From f829a8f6863d33fe0a79e8d314443a16985ebaf2 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Fri, 25 May 2012 09:20:34 -0700
Subject: [PATCH] Only accept literals as before_filter method names

whitelist, not blacklist!

This fixes an issue where things like local variables
were being interpreted as method names.

Example:

before_filter :blah, filter_options

"filter_options" was being treated as if it were a method name,
which was wrong.
---
 lib/brakeman/processors/controller_alias_processor.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/brakeman/processors/controller_alias_processor.rb b/lib/brakeman/processors/controller_alias_processor.rb
index ae00ea1d..c585bf8e 100644
--- a/lib/brakeman/processors/controller_alias_processor.rb
+++ b/lib/brakeman/processors/controller_alias_processor.rb
@@ -254,7 +254,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
     filter[:methods] = [args[0][1]]
 
     args[1..-1].each do |a|
-      filter[:methods] << a[1] unless a.node_type == :hash
+      filter[:methods] << a[1] if a.node_type == :lit
     end
 
     if args[-1].node_type == :hash
-- 
GitLab