Checks if user supplied data is passed to send
# File lib/brakeman/checks/check_send.rb, line 18 def process_result result process_call_args result[:call] target = process result[:call].target if input = has_immediate_user_input?(result[:call].first_arg) warn :result => result, :warning_type => "Dangerous Send", :message => "User controlled method execution", :code => result[:call], :user_input => input.match, :confidence => CONFIDENCE[:high] end if input = has_immediate_user_input?(target) warn :result => result, :warning_type => "Dangerous Send", :message => "User defined target of method invocation", :code => result[:call], :user_input => input.match, :confidence => CONFIDENCE[:med] end end
Generated with the Darkfish Rdoc Generator 2.