diff options
-rw-r--r-- | app-forensics/brakeman/files/brakeman-6.1.1-remove-safeyaml.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/app-forensics/brakeman/files/brakeman-6.1.1-remove-safeyaml.patch b/app-forensics/brakeman/files/brakeman-6.1.1-remove-safeyaml.patch new file mode 100644 index 00000000..145c3b45 --- /dev/null +++ b/app-forensics/brakeman/files/brakeman-6.1.1-remove-safeyaml.patch @@ -0,0 +1,56 @@ +From 49d9c53bd127acf06c84f5383db24b175ea6a41e Mon Sep 17 00:00:00 2001 +From: Justin Collins <justin@presidentbeef.com> +Date: Sat, 23 Dec 2023 23:22:46 -0800 +Subject: [PATCH] Remove SafeYAML dependency + +--- + gem_common.rb | 1 - + lib/brakeman.rb | 5 ++--- + lib/brakeman/checks/check_session_settings.rb | 5 ++--- + 3 files changed, 4 insertions(+), 7 deletions(-) + +diff --git a/gem_common.rb b/gem_common.rb +index e1fd9e086a..0d36ec3e29 100644 +--- a/gem_common.rb ++++ b/gem_common.rb +@@ -12,7 +12,6 @@ def self.base_dependencies spec + spec.add_dependency "ruby_parser", "~>3.20.2" + spec.add_dependency "sexp_processor", "~> 4.7" + spec.add_dependency "ruby2ruby", "~>2.4.0" +- spec.add_dependency "safe_yaml", ">= 1.0" + spec.add_dependency "racc" + end + +diff --git a/lib/brakeman.rb b/lib/brakeman.rb +index f24ac30849..69495007e4 100644 +--- a/lib/brakeman.rb ++++ b/lib/brakeman.rb +@@ -128,9 +128,8 @@ def self.load_options line_options + + #Load configuration file + if config = config_file(custom_location, app_path) +- require 'date' # https://github.com/dtao/safe_yaml/issues/80 +- self.load_brakeman_dependency 'safe_yaml/load' +- options = SafeYAML.load_file config, :deserialize_symbols => true ++ require 'yaml' ++ options = YAML.safe_load_file config, permitted_classes: [Symbol], symbolize_names: true + + if options + options.each { |k, v| options[k] = Set.new v if v.is_a? Array } +diff --git a/lib/brakeman/checks/check_session_settings.rb b/lib/brakeman/checks/check_session_settings.rb +index 33d5f674c1..f117eadb88 100644 +--- a/lib/brakeman/checks/check_session_settings.rb ++++ b/lib/brakeman/checks/check_session_settings.rb +@@ -116,10 +116,9 @@ def check_secrets_yaml + + if secrets_file.exists? and not ignored? "secrets.yml" and not ignored? "config/*.yml" + yaml = secrets_file.read +- require 'date' # https://github.com/dtao/safe_yaml/issues/80 +- require 'safe_yaml/load' ++ require 'yaml' + begin +- secrets = SafeYAML.load yaml ++ secrets = YAML.safe_load yaml + rescue Psych::SyntaxError, RuntimeError => e + Brakeman.notify "[Notice] #{self.class}: Unable to parse `#{secrets_file}`" + Brakeman.debug "Failed to parse #{secrets_file}: #{e.inspect}" |