check_sql.rb in brakeman-min-4.2.0

- old
+ new

@@ -17,11 +17,11 @@
     narrow_targets = [:exists?, :select]
 
     @sql_targets = [:average, :calculate, :count, :count_by_sql, :delete_all, :destroy_all,
                     :find_by_sql, :maximum, :minimum, :pluck, :sum, :update_all]
     @sql_targets.concat [:from, :group, :having, :joins, :lock, :order, :reorder, :where] if tracker.options[:rails3]
-    @sql_targets << :find_by << :find_by! if tracker.options[:rails4]
+    @sql_targets << :find_by << :find_by! << :not if tracker.options[:rails4]
 
     if version_between?("2.0.0", "3.9.9") or tracker.config.rails_version.nil?
       @sql_targets << :first << :last << :all
     end
 
@@ -182,10 +182,10 @@
                         if call.length > 5
                           unsafe_sql?(call.first_arg) or check_find_arguments(call.last_arg)
                         else
                           check_find_arguments call.last_arg
                         end
-                      when :where, :having, :find_by, :find_by!
+                      when :where, :having, :find_by, :find_by!, :not
                         check_query_arguments call.arglist
                       when :order, :group, :reorder
                         check_order_arguments call.arglist
                       when :joins
                         check_joins_arguments call.first_arg