Support chained model calls in RedirectCheck

21b00ce2 · Justin Collins · 6f11f825 · 21b00ce2
隐藏空白更改
内联并排

Showing with 8 addition and 1 deletion

lib/brakeman/checks/check_redirect.rb lib/brakeman/checks/check_redirect.rb +8 -1

未找到文件。
--- a/lib/brakeman/checks/check_redirect.rb
+++ b/lib/brakeman/checks/check_redirect.rb
@@ -142,7 +142,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
    if node_type? exp, :or
      model_instance? exp.lhs or model_instance? exp.rhs
    elsif call? exp
-      if model_name? exp.target or friendly_model? exp.target and
+      if model_target? exp and
        (@model_find_calls.include? exp.method or exp.method.to_s.match(/^find_by_/))
        true
      else
@@ -151,6 +151,13 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
    end
  end

+  def model_target? exp
+    return false unless call? exp
+    model_name? exp.target or
+    friendly_model? exp.target or
+    model_target? exp.target
+  end
+
  #Returns true if exp is (probably) a friendly model instance
  #using the FriendlyId gem
  def friendly_model? exp