From cbe43fe6266517ad1526c8cf922430df8a2203e7 Mon Sep 17 00:00:00 2001
From: Justin Collins <collins@twitter.com>
Date: Wed, 18 Apr 2012 08:43:44 -0700
Subject: [PATCH] Return Struct for BaseCheck#has_user_input?

---
 lib/brakeman/checks/base_check.rb        | 14 ++++++++------
 lib/brakeman/checks/check_file_access.rb |  7 ++++---
 lib/brakeman/checks/check_render.rb      |  5 ++++-
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/lib/brakeman/checks/base_check.rb b/lib/brakeman/checks/base_check.rb
index 5470e2fe..6fe68803 100644
--- a/lib/brakeman/checks/base_check.rb
+++ b/lib/brakeman/checks/base_check.rb
@@ -12,6 +12,8 @@ class Brakeman::BaseCheck < SexpProcessor
 
   CONFIDENCE = { :high => 0, :med => 1, :low => 2 }
 
+  Match = Struct.new(:type, :match)
+
   #Initialize Check with Checks.
   def initialize tracker
     super()
@@ -66,13 +68,13 @@ class Brakeman::BaseCheck < SexpProcessor
     process exp[3]
 
     if params? exp[1]
-      @has_user_input = :params
+      @has_user_input = Match.new(:params, exp)
     elsif cookies? exp[1]
-      @has_user_input = :cookies
+      @has_user_input = Match.new(:cookies, exp)
     elsif request_env? exp[1]
-      @has_user_input = :request
+      @has_user_input = Match.new(:request, exp)
     elsif sexp? exp[1] and model_name? exp[1][1]
-      @has_user_input = :model
+      @has_user_input = Match.new(:model, exp)
     end
 
     exp
@@ -92,13 +94,13 @@ class Brakeman::BaseCheck < SexpProcessor
 
   #Note that params are included in current expression
   def process_params exp
-    @has_user_input = :params
+    @has_user_input = Match.new(:params, exp)
     exp
   end
 
   #Note that cookies are included in current expression
   def process_cookies exp
-    @has_user_input = :cookies
+    @has_user_input = Match.new(:cookies, exp)
     exp
   end
 
diff --git a/lib/brakeman/checks/check_file_access.rb b/lib/brakeman/checks/check_file_access.rb
index 2f97fb27..6ac2e54c 100644
--- a/lib/brakeman/checks/check_file_access.rb
+++ b/lib/brakeman/checks/check_file_access.rb
@@ -28,13 +28,14 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
 
     file_name = call[3][1]
 
-    if check = include_user_input?(file_name)
+    if input = include_user_input?(file_name)
       unless duplicate? result
         add_result result
 
-        if check == :params
+        case input.type
+        when :params
           message = "Parameter"
-        elsif check == :cookies
+        when :cookies
           message = "Cookie"
         else
           message = "User input"
diff --git a/lib/brakeman/checks/check_render.rb b/lib/brakeman/checks/check_render.rb
index dc29689f..7cb9c6b9 100644
--- a/lib/brakeman/checks/check_render.rb
+++ b/lib/brakeman/checks/check_render.rb
@@ -36,7 +36,10 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
 
       if type
         confidence = CONFIDENCE[:high]
-      elsif type = include_user_input?(view)
+      elsif input = include_user_input?(view)
+        type = input.type
+        match = input.match
+
         if node_type? view, :string_interp, :dstr
           confidence = CONFIDENCE[:med]
         else
-- 
GitLab