Fix duplicate warnings with `raw` calls

There was a bit of a logic error here, because a warning might be detected as a duplicate in `check_for_immediate_xss`, causing it to return 'false' and then the check would go ahead and process the `raw` call. This would result in 'weak' confidence warnings that were duplicates of 'high' confidence warnings.

Fix duplicate warnings with `raw` calls
There was a bit of a logic error here, because a warning might be detected as a duplicate in `check_for_immediate_xss`, causing it to return 'false' and then the check would go ahead and process the `raw` call. This would result in 'weak' confidence warnings that were duplicates of 'high' confidence warnings.
5da772f8 · Justin Collins · 1b568287 · 5da772f8
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

lib/brakeman/checks/check_cross_site_scripting.rb lib/brakeman/checks/check_cross_site_scripting.rb +1 -1

未找到文件。
--- a/lib/brakeman/checks/check_cross_site_scripting.rb
+++ b/lib/brakeman/checks/check_cross_site_scripting.rb
@@ -137,7 +137,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
  #Otherwise, ignore
  def process_escaped_output exp
    unless check_for_immediate_xss exp
-      if raw_call? exp
+      if raw_call? exp and not duplicate? exp
        process exp.value.first_arg
      end
    end