lib/brakeman/checks/check_sql.rb in brakeman-min-3.1.1 vs lib/brakeman/checks/check_sql.rb in brakeman-min-3.1.2

@@ -195,11 +195,11 @@
       add_result result
 
       input = include_user_input? dangerous_value
       if input
         confidence = CONFIDENCE[:high]
-        user_input = input.match
+        user_input = input
       else
         confidence = CONFIDENCE[:med]
         user_input = dangerous_value
       end
 
@@ -340,10 +340,10 @@
   #(Seems unlikely, but if a user can control the column names queried, that
   #could be bad)
   def check_hash_keys exp
     hash_iterate(exp) do |key, value|
       unless symbol?(key)
-        unsafe_key = unsafe_sql? value
+        unsafe_key = unsafe_sql? key
         return unsafe_key if unsafe_key
       end
     end
 
     false