validator.html" title="TaintedLove::Validator (module)">Validator</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/Validator/Base.html" title="TaintedLove::Validator::Base (class)">Base</a></span></span><span class='period'>.</span><span class='id identifier rubyid_validators'><span class='object_link'><a href="TaintedLove/Validator/Base.html#validators-class_method" title="TaintedLove::Validator::Base.validators (method)">validators</a></span></span>
+  <span class='id identifier rubyid_configuration'>configuration</span><span class='period'>.</span><span class='id identifier rubyid_reporter'>reporter</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="" title="TaintedLove (module)">TaintedLove</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/Reporter.html" title="TaintedLove::Reporter (module)">Reporter</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/Reporter/StdoutReporter.html" title="TaintedLove::Reporter::StdoutReporter (class)">StdoutReporter</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="TaintedLove/Reporter/Base.html#initialize-instance_method" title="TaintedLove::Reporter::Base#initialize (method)">new</a></span></span>
+
+  <span class='comment'># Allows customization of which replacers/validators should be used
+</span>  <span class='kw'>yield</span> <span class='id identifier rubyid_configuration'>configuration</span> <span class='kw'>if</span> <span class='id identifier rubyid_block_given?'>block_given?</span>
+
+  <span class='ivar'>@configuration</span> <span class='op'>=</span> <span class='id identifier rubyid_configuration'>configuration</span>
+
+  <span class='id identifier rubyid_configuration'>configuration</span><span class='period'>.</span><span class='id identifier rubyid_replacers'>replacers</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_replacer'>replacer</span><span class='op'>|</span>
+    <span class='id identifier rubyid_replacer'>replacer</span> <span class='op'>=</span> <span class='id identifier rubyid_replacer'>replacer</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
+    <span class='id identifier rubyid_replacer'>replacer</span><span class='period'>.</span><span class='id identifier rubyid_replace!'>replace!</span> <span class='kw'>if</span> <span class='id identifier rubyid_replacer'>replacer</span><span class='period'>.</span><span class='id identifier rubyid_should_replace?'>should_replace?</span>
+  <span class='kw'>end</span>
+
+  <span class='id identifier rubyid_configuration'>configuration</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+    
+      <div class="method_details ">
+  <h3 class="signature " id="report-class_method">
+  
+    .<strong>report</strong>(replacer, tainted_input)  &#x21d2; <tt>Object</tt> 
+  
+
+  
+
+  
+</h3><div class="docstring">
+  <div class="discussion">
+    
+<p>Report tainted input</p>
+
+
+  </div>
+</div>
+<div class="tags">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
+  
+    <li>
+      
+        <span class='name'>replacer</span>
+      
+      
+        <span class='type'>(<tt>Symbol</tt>)</span>
+      
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>Replacer reporting the issue</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>tainted_input</span>
+      
+      
+        <span class='type'>(<tt>Object</tt>)</span>
+      
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>Tainted object</p>
+</div>
+      
+    </li>
+  
+</ul>
+
+
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+
+
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/tainted_love.rb', line 40</span>
+
+<span class='kw'>def</span> <span class='id identifier rubyid_report'>report</span><span class='lparen'>(</span><span class='id identifier rubyid_replacer'>replacer</span><span class='comma'>,</span> <span class='id identifier rubyid_tainted_input'>tainted_input</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_warning'>warning</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="" title="TaintedLove (module)">TaintedLove</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/Warning.html" title="TaintedLove::Warning (class)">Warning</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="TaintedLove/Warning.html#initialize-instance_method" title="TaintedLove::Warning#initialize (method)">new</a></span></span>
+  <span class='id identifier rubyid_warning'>warning</span><span class='period'>.</span><span class='id identifier rubyid_tainted_input'>tainted_input</span> <span class='op'>=</span> <span class='id identifier rubyid_tainted_input'>tainted_input</span>
+  <span class='id identifier rubyid_warning'>warning</span><span class='period'>.</span><span class='id identifier rubyid_stack_trace'>stack_trace</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="" title="TaintedLove (module)">TaintedLove</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="TaintedLove/StackTrace.html" title="TaintedLove::StackTrace (class)">StackTrace</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="TaintedLove/StackTrace.html#initialize-instance_method" title="TaintedLove::StackTrace#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='const'>Thread</span><span class='period'>.</span><span class='id identifier rubyid_current'>current</span><span class='period'>.</span><span class='id identifier rubyid_backtrace'>backtrace</span><span class='lparen'>(</span><span class='int'>3</span><span class='rparen'>)</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_warning'>warning</span><span class='period'>.</span><span class='id identifier rubyid_replacer'>replacer</span> <span class='op'>=</span> <span class='id identifier rubyid_replacer'>replacer</span>
+
+  <span class='id identifier rubyid_should_remove'>should_remove</span> <span class='op'>=</span> <span class='ivar'>@configuration</span><span class='period'>.</span><span class='id identifier rubyid_validators'>validators</span><span class='period'>.</span><span class='id identifier rubyid_any?'>any?</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_validator'>validator</span><span class='op'>|</span>
+    <span class='id identifier rubyid_validator'>validator</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='period'>.</span><span class='id identifier rubyid_remove?'>remove?</span><span class='lparen'>(</span><span class='id identifier rubyid_warning'>warning</span><span class='rparen'>)</span>
+  <span class='kw'>end</span>
+
+  <span class='ivar'>@configuration</span><span class='period'>.</span><span class='id identifier rubyid_reporter'>reporter</span><span class='period'>.</span><span class='id identifier rubyid_add_warning'>add_warning</span><span class='lparen'>(</span><span class='id identifier rubyid_warning'>warning</span><span class='rparen'>)</span> <span class='kw'>unless</span> <span class='id identifier rubyid_should_remove'>should_remove</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+    
+  </div>
+
+</div>
+
+      <div id="footer">
+  Generated on Tue Apr  2 15:50:34 2019 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.9.18 (ruby-2.5.3).
+</div>
+
+    </div>
+  </body>
+</html>