lib/brakeman/checks/check_model_serialize.rb in brakeman-min-3.7.2 vs lib/brakeman/checks/check_model_serialize.rb in brakeman-min-4.0.0
- old
+ new
@@ -15,11 +15,11 @@
nil
end
return unless @upgrade_version
- tracker.models.each do |name, model|
+ tracker.models.each do |_name, model|
check_for_serialize model
end
end
#High confidence warning on serialized, unprotected attributes.
@@ -47,12 +47,12 @@
attrs.delete_if { |attr| safe_attrs.include? attr }
end
if attrs.empty?
- confidence = CONFIDENCE[:med]
+ confidence = :medium
else
- confidence = CONFIDENCE[:high]
+ confidence = :high
end
warn :model => model.name,
:warning_type => "Remote Code Execution",
:warning_code => :CVE_2013_0277,