lib/brakeman/processors/alias_processor.rb in brakeman-3.1.1 vs lib/brakeman/processors/alias_processor.rb in brakeman-3.1.2

@@ -77,10 +77,11 @@
   ARRAY_CONST = s(:const, :Array)
   HASH_CONST = s(:const, :Hash)
 
   #Process a method call.
   def process_call exp
+    return exp if process_call_defn? exp
     target_var = exp.target
     target_var &&= target_var.deep_clone
     exp = process_default exp
 
     #In case it is replaced with something else
@@ -140,10 +141,19 @@
       if number? target and number? first_arg
         exp = Sexp.new(:lit, target.value * first_arg.value)
       end
     when :/
       if number? target and number? first_arg
-        exp = Sexp.new(:lit, target.value / first_arg.value)
+        if first_arg.value == 0 and not target.value.is_a? Float
+          if @tracker
+            location = [@current_class, @current_method, "line #{first_arg.line}"].compact.join(' ')
+            require 'brakeman/processors/output_processor'
+            code = Brakeman::OutputProcessor.new.format(exp)
+            @tracker.error Exception.new("Potential divide by zero: #{code} (#{location})")
+          end
+        else
+          exp = Sexp.new(:lit, target.value / first_arg.value)
+        end
       end
     when :[]
       if array? target
         temp_exp = process_array_access target, exp.args
         exp = temp_exp if temp_exp