brakeman-lib 5.0.4 → 5.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2bc22b69b0b137fe9f223c2469fe6e3857054b0b98621645b52ed94af7fa4886
-  data.tar.gz: 183f206e691c8251adef49319ca76939a4bf079cf5b14ead1f3f7923754ff9ff
+  metadata.gz: 425078e2c4abfb5dc629bd5b70fcbaa1de59be69093097ad5ca78c3f425f575c
+  data.tar.gz: 1ddaf7c9084213dcc7db6772dc164095800de50897d157345a01c234d09fe778
 SHA512:
-  metadata.gz: b902bcfbc2be499f0a892534bf443d88ce92f5a0b47edd31b7ac01a964e9ec13230f03f5ba8bb246dcdee27a7e6bd72b873d2826ce2f6b2486f64999f45b52e8
-  data.tar.gz: 62f878559fd4aa1f2d96c35742d0c490c0d57c53e07d9a3619675f6519c0fafbaace29e0b616c217ea796132e7810b51b3f06cf1ff60a3a28a34ae9482069f32
+  metadata.gz: 4a0a910c6859f389eeaf21253dc8d33f7f0d199e2289bc3e6145b7d9eecaf7dd0793dad3a2a013ec3a4c64c681cfbbf88647e21566ea3b7269bf485f29ef10ee
+  data.tar.gz: 2d5845a9bd98a86f3af891122d9fe410da8586aa8aa45ccb2e05bcf25b8fdf6b6702d6ac396f866a4b53b9659cceface62a03997c30954d20d2e32b73cffab5c

data/CHANGES.md

@@ -1,3 +1,30 @@
+# 5.1.0 - 2021-07-19
+
+* Initial support for ActiveRecord enums
+* Support `Hash#include?`
+* Interprocedural dataflow from very simple class methods
+* Fix SARIF report when checks have no description (Eli Block)
+* Add ignored warnings to SARIF report (Eli Block)
+* Add `--sql-safe-methods` option (Esty Scheiner)
+* Update SQL injection check for Rails 6.0/6.1
+* Fix false positive in command injection with `Open3.capture` (Richard Fitzgerald)
+* Fix infinite loop on mixin self-includes (Andrew Szczepanski)
+* Ignore dates in SQL
+* Refactor `cookie?`/`param?` methods (Keenan Brock)
+* Ignore renderables in dynamic render path check (Brad Parker)
+* Support `Array#push`
+* Better `Array#join` support
+* Adjust copy of `--interactive` menu (Elia Schito)
+* Support `Array#*`
+* Better method definition tracking and lookup
+* Support `Hash#values` and `Hash#values_at`
+* Check for user-controlled evaluation even if it's a call target
+* Support `Array#fetch` and `Hash#fetch`
+* Ignore `sanitize_sql_like` in SQL
+* Ignore method calls on numbers in SQL
+* Add GitHub Actions format (Klaus Badelt)
+* Read and parse files in parallel
+
 # 5.0.4 - 2021-06-08
 
 (brakeman gem release only)

data/lib/brakeman.rb

@@ -65,6 +65,7 @@ module Brakeman
   #  * :report_routes - show found routes on controllers (default: false)
   #  * :run_checks - array of checks to run (run all if not specified)
   #  * :safe_methods - array of methods to consider safe
+  #  * :sql_safe_methods - array of sql sanitization methods to consider safe
   #  * :skip_libs - do not process lib/ directory (default: false)
   #  * :skip_vendor - do not process vendor/ directory (default: true)
   #  * :skip_checks - checks not to run (run all if not specified)
@@ -198,6 +199,7 @@ module Brakeman
       :relative_path => false,
       :report_progress => true,
       :safe_methods => Set.new,
+      :sql_safe_methods => Set.new,
       :skip_checks => Set.new,
       :skip_vendor => true,
     }
@@ -250,6 +252,8 @@ module Brakeman
       [:to_sarif]
     when :sonar, :to_sonar
       [:to_sonar]
+    when :github, :to_github
+      [:to_github]
     else
       [:to_text]
     end
@@ -283,6 +287,8 @@ module Brakeman
         :to_sarif
       when /\.sonar$/i
         :to_sonar
+      when /\.github$/i
+        :to_github
       else
         :to_text
       end
@@ -521,12 +527,14 @@ module Brakeman
 
   # Returns an array of alert fingerprints for any ignored warnings without
   # notes found in the specified ignore file (if it exists).
-  def self.ignore_file_entries_with_empty_notes file
+  def self.ignore_file_entries_with_empty_notes file, options
     return [] unless file
 
     require 'brakeman/report/ignore/config'
 
-    config = IgnoreConfig.new(file, nil)
+    app_tree = Brakeman::AppTree.from_options(options)
+
+    config = IgnoreConfig.new(Brakeman::FilePath.from_app_tree(app_tree, file), nil)
     config.read_from_file
     config.already_ignored_entries_with_empty_notes.map { |i| i[:fingerprint] }
   end
@@ -537,9 +545,9 @@ module Brakeman
     app_tree = Brakeman::AppTree.from_options(options)
 
     if options[:ignore_file]
-      file = options[:ignore_file]
+      file = Brakeman::FilePath.from_app_tree(app_tree, options[:ignore_file])
     elsif app_tree.exists? "config/brakeman.ignore"
-      file = app_tree.expand_path("config/brakeman.ignore")
+      file = Brakeman::FilePath.from_app_tree(app_tree, "config/brakeman.ignore")
     elsif not options[:interactive_ignore]
       return
     end

data/lib/brakeman/checks/check_detailed_exceptions.rb

@@ -26,7 +26,7 @@ class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck
   def check_detailed_exceptions
     tracker.controllers.each do |_name, controller|
       controller.methods_public.each do |method_name, definition|
-        src = definition[:src]
+        src = definition.src
         body = src.body.last
         next unless body
 

data/lib/brakeman/checks/check_evaluation.rb

@@ -10,7 +10,7 @@ class Brakeman::CheckEvaluation < Brakeman::BaseCheck
   #Process calls
   def run_check
     Brakeman.debug "Finding eval-like calls"
-    calls = tracker.find_call :method => [:eval, :instance_eval, :class_eval, :module_eval]
+    calls = tracker.find_call methods: [:eval, :instance_eval, :class_eval, :module_eval], nested: true
 
     Brakeman.debug "Processing eval-like calls"
     calls.each do |call|

data/lib/brakeman/checks/check_execute.rb

@@ -87,6 +87,16 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
                   dangerous_interp?(first_arg) ||
                   dangerous_string_building?(first_arg)
       end
+    when :capture2, :capture2e, :capture3
+      # Open3 capture methods can take a :stdin_data argument which is used as the
+      # the input to the called command so it is not succeptable to command injection.
+      # As such if the last argument is a hash (and therefore execution options) it
+      # should be ignored
+
+      args.pop if hash?(args.last) && args.length > 2
+      failure = include_user_input?(args) ||
+                dangerous_interp?(args) ||
+                dangerous_string_building?(args)
     else
       failure = include_user_input?(args) ||
                 dangerous_interp?(args) ||

data/lib/brakeman/checks/check_render.rb

@@ -33,6 +33,7 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
     view = result[:call][2]
 
     if sexp? view and original? result
+      return if renderable?(view)
 
       if input = has_immediate_user_input?(view)
         if string_interp? view
@@ -94,4 +95,17 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
       end
     end
   end
-end 
+
+  def renderable? exp
+    return false unless call?(exp) and constant?(exp.target)
+
+    target_class_name = class_name(exp.target)
+    known_renderable_class?(target_class_name) or tracker.find_method(:render_in, target_class_name)
+  end
+
+  def known_renderable_class? class_name
+    klass = tracker.find_class(class_name)
+    return false if klass.nil?
+    klass.ancestor? :"ViewComponent::Base"
+  end
+end

data/lib/brakeman/checks/check_sql.rb

@@ -22,7 +22,19 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
                     :find_by_sql, :maximum, :minimum, :pluck, :sum, :update_all]
     @sql_targets.concat [:from, :group, :having, :joins, :lock, :order, :reorder, :where] if tracker.options[:rails3]
     @sql_targets.concat [:find_by, :find_by!, :find_or_create_by, :find_or_create_by!, :find_or_initialize_by, :not] if tracker.options[:rails4]
-    @sql_targets << :delete_by << :destroy_by if tracker.options[:rails6]
+
+    if tracker.options[:rails6]
+      @sql_targets.concat [:delete_by, :destroy_by, :rewhere, :reselect]
+
+      @sql_targets.delete :delete_all
+      @sql_targets.delete :destroy_all
+    end
+
+    if version_between?("6.1.0", "9.9.9")
+      @sql_targets.delete :order
+      @sql_targets.delete :reorder
+      @sql_targets.delete :pluck
+    end
 
     if version_between?("2.0.0", "3.9.9") or tracker.config.rails_version.nil?
       @sql_targets << :first << :last << :all
@@ -185,7 +197,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
                         else
                           check_find_arguments call.last_arg
                         end
-                      when :where, :having, :find_by, :find_by!, :find_or_create_by, :find_or_create_by!, :find_or_initialize_by,:not, :delete_by, :destroy_by
+                      when :where, :rewhere, :having, :find_by, :find_by!, :find_or_create_by, :find_or_create_by!, :find_or_initialize_by,:not, :delete_by, :destroy_by
                         check_query_arguments call.arglist
                       when :order, :group, :reorder
                         check_order_arguments call.arglist
@@ -199,7 +211,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
                         unsafe_sql? call.first_arg
                       when :sql
                         unsafe_sql? call.first_arg
-                      when :update_all, :select
+                      when :update_all, :select, :reselect
                         check_update_all_arguments call.args
                       when *@connection_calls
                         check_by_sql_arguments call.first_arg
@@ -572,13 +584,17 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
   end
 
   IGNORE_METHODS_IN_SQL = Set[:id, :merge_conditions, :table_name, :quoted_table_name,
-    :quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array,
+    :quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array, :sanitize_sql_like,
     :sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
     :sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
     :to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,
     :where_values_hash, :foreign_key, :uuid
   ]
 
+  def ignore_methods_in_sql
+    @ignore_methods_in_sql ||= IGNORE_METHODS_IN_SQL + (tracker.options[:sql_safe_methods] || [])
+  end
+
   def safe_value? exp
     return true unless sexp? exp
 
@@ -589,10 +605,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
       if exp.method == :to_s or exp.method == :to_sym
         safe_value? exp.target
       else
-        IGNORE_METHODS_IN_SQL.include? exp.method or
-        quote_call? exp or
-        arel? exp or
-        exp.method.to_s.end_with? "_id"
+        ignore_call? exp
       end
     when :if
       safe_value? exp.then_clause and safe_value? exp.else_clause
@@ -607,6 +620,17 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     end
   end
 
+  def ignore_call? exp
+    return unless call? exp
+
+    ignore_methods_in_sql.include? exp.method or
+      quote_call? exp or
+      arel? exp or
+      exp.method.to_s.end_with? "_id" or
+      number_target? exp or
+      date_target? exp
+  end
+
   QUOTE_METHODS = [:quote, :quote_column_name, :quoted_date, :quote_string, :quote_table_name]
 
   def quote_call? exp
@@ -695,4 +719,30 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
       active_record_models.include? klass
     end
   end
+
+  def number_target? exp
+    return unless call? exp
+
+    if number? exp.target
+      true
+    elsif call? exp.target
+      number_target? exp.target
+    else
+      false
+    end
+  end
+
+  DATE_CLASS = s(:const, :Date)
+
+  def date_target? exp
+    return unless call? exp
+
+    if exp.target == DATE_CLASS
+      true
+    elsif call? exp.target
+      date_target? exp.target
+    else
+     false
+    end 
+  end
 end

data/lib/brakeman/checks/check_verb_confusion.rb

@@ -32,7 +32,7 @@ class Brakeman::CheckVerbConfusion < Brakeman::BaseCheck
       return
     end
 
-    process method[:src]
+    process method.src
   end
 
   def process_if exp

data/lib/brakeman/commandline.rb

@@ -126,7 +126,7 @@ module Brakeman
 
         ensure_ignore_notes_failed = false
         if tracker.options[:ensure_ignore_notes]
-          fingerprints = Brakeman::ignore_file_entries_with_empty_notes tracker.ignored_filter&.file
+          fingerprints = Brakeman::ignore_file_entries_with_empty_notes tracker.ignored_filter&.file, options
 
           unless fingerprints.empty?
             ensure_ignore_notes_failed = true

data/lib/brakeman/file_parser.rb

@@ -1,3 +1,5 @@
+require 'parallel'
+
 module Brakeman
   ASTFile = Struct.new(:path, :ast)
 
@@ -5,29 +7,62 @@ module Brakeman
   class FileParser
     attr_reader :file_list, :errors
 
-    def initialize app_tree, timeout
+    def initialize app_tree, timeout, parallel = true
       @app_tree = app_tree
       @timeout = timeout
       @file_list = []
       @errors = []
+      @parallel = parallel
     end
 
     def parse_files list
-      read_files list do |path, contents|
-        if ast = parse_ruby(contents, path.relative)
-          ASTFile.new(path, ast)
+      if @parallel
+        parallel_options = {}
+      else
+        # Disable parallelism
+        parallel_options = { in_threads: 0 }
+      end
+
+      # Parse the files in parallel.
+      # By default, the parsing will be in separate processes.
+      # So we map the result to ASTFiles and/or Exceptions
+      # then partition them into ASTFiles and Exceptions
+      # and add the Exceptions to @errors
+      #
+      # Basically just a funky way to deal with two possible
+      # return types that are returned from isolated processes.
+      #
+      # Note this method no longer uses read_files
+      @file_list, new_errors = Parallel.map(list, parallel_options) do |file_name|
+        file_path = @app_tree.file_path(file_name)
+        contents = file_path.read
+
+        begin
+          if ast = parse_ruby(contents, file_path.relative)
+            ASTFile.new(file_name, ast)
+          end
+        rescue Exception => e
+          e
         end
+      end.compact.partition do |result|
+        result.is_a? ASTFile
       end
+
+      errors.concat new_errors
     end
 
     def read_files list
       list.each do |path|
         file = @app_tree.file_path(path)
 
-        result = yield file, file.read
+        begin
+          result = yield file, file.read
 
-        if result
-          @file_list << result
+          if result
+            @file_list << result
+          end
+        rescue Exception => e
+          @errors << e
         end
       end
     end
@@ -42,17 +77,12 @@ module Brakeman
         Brakeman.debug "Parsing #{path}"
         RubyParser.new.parse input, path, @timeout
       rescue Racc::ParseError => e
-        error e.exception(e.message + "\nCould not parse #{path}")
+        raise e.exception(e.message + "\nCould not parse #{path}")
       rescue Timeout::Error => e
-        error Exception.new("Parsing #{path} took too long (> #{@timeout} seconds). Try increasing the limit with --parser-timeout")
+        raise Exception.new("Parsing #{path} took too long (> #{@timeout} seconds). Try increasing the limit with --parser-timeout")
       rescue => e
-        error e.exception(e.message + "\nWhile processing #{path}")
+        raise e.exception(e.message + "\nWhile processing #{path}")
       end
     end
-
-    def error exception
-      @errors << exception
-      nil
-    end
   end
 end

data/lib/brakeman/options.rb

@@ -39,7 +39,7 @@ module Brakeman::Options
       OptionParser.new do |opts|
         opts.banner = "Usage: brakeman [options] rails/root/path"
 
-        opts.on "-n", "--no-threads", "Run checks sequentially" do
+        opts.on "-n", "--no-threads", "Run checks and file parsing sequentially" do
           options[:parallel_checks] = false
         end
 
@@ -151,6 +151,11 @@ module Brakeman::Options
           options[:safe_methods].merge methods.map {|e| e.to_sym }
         end
 
+        opts.on "--sql-safe-methods meth1,meth2,etc", Array, "Do not warn of SQL if the input is wrapped in a safe method" do |methods|
+          options[:sql_safe_methods] ||= Set.new
+          options[:sql_safe_methods].merge methods.map {|e| e.to_sym }
+        end
+
         opts.on "--url-safe-methods method1,method2,etc", Array, "Do not warn of XSS if the link_to href parameter is wrapped in a safe method" do |methods|
           options[:url_safe_methods] ||= Set.new
           options[:url_safe_methods].merge methods.map {|e| e.to_sym }
@@ -233,7 +238,7 @@ module Brakeman::Options
 
         opts.on "-f",
           "--format TYPE",
-          [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit, :sarif, :sonar],
+          [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit, :sarif, :sonar, :github],
           "Specify output formats. Default is text" do |type|
 
           type = "s" if type == :text

data/lib/brakeman/processors/alias_processor.rb

@@ -208,6 +208,15 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
       return Sexp.new(:false).line(exp.line)
     end
 
+    # For the simplest case of `Foo.thing`
+    if node_type? target, :const and first_arg.nil?
+      if tracker and (klass = tracker.find_class(class_name(target.value)))
+        if return_value = klass.get_simple_method_return_value(:class, method)
+          return return_value.deep_clone(exp.line)
+        end
+      end
+    end
+
     #See if it is possible to simplify some basic cases
     #of addition/concatenation.
     case method
@@ -220,13 +229,28 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
         exp = math_op(:+, target, first_arg, exp)
       end
     when :-, :*, :/
-      exp = math_op(method, target, first_arg, exp)
+      if method == :* and array? target
+        if string? first_arg
+          exp = process_array_join(target, first_arg)
+        end
+      else
+        exp = math_op(method, target, first_arg, exp)
+      end
     when :[]
       if array? target
         exp = process_array_access(target, exp.args, exp)
       elsif hash? target
         exp = process_hash_access(target, first_arg, exp)
       end
+    when :fetch
+      if array? target
+        # Not dealing with default value
+        # so just pass in first argument, but process_array_access expects
+        # an array of arguments.
+        exp = process_array_access(target, [first_arg], exp)
+      elsif hash? target
+        exp = process_hash_access(target, first_arg, exp)
+      end
     when :merge!, :update
       if hash? target and hash? first_arg
          target = process_hash_merge! target, first_arg
@@ -266,6 +290,12 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
         target = find_push_target(target_var)
         env[target] = exp unless target.nil? # Happens in TemplateAliasProcessor
       end
+    when :push
+      if array? target
+        target << first_arg
+        env[target_var] = target
+        return target
+      end
     when :first
       if array? target and first_arg.nil? and sexp? target[1]
         exp = target[1]
@@ -279,7 +309,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
         exp = target
       end
     when :join
-      if array? target and target.length > 2 and (string? first_arg or first_arg.nil?)
+      if array? target and (string? first_arg or first_arg.nil?)
         exp = process_array_join(target, first_arg)
       end
     when :!
@@ -287,6 +317,15 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
       if call? target and target.method == :!
         exp = s(:or, s(:true).line(exp.line), s(:false).line(exp.line)).line(exp.line)
       end
+    when :values
+      # Hash literal
+      if node_type? target, :hash
+        exp = hash_values(target)
+      end
+    when :values_at
+      if node_type? target, :hash
+        exp = hash_values_at target, exp.args
+      end
     end
 
     exp
@@ -294,6 +333,11 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
 
   # Painful conversion of Array#join into string interpolation
   def process_array_join array, join_str
+    # Empty array
+    if array.length == 1
+      return s(:str, '').line(array.line)
+    end
+
     result = s().line(array.line)
 
     join_value = if string? join_str
@@ -302,8 +346,10 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
                    nil
                  end
 
-    array[1..-2].each do |e|
-      result << join_item(e, join_value)
+    if array.length > 2
+      array[1..-2].each do |e|
+        result << join_item(e, join_value)
+      end
     end
 
     result << join_item(array.last, nil)
@@ -332,7 +378,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     result.unshift combined_first
 
     # Have to fix up strings that follow interpolation
-    result.reduce(s(:dstr).line(array.line)) do |memo, e|
+    string = result.reduce(s(:dstr).line(array.line)) do |memo, e|
       if string? e and node_type? memo.last, :evstr
         e.value = "#{join_value}#{e.value}"
       elsif join_value and node_type? memo.last, :evstr and node_type? e, :evstr
@@ -341,6 +387,14 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
 
       memo << e
     end
+
+    # Convert (:dstr, "hello world")
+    # to (:str, "hello world")
+    if string.length == 2 and string.last.is_a? String
+      string[0] = :str
+    end
+
+    string
   end
 
   def join_item item, join_value
@@ -749,6 +803,18 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     exp
   end
 
+  def hash_or_array_include_all_literals? exp
+    return unless call? exp and sexp? exp.target
+    target = exp.target
+
+    case target.node_type
+    when :hash
+      hash_include_all_literals? exp
+    else
+      array_include_all_literals? exp
+    end
+  end
+
   # Check if exp is a call to Array#include? on an array literal
   # that contains all literal values. For example:
   #
@@ -767,6 +833,16 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     (all_literals? exp.target or dir_glob? exp.target)
   end
 
+  # Check if exp is a call to Hash#include? on a hash literal
+  # that contains all literal values. For example:
+  #
+  #    {x: 1}.include? x
+  def hash_include_all_literals? exp
+    call? exp and
+    exp.method == :include? and
+    all_literals? exp.target, :hash
+  end
+
   #Sets @inside_if = true
   def process_if exp
     if @ignore_ifs.nil?
@@ -807,7 +883,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
         scope do
           @branch_env = env.current
           branch_index = 2 + i # s(:if, condition, then_branch, else_branch)
-          if i == 0 and array_include_all_literals? condition
+          if i == 0 and hash_or_array_include_all_literals? condition
             # If the condition is ["a", "b"].include? x
             # set x to "a" inside the true branch
             var = condition.first_arg
@@ -815,7 +891,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
             env.current[var] = safe_literal(var.line)
             exp[branch_index] = process_if_branch branch
             env.current[var] = previous_value
-          elsif i == 1 and array_include_all_literals? condition and early_return? branch
+          elsif i == 1 and hash_or_array_include_all_literals? condition and early_return? branch
             var = condition.first_arg
             env.current[var] = safe_literal(var.line)
             exp[branch_index] = process_if_branch branch
@@ -1013,8 +1089,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
     method_name = call.method
 
     #Look for helper methods and see if we can get a return value
-    if found_method = find_method(method_name, @current_class)
-      helper = found_method[:method]
+    if found_method = tracker.find_method(method_name, @current_class)
+      helper = found_method.src
 
       if sexp? helper
         value = process_helper_method helper, call.args