check_json_parsing.rb in brakeman-min-4.4.0

- old
+ new

@@ -18,16 +18,12 @@
                       "2.3.16"
                     elsif version_between? "3.0.0", "3.0.19"
                       "3.0.20"
                     end
 
-      message = "Rails #{rails_version} has a serious JSON parsing vulnerability: upgrade to #{new_version} or patch"
-      if uses_yajl?
-        gem_info = gemfile_or_environment(:yajl)
-      else
-        gem_info = gemfile_or_environment
-      end
+      message = msg(msg_version(rails_version), " has a serious JSON parsing vulnerability. Upgrade to ", msg_version(new_version), " or patch")
+      gem_info = gemfile_or_environment
 
       warn :warning_type => "Remote Code Execution",
         :warning_code => :CVE_2013_0333,
         :message => message,
         :confidence => :high,
@@ -70,22 +66,23 @@
               (version >= "1.6.8" and version < "1.7.0") or
               (version >= "1.5.5" and version < "1.6.0")
 
     warning_type = "Denial of Service"
     confidence = :medium
-    message = "#{name} gem version #{version} has a symbol creation vulnerablity: upgrade to "
+    gem_name = "#{name} gem"
+    message = msg(msg_version(version, gem_name), " has a symbol creation vulnerablity. Upgrade to ")
 
     if version >= "1.7.0"
       confidence = :high
       warning_type = "Remote Code Execution"
-      message = "#{name} gem version #{version} has a remote code vulnerablity: upgrade to 1.7.7"
+      message = msg(msg_version(version, "json gem"), " has a remote code execution vulnerability. Upgrade to ", msg_version("1.7.7", "json gem"))
     elsif version >= "1.6.0"
-      message << "1.6.8"
+      message << msg_version("1.6.8", gem_name)
     elsif version >= "1.5.0"
-      message << "1.5.5"
+      message << msg_version("1.5.5", gem_name)
     else
       confidence = :weak
-      message << "1.5.5"
+      message << msg_version("1.5.5", gem_name)
     end
 
     if confidence == :medium and uses_json_parse?
       confidence = :high
     end