check_sql.rb in brakeman-min-3.2.0.pre1

- old
+ new

@@ -62,13 +62,13 @@
     elsif version_between?("3.1.0", "9.9.9")
       ar_scope_calls(:scope) do |name, args|
         second_arg = args[2]
         next unless sexp? second_arg
 
-        if second_arg.node_type == :iter and node_type? second_arg.block, :block, :call
+        if second_arg.node_type == :iter and node_type? second_arg.block, :block, :call, :safe_call
           process_scope_with_block(name, args)
-        elsif second_arg.node_type == :call
+        elsif call? second_arg
           call = second_arg
           scope_calls << scope_call_hash(call, name, call.method)
         else
           call = make_call(nil, :scope, args).line(args.line)
           scope_calls << scope_call_hash(call, name, :scope)
@@ -105,10 +105,10 @@
     # Search lambda for calls to query methods
     if block.node_type == :block
       find_calls = Brakeman::FindAllCalls.new(tracker)
       find_calls.process_source(block, :class => model_name, :method => scope_name)
       find_calls.calls.each { |call| process_result(call) if @sql_targets.include?(call[:method]) }
-    elsif block.node_type == :call
+    elsif call? block
       while call? block
         process_result :target => block.target, :method => block.method, :call => block,
          :location => { :type => :class, :class => model_name, :method => scope_name }
 
         block = block.target