lib/brakeman/processors/alias_processor.rb in brakeman-5.0.0 vs lib/brakeman/processors/alias_processor.rb in brakeman-5.0.1

@@ -181,10 +181,16 @@
     #In case it is replaced with something else
     unless call? exp
       return exp
     end
 
+    # If x(*[1,2,3]) change to x(1,2,3)
+    # if that's the only argument
+    if splat_array? exp.first_arg and exp.second_arg.nil?
+      exp.arglist = exp.first_arg[1].sexp_body
+    end
+
     target = exp.target
     method = exp.method
     first_arg = exp.first_arg
 
     if method == :send or method == :__send__ or method == :try
@@ -193,15 +199,15 @@
 
     if node_type? target, :or and [:+, :-, :*, :/].include? method
       res = process_or_simple_operation(exp)
       return res if res
     elsif target == ARRAY_CONST and method == :new
-      return Sexp.new(:array, *exp.args)
+      return Sexp.new(:array, *exp.args).line(exp.line)
     elsif target == HASH_CONST and method == :new and first_arg.nil? and !node_type?(@exp_context.last, :iter)
-      return Sexp.new(:hash)
+      return Sexp.new(:hash).line(exp.line)
     elsif exp == RAILS_TEST or exp == RAILS_DEV
-      return Sexp.new(:false)
+      return Sexp.new(:false).line(exp.line)
     end
 
     #See if it is possible to simplify some basic cases
     #of addition/concatenation.
     case method
@@ -235,11 +241,11 @@
       if string? target and string? first_arg
         target.value << first_arg.value
         env[target_var] = target
         return target
       elsif string? target and string_interp? first_arg
-        exp = Sexp.new(:dstr, target.value + first_arg[1]).concat(first_arg.sexp_body(2))
+        exp = Sexp.new(:dstr, target.value + first_arg[1]).concat(first_arg.sexp_body(2)).line(exp.line)
         env[target_var] = exp
       elsif string? first_arg and string_interp? target
         if string? target.last
           target.last.value << first_arg.value
         elsif target.last.is_a? String
@@ -286,11 +292,11 @@
     exp
   end
 
   # Painful conversion of Array#join into string interpolation
   def process_array_join array, join_str
-    result = s()
+    result = s().line(array.line)
 
     join_value = if string? join_str
                    join_str.value
                  else
                    nil
@@ -324,28 +330,28 @@
     end
 
     result.unshift combined_first
 
     # Have to fix up strings that follow interpolation
-    result.reduce(s(:dstr)) do |memo, e|
+    result.reduce(s(:dstr).line(array.line)) do |memo, e|
       if string? e and node_type? memo.last, :evstr
         e.value = "#{join_value}#{e.value}"
       elsif join_value and node_type? memo.last, :evstr and node_type? e, :evstr
-        memo << s(:str, join_value)
+        memo << s(:str, join_value).line(e.line)
       end
 
       memo << e
     end
   end
 
   def join_item item, join_value
     if item.is_a? String
       "#{item}#{join_value}"
     elsif string? item or symbol? item or number? item
-      s(:str, "#{item.value}#{join_value}")
+      s(:str, "#{item.value}#{join_value}").line(item.line)
     else
-      s(:evstr, item)
+      s(:evstr, item).line(item.line)
     end
   end
 
   TEMP_FILE_CLASS = s(:const, :Tempfile)
 
@@ -357,10 +363,15 @@
 
   def temp_file_new line
     s(:call, TEMP_FILE_CLASS, :new).line(line)
   end
 
+  def splat_array? exp
+    node_type? exp, :splat and
+      node_type? exp[1], :array
+  end
+
   def process_iter exp
     @exp_context.push exp
     exp[1] = process exp.block_call
     if array_detect_all_literals? exp[1]
       return safe_literal(exp.line)
@@ -677,10 +688,10 @@
         else
           env[match] = value
         end
       end
     else
-      new_value = process s(:call, s(:call, target_var, :[], index), exp[3], value)
+      new_value = process s(:call, s(:call, target_var, :[], index), exp[3], value).line(exp.line)
 
       env[match] = new_value
     end
 
     exp