lib/brakeman/checks/check_execute.rb in brakeman-min-3.7.2 vs lib/brakeman/checks/check_execute.rb in brakeman-min-4.0.0
- old
+ new
@@ -54,13 +54,13 @@
end
if failure and original? result
if failure.type == :interp #Not from user input
- confidence = CONFIDENCE[:med]
+ confidence = :medium
else
- confidence = CONFIDENCE[:high]
+ confidence = :high
end
warn :result => result,
:warning_type => "Command Injection",
:warning_code => :command_injection,
@@ -77,11 +77,11 @@
warn :result => result,
:warning_type => "Command Injection",
:warning_code => :command_injection,
:message => "Possible command injection in open()",
:user_input => match,
- :confidence => CONFIDENCE[:high]
+ :confidence => :high
end
end
end
def dangerous_open_arg? exp
@@ -109,12 +109,12 @@
return unless original? result
exp = result[:call]
if input = include_user_input?(exp)
- confidence = CONFIDENCE[:high]
+ confidence = :high
elsif input = dangerous?(exp)
- confidence = CONFIDENCE[:med]
+ confidence = :medium
else
return
end
warn :result => result,