brakeman-lib 4.5.0 → 4.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +15 -0
  3. data/README.md +6 -6
  4. data/lib/brakeman.rb +7 -0
  5. data/lib/brakeman/app_tree.rb +34 -22
  6. data/lib/brakeman/checks.rb +7 -7
  7. data/lib/brakeman/checks/base_check.rb +9 -9
  8. data/lib/brakeman/checks/check_cross_site_scripting.rb +5 -0
  9. data/lib/brakeman/checks/check_default_routes.rb +5 -0
  10. data/lib/brakeman/checks/check_deserialize.rb +52 -0
  11. data/lib/brakeman/checks/check_dynamic_finders.rb +1 -1
  12. data/lib/brakeman/checks/check_force_ssl.rb +27 -0
  13. data/lib/brakeman/checks/check_json_parsing.rb +5 -0
  14. data/lib/brakeman/checks/check_link_to_href.rb +6 -1
  15. data/lib/brakeman/checks/check_mail_to.rb +1 -1
  16. data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
  17. data/lib/brakeman/checks/check_model_attributes.rb +12 -50
  18. data/lib/brakeman/checks/check_model_serialize.rb +1 -1
  19. data/lib/brakeman/checks/check_nested_attributes_bypass.rb +3 -3
  20. data/lib/brakeman/checks/check_secrets.rb +1 -1
  21. data/lib/brakeman/checks/check_session_settings.rb +10 -10
  22. data/lib/brakeman/checks/check_simple_format.rb +5 -0
  23. data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
  24. data/lib/brakeman/checks/check_sql.rb +15 -17
  25. data/lib/brakeman/checks/check_validation_regex.rb +1 -1
  26. data/lib/brakeman/file_parser.rb +6 -8
  27. data/lib/brakeman/file_path.rb +71 -0
  28. data/lib/brakeman/options.rb +7 -0
  29. data/lib/brakeman/parsers/template_parser.rb +3 -3
  30. data/lib/brakeman/processor.rb +3 -4
  31. data/lib/brakeman/processors/alias_processor.rb +12 -6
  32. data/lib/brakeman/processors/base_processor.rb +8 -7
  33. data/lib/brakeman/processors/controller_alias_processor.rb +10 -7
  34. data/lib/brakeman/processors/controller_processor.rb +5 -9
  35. data/lib/brakeman/processors/haml_template_processor.rb +5 -0
  36. data/lib/brakeman/processors/lib/module_helper.rb +8 -8
  37. data/lib/brakeman/processors/lib/processor_helper.rb +3 -3
  38. data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -3
  39. data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -2
  40. data/lib/brakeman/processors/lib/rails3_config_processor.rb +3 -3
  41. data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -2
  42. data/lib/brakeman/processors/lib/render_helper.rb +2 -2
  43. data/lib/brakeman/processors/lib/render_path.rb +18 -1
  44. data/lib/brakeman/processors/library_processor.rb +5 -5
  45. data/lib/brakeman/processors/model_processor.rb +4 -5
  46. data/lib/brakeman/processors/output_processor.rb +5 -0
  47. data/lib/brakeman/processors/template_alias_processor.rb +4 -5
  48. data/lib/brakeman/processors/template_processor.rb +4 -4
  49. data/lib/brakeman/report.rb +3 -3
  50. data/lib/brakeman/report/ignore/config.rb +2 -3
  51. data/lib/brakeman/report/ignore/interactive.rb +2 -2
  52. data/lib/brakeman/report/pager.rb +1 -0
  53. data/lib/brakeman/report/report_base.rb +51 -6
  54. data/lib/brakeman/report/report_codeclimate.rb +3 -3
  55. data/lib/brakeman/report/report_hash.rb +1 -1
  56. data/lib/brakeman/report/report_html.rb +2 -2
  57. data/lib/brakeman/report/report_json.rb +1 -24
  58. data/lib/brakeman/report/report_table.rb +20 -4
  59. data/lib/brakeman/report/report_tabs.rb +1 -1
  60. data/lib/brakeman/report/report_text.rb +2 -2
  61. data/lib/brakeman/rescanner.rb +9 -12
  62. data/lib/brakeman/scanner.rb +19 -14
  63. data/lib/brakeman/tracker.rb +4 -4
  64. data/lib/brakeman/tracker/collection.rb +4 -3
  65. data/lib/brakeman/tracker/config.rb +6 -0
  66. data/lib/brakeman/util.rb +1 -147
  67. data/lib/brakeman/version.rb +1 -1
  68. data/lib/brakeman/warning.rb +23 -13
  69. data/lib/brakeman/warning_codes.rb +1 -0
  70. data/lib/ruby_parser/bm_sexp_processor.rb +1 -0
  71. metadata +20 -10
@@ -13,7 +13,7 @@ module Brakeman
13
13
  end
14
14
 
15
15
  def parse_template path, text
16
- type = path.match(KNOWN_TEMPLATE_EXTENSIONS)[1].to_sym
16
+ type = path.relative.match(KNOWN_TEMPLATE_EXTENSIONS)[1].to_sym
17
17
  type = :erb if type == :rhtml
18
18
  name = template_path_to_name path
19
19
  Brakeman.debug "Parsing #{path}"
@@ -63,7 +63,7 @@ module Brakeman
63
63
  else
64
64
  ERB.new(text, nil, '-').src
65
65
  end
66
- src.sub!(/^#.*\n/, '') if Brakeman::Scanner::RUBY_1_9
66
+ src.sub!(/^#.*\n/, '')
67
67
  src
68
68
  end
69
69
  end
@@ -95,7 +95,7 @@ module Brakeman
95
95
  end
96
96
 
97
97
  def self.parse_inline_erb tracker, text
98
- fp = Brakeman::FileParser.new(tracker, nil)
98
+ fp = Brakeman::FileParser.new(tracker)
99
99
  tp = self.new(tracker, fp)
100
100
  src = tp.parse_erb '_inline_', text
101
101
  type = tp.erubis? ? :erubis : :erb
@@ -13,8 +13,7 @@ module Brakeman
13
13
  include Util
14
14
 
15
15
  def initialize(app_tree, options)
16
- @app_tree = app_tree
17
- @tracker = Tracker.new(@app_tree, self, options)
16
+ @tracker = Tracker.new(app_tree, self, options)
18
17
  end
19
18
 
20
19
  def tracked_events
@@ -39,7 +38,7 @@ module Brakeman
39
38
  #Process controller source. +file_name+ is used for reporting
40
39
  def process_controller src, file_name
41
40
  if contains_class? src
42
- ControllerProcessor.new(@app_tree, @tracker).process_controller src, file_name
41
+ ControllerProcessor.new(@tracker).process_controller src, file_name
43
42
  else
44
43
  LibraryProcessor.new(@tracker).process_library src, file_name
45
44
  end
@@ -48,7 +47,7 @@ module Brakeman
48
47
  #Process variable aliasing in controller source and save it in the
49
48
  #tracker.
50
49
  def process_controller_alias name, src, only_method = nil, file = nil
51
- ControllerAliasProcessor.new(@app_tree, @tracker, only_method).process_controller name, src, file
50
+ ControllerAliasProcessor.new(@tracker, only_method).process_controller name, src, file
52
51
  end
53
52
 
54
53
  #Process a model source
@@ -20,19 +20,18 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
20
20
  #The recommended usage is:
21
21
  #
22
22
  # AliasProcessor.new.process_safely src
23
- def initialize tracker = nil, file_name = nil
23
+ def initialize tracker = nil, current_file = nil
24
24
  super()
25
25
  @env = SexpProcessor::Environment.new
26
26
  @inside_if = false
27
27
  @ignore_ifs = nil
28
28
  @exp_context = []
29
- @current_module = nil
30
29
  @tracker = tracker #set in subclass as necessary
31
30
  @helper_method_cache = {}
32
31
  @helper_method_info = Hash.new({})
33
32
  @or_depth_limit = (tracker && tracker.options[:branch_limit]) || 5 #arbitrary default
34
33
  @meth_env = nil
35
- @file_name = file_name
34
+ @current_file = current_file
36
35
  set_env_defaults
37
36
  end
38
37
 
@@ -44,8 +43,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
44
43
  #
45
44
  #This method returns a new Sexp with variables replaced with their values,
46
45
  #where possible.
47
- def process_safely src, set_env = nil, file_name = nil
48
- @file_name = file_name
46
+ def process_safely src, set_env = nil, current_file = @current_file
47
+ @current_file = current_file
49
48
  @env = set_env || SexpProcessor::Environment.new
50
49
  @result = src.deep_clone
51
50
  process @result
@@ -270,6 +269,11 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
270
269
  if array? target and target.length > 2 and (string? first_arg or first_arg.nil?)
271
270
  exp = process_array_join(target, first_arg)
272
271
  end
272
+ when :!
273
+ # Convert `!!a` to boolean
274
+ if call? target and target.method == :!
275
+ exp = s(:or, s(:true).line(exp.line), s(:false).line(exp.line)).line(exp.line)
276
+ end
273
277
  end
274
278
 
275
279
  exp
@@ -368,6 +372,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
368
372
  elsif e.is_a? Symbol
369
373
  local = Sexp.new(:lvar, e)
370
374
  env.current[local] = local
375
+ elsif e.nil? # trailing comma, argument destructuring
376
+ next # Punt for now
371
377
  else
372
378
  raise "Unexpected value in block args: #{e.inspect}"
373
379
  end
@@ -693,7 +699,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
693
699
  if @tracker
694
700
  @tracker.add_constant exp.lhs,
695
701
  exp.rhs,
696
- :file => current_file_name,
702
+ :file => @current_file,
697
703
  :module => @current_module,
698
704
  :class => @current_class,
699
705
  :method => @current_method
@@ -15,11 +15,12 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
15
15
  super()
16
16
  @last = nil
17
17
  @tracker = tracker
18
- @current_template = @current_module = @current_class = @current_method = @file_name = nil
18
+ @app_tree = tracker.app_tree if tracker
19
+ @current_template = @current_module = @current_class = @current_method = @current_file = nil
19
20
  end
20
21
 
21
- def process_file exp, file_name
22
- @file_name = file_name
22
+ def process_file exp, current_file
23
+ @current_file = current_file
23
24
  process exp
24
25
  end
25
26
 
@@ -182,7 +183,7 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
182
183
  if @tracker
183
184
  @tracker.add_constant exp.lhs,
184
185
  exp.rhs,
185
- :file => current_file_name,
186
+ :file => current_file,
186
187
  :module => @current_module,
187
188
  :class => @current_class,
188
189
  :method => @current_method
@@ -234,8 +235,8 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
234
235
  elsif first_arg.is_a? Symbol or first_arg.is_a? String
235
236
  type = :action
236
237
  value = Sexp.new(:lit, first_arg.to_sym)
237
- elsif first_arg.nil?
238
- type = :default
238
+ elsif first_arg.nil?
239
+ type = :default
239
240
  elsif not hash? first_arg
240
241
  type = :action
241
242
  value = first_arg
@@ -287,7 +288,7 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
287
288
  template_name = "#@current_method/inline@#{value.line}:#{class_or_module}".to_sym
288
289
  type, ast = Brakeman::TemplateParser.parse_inline_erb(@tracker, value.value)
289
290
  ast = ast.deep_clone(value.line)
290
- @tracker.processor.process_template(template_name, ast, type, nil, @file_name)
291
+ @tracker.processor.process_template(template_name, ast, type, nil, @current_file)
291
292
  @tracker.processor.process_template_alias(@tracker.templates[template_name])
292
293
 
293
294
  return s(:lit, template_name), options
@@ -11,22 +11,22 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
11
11
  #If only_method is specified, only that method will be processed,
12
12
  #other methods will be skipped.
13
13
  #This is for rescanning just a single action.
14
- def initialize app_tree, tracker, only_method = nil
14
+ def initialize tracker, only_method = nil
15
15
  super tracker
16
- @app_tree = app_tree
16
+ @app_tree = tracker.app_tree
17
17
  @only_method = only_method
18
18
  @rendered = false
19
19
  @current_class = @current_module = @current_method = nil
20
20
  @method_cache = {} #Cache method lookups
21
21
  end
22
22
 
23
- def process_controller name, src, file_name
23
+ def process_controller name, src, current_file
24
24
  if not node_type? src, :class
25
25
  Brakeman.debug "#{name} is not a class, it's a #{src.node_type}"
26
26
  return
27
27
  else
28
28
  @current_class = name
29
- @file_name = file_name
29
+ @current_file = @app_tree.file_path(current_file)
30
30
 
31
31
  process_default src
32
32
 
@@ -37,6 +37,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
37
37
  #Process modules mixed into the controller, in case they contain actions.
38
38
  def process_mixins
39
39
  controller = @tracker.controllers[@current_class]
40
+ original_file = @current_file
40
41
 
41
42
  controller.includes.each do |i|
42
43
  mixin = @tracker.libs[i]
@@ -49,7 +50,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
49
50
  methods.each do |name|
50
51
  #Need to process the method like it was in a controller in order
51
52
  #to get the renders set
52
- processor = Brakeman::ControllerProcessor.new(@app_tree, @tracker)
53
+ processor = Brakeman::ControllerProcessor.new(@tracker, mixin.file)
53
54
  method = mixin.get_method(name)[:src].deep_clone
54
55
 
55
56
  if node_type? method, :defn
@@ -59,11 +60,13 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
59
60
  method = processor.process method
60
61
  end
61
62
 
62
- @file_name = mixin.file
63
+ @current_file = mixin.file
63
64
  #Then process it like any other method in the controller
64
65
  process method
65
66
  end
66
67
  end
68
+ ensure
69
+ @current_file = original_file
67
70
  end
68
71
 
69
72
  #Skip it, must be an inner class
@@ -187,7 +190,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
187
190
  end
188
191
  end
189
192
 
190
- render_path = Brakeman::RenderPath.new.add_controller_render(@current_class, @current_method, line, relative_path(@file_name))
193
+ render_path = Brakeman::RenderPath.new.add_controller_render(@current_class, @current_method, line, @current_file)
191
194
  super name, args, render_path, line
192
195
  end
193
196
 
@@ -8,20 +8,16 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
8
8
 
9
9
  FORMAT_HTML = Sexp.new(:call, Sexp.new(:lvar, :format), :html)
10
10
 
11
- def initialize app_tree, tracker
11
+ def initialize tracker, current_file = nil
12
12
  super(tracker)
13
- @app_tree = app_tree
14
- @current_class = nil
15
- @current_method = nil
16
- @current_module = nil
17
13
  @visibility = :public
18
- @file_name = nil
14
+ @current_file = current_file
19
15
  @concerns = Set.new
20
16
  end
21
17
 
22
18
  #Use this method to process a Controller
23
- def process_controller src, file_name = nil
24
- @file_name = file_name
19
+ def process_controller src, current_file = @current_file
20
+ @current_file = current_file
25
21
  process src
26
22
  end
27
23
 
@@ -35,7 +31,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
35
31
  #a real controller, so we can't take this shortcut.
36
32
  if @current_class and @current_class.name.to_s.end_with? "Controller"
37
33
  Brakeman.debug "[Notice] Treating inner class as library: #{name}"
38
- Brakeman::LibraryProcessor.new(@tracker).process_library exp, @file_name
34
+ Brakeman::LibraryProcessor.new(@tracker).process_library exp, @current_file
39
35
  return exp
40
36
  end
41
37
 
@@ -7,6 +7,11 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
7
7
  JAVASCRIPT_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Javascript)
8
8
  COFFEE_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Coffee)
9
9
 
10
+ def initialize *args
11
+ super
12
+ @javascript = false
13
+ end
14
+
10
15
  #Processes call, looking for template output
11
16
  def process_call exp
12
17
  target = exp.target
@@ -13,9 +13,9 @@ module Brakeman::ModuleHelper
13
13
 
14
14
  if @tracker.libs[name]
15
15
  @current_module = @tracker.libs[name]
16
- @current_module.add_file @file_name, exp
16
+ @current_module.add_file @current_file, exp
17
17
  else
18
- @current_module = tracker_class.new name, parent, @file_name, exp, @tracker
18
+ @current_module = tracker_class.new name, parent, @current_file, exp, @tracker
19
19
  @tracker.libs[name] = @current_module
20
20
  end
21
21
 
@@ -45,9 +45,9 @@ module Brakeman::ModuleHelper
45
45
 
46
46
  if collection[name]
47
47
  @current_class = collection[name]
48
- @current_class.add_file @file_name, exp
48
+ @current_class.add_file @current_file, exp
49
49
  else
50
- @current_class = tracker_class.new name, parent, @file_name, exp, @tracker
50
+ @current_class = tracker_class.new name, parent, @current_file, exp, @tracker
51
51
  collection[name] = @current_class
52
52
  end
53
53
 
@@ -85,9 +85,9 @@ module Brakeman::ModuleHelper
85
85
  @current_method = nil
86
86
 
87
87
  if @current_class
88
- @current_class.add_method @visibility, name, res, @file_name
88
+ @current_class.add_method @visibility, name, res, @current_file
89
89
  elsif @current_module
90
- @current_module.add_method @visibility, name, res, @file_name
90
+ @current_module.add_method @visibility, name, res, @current_file
91
91
  end
92
92
  res
93
93
  end
@@ -101,9 +101,9 @@ module Brakeman::ModuleHelper
101
101
  @current_method = nil
102
102
 
103
103
  if @current_class
104
- @current_class.add_method @visibility, name, res, @file_name
104
+ @current_class.add_method @visibility, name, res, @current_file
105
105
  elsif @current_module
106
- @current_module.add_method @visibility, name, res, @file_name
106
+ @current_module.add_method @visibility, name, res, @current_file
107
107
  end
108
108
 
109
109
  res
@@ -73,10 +73,10 @@ module Brakeman::ProcessorHelper
73
73
  end
74
74
  end
75
75
 
76
- def current_file_name
76
+ def current_file
77
77
  case
78
- when @file_name
79
- @file_name
78
+ when @current_file
79
+ @current_file
80
80
  when @current_class.is_a?(Brakeman::Collection)
81
81
  @current_class.file
82
82
  when @current_module.is_a?(Brakeman::Collection)
@@ -27,9 +27,9 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BasicProcessor
27
27
  end
28
28
 
29
29
  #Use this method to process configuration file
30
- def process_config src, file_name
31
- @file_name = file_name
32
- res = Brakeman::ConfigAliasProcessor.new.process_safely(src, nil, file_name)
30
+ def process_config src, current_file
31
+ @current_file = current_file
32
+ res = Brakeman::ConfigAliasProcessor.new.process_safely(src, nil, current_file)
33
33
  process res
34
34
  end
35
35
 
@@ -16,7 +16,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BasicProcessor
16
16
  @prefix = [] #Controller name prefix (a module name, usually)
17
17
  @current_controller = nil
18
18
  @with_options = nil #For use inside map.with_options
19
- @file_name = "config/routes.rb"
19
+ @current_file = "config/routes.rb"
20
20
  end
21
21
 
22
22
  #Call this with parsed route file information.
@@ -24,7 +24,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BasicProcessor
24
24
  #This method first calls RouteAliasProcessor#process_safely on the +exp+,
25
25
  #so it does not modify the +exp+.
26
26
  def process_routes exp
27
- process Brakeman::RouteAliasProcessor.new.process_safely(exp, nil, @file_name)
27
+ process Brakeman::RouteAliasProcessor.new.process_safely(exp, nil, @current_file)
28
28
  end
29
29
 
30
30
  #Looking for mapping of routes
@@ -24,9 +24,9 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BasicProcessor
24
24
  end
25
25
 
26
26
  #Use this method to process configuration file
27
- def process_config src, file_name
28
- @file_name = file_name
29
- res = Brakeman::AliasProcessor.new(@tracker).process_safely(src, nil, @file_name)
27
+ def process_config src, current_file
28
+ @current_file = current_file
29
+ res = Brakeman::AliasProcessor.new(@tracker).process_safely(src, nil, @current_file)
30
30
  process res
31
31
  end
32
32
 
@@ -17,11 +17,11 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BasicProcessor
17
17
  @current_controller = nil
18
18
  @with_options = nil #For use inside map.with_options
19
19
  @controller_block = false
20
- @file_name = "config/routes.rb"
20
+ @current_file = "config/routes.rb"
21
21
  end
22
22
 
23
23
  def process_routes exp
24
- process Brakeman::AliasProcessor.new.process_safely(exp, nil, @file_name)
24
+ process Brakeman::AliasProcessor.new.process_safely(exp, nil, @current_file)
25
25
  end
26
26
 
27
27
  def process_call exp
@@ -36,7 +36,7 @@ module Brakeman::RenderHelper
36
36
 
37
37
  #Determines file name for partial and then processes it
38
38
  def process_partial name, args, line
39
- if name == "" or !(string? name or symbol? name)
39
+ if !(string? name or symbol? name) or name.value == ""
40
40
  return
41
41
  end
42
42
 
@@ -148,7 +148,7 @@ module Brakeman::RenderHelper
148
148
  #This information will be stored in tracker.templates, but with a name
149
149
  #specifying this particular route. The original source should remain
150
150
  #pristine (so it can be processed within other environments).
151
- @tracker.processor.process_template name, src, template.type, called_from
151
+ @tracker.processor.process_template name, src, template.type, called_from, template.file
152
152
  end
153
153
  end
154
154
 
@@ -83,7 +83,7 @@ module Brakeman
83
83
  end
84
84
 
85
85
  def map &block
86
- @path.map &block
86
+ @path.map(&block)
87
87
  end
88
88
 
89
89
  def to_a
@@ -114,6 +114,23 @@ module Brakeman
114
114
  JSON.generate(@path)
115
115
  end
116
116
 
117
+ def with_relative_paths
118
+ @path.map do |loc|
119
+ r = loc.dup
120
+
121
+ if r[:file]
122
+ r[:file] = r[:file].relative
123
+ end
124
+
125
+ if r[:rendered] and r[:rendered][:file]
126
+ r[:rendered] = r[:rendered].dup
127
+ r[:rendered][:file] = r[:rendered][:file].relative
128
+ end
129
+
130
+ r
131
+ end
132
+ end
133
+
117
134
  def initialize_copy original
118
135
  @path = original.path.dup
119
136
  self
@@ -9,15 +9,15 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
9
9
 
10
10
  def initialize tracker
11
11
  super
12
- @file_name = nil
12
+ @current_file = nil
13
13
  @alias_processor = Brakeman::AliasProcessor.new tracker
14
14
  @current_module = nil
15
15
  @current_class = nil
16
16
  @initializer_env = nil
17
17
  end
18
18
 
19
- def process_library src, file_name = nil
20
- @file_name = file_name
19
+ def process_library src, current_file = @current_file
20
+ @current_file = current_file
21
21
  process src
22
22
  end
23
23
 
@@ -41,10 +41,10 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
41
41
 
42
42
  if @current_class
43
43
  exp.body = process_all! exp.body
44
- @current_class.add_method :public, exp.method_name, exp, @file_name
44
+ @current_class.add_method :public, exp.method_name, exp, @current_file
45
45
  elsif @current_module
46
46
  exp.body = process_all! exp.body
47
- @current_module.add_method :public, exp.method_name, exp, @file_name
47
+ @current_module.add_method :public, exp.method_name, exp, @current_file
48
48
  end
49
49
 
50
50
  exp