brakeman-lib 4.5.0 → 4.5.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (71) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +15 -0
  3. data/README.md +6 -6
  4. data/lib/brakeman.rb +7 -0
  5. data/lib/brakeman/app_tree.rb +34 -22
  6. data/lib/brakeman/checks.rb +7 -7
  7. data/lib/brakeman/checks/base_check.rb +9 -9
  8. data/lib/brakeman/checks/check_cross_site_scripting.rb +5 -0
  9. data/lib/brakeman/checks/check_default_routes.rb +5 -0
  10. data/lib/brakeman/checks/check_deserialize.rb +52 -0
  11. data/lib/brakeman/checks/check_dynamic_finders.rb +1 -1
  12. data/lib/brakeman/checks/check_force_ssl.rb +27 -0
  13. data/lib/brakeman/checks/check_json_parsing.rb +5 -0
  14. data/lib/brakeman/checks/check_link_to_href.rb +6 -1
  15. data/lib/brakeman/checks/check_mail_to.rb +1 -1
  16. data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
  17. data/lib/brakeman/checks/check_model_attributes.rb +12 -50
  18. data/lib/brakeman/checks/check_model_serialize.rb +1 -1
  19. data/lib/brakeman/checks/check_nested_attributes_bypass.rb +3 -3
  20. data/lib/brakeman/checks/check_secrets.rb +1 -1
  21. data/lib/brakeman/checks/check_session_settings.rb +10 -10
  22. data/lib/brakeman/checks/check_simple_format.rb +5 -0
  23. data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
  24. data/lib/brakeman/checks/check_sql.rb +15 -17
  25. data/lib/brakeman/checks/check_validation_regex.rb +1 -1
  26. data/lib/brakeman/file_parser.rb +6 -8
  27. data/lib/brakeman/file_path.rb +71 -0
  28. data/lib/brakeman/options.rb +7 -0
  29. data/lib/brakeman/parsers/template_parser.rb +3 -3
  30. data/lib/brakeman/processor.rb +3 -4
  31. data/lib/brakeman/processors/alias_processor.rb +12 -6
  32. data/lib/brakeman/processors/base_processor.rb +8 -7
  33. data/lib/brakeman/processors/controller_alias_processor.rb +10 -7
  34. data/lib/brakeman/processors/controller_processor.rb +5 -9
  35. data/lib/brakeman/processors/haml_template_processor.rb +5 -0
  36. data/lib/brakeman/processors/lib/module_helper.rb +8 -8
  37. data/lib/brakeman/processors/lib/processor_helper.rb +3 -3
  38. data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -3
  39. data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -2
  40. data/lib/brakeman/processors/lib/rails3_config_processor.rb +3 -3
  41. data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -2
  42. data/lib/brakeman/processors/lib/render_helper.rb +2 -2
  43. data/lib/brakeman/processors/lib/render_path.rb +18 -1
  44. data/lib/brakeman/processors/library_processor.rb +5 -5
  45. data/lib/brakeman/processors/model_processor.rb +4 -5
  46. data/lib/brakeman/processors/output_processor.rb +5 -0
  47. data/lib/brakeman/processors/template_alias_processor.rb +4 -5
  48. data/lib/brakeman/processors/template_processor.rb +4 -4
  49. data/lib/brakeman/report.rb +3 -3
  50. data/lib/brakeman/report/ignore/config.rb +2 -3
  51. data/lib/brakeman/report/ignore/interactive.rb +2 -2
  52. data/lib/brakeman/report/pager.rb +1 -0
  53. data/lib/brakeman/report/report_base.rb +51 -6
  54. data/lib/brakeman/report/report_codeclimate.rb +3 -3
  55. data/lib/brakeman/report/report_hash.rb +1 -1
  56. data/lib/brakeman/report/report_html.rb +2 -2
  57. data/lib/brakeman/report/report_json.rb +1 -24
  58. data/lib/brakeman/report/report_table.rb +20 -4
  59. data/lib/brakeman/report/report_tabs.rb +1 -1
  60. data/lib/brakeman/report/report_text.rb +2 -2
  61. data/lib/brakeman/rescanner.rb +9 -12
  62. data/lib/brakeman/scanner.rb +19 -14
  63. data/lib/brakeman/tracker.rb +4 -4
  64. data/lib/brakeman/tracker/collection.rb +4 -3
  65. data/lib/brakeman/tracker/config.rb +6 -0
  66. data/lib/brakeman/util.rb +1 -147
  67. data/lib/brakeman/version.rb +1 -1
  68. data/lib/brakeman/warning.rb +23 -13
  69. data/lib/brakeman/warning_codes.rb +1 -0
  70. data/lib/ruby_parser/bm_sexp_processor.rb +1 -0
  71. metadata +20 -10
@@ -13,7 +13,7 @@ module Brakeman
13
13
  end
14
14
 
15
15
  def parse_template path, text
16
- type = path.match(KNOWN_TEMPLATE_EXTENSIONS)[1].to_sym
16
+ type = path.relative.match(KNOWN_TEMPLATE_EXTENSIONS)[1].to_sym
17
17
  type = :erb if type == :rhtml
18
18
  name = template_path_to_name path
19
19
  Brakeman.debug "Parsing #{path}"
@@ -63,7 +63,7 @@ module Brakeman
63
63
  else
64
64
  ERB.new(text, nil, '-').src
65
65
  end
66
- src.sub!(/^#.*\n/, '') if Brakeman::Scanner::RUBY_1_9
66
+ src.sub!(/^#.*\n/, '')
67
67
  src
68
68
  end
69
69
  end
@@ -95,7 +95,7 @@ module Brakeman
95
95
  end
96
96
 
97
97
  def self.parse_inline_erb tracker, text
98
- fp = Brakeman::FileParser.new(tracker, nil)
98
+ fp = Brakeman::FileParser.new(tracker)
99
99
  tp = self.new(tracker, fp)
100
100
  src = tp.parse_erb '_inline_', text
101
101
  type = tp.erubis? ? :erubis : :erb
@@ -13,8 +13,7 @@ module Brakeman
13
13
  include Util
14
14
 
15
15
  def initialize(app_tree, options)
16
- @app_tree = app_tree
17
- @tracker = Tracker.new(@app_tree, self, options)
16
+ @tracker = Tracker.new(app_tree, self, options)
18
17
  end
19
18
 
20
19
  def tracked_events
@@ -39,7 +38,7 @@ module Brakeman
39
38
  #Process controller source. +file_name+ is used for reporting
40
39
  def process_controller src, file_name
41
40
  if contains_class? src
42
- ControllerProcessor.new(@app_tree, @tracker).process_controller src, file_name
41
+ ControllerProcessor.new(@tracker).process_controller src, file_name
43
42
  else
44
43
  LibraryProcessor.new(@tracker).process_library src, file_name
45
44
  end
@@ -48,7 +47,7 @@ module Brakeman
48
47
  #Process variable aliasing in controller source and save it in the
49
48
  #tracker.
50
49
  def process_controller_alias name, src, only_method = nil, file = nil
51
- ControllerAliasProcessor.new(@app_tree, @tracker, only_method).process_controller name, src, file
50
+ ControllerAliasProcessor.new(@tracker, only_method).process_controller name, src, file
52
51
  end
53
52
 
54
53
  #Process a model source
@@ -20,19 +20,18 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
20
20
  #The recommended usage is:
21
21
  #
22
22
  # AliasProcessor.new.process_safely src
23
- def initialize tracker = nil, file_name = nil
23
+ def initialize tracker = nil, current_file = nil
24
24
  super()
25
25
  @env = SexpProcessor::Environment.new
26
26
  @inside_if = false
27
27
  @ignore_ifs = nil
28
28
  @exp_context = []
29
- @current_module = nil
30
29
  @tracker = tracker #set in subclass as necessary
31
30
  @helper_method_cache = {}
32
31
  @helper_method_info = Hash.new({})
33
32
  @or_depth_limit = (tracker && tracker.options[:branch_limit]) || 5 #arbitrary default
34
33
  @meth_env = nil
35
- @file_name = file_name
34
+ @current_file = current_file
36
35
  set_env_defaults
37
36
  end
38
37
 
@@ -44,8 +43,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
44
43
  #
45
44
  #This method returns a new Sexp with variables replaced with their values,
46
45
  #where possible.
47
- def process_safely src, set_env = nil, file_name = nil
48
- @file_name = file_name
46
+ def process_safely src, set_env = nil, current_file = @current_file
47
+ @current_file = current_file
49
48
  @env = set_env || SexpProcessor::Environment.new
50
49
  @result = src.deep_clone
51
50
  process @result
@@ -270,6 +269,11 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
270
269
  if array? target and target.length > 2 and (string? first_arg or first_arg.nil?)
271
270
  exp = process_array_join(target, first_arg)
272
271
  end
272
+ when :!
273
+ # Convert `!!a` to boolean
274
+ if call? target and target.method == :!
275
+ exp = s(:or, s(:true).line(exp.line), s(:false).line(exp.line)).line(exp.line)
276
+ end
273
277
  end
274
278
 
275
279
  exp
@@ -368,6 +372,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
368
372
  elsif e.is_a? Symbol
369
373
  local = Sexp.new(:lvar, e)
370
374
  env.current[local] = local
375
+ elsif e.nil? # trailing comma, argument destructuring
376
+ next # Punt for now
371
377
  else
372
378
  raise "Unexpected value in block args: #{e.inspect}"
373
379
  end
@@ -693,7 +699,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
693
699
  if @tracker
694
700
  @tracker.add_constant exp.lhs,
695
701
  exp.rhs,
696
- :file => current_file_name,
702
+ :file => @current_file,
697
703
  :module => @current_module,
698
704
  :class => @current_class,
699
705
  :method => @current_method
@@ -15,11 +15,12 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
15
15
  super()
16
16
  @last = nil
17
17
  @tracker = tracker
18
- @current_template = @current_module = @current_class = @current_method = @file_name = nil
18
+ @app_tree = tracker.app_tree if tracker
19
+ @current_template = @current_module = @current_class = @current_method = @current_file = nil
19
20
  end
20
21
 
21
- def process_file exp, file_name
22
- @file_name = file_name
22
+ def process_file exp, current_file
23
+ @current_file = current_file
23
24
  process exp
24
25
  end
25
26
 
@@ -182,7 +183,7 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
182
183
  if @tracker
183
184
  @tracker.add_constant exp.lhs,
184
185
  exp.rhs,
185
- :file => current_file_name,
186
+ :file => current_file,
186
187
  :module => @current_module,
187
188
  :class => @current_class,
188
189
  :method => @current_method
@@ -234,8 +235,8 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
234
235
  elsif first_arg.is_a? Symbol or first_arg.is_a? String
235
236
  type = :action
236
237
  value = Sexp.new(:lit, first_arg.to_sym)
237
- elsif first_arg.nil?
238
- type = :default
238
+ elsif first_arg.nil?
239
+ type = :default
239
240
  elsif not hash? first_arg
240
241
  type = :action
241
242
  value = first_arg
@@ -287,7 +288,7 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
287
288
  template_name = "#@current_method/inline@#{value.line}:#{class_or_module}".to_sym
288
289
  type, ast = Brakeman::TemplateParser.parse_inline_erb(@tracker, value.value)
289
290
  ast = ast.deep_clone(value.line)
290
- @tracker.processor.process_template(template_name, ast, type, nil, @file_name)
291
+ @tracker.processor.process_template(template_name, ast, type, nil, @current_file)
291
292
  @tracker.processor.process_template_alias(@tracker.templates[template_name])
292
293
 
293
294
  return s(:lit, template_name), options
@@ -11,22 +11,22 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
11
11
  #If only_method is specified, only that method will be processed,
12
12
  #other methods will be skipped.
13
13
  #This is for rescanning just a single action.
14
- def initialize app_tree, tracker, only_method = nil
14
+ def initialize tracker, only_method = nil
15
15
  super tracker
16
- @app_tree = app_tree
16
+ @app_tree = tracker.app_tree
17
17
  @only_method = only_method
18
18
  @rendered = false
19
19
  @current_class = @current_module = @current_method = nil
20
20
  @method_cache = {} #Cache method lookups
21
21
  end
22
22
 
23
- def process_controller name, src, file_name
23
+ def process_controller name, src, current_file
24
24
  if not node_type? src, :class
25
25
  Brakeman.debug "#{name} is not a class, it's a #{src.node_type}"
26
26
  return
27
27
  else
28
28
  @current_class = name
29
- @file_name = file_name
29
+ @current_file = @app_tree.file_path(current_file)
30
30
 
31
31
  process_default src
32
32
 
@@ -37,6 +37,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
37
37
  #Process modules mixed into the controller, in case they contain actions.
38
38
  def process_mixins
39
39
  controller = @tracker.controllers[@current_class]
40
+ original_file = @current_file
40
41
 
41
42
  controller.includes.each do |i|
42
43
  mixin = @tracker.libs[i]
@@ -49,7 +50,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
49
50
  methods.each do |name|
50
51
  #Need to process the method like it was in a controller in order
51
52
  #to get the renders set
52
- processor = Brakeman::ControllerProcessor.new(@app_tree, @tracker)
53
+ processor = Brakeman::ControllerProcessor.new(@tracker, mixin.file)
53
54
  method = mixin.get_method(name)[:src].deep_clone
54
55
 
55
56
  if node_type? method, :defn
@@ -59,11 +60,13 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
59
60
  method = processor.process method
60
61
  end
61
62
 
62
- @file_name = mixin.file
63
+ @current_file = mixin.file
63
64
  #Then process it like any other method in the controller
64
65
  process method
65
66
  end
66
67
  end
68
+ ensure
69
+ @current_file = original_file
67
70
  end
68
71
 
69
72
  #Skip it, must be an inner class
@@ -187,7 +190,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
187
190
  end
188
191
  end
189
192
 
190
- render_path = Brakeman::RenderPath.new.add_controller_render(@current_class, @current_method, line, relative_path(@file_name))
193
+ render_path = Brakeman::RenderPath.new.add_controller_render(@current_class, @current_method, line, @current_file)
191
194
  super name, args, render_path, line
192
195
  end
193
196
 
@@ -8,20 +8,16 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
8
8
 
9
9
  FORMAT_HTML = Sexp.new(:call, Sexp.new(:lvar, :format), :html)
10
10
 
11
- def initialize app_tree, tracker
11
+ def initialize tracker, current_file = nil
12
12
  super(tracker)
13
- @app_tree = app_tree
14
- @current_class = nil
15
- @current_method = nil
16
- @current_module = nil
17
13
  @visibility = :public
18
- @file_name = nil
14
+ @current_file = current_file
19
15
  @concerns = Set.new
20
16
  end
21
17
 
22
18
  #Use this method to process a Controller
23
- def process_controller src, file_name = nil
24
- @file_name = file_name
19
+ def process_controller src, current_file = @current_file
20
+ @current_file = current_file
25
21
  process src
26
22
  end
27
23
 
@@ -35,7 +31,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
35
31
  #a real controller, so we can't take this shortcut.
36
32
  if @current_class and @current_class.name.to_s.end_with? "Controller"
37
33
  Brakeman.debug "[Notice] Treating inner class as library: #{name}"
38
- Brakeman::LibraryProcessor.new(@tracker).process_library exp, @file_name
34
+ Brakeman::LibraryProcessor.new(@tracker).process_library exp, @current_file
39
35
  return exp
40
36
  end
41
37
 
@@ -7,6 +7,11 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
7
7
  JAVASCRIPT_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Javascript)
8
8
  COFFEE_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Coffee)
9
9
 
10
+ def initialize *args
11
+ super
12
+ @javascript = false
13
+ end
14
+
10
15
  #Processes call, looking for template output
11
16
  def process_call exp
12
17
  target = exp.target
@@ -13,9 +13,9 @@ module Brakeman::ModuleHelper
13
13
 
14
14
  if @tracker.libs[name]
15
15
  @current_module = @tracker.libs[name]
16
- @current_module.add_file @file_name, exp
16
+ @current_module.add_file @current_file, exp
17
17
  else
18
- @current_module = tracker_class.new name, parent, @file_name, exp, @tracker
18
+ @current_module = tracker_class.new name, parent, @current_file, exp, @tracker
19
19
  @tracker.libs[name] = @current_module
20
20
  end
21
21
 
@@ -45,9 +45,9 @@ module Brakeman::ModuleHelper
45
45
 
46
46
  if collection[name]
47
47
  @current_class = collection[name]
48
- @current_class.add_file @file_name, exp
48
+ @current_class.add_file @current_file, exp
49
49
  else
50
- @current_class = tracker_class.new name, parent, @file_name, exp, @tracker
50
+ @current_class = tracker_class.new name, parent, @current_file, exp, @tracker
51
51
  collection[name] = @current_class
52
52
  end
53
53
 
@@ -85,9 +85,9 @@ module Brakeman::ModuleHelper
85
85
  @current_method = nil
86
86
 
87
87
  if @current_class
88
- @current_class.add_method @visibility, name, res, @file_name
88
+ @current_class.add_method @visibility, name, res, @current_file
89
89
  elsif @current_module
90
- @current_module.add_method @visibility, name, res, @file_name
90
+ @current_module.add_method @visibility, name, res, @current_file
91
91
  end
92
92
  res
93
93
  end
@@ -101,9 +101,9 @@ module Brakeman::ModuleHelper
101
101
  @current_method = nil
102
102
 
103
103
  if @current_class
104
- @current_class.add_method @visibility, name, res, @file_name
104
+ @current_class.add_method @visibility, name, res, @current_file
105
105
  elsif @current_module
106
- @current_module.add_method @visibility, name, res, @file_name
106
+ @current_module.add_method @visibility, name, res, @current_file
107
107
  end
108
108
 
109
109
  res
@@ -73,10 +73,10 @@ module Brakeman::ProcessorHelper
73
73
  end
74
74
  end
75
75
 
76
- def current_file_name
76
+ def current_file
77
77
  case
78
- when @file_name
79
- @file_name
78
+ when @current_file
79
+ @current_file
80
80
  when @current_class.is_a?(Brakeman::Collection)
81
81
  @current_class.file
82
82
  when @current_module.is_a?(Brakeman::Collection)
@@ -27,9 +27,9 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BasicProcessor
27
27
  end
28
28
 
29
29
  #Use this method to process configuration file
30
- def process_config src, file_name
31
- @file_name = file_name
32
- res = Brakeman::ConfigAliasProcessor.new.process_safely(src, nil, file_name)
30
+ def process_config src, current_file
31
+ @current_file = current_file
32
+ res = Brakeman::ConfigAliasProcessor.new.process_safely(src, nil, current_file)
33
33
  process res
34
34
  end
35
35
 
@@ -16,7 +16,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BasicProcessor
16
16
  @prefix = [] #Controller name prefix (a module name, usually)
17
17
  @current_controller = nil
18
18
  @with_options = nil #For use inside map.with_options
19
- @file_name = "config/routes.rb"
19
+ @current_file = "config/routes.rb"
20
20
  end
21
21
 
22
22
  #Call this with parsed route file information.
@@ -24,7 +24,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BasicProcessor
24
24
  #This method first calls RouteAliasProcessor#process_safely on the +exp+,
25
25
  #so it does not modify the +exp+.
26
26
  def process_routes exp
27
- process Brakeman::RouteAliasProcessor.new.process_safely(exp, nil, @file_name)
27
+ process Brakeman::RouteAliasProcessor.new.process_safely(exp, nil, @current_file)
28
28
  end
29
29
 
30
30
  #Looking for mapping of routes
@@ -24,9 +24,9 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BasicProcessor
24
24
  end
25
25
 
26
26
  #Use this method to process configuration file
27
- def process_config src, file_name
28
- @file_name = file_name
29
- res = Brakeman::AliasProcessor.new(@tracker).process_safely(src, nil, @file_name)
27
+ def process_config src, current_file
28
+ @current_file = current_file
29
+ res = Brakeman::AliasProcessor.new(@tracker).process_safely(src, nil, @current_file)
30
30
  process res
31
31
  end
32
32
 
@@ -17,11 +17,11 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BasicProcessor
17
17
  @current_controller = nil
18
18
  @with_options = nil #For use inside map.with_options
19
19
  @controller_block = false
20
- @file_name = "config/routes.rb"
20
+ @current_file = "config/routes.rb"
21
21
  end
22
22
 
23
23
  def process_routes exp
24
- process Brakeman::AliasProcessor.new.process_safely(exp, nil, @file_name)
24
+ process Brakeman::AliasProcessor.new.process_safely(exp, nil, @current_file)
25
25
  end
26
26
 
27
27
  def process_call exp
@@ -36,7 +36,7 @@ module Brakeman::RenderHelper
36
36
 
37
37
  #Determines file name for partial and then processes it
38
38
  def process_partial name, args, line
39
- if name == "" or !(string? name or symbol? name)
39
+ if !(string? name or symbol? name) or name.value == ""
40
40
  return
41
41
  end
42
42
 
@@ -148,7 +148,7 @@ module Brakeman::RenderHelper
148
148
  #This information will be stored in tracker.templates, but with a name
149
149
  #specifying this particular route. The original source should remain
150
150
  #pristine (so it can be processed within other environments).
151
- @tracker.processor.process_template name, src, template.type, called_from
151
+ @tracker.processor.process_template name, src, template.type, called_from, template.file
152
152
  end
153
153
  end
154
154
 
@@ -83,7 +83,7 @@ module Brakeman
83
83
  end
84
84
 
85
85
  def map &block
86
- @path.map &block
86
+ @path.map(&block)
87
87
  end
88
88
 
89
89
  def to_a
@@ -114,6 +114,23 @@ module Brakeman
114
114
  JSON.generate(@path)
115
115
  end
116
116
 
117
+ def with_relative_paths
118
+ @path.map do |loc|
119
+ r = loc.dup
120
+
121
+ if r[:file]
122
+ r[:file] = r[:file].relative
123
+ end
124
+
125
+ if r[:rendered] and r[:rendered][:file]
126
+ r[:rendered] = r[:rendered].dup
127
+ r[:rendered][:file] = r[:rendered][:file].relative
128
+ end
129
+
130
+ r
131
+ end
132
+ end
133
+
117
134
  def initialize_copy original
118
135
  @path = original.path.dup
119
136
  self
@@ -9,15 +9,15 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
9
9
 
10
10
  def initialize tracker
11
11
  super
12
- @file_name = nil
12
+ @current_file = nil
13
13
  @alias_processor = Brakeman::AliasProcessor.new tracker
14
14
  @current_module = nil
15
15
  @current_class = nil
16
16
  @initializer_env = nil
17
17
  end
18
18
 
19
- def process_library src, file_name = nil
20
- @file_name = file_name
19
+ def process_library src, current_file = @current_file
20
+ @current_file = current_file
21
21
  process src
22
22
  end
23
23
 
@@ -41,10 +41,10 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
41
41
 
42
42
  if @current_class
43
43
  exp.body = process_all! exp.body
44
- @current_class.add_method :public, exp.method_name, exp, @file_name
44
+ @current_class.add_method :public, exp.method_name, exp, @current_file
45
45
  elsif @current_module
46
46
  exp.body = process_all! exp.body
47
- @current_module.add_method :public, exp.method_name, exp, @file_name
47
+ @current_module.add_method :public, exp.method_name, exp, @current_file
48
48
  end
49
49
 
50
50
  exp