lib/brakeman/checks/check_model_serialize.rb in brakeman-min-2.5.0 vs lib/brakeman/checks/check_model_serialize.rb in brakeman-min-2.6.0
- old
+ new
@@ -58,9 +58,9 @@
:warning_type => "Remote Code Execution",
:warning_code => :CVE_2013_0277,
:message => "Serialized attributes are vulnerable in Rails #{tracker.config[:rails_version]}, upgrade to #{@upgrade_version} or patch.",
:confidence => confidence,
:link => "https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion",
- :file => model[:file]
+ :file => model[:files].first
end
end
end