lib/brakeman/checks/check_simple_format.rb in brakeman-lib-5.2.3 vs lib/brakeman/checks/check_simple_format.rb in brakeman-lib-5.3.0
- old
+ new
@@ -26,11 +26,12 @@
warn :warning_type => "Cross-Site Scripting",
:warning_code => :CVE_2013_6416,
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
+ :cwe_id => [79]
end
def check_simple_format_usage
tracker.find_call(:target => false, :method => :simple_format).each do |result|
@matched = false
@@ -56,8 +57,9 @@
:warning_type => "Cross-Site Scripting",
:warning_code => :CVE_2013_6416_call,
:message => msg("Values passed to ", msg_code("simple_format"), " are not safe in ", msg_version(rails_version)),
:confidence => :high,
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
- :user_input => match
+ :user_input => match,
+ :cwe_id => [79]
end
end