alias_processor.rb in brakeman-lib-5.4.0

- old
+ new

@@ -968,17 +968,33 @@
   def equality_check? exp
     call? exp and
       exp.method == :==
   end
 
+  # Not a list of values
+  #   when :example
   def simple_when? exp
     node_type? exp[1], :array and
-      not node_type? exp[1][1], :splat, :array and
-      (exp[1].length == 2 or
-       exp[1].all? { |e| e.is_a? Symbol or node_type? e, :lit, :str })
+      exp[1].length == 2 and # only one element in the array
+      not node_type? exp[1][1], :splat, :array
   end
 
+  # A list of literal values
+  #
+  #   when 1,2,3
+  #
+  # or
+  #
+  #   when *[:a, :b]
+  def all_literals_when? exp
+    if array? exp[1] # pretty sure this is always true
+      all_literals? exp[1] or # simple list, not actually array
+        (splat_array? exp[1][1] and
+         all_literals? exp[1][1][1])
+    end
+  end
+
   def process_case exp
     if @ignore_ifs.nil?
       @ignore_ifs = @tracker && @tracker.options[:ignore_ifs]
     end
 
@@ -1000,12 +1016,19 @@
     exp.each_sexp do |e|
       if node_type? e, :when
         scope do
           @branch_env = env.current
 
+          # Process the when value for matching
+          process_default e[1]
+
           # set value of case var if possible
-          if case_value and simple_when? e
-            @branch_env[case_value] = e[1][1]
+          if case_value
+            if simple_when? e
+              @branch_env[case_value] = e[1][1]
+            elsif all_literals_when? e
+              @branch_env[case_value] = safe_literal(e.line + 1)
+            end
           end
 
           # when blocks aren't blocks, they are lists of expressions
           process_default e
 