Model attributes in `or` expressions are immediate

`BaseCheck#has_immediate_model?` will return true if a model attribute is found in an `or` expression, just like `BaseCheck#has_immediate_user_input?` does for everything else.

Model attributes in `or` expressions are immediate
`BaseCheck#has_immediate_model?` will return true if a model attribute is found in an `or` expression, just like `BaseCheck#has_immediate_user_input?` does for everything else.
5bf3c938 · Justin Collins · 7956fa06 · 5bf3c938
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

lib/brakeman/checks/base_check.rb lib/brakeman/checks/base_check.rb +3 -0

未找到文件。
--- a/lib/brakeman/checks/base_check.rb
+++ b/lib/brakeman/checks/base_check.rb
@@ -352,6 +352,9 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
      when :if
        ((sexp? exp[2] and has_immediate_model? exp[2], out) or 
         (sexp? exp[3] and has_immediate_model? exp[3], out))
+      when :or
+        has_immediate_model? exp[1] or
+        has_immediate_model? exp[2]
      else
        false
      end