lib/contrast/agent/assess/policy/trigger/reflected_xss.rb in contrast-agent-4.2.0 vs lib/contrast/agent/assess/policy/trigger/reflected_xss.rb in contrast-agent-4.3.0

@@ -23,18 +23,17 @@
                   'patch_method' => 'xss_tilt_trigger'
               }.cs__freeze
               TEMPLATE_PROPAGATION_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(NODE_HASH)
 
               def xss_tilt_trigger context, trigger_node, _source, object, ret, *args
-                properties = Contrast::Agent::Assess::Tracker.properties(ret)
-                return unless properties
+                return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
                 scope = args[0]
                 erb_template_prerender = object.instance_variable_get(:@data)
                 interpolated_inputs = []
-                handle_binding_variables(scope, erb_template_prerender, ret, interpolated_inputs)
-                handle_local_variables(args, erb_template_prerender, ret, interpolated_inputs)
+                handle_binding_variables(scope, erb_template_prerender, ret, properties, interpolated_inputs)
+                handle_local_variables(args, erb_template_prerender, ret, properties, interpolated_inputs)
                 properties.build_event(TEMPLATE_PROPAGATION_NODE, ret, erb_template_prerender, ret, interpolated_inputs)
                 unless interpolated_inputs.empty?
                   current_event = properties.event
                   interpolated_inputs.each do |input|
                     input_properties = Contrast::Agent::Assess::Tracker.properties(input)
@@ -51,12 +50,11 @@
                 ret
               end
 
               private
 
-              def handle_binding_variables scope, erb_template_prerender, ret, interpolated_inputs
-                properties = Contrast::Agent::Assess::Tracker.properties(ret)
+              def handle_binding_variables scope, erb_template_prerender, ret, properties, interpolated_inputs
                 binding_variables = scope.instance_variables
 
                 binding_variables.each do |bound_variable_sym|
                   bound_variable_value = scope.instance_variable_get(bound_variable_sym)
 
@@ -69,11 +67,10 @@
                   properties.copy_from(bound_variable_value, ret, start_index)
                   interpolated_inputs << bound_variable_sym
                 end
               end
 
-              def handle_local_variables args, erb_template_prerender, ret, interpolated_inputs
-                properties = Contrast::Agent::Assess::Tracker.properties(ret)
+              def handle_local_variables args, erb_template_prerender, ret, properties, interpolated_inputs
                 locals = args[1]
                 locals.each do |local_name, local_value|
                   next unless Contrast::Agent::Assess::Tracker.tracked?(local_value)
                   next unless erb_template_prerender.include?(local_name.to_s)