lib/brakeman/checks/check_json_parsing.rb in brakeman-min-2.6.3 vs lib/brakeman/checks/check_json_parsing.rb in brakeman-min-3.0.0

@@ -19,16 +19,21 @@
                     elsif version_between? "3.0.0", "3.0.19"
                       "3.0.20"
                     end
 
       message = "Rails #{tracker.config[:rails_version]} has a serious JSON parsing vulnerability: upgrade to #{new_version} or patch"
+      if uses_yajl?
+        gem_info = gemfile_or_environment(:yajl)
+      else
+        gem_info = gemfile_or_environment
+      end
 
       warn :warning_type => "Remote Code Execution",
         :warning_code => :CVE_2013_0333,
         :message => message,
         :confidence => CONFIDENCE[:high],
-        :file => gemfile_or_environment,
+        :gem_info => gem_info,
         :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion"
     end
   end
 
   #Check if `yajl` is included in Gemfile
@@ -53,12 +58,12 @@
     false
   end
 
   def check_cve_2013_0269
     [:json, :json_pure].each do |name|
-      version = tracker.config[:gems] && tracker.config[:gems][name]
-      check_json_version name, version if version
+      gem_hash = tracker.config[:gems][name] if tracker.config[:gems]
+      check_json_version name, gem_hash[:version] if gem_hash and gem_hash[:version]
     end
   end
 
   def check_json_version name, version
     return if version >= "1.7.7" or
@@ -88,10 +93,10 @@
 
     warn :warning_type => warning_type,
       :warning_code => :CVE_2013_0269,
       :message => message,
       :confidence => confidence,
-      :file => gemfile_or_environment,
+      :gem_info => gemfile_or_environment(name),
       :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion"
   end
 
   def uses_json_parse?
     return @uses_json_parse unless @uses_json_parse.nil?