lib/brakeman/checks/check_json_parsing.rb in brakeman-min-5.2.3 vs lib/brakeman/checks/check_json_parsing.rb in brakeman-min-5.3.0
- old
+ new
@@ -31,11 +31,12 @@
warn :warning_type => "Remote Code Execution",
:warning_code => :CVE_2013_0333,
:message => message,
:confidence => :high,
:gem_info => gem_info,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion",
+ :cwe_id => [74] # TODO: is this the best CWE for this?
end
end
#Check if `yajl` is included in Gemfile
def uses_yajl?
@@ -96,10 +97,11 @@
warn :warning_type => warning_type,
:warning_code => :CVE_2013_0269,
:message => message,
:confidence => confidence,
:gem_info => gemfile_or_environment(name),
- :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion"
+ :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion",
+ :cwe_id => [74] # TODO: is this the best CWE for this?
end
def uses_json_parse?
return @uses_json_parse unless @uses_json_parse.nil?