Fix all warnings in the test suite

[casperisfine]

None are really critical to be honest, but it's just good hygienne and makes it easier to spot when a new one is introduced.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	1 finding
Secrets Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request cover various updates and improvements to the Brakeman application security tool. The changes span across multiple files, including updates to dependencies, Slim template handling, Rails configuration loading, Ruby parser performance, and report generation testing.

From a security perspective, the changes do not introduce any immediate security concerns. The updates are primarily focused on improving the functionality, reliability, and performance of the Brakeman tool, which is a critical component for identifying security vulnerabilities in Ruby on Rails applications.

The key security-related changes include the addition of the "csv" development dependency, improvements to the handling of embedded code in Slim templates, and updates to the Ruby parser's Sexp class. These changes aim to enhance the security analysis capabilities of the Brakeman tool and ensure that it can accurately and reliably identify potential security issues in the target applications.

While the changes themselves do not directly impact the security of the applications being analyzed, it's important to maintain vigilance and continue to monitor the security of all dependencies, even those used only during development. Additionally, any updates to critical components like the Ruby parser should be thoroughly reviewed to ensure they do not introduce any unintended consequences or security vulnerabilities.

Files Changed:

1. gem_common.rb: Added the "csv" gem as a development dependency for the Brakeman gem.
2. lib/brakeman/parsers/slim_embedded.rb: Overrode the on_slim_embedded method and the tilt_render method in the SassEngine and CoffeeEngine classes to use the BrakemanFilter.render method for handling embedded code in Slim templates.
3. lib/brakeman/tracker/config.rb: Updated the regular expression used to validate the Rails version in the load_rails_defaults method.
4. lib/ruby_parser/bm_sexp.rb: Introduced several improvements to the Sexp class, including method aliasing, hash caching, and special handling for certain methods.
5. test/tests/report_generation.rb: Removed the require 'highline/io_console_compatible' line from the test_table_sanity method in the TestReportGeneration class.

Powered by DryRun Security