Move more Sexp#[] calls to regular method calls

89b67145 · Justin Collins · 9f5e7b16 · 89b67145 · 89b67145 · 89b67145
4 changed file
--- a/lib/brakeman/checks/check_cross_site_scripting.rb
+++ b/lib/brakeman/checks/check_cross_site_scripting.rb
@@ -115,7 +115,11 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
        :confidence => CONFIDENCE[:high]

    elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(out)
-      method = match[2]
+      method = if call? match
+                 match.method
+               else
+                 nil
+               end

      unless IGNORE_MODEL_METHODS.include? method
        add_result out

--- a/lib/brakeman/checks/check_redirect.rb
+++ b/lib/brakeman/checks/check_redirect.rb
@@ -73,12 +73,12 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
    elsif call? arg
      if request_value? arg
        return Match.new(immediate, arg)
-      elsif request_value? arg[1]
-        return Match.new(immediate, arg[1])
-      elsif arg[2] == :url_for and include_user_input? arg
+      elsif request_value? arg.target
+        return Match.new(immediate, arg.target)
+      elsif arg.method == :url_for and include_user_input? arg
        return Match.new(immediate, arg)
        #Ignore helpers like some_model_url?
-      elsif arg[2].to_s =~ /_(url|path)\z/
+      elsif arg.method.to_s =~ /_(url|path)\z/
        return false
      end
    elsif request_value? arg

--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -261,23 +261,25 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck

  def check_scope_arguments args
    return unless node_type? args, :arglist
+    scope_arg = args[2] #first arg is name of scope

-    if node_type? args[2], :iter
-      unsafe_sql? args[2].block
+    if node_type? scope_arg, :iter
+      unsafe_sql? scope_arg.block
    else
-      unsafe_sql? args[2]
+      unsafe_sql? scope_arg
    end
  end

  def check_query_arguments arg
    return unless sexp? arg
+    first_arg = arg[1]

    if node_type? arg, :arglist
-      if arg.length > 2 and node_type? arg[1], :string_interp, :dstr
+      if arg.length > 2 and node_type? first_arg, :string_interp, :dstr
        # Model.where("blah = ?", blah)
-        return check_string_interp arg[1]
+        return check_string_interp first_arg
      else
-        arg = arg[1]
+        arg = first_arg
      end
    end

@@ -319,7 +321,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
  def check_by_sql_arguments arg
    return unless sexp? arg

-    #This is kind of necessary, because unsafe_sql? will handle an array
+    #This is kind of unnecessary, because unsafe_sql? will handle an array
    #correctly, but might be better to be explicit.
    if array? arg
      unsafe_sql? arg[1]

--- a/lib/brakeman/processors/alias_processor.rb
+++ b/lib/brakeman/processors/alias_processor.rb
@@ -477,8 +477,9 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
  #Join two string literals into one.
  def join_strings string1, string2
    result = Sexp.new(:str)
-    result[1] = string1[1] + string2[1]
-    if result[1].length > 50
+    result.value = string1.value + string2.value
+
+    if result.value.length > 50
      string1
    else
      result