lib/brakeman/checks/check_yaml_parsing.rb in brakeman-3.7.2 vs lib/brakeman/checks/check_yaml_parsing.rb in brakeman-4.0.0
- old
+ new
@@ -25,11 +25,11 @@
message = "Rails #{rails_version} has a remote code execution vulnerability: upgrade to #{new_version} or disable XML parsing"
warn :warning_type => "Remote Code Execution",
:warning_code => :CVE_2013_0156,
:message => message,
- :confidence => CONFIDENCE[:high],
+ :confidence => :high,
:gem_info => gemfile_or_environment,
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion"
end
#Warn if app accepts YAML
@@ -37,10 +37,10 @@
message = "Parsing YAML request parameters enables remote code execution: disable YAML parser"
warn :warning_type => "Remote Code Execution",
:warning_code => :CVE_2013_0156,
:message => message,
- :confidence => CONFIDENCE[:high],
+ :confidence => :high,
:gem_info => gemfile_or_environment,
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion"
end
end