lib/brakeman/processors/alias_processor.rb in brakeman-6.1.1 vs lib/brakeman/processors/alias_processor.rb in brakeman-6.1.2

@@ -30,10 +30,11 @@
     @helper_method_cache = {}
     @helper_method_info = Hash.new({})
     @or_depth_limit = (tracker && tracker.options[:branch_limit]) || 5 #arbitrary default
     @meth_env = nil
     @current_file = current_file
+    @mass_limit = (tracker && tracker.options[:mass_limit]) || 1000 # arbitrary default
     set_env_defaults
   end
 
   #This method processes the given Sexp, but copies it first so
   #the original argument will not be modified.
@@ -80,11 +81,15 @@
   end
 
   def replace exp, int = 0
     return exp if int > 3
 
-    if replacement = env[exp] and not duplicate? replacement
-      replace(replacement.deep_clone(exp.line), int + 1)
+    if replacement = env[exp]
+      if not duplicate? replacement and replacement.mass < @mass_limit
+        replace(replacement.deep_clone(exp.line), int + 1)
+      else
+        exp
+      end
     elsif tracker and replacement = tracker.constant_lookup(exp) and not duplicate? replacement
       replace(replacement.deep_clone(exp.line), int + 1)
     else
       exp
     end