lib/brakeman/checks/check_execute.rb in brakeman-min-3.2.1 vs lib/brakeman/checks/check_execute.rb in brakeman-min-3.3.0
- old
+ new
@@ -41,9 +41,13 @@
call = result[:call]
args = call.arglist
first_arg = call.first_arg
case call.method
+ when :popen
+ unless array? first_arg
+ failure = include_user_input?(args) || dangerous_interp?(args)
+ end
when :system, :exec
failure = include_user_input?(first_arg) || dangerous_interp?(first_arg)
else
failure = include_user_input?(args) || dangerous_interp?(args)
end