lib/brakeman/checks/check_render_inline.rb in brakeman-lib-3.7.2 vs lib/brakeman/checks/check_render_inline.rb in brakeman-lib-4.0.0
- old
+ new
@@ -1,9 +1,9 @@
class Brakeman::CheckRenderInline < Brakeman::CheckCrossSiteScripting
Brakeman::Checks.add self
- @description = "Checks for cross site scripting in render calls"
+ @description = "Checks for cross-site scripting in render calls"
def run_check
setup
tracker.find_call(:target => nil, :method => :render).each do |result|
@@ -22,21 +22,21 @@
unless call.render_type == :text and content_type_set? call[3]
render_value = call[2]
if input = has_immediate_user_input?(render_value)
warn :result => result,
- :warning_type => "Cross Site Scripting",
+ :warning_type => "Cross-Site Scripting",
:warning_code => :cross_site_scripting_inline,
:message => "Unescaped #{friendly_type_of input} rendered inline",
:user_input => input,
- :confidence => CONFIDENCE[:high]
+ :confidence => :high
elsif input = has_immediate_model?(render_value)
warn :result => result,
- :warning_type => "Cross Site Scripting",
+ :warning_type => "Cross-Site Scripting",
:warning_code => :cross_site_scripting_inline,
:message => "Unescaped model attribute rendered inline",
:user_input => input,
- :confidence => CONFIDENCE[:med]
+ :confidence => :medium
end
end
end
end