lib/brakeman/checks/check_sql.rb in brakeman-min-3.7.2 vs lib/brakeman/checks/check_sql.rb in brakeman-min-4.0.0
- old
+ new
@@ -205,23 +205,23 @@
if dangerous_value
add_result result
input = include_user_input? dangerous_value
if input
- confidence = CONFIDENCE[:high]
+ confidence = :high
user_input = input
else
- confidence = CONFIDENCE[:med]
+ confidence = :medium
user_input = dangerous_value
end
if result[:call].target and result[:chain] and not @expected_targets.include? result[:chain].first
confidence = case confidence
- when CONFIDENCE[:high]
- CONFIDENCE[:med]
- when CONFIDENCE[:med]
- CONFIDENCE[:low]
+ when :high
+ :medium
+ when :medium
+ :weak
else
confidence
end
end
@@ -233,13 +233,13 @@
:confidence => confidence
end
if check_for_limit_or_offset_vulnerability call.last_arg
if include_user_input? call.last_arg
- confidence = CONFIDENCE[:high]
+ confidence = :high
else
- confidence = CONFIDENCE[:low]
+ confidence = :weak
end
warn :result => result,
:warning_type => "SQL Injection",
:warning_code => :sql_injection_limit_offset,
@@ -362,10 +362,10 @@
#Check hash keys for user input.
#(Seems unlikely, but if a user can control the column names queried, that
#could be bad)
def check_hash_keys exp
- hash_iterate(exp) do |key, value|
+ hash_iterate(exp) do |key, _value|
unless symbol?(key)
unsafe_key = unsafe_sql? key
return unsafe_key if unsafe_key
end
end