lib/brakeman/checks/check_json_parsing.rb in brakeman-min-3.0.5 vs lib/brakeman/checks/check_json_parsing.rb in brakeman-min-3.1.0
- old
+ new
@@ -18,11 +18,11 @@
"2.3.16"
elsif version_between? "3.0.0", "3.0.19"
"3.0.20"
end
- message = "Rails #{tracker.config[:rails_version]} has a serious JSON parsing vulnerability: upgrade to #{new_version} or patch"
+ message = "Rails #{rails_version} has a serious JSON parsing vulnerability: upgrade to #{new_version} or patch"
if uses_yajl?
gem_info = gemfile_or_environment(:yajl)
else
gem_info = gemfile_or_environment
end
@@ -36,11 +36,11 @@
end
end
#Check if `yajl` is included in Gemfile
def uses_yajl?
- tracker.config[:gems][:yajl]
+ tracker.config.has_gem? :yajl
end
#Check for `ActiveSupport::JSON.backend = "JSONGem"`
def uses_gem_backend?
matches = tracker.check_initializers(:'ActiveSupport::JSON', :backend=)
@@ -58,10 +58,10 @@
false
end
def check_cve_2013_0269
[:json, :json_pure].each do |name|
- gem_hash = tracker.config[:gems][name] if tracker.config[:gems]
+ gem_hash = tracker.config.get_gem name
check_json_version name, gem_hash[:version] if gem_hash and gem_hash[:version]
end
end
def check_json_version name, version