lib/brakeman/checks/check_mass_assignment.rb in brakeman-1.8.3 vs lib/brakeman/checks/check_mass_assignment.rb in brakeman-1.9.0.pre1
- old
+ new
@@ -76,34 +76,48 @@
res
end
#Want to ignore calls to Model.new that have no arguments
def check_call call
- args = process_all call.args
+ process_call_args call
+ first_arg = call.first_arg
- if args.empty? #empty new()
+ if first_arg.nil? #empty new()
false
- elsif hash? args.first and not include_user_input? args.first
+ elsif hash? first_arg and not include_user_input? first_arg
false
- elsif all_literals? args
+ elsif all_literal_args? call
false
else
true
end
end
LITERALS = Set[:lit, :true, :false, :nil, :string]
- def all_literals? args
- args.all? do |arg|
- if sexp? arg
- if arg.node_type == :hash
- all_literals? arg
- else
- LITERALS.include? arg.node_type
- end
+ def all_literal_args? exp
+ if call? exp
+ exp.each_arg do |arg|
+ return false unless literal? arg
+ end
+
+ true
+ else
+ exp.all? do |arg|
+ literal? arg
+ end
+ end
+
+ end
+
+ def literal? exp
+ if sexp? exp
+ if exp.node_type == :hash
+ all_literal_args? exp
else
- true
+ LITERALS.include? exp.node_type
end
+ else
+ true
end
end
end