lib/brakeman/checks/check_execute.rb in brakeman-min-4.10.1 vs lib/brakeman/checks/check_execute.rb in brakeman-min-5.0.0.pre1
- old
+ new
@@ -206,10 +206,10 @@
next if shell_escape? e
if node_type? e, :if
# If we're in a conditional, evaluate the `then` and `else` clauses to
# see if they're dangerous.
- if res = dangerous?(e.sexp_body.sexp_body)
+ if res = dangerous?(e.values[1..-1])
return res
end
elsif node_type? e, :or, :evstr, :dstr
if res = dangerous?(e)
return res