Return Struct for BaseCheck#has_user_input?

cbe43fe6 · Justin Collins · Justin Collins · 7da75463 · cbe43fe6 · cbe43fe6
3 changed file
--- a/lib/brakeman/checks/base_check.rb
+++ b/lib/brakeman/checks/base_check.rb
@@ -12,6 +12,8 @@ class Brakeman::BaseCheck < SexpProcessor

  CONFIDENCE = { :high => 0, :med => 1, :low => 2 }

+  Match = Struct.new(:type, :match)
+
  #Initialize Check with Checks.
  def initialize tracker
    super()
@@ -66,13 +68,13 @@ class Brakeman::BaseCheck < SexpProcessor
    process exp[3]

    if params? exp[1]
-      @has_user_input = :params
+      @has_user_input = Match.new(:params, exp)
    elsif cookies? exp[1]
-      @has_user_input = :cookies
+      @has_user_input = Match.new(:cookies, exp)
    elsif request_env? exp[1]
-      @has_user_input = :request
+      @has_user_input = Match.new(:request, exp)
    elsif sexp? exp[1] and model_name? exp[1][1]
-      @has_user_input = :model
+      @has_user_input = Match.new(:model, exp)
    end

    exp
@@ -92,13 +94,13 @@ class Brakeman::BaseCheck < SexpProcessor

  #Note that params are included in current expression
  def process_params exp
-    @has_user_input = :params
+    @has_user_input = Match.new(:params, exp)
    exp
  end

  #Note that cookies are included in current expression
  def process_cookies exp
-    @has_user_input = :cookies
+    @has_user_input = Match.new(:cookies, exp)
    exp
  end


--- a/lib/brakeman/checks/check_file_access.rb
+++ b/lib/brakeman/checks/check_file_access.rb
@@ -28,13 +28,14 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck

    file_name = call[3][1]

-    if check = include_user_input?(file_name)
+    if input = include_user_input?(file_name)
      unless duplicate? result
        add_result result

-        if check == :params
+        case input.type
+        when :params
          message = "Parameter"
-        elsif check == :cookies
+        when :cookies
          message = "Cookie"
        else
          message = "User input"

--- a/lib/brakeman/checks/check_render.rb
+++ b/lib/brakeman/checks/check_render.rb
@@ -36,7 +36,10 @@ class Brakeman::CheckRender < Brakeman::BaseCheck

      if type
        confidence = CONFIDENCE[:high]
-      elsif type = include_user_input?(view)
+      elsif input = include_user_input?(view)
+        type = input.type
+        match = input.match
+
        if node_type? view, :string_interp, :dstr
          confidence = CONFIDENCE[:med]
        else