From bbcdc7fc7d8cce65293af96cff122cff0ff68b02 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Fri, 18 May 2012 08:40:26 -0700
Subject: [PATCH] CheckSQL: Ignore sanitize methods in interpolation

---
 lib/brakeman/checks/check_sql.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb
index 0aaf790f..5bed92ad 100644
--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -454,7 +454,10 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     end
   end
 
-  IGNORE_METHODS_IN_SQL = Set[:id, :table_name, :to_i, :to_f]
+  IGNORE_METHODS_IN_SQL = Set[:id, :table_name, :to_i, :to_f,
+    :sanitize_sql, :sanitize_sql_array, :sanitize_sql_for_assignment,
+    :sanitize_sql_for_conditions, :sanitize_sql_hash,
+    :sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions]
 
   def safe_value? exp
     return true unless sexp? exp
-- 
GitLab