Fix warning code on low confidence XSS warnings

9fec336e · Justin Collins · 870b815c · 9fec336e
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

lib/brakeman/checks/check_cross_site_scripting.rb lib/brakeman/checks/check_cross_site_scripting.rb +4 -1

未找到文件。
--- a/lib/brakeman/checks/check_cross_site_scripting.rb
+++ b/lib/brakeman/checks/check_cross_site_scripting.rb
@@ -173,11 +173,14 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
          add_result exp

          link_path = "cross_site_scripting"
+          warning_code = :cross_site_scripting
+
          if @known_dangerous.include? exp.method
            confidence = CONFIDENCE[:high]
            if exp.method == :to_json
              message += " in JSON hash"
              link_path += "_to_json"
+              warning_code = :xss_to_json
            end
          else
            confidence = CONFIDENCE[:low]
@@ -185,7 +188,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck

          warn :template => @current_template,
            :warning_type => "Cross Site Scripting",
-            :warning_code => :xss_to_json,
+            :warning_code => warning_code,
            :message => message,
            :code => exp,
            :user_input => @matched.match,