lib/brakeman/checks/check_model_serialize.rb in brakeman-min-3.0.5 vs lib/brakeman/checks/check_model_serialize.rb in brakeman-min-3.1.0

@@ -23,22 +23,22 @@
   end
 
   #High confidence warning on serialized, unprotected attributes.
   #Medium confidence warning for serialized, protected attributes.
   def check_for_serialize model
-    if serialized_attrs = model[:options] && model[:options][:serialize]
+    if serialized_attrs = model.options[:serialize]
       attrs = Set.new
 
       serialized_attrs.each do |arglist|
         arglist.each do |arg|
           attrs << arg if symbol? arg
         end
       end
 
-      if unsafe_attrs = model[:attr_accessible]
+      if unsafe_attrs = model.attr_accessible
         attrs.delete_if { |attr| not unsafe_attrs.include? attr.value }
-      elsif protected_attrs = model[:options][:attr_protected]
+      elsif protected_attrs = model.attr_protected
         safe_attrs = Set.new
 
         protected_attrs.each do |arglist|
           arglist.each do |arg|
             safe_attrs << arg if symbol? arg
@@ -52,15 +52,15 @@
         confidence = CONFIDENCE[:med]
       else
         confidence = CONFIDENCE[:high]
       end
 
-      warn :model => model[:name],
+      warn :model => model.name,
         :warning_type => "Remote Code Execution",
         :warning_code => :CVE_2013_0277,
-        :message => "Serialized attributes are vulnerable in Rails #{tracker.config[:rails_version]}, upgrade to #{@upgrade_version} or patch.",
+        :message => "Serialized attributes are vulnerable in Rails #{rails_version}, upgrade to #{@upgrade_version} or patch.",
         :confidence => confidence,
         :link => "https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion",
-        :file => model[:files].first
+        :file => model.file
     end
   end
 end