lib/brakeman/processors/template_processor.rb in brakeman-min-3.3.0 vs lib/brakeman/processors/template_processor.rb in brakeman-min-3.3.1

@@ -50,6 +50,25 @@
   end
 
   def process_escaped_output exp
     process_output exp
   end
+
+  # Pull out actual output value from template
+  def normalize_output arg
+    if call? arg and [:to_s, :html_safe!, :freeze].include? arg.method
+      arg.target
+    elsif node_type? arg, :if
+      branches = [arg.then_clause, arg.else_clause].compact
+
+      if branches.empty?
+        s(:nil)
+      elsif branches.length == 2
+        Sexp.new(:or, *branches)
+      else
+        branches.first
+      end
+    else
+      arg
+    end
+  end
 end