lib/brakeman/checks/check_sql.rb in brakeman-min-2.5.0 vs lib/brakeman/checks/check_sql.rb in brakeman-min-2.6.0
- old
+ new
@@ -17,10 +17,11 @@
@rails_version = tracker.config[:rails_version]
@sql_targets = [:all, :average, :calculate, :count, :count_by_sql, :exists?, :delete_all, :destroy_all,
:find, :find_by_sql, :first, :last, :maximum, :minimum, :pluck, :sum, :update_all]
@sql_targets.concat [:from, :group, :having, :joins, :lock, :order, :reorder, :select, :where] if tracker.options[:rails3]
+ @sql_targets << :find_by << :find_by! if version_between? "4.0.0", "9.9.9"
@connection_calls = [:delete, :execute, :insert, :select_all, :select_one,
:select_rows, :select_value, :select_values]
if tracker.options[:rails3]
@@ -170,10 +171,10 @@
if call.length > 5
unsafe_sql?(call.first_arg) or check_find_arguments(call.last_arg)
else
check_find_arguments call.last_arg
end
- when :where, :having
+ when :where, :having, :find_by, :find_by!
check_query_arguments call.arglist
when :order, :group, :reorder
check_order_arguments call.arglist
when :joins
check_joins_arguments call.first_arg