brakeman-min 4.3.1 → 4.4.0

data/lib/brakeman/checks/check_detailed_exceptions.rb

@@ -39,7 +39,7 @@ class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck
 
           warn :warning_type => "Information Disclosure",
                :warning_code => :detailed_exceptions,
-               :message => "Detailed exceptions may be enabled in 'show_detailed_exceptions?'",
+               :message => msg("Detailed exceptions may be enabled in ", msg_code("show_detailed_exceptions?")),
                :confidence => confidence,
                :code => src,
                :file => definition[:file]

data/lib/brakeman/checks/check_digest_dos.rb

@@ -6,14 +6,14 @@ class Brakeman::CheckDigestDoS < Brakeman::BaseCheck
   @description = "Checks for digest authentication DoS vulnerability"
 
   def run_check
-    message = "Vulnerability in digest authentication (CVE-2012-3424). Upgrade to Rails version "
+    message = msg("Vulnerability in digest authentication ", msg_cve("CVE-2012-3424"), ". Upgrade to ")
 
     if version_between? "3.0.0", "3.0.15"
-      message << "3.0.16"
+      message << msg_version("3.0.16")
     elsif version_between? "3.1.0", "3.1.6"
-      message << "3.1.7"
+      message << msg_version("3.1.7")
     elsif version_between? "3.2.0", "3.2.5"
-      message << "3.2.7"
+      message << msg_version("3.2.7")
     else
       return
     end

data/lib/brakeman/checks/check_escape_function.rb

@@ -12,7 +12,7 @@ class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck
 
       warn :warning_type => 'Cross-Site Scripting',
         :warning_code => :CVE_2011_2932,
-        :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2932',
+        :message => msg("Rails versions before 2.3.14 have a vulnerability in the ", msg_code("escape"), " method when used with Ruby 1.8 ", msg_cve("CVE-2011-2932")),
         :confidence => :high,
         :gem_info => gemfile_or_environment,
         :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion"

data/lib/brakeman/checks/check_execute.rb

@@ -18,7 +18,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
                   s(:call, s(:const, :Rails), :env),
                   s(:call, s(:const, :Process), :pid)]
 
-  SHELL_ESCAPES = [:escape, :shellescape, :join]
+  SHELL_ESCAPE_MODULE_METHODS = Set[:escape, :join, :shellescape, :shelljoin]
+  SHELL_ESCAPE_MIXIN_METHODS = Set[:shellescape, :shelljoin]
 
   SHELLWORDS = s(:const, :Shellwords)
 
@@ -82,7 +83,7 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
         warn :result => result,
           :warning_type => "Command Injection",
           :warning_code => :command_injection,
-          :message => "Possible command injection in open()",
+          :message => msg("Possible command injection in ", msg_code("open")),
           :user_input => match,
           :confidence => :high
       end
@@ -178,9 +179,9 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
   def shell_escape? exp
     return false unless call? exp
 
-    if exp.target == SHELLWORDS and SHELL_ESCAPES.include? exp.method
+    if exp.target == SHELLWORDS and SHELL_ESCAPE_MODULE_METHODS.include? exp.method
       true
-    elsif exp.method == :shelljoin
+    elsif SHELL_ESCAPE_MIXIN_METHODS.include?(exp.method)
       true
     else
       false

data/lib/brakeman/checks/check_file_access.rb

@@ -29,8 +29,11 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
   def process_result result
     return unless original? result
     call = result[:call]
+
     file_name = call.first_arg
 
+    return if called_on_tempfile?(file_name)
+
     if match = has_immediate_user_input?(file_name)
       confidence = :high
     elsif match = has_immediate_model?(file_name)
@@ -47,9 +50,9 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
       end
     end
 
-    if match and not temp_file? match.match
+    if match and not temp_file_method? match.match
 
-      message = "#{friendly_type_of(match).capitalize} used in file name"
+      message = msg(msg_input(match), " used in file name")
 
       warn :result => result,
         :warning_type => "File Access",
@@ -61,7 +64,14 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
     end
   end
 
-  def temp_file? exp
+  # When using Tempfile, there is no risk of unauthorized file access, since
+  # Tempfile adds a unique string onto the end of every provided filename, and
+  # ensures that the filename does not already exist in the system.
+  def called_on_tempfile? file_name
+    call?(file_name) && file_name.target == s(:const, :Tempfile)
+  end
+
+  def temp_file_method? exp
     if call? exp
       return true if exp.call_chain.include? :tempfile
 

data/lib/brakeman/checks/check_file_disclosure.rb

@@ -22,7 +22,7 @@ class Brakeman::CheckFileDisclosure < Brakeman::BaseCheck
     if fix_version and serves_static_assets?
       warn :warning_type => "File Access",
         :warning_code => :CVE_2014_7829,
-        :message => "Rails #{rails_version} has a file existence disclosure. Upgrade to #{fix_version} or disable serving static assets",
+        :message => msg(msg_version(rails_version), " has a file existence disclosure vulnerability. Upgrade to ", msg_version(fix_version), " or disable serving static assets"),
         :confidence => :high,
         :gem_info => gemfile_or_environment,
         :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ"

data/lib/brakeman/checks/check_filter_skipping.rb

@@ -12,7 +12,7 @@ class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck
 
       warn :warning_type => "Default Routes",
         :warning_code => :CVE_2011_2929,
-        :message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed: CVE-2011-2929",
+        :message => msg("Rails versions before 3.0.10 have a vulnerability which allows filters to be bypassed", msg_cve("CVE-2011-2929")),
         :confidence => :high,
         :gem_info => gemfile_or_environment,
         :link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion"

data/lib/brakeman/checks/check_forgery_setting.rb

@@ -18,7 +18,7 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
       if controller and not controller.protect_from_forgery?
         csrf_warning :controller => name,
           :warning_code => :csrf_protection_missing,
-          :message => "'protect_from_forgery' should be called in #{name}",
+          :message => msg(msg_code("protect_from_forgery"), " should be called in ", msg_code(name)),
           :file => controller.file,
           :line => controller.top_line
       elsif version_between? "4.0.0", "100.0.0" and forgery_opts = controller.options[:protect_from_forgery]
@@ -30,7 +30,7 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
             :controller => name,
             :warning_type => "Cross-Site Request Forgery",
             :warning_code => :csrf_not_protected_by_raising_exception,
-            :message => "protect_from_forgery should be configured with 'with: :exception'",
+            :message => msg(msg_code("protect_from_forgery"), " should be configured with ", msg_code("with: :exception")),
             :confidence => :medium,
             :file => controller.file
           }
@@ -73,7 +73,7 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
     @warned_cve_2011_0447 = true # only warn once
 
     csrf_warning :warning_code => :CVE_2011_0447,
-      :message => "CSRF protection is flawed in unpatched versions of Rails #{rails_version} (CVE-2011-0447). Upgrade to #{new_version} or apply patches as needed",
+      :message => msg("CSRF protection is flawed in unpatched versions of ", msg_version(rails_version), " ", msg_cve("CVE-2011-0447"), ". Upgrade to ", msg_version(new_version), " or apply patches as needed"),
       :gem_info => gemfile_or_environment,
       :file => nil,
       :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"

data/lib/brakeman/checks/check_header_dos.rb

@@ -7,12 +7,12 @@ class Brakeman::CheckHeaderDoS < Brakeman::BaseCheck
 
   def run_check
     if (version_between? "3.0.0", "3.2.15" or version_between? "4.0.0", "4.0.1") and not has_workaround?
-      message = "Rails #{rails_version} has a denial of service vulnerability (CVE-2013-6414). Upgrade to Rails version "
+      message = msg(msg_version(rails_version), " has a denial of service vulnerability ", msg_cve("CVE-2013-6414"), ". Upgrade to ")
 
       if version_between? "3.0.0", "3.2.15"
-        message << "3.2.16"
+        message << msg_version("3.2.16")
       else
-        message << "4.0.2"
+        message << msg_version("4.0.2")
       end
 
       warn :warning_type => "Denial of Service",

data/lib/brakeman/checks/check_i18n_xss.rb

@@ -7,13 +7,13 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
 
   def run_check
     if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1") and not has_workaround?
-      message = "Rails #{rails_version} has an XSS vulnerability in i18n (CVE-2013-4491). Upgrade to Rails version "
       i18n_gem = tracker.config.gem_version :i18n
+      message = msg(msg_version(rails_version), " has an XSS vulnerability in ", msg_version(i18n_gem, "i18n"), " ", msg_cve("CVE-2013-4491"), ". Upgrade to ")
 
       if version_between? "3.0.6", "3.1.99" and version_before i18n_gem, "0.5.1"
-        message << "3.2.16 or i18n 0.5.1"
+        message << msg_version("3.2.16 or i18n 0.5.1")
       elsif version_between? "3.2.0", "4.0.1" and version_before i18n_gem, "0.6.6"
-        message << "4.0.2 or i18n 0.6.6"
+        message << msg_version("4.0.2 or i18n 0.6.6")
       else
         return
       end

data/lib/brakeman/checks/check_jruby_xml.rb

@@ -28,7 +28,7 @@ class Brakeman::CheckJRubyXML < Brakeman::BaseCheck
 
     warn :warning_type => "File Access",
       :warning_code => :CVE_2013_1856,
-      :message => "Rails #{rails_version} with JRuby has a vulnerability in XML parser: upgrade to #{fix_version} or patch",
+      :message => msg(msg_version(rails_version), " with JRuby has a vulnerability in XML parser. Upgrade to ", msg_version(fix_version), " or patch"),
       :confidence => :high,
       :gem_info => gemfile_or_environment,
       :link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ"

data/lib/brakeman/checks/check_json_encoding.rb

@@ -7,12 +7,12 @@ class Brakeman::CheckJSONEncoding < Brakeman::BaseCheck
 
   def run_check
     if (version_between? "4.1.0", "4.1.10" or version_between? "4.2.0", "4.2.1") and not has_workaround?
-      message = "Rails #{rails_version} does not encode JSON keys (CVE-2015-3226). Upgrade to Rails version "
+      message = msg(msg_version(rails_version), " does not encode JSON keys ", msg_cve("CVE-2015-3226"), ". Upgrade to ")
 
       if version_between? "4.1.0", "4.1.10"
-        message << "4.1.11"
+        message << msg_version("4.1.11")
       else
-        message << "4.2.2"
+        message << msg_version("4.2.2")
       end
 
       if tracker.find_call(:methods => [:to_json, :encode]).any?

data/lib/brakeman/checks/check_json_parsing.rb

@@ -20,12 +20,8 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
                       "3.0.20"
                     end
 
-      message = "Rails #{rails_version} has a serious JSON parsing vulnerability: upgrade to #{new_version} or patch"
-      if uses_yajl?
-        gem_info = gemfile_or_environment(:yajl)
-      else
-        gem_info = gemfile_or_environment
-      end
+      message = msg(msg_version(rails_version), " has a serious JSON parsing vulnerability. Upgrade to ", msg_version(new_version), " or patch")
+      gem_info = gemfile_or_environment
 
       warn :warning_type => "Remote Code Execution",
         :warning_code => :CVE_2013_0333,
@@ -72,19 +68,20 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
 
     warning_type = "Denial of Service"
     confidence = :medium
-    message = "#{name} gem version #{version} has a symbol creation vulnerablity: upgrade to "
+    gem_name = "#{name} gem"
+    message = msg(msg_version(version, gem_name), " has a symbol creation vulnerablity. Upgrade to ")
 
     if version >= "1.7.0"
       confidence = :high
       warning_type = "Remote Code Execution"
-      message = "#{name} gem version #{version} has a remote code vulnerablity: upgrade to 1.7.7"
+      message = msg(msg_version(version, "json gem"), " has a remote code execution vulnerability. Upgrade to ", msg_version("1.7.7", "json gem"))
     elsif version >= "1.6.0"
-      message << "1.6.8"
+      message << msg_version("1.6.8", gem_name)
     elsif version >= "1.5.0"
-      message << "1.5.5"
+      message << msg_version("1.5.5", gem_name)
     else
       confidence = :weak
-      message << "1.5.5"
+      message << msg_version("1.5.5", gem_name)
     end
 
     if confidence == :medium and uses_json_parse?

data/lib/brakeman/checks/check_link_to.rb

@@ -68,7 +68,7 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
     input = has_immediate_user_input?(argument)
     return false unless input
 
-    message = "Unescaped #{friendly_type_of input} in link_to"
+    message = msg("Unescaped ", msg_input(input), " in ", msg_code("link_to"))
 
     warn_xss(result, message, input, :high)
   end
@@ -83,7 +83,7 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
 
     confidence = :medium
     confidence = :high if likely_model_attribute? match
-    warn_xss(result, "Unescaped model attribute in link_to", match, confidence)
+    warn_xss(result, msg("Unescaped model attribute in ", msg_code("link_to")), match, confidence)
   end
 
   # Check if we should warn about the matched result
@@ -91,7 +91,7 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
     return false unless matched
     return false if matched.type == :model and tracker.options[:ignore_model_output]
 
-    message = "Unescaped #{friendly_type_of matched} in link_to"
+    message = msg("Unescaped ", msg_input(matched), " in ", msg_code("link_to"))
 
     warn_xss(result, message, @matched, :medium)
   end

data/lib/brakeman/checks/check_link_to_href.rb

@@ -43,7 +43,7 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
     return if call? url_arg and ignore_call? url_arg.target, url_arg.method
 
     if input = has_immediate_user_input?(url_arg)
-      message = "Unsafe #{friendly_type_of input} in link_to href"
+      message = msg("Unsafe ", msg_input(input), " in ", msg_code("link_to"), " href")
 
       unless duplicate? result or call_on_params? url_arg or ignore_interpolation? url_arg, input.match
         add_result result
@@ -59,7 +59,7 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
       return if ignore_model_call? url_arg, input or duplicate? result
       add_result result
 
-      message = "Potentially unsafe model attribute in link_to href"
+      message = msg("Potentially unsafe model attribute in ", msg_code("link_to"), " href")
 
       warn :result => result,
         :warning_type => "Cross-Site Scripting",

data/lib/brakeman/checks/check_mail_to.rb

@@ -11,12 +11,12 @@ class Brakeman::CheckMailTo < Brakeman::BaseCheck
 
   def run_check
     if (version_between? "2.3.0", "2.3.10" or version_between? "3.0.0", "3.0.3") and result = mail_to_javascript?
-      message = "Vulnerability in mail_to using javascript encoding (CVE-2011-0446). Upgrade to Rails version "
+      message = msg("Vulnerability in ", msg_code("mail_to"), " using javascript encoding ", msg_cve("CVE-2011-0446"), ". Upgrade to ")
 
       if version_between? "2.3.0", "2.3.10"
-        message << "2.3.11"
+        message << msg_version("2.3.11")
       else
-        message << "3.0.4"
+        message << msg_version("3.0.4")
       end
 
       warn :result => result,

data/lib/brakeman/checks/check_mime_type_dos.rb

@@ -19,7 +19,7 @@ class Brakeman::CheckMimeTypeDoS < Brakeman::BaseCheck
 
     return if has_workaround?
 
-    message = "Rails #{rails_version} is vulnerable to denial of service via mime type caching (CVE-2016-0751). Upgrade to Rails version #{fix_version}"
+    message = msg(msg_version(rails_version), " is vulnerable to denial of service via mime type caching ", msg_cve("CVE-2016-0751"), ". Upgrade to ", msg_version(fix_version))
 
     warn :warning_type => "Denial of Service",
       :warning_code => :CVE_2016_0751,

data/lib/brakeman/checks/check_model_attributes.rb

@@ -30,7 +30,7 @@ class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
         warn :model => no_accessible_names.sort.join(", "),
           :warning_type => "Attribute Restriction",
           :warning_code => :no_attr_accessible,
-          :message => "Mass assignment is not restricted using attr_accessible",
+          :message => msg("Mass assignment is not restricted using ", msg_code("attr_accessible")),
           :confidence => :high
       end
 
@@ -59,7 +59,7 @@ class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
             :line => model.top_line,
             :warning_type => "Attribute Restriction",
             :warning_code => :no_attr_accessible,
-            :message => "Mass assignment is not restricted using attr_accessible",
+            :message => msg("Mass assignment is not restricted using ", msg_code("attr_accessible")),
             :confidence => :high
         elsif not tracker.options[:ignore_attr_protected]
           message, confidence, link = check_for_attr_protected_bypass
@@ -105,11 +105,11 @@ class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
                       end
 
     if upgrade_version
-      message = "attr_protected is bypassable in #{rails_version}, use attr_accessible or upgrade to #{upgrade_version}"
+      message = msg(msg_code("attr_protected"), " is bypassable in ", msg_version(rails_version), ". Use ", msg_code("attr_accessible"), " or upgrade to ", msg_version(upgrade_version))
       confidence = :high
       link = "https://groups.google.com/d/topic/rubyonrails-security/AFBKNY7VSH8/discussion"
     else
-      message = "attr_accessible is recommended over attr_protected"
+      message = msg(msg_code("attr_accessible"), " is recommended over ", msg_code("attr_protected"))
       confidence = :medium
       link = nil
     end

data/lib/brakeman/checks/check_model_serialize.rb

@@ -57,7 +57,7 @@ class Brakeman::CheckModelSerialize < Brakeman::BaseCheck
       warn :model => model.name,
         :warning_type => "Remote Code Execution",
         :warning_code => :CVE_2013_0277,
-        :message => "Serialized attributes are vulnerable in Rails #{rails_version}, upgrade to #{@upgrade_version} or patch.",
+        :message => msg("Serialized attributes are vulnerable in ", msg_version(rails_version), ", upgrade to ", msg_version(@upgrade_version), " or patch"),
         :confidence => confidence,
         :link => "https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion",
         :file => model.file,

data/lib/brakeman/checks/check_nested_attributes.rb

@@ -11,12 +11,12 @@ class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck
     version = rails_version
 
     if (version == "2.3.9" or version == "3.0.0") and uses_nested_attributes?
-      message = "Vulnerability in nested attributes (CVE-2010-3933). Upgrade to Rails version "
+      message = msg("Vulnerability in nested attributes ", msg_cve("CVE-2010-3933"), ". Upgrade to ")
 
       if version == "2.3.9"
-        message << "2.3.10"
+        message << msg_version("2.3.10")
       else
-        message << "3.0.1"
+        message << msg_version("3.0.1")
       end
 
       warn :warning_type => "Nested Attributes",

data/lib/brakeman/checks/check_nested_attributes_bypass.rb

@@ -30,7 +30,7 @@ class Brakeman::CheckNestedAttributesBypass < Brakeman::BaseCheck
   end
 
   def warn_about_nested_attributes name, model, args
-    message = "Rails #{rails_version} does not call :reject_if option when :allow_destroy is false (CVE-2015-7577)"
+    message = msg(msg_version(rails_version), " does not call ", msg_code(":reject_if"), " option when ", msg_code(":allow_destroy"), " is ", msg_code("false"), " ", msg_cve("CVE-2015-7577"))
 
     warn :model => name,
       :warning_type => "Nested Attributes",

data/lib/brakeman/checks/check_number_to_currency.rb

@@ -23,12 +23,12 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
   end
 
   def generic_warning
-    message = "Rails #{rails_version} has a vulnerability in number helpers (CVE-2014-0081). Upgrade to Rails version "
+    message = msg(msg_version(rails_version), " has a vulnerability in number helpers ", msg_cve("CVE-2014-0081"), ". Upgrade to ")
 
     if version_between? "2.3.0", "3.2.16"
-      message << "3.2.17"
+      message << msg_version("3.2.17")
     else
-      message << "4.0.3"
+      message << msg_version("4.0.3")
     end
 
     warn :warning_type => "Cross-Site Scripting",
@@ -66,7 +66,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
     warn :result => result,
       :warning_type => "Cross-Site Scripting",
       :warning_code => :CVE_2014_0081_call,
-      :message => "Format options in #{result[:call].method} are not safe in Rails #{rails_version}",
+      :message => msg("Format options in ", msg_code(result[:call].method), " are not safe in ", msg_version(rails_version)),
       :confidence => :high,
       :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
       :user_input => match

data/lib/brakeman/checks/check_quote_table_name.rb

@@ -18,9 +18,9 @@ class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck
       end
 
       if rails_version =~ /^3/
-        message = "Versions before 3.0.10 have a vulnerability in quote_table_name: CVE-2011-2930"
+        message = msg("Rails versions before 3.0.10 have a vulnerability in ", msg_code("quote_table_name"), " ", msg_cve("CVE-2011-2930"))
       else
-        message = "Versions before 2.3.14 have a vulnerability in quote_table_name: CVE-2011-2930"
+        message = msg("Rails versions before 2.3.14 have a vulnerability in ", msg_code("quote_table_name"), " ", msg_cve("CVE-2011-2930"))
       end
 
       warn :warning_type => "SQL Injection",

data/lib/brakeman/checks/check_regex_dos.rb

@@ -44,7 +44,7 @@ class Brakeman::CheckRegexDoS < Brakeman::BaseCheck
       end
 
       if match
-        message = "#{friendly_type_of(match).capitalize} used in regex"
+        message = msg(msg_input(match), " used in regular expression")
 
         warn :result => result,
           :warning_type => "Denial of Service",

data/lib/brakeman/checks/check_render.rb

@@ -49,7 +49,7 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
       return if input.type == :model #skip models
       return if safe_param? input.match
 
-      message = "Render path contains #{friendly_type_of input}"
+      message = msg("Render path contains ", msg_input(input))
 
       warn :result => result,
         :warning_type => "Dynamic Render Path",
@@ -75,7 +75,7 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
         warn :result => result,
           :warning_type => "Remote Code Execution",
           :warning_code => :dynamic_render_path_rce,
-          :message => "Passing query parameters to render() is vulnerable in Rails #{rails_version} (CVE-2016-0752)",
+          :message => msg("Passing query parameters to ", msg_code("render"), " is vulnerable in ", msg_version(rails_version), " ", msg_cve("CVE-2016-0752")),
           :user_input => view,
           :confidence => :high
       end