lib/brakeman/checks/check_render_inline.rb in brakeman-5.2.3 vs lib/brakeman/checks/check_render_inline.rb in brakeman-5.3.0
- old
+ new
@@ -26,17 +26,19 @@
warn :result => result,
:warning_type => "Cross-Site Scripting",
:warning_code => :cross_site_scripting_inline,
:message => msg("Unescaped ", msg_input(input), " rendered inline"),
:user_input => input,
- :confidence => :high
+ :confidence => :high,
+ :cwe_id => [79]
elsif input = has_immediate_model?(render_value)
warn :result => result,
:warning_type => "Cross-Site Scripting",
:warning_code => :cross_site_scripting_inline,
:message => "Unescaped model attribute rendered inline",
:user_input => input,
- :confidence => :medium
+ :confidence => :medium,
+ :cwe_id => [79]
end
end
end
end