diff --git a/lib/brakeman/checks/check_cross_site_scripting.rb b/lib/brakeman/checks/check_cross_site_scripting.rb index 94d208297202677c4fc31be18856490a1a03c6a7..5654fa4b6be6ff89b09c6b126ab474b6d9ff0d0d 100644 --- a/lib/brakeman/checks/check_cross_site_scripting.rb +++ b/lib/brakeman/checks/check_cross_site_scripting.rb @@ -115,7 +115,11 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck :confidence => CONFIDENCE[:high] elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(out) - method = match[2] + method = if call? match + match.method + else + nil + end unless IGNORE_MODEL_METHODS.include? method add_result out diff --git a/lib/brakeman/checks/check_redirect.rb b/lib/brakeman/checks/check_redirect.rb index 8ebb5a59935bf82d6bbc5e4e1020642133728e60..9b7d99dc0d25d6b87273f5c3f3baf1f0c64c4b1e 100644 --- a/lib/brakeman/checks/check_redirect.rb +++ b/lib/brakeman/checks/check_redirect.rb @@ -73,12 +73,12 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck elsif call? arg if request_value? arg return Match.new(immediate, arg) - elsif request_value? arg[1] - return Match.new(immediate, arg[1]) - elsif arg[2] == :url_for and include_user_input? arg + elsif request_value? arg.target + return Match.new(immediate, arg.target) + elsif arg.method == :url_for and include_user_input? arg return Match.new(immediate, arg) #Ignore helpers like some_model_url? - elsif arg[2].to_s =~ /_(url|path)\z/ + elsif arg.method.to_s =~ /_(url|path)\z/ return false end elsif request_value? arg diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb index c0aee5842a32bb5b7f4d25fb01116c3e249a34b0..812142a929d60bb0bc232a18e5dd640953398132 100644 --- a/lib/brakeman/checks/check_sql.rb +++ b/lib/brakeman/checks/check_sql.rb @@ -261,23 +261,25 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck def check_scope_arguments args return unless node_type? args, :arglist + scope_arg = args[2] #first arg is name of scope - if node_type? args[2], :iter - unsafe_sql? args[2].block + if node_type? scope_arg, :iter + unsafe_sql? scope_arg.block else - unsafe_sql? args[2] + unsafe_sql? scope_arg end end def check_query_arguments arg return unless sexp? arg + first_arg = arg[1] if node_type? arg, :arglist - if arg.length > 2 and node_type? arg[1], :string_interp, :dstr + if arg.length > 2 and node_type? first_arg, :string_interp, :dstr # Model.where("blah = ?", blah) - return check_string_interp arg[1] + return check_string_interp first_arg else - arg = arg[1] + arg = first_arg end end @@ -319,7 +321,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck def check_by_sql_arguments arg return unless sexp? arg - #This is kind of necessary, because unsafe_sql? will handle an array + #This is kind of unnecessary, because unsafe_sql? will handle an array #correctly, but might be better to be explicit. if array? arg unsafe_sql? arg[1] diff --git a/lib/brakeman/processors/alias_processor.rb b/lib/brakeman/processors/alias_processor.rb index 72a806f548e8395e0925f82b67b37875b29e6cce..d25b0eb62c44ea7c340b757781efe4c9748abbe6 100644 --- a/lib/brakeman/processors/alias_processor.rb +++ b/lib/brakeman/processors/alias_processor.rb @@ -477,8 +477,9 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor #Join two string literals into one. def join_strings string1, string2 result = Sexp.new(:str) - result[1] = string1[1] + string2[1] - if result[1].length > 50 + result.value = string1.value + string2.value + + if result.value.length > 50 string1 else result