From 5bbe6c8582d91d3b8cf35103ed2890d8415ebff8 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Tue, 5 Jun 2012 11:11:04 -0700
Subject: [PATCH] Ignore redirects to Model.find_by_*

---
 lib/brakeman/checks/check_redirect.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/brakeman/checks/check_redirect.rb b/lib/brakeman/checks/check_redirect.rb
index 2fcc594c..8c60cf7c 100644
--- a/lib/brakeman/checks/check_redirect.rb
+++ b/lib/brakeman/checks/check_redirect.rb
@@ -56,13 +56,16 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
   def include_user_input? call
     Brakeman.debug "Checking if call includes user input"
 
-    if tracker.options[:ignore_redirect_to_model] and call? call[3][1] and 
-      @model_find_calls.include? call[3][1][2] and model_name? call[3][1][1]
+    args = call[3]
+
+    if tracker.options[:ignore_redirect_to_model] and call? args[1] and
+      (@model_find_calls.include? args[1][2] or args[1][2].to_s.match(/^find_by_/)) and
+      model_name? args[1][1]
 
       return false
     end
 
-    call[3].each do |arg|
+    args.each do |arg|
       if res = has_immediate_model?(arg)
         return Match.new(:immediate, res)
       elsif call? arg
-- 
GitLab