lib/brakeman/checks/check_mass_assignment.rb in brakeman-1.8.3 vs lib/brakeman/checks/check_mass_assignment.rb in brakeman-1.9.0.pre1

- old
+ new

@@ -76,34 +76,48 @@ res end #Want to ignore calls to Model.new that have no arguments def check_call call - args = process_all call.args + process_call_args call + first_arg = call.first_arg - if args.empty? #empty new() + if first_arg.nil? #empty new() false - elsif hash? args.first and not include_user_input? args.first + elsif hash? first_arg and not include_user_input? first_arg false - elsif all_literals? args + elsif all_literal_args? call false else true end end LITERALS = Set[:lit, :true, :false, :nil, :string] - def all_literals? args - args.all? do |arg| - if sexp? arg - if arg.node_type == :hash - all_literals? arg - else - LITERALS.include? arg.node_type - end + def all_literal_args? exp + if call? exp + exp.each_arg do |arg| + return false unless literal? arg + end + + true + else + exp.all? do |arg| + literal? arg + end + end + + end + + def literal? exp + if sexp? exp + if exp.node_type == :hash + all_literal_args? exp else - true + LITERALS.include? exp.node_type end + else + true end end end