Support "new" `validates` method for models

when looking for bad regexes. Fixes #198

lib/brakeman/checks/check_validation_regex.rb

@@ -13,26 +13,52 @@ class Brakeman::CheckValidationRegex < Brakeman::BaseCheck
   @description = "Report uses of validates_format_of with improper anchors"
 
   WITH = Sexp.new(:lit, :with)
+  FORMAT = Sexp.new(:lit, :format)
 
   def run_check
     active_record_models.each do |name, model|
       @current_model = name
       format_validations = model[:options][:validates_format_of]
+
       if format_validations
         format_validations.each do |v|
-          process_validator v
+          process_validates_format_of v
+        end
+      end
+
+      validates = model[:options][:validates]
+
+      if validates
+        validates.each do |v|
+          process_validates v
         end
       end
     end
   end
 
   #Check validates_format_of
-  def process_validator validator
+  def process_validates_format_of validator
     if value = hash_access(validator.last, WITH)
       check_regex value, validator
     end
   end
 
+  #Check validates ..., :format => ...
+  def process_validates validator
+    hash_arg = validator.last
+    return unless hash? hash_arg
+
+    value = hash_access(hash_arg, FORMAT)
+
+    if hash? value
+      value = hash_access(value, WITH)
+    end
+
+    if value
+      check_regex value, validator
+    end
+  end
+
   #Issue warning if the regular expression does not use
   #+\A+ and +\z+
   def check_regex value, validator