Ignore Object#freeze, use the target instead

fixes #1211
presidentbeef · Jun 6, 2018 · 01b1565 · 01b1565
1 parent 942fd8b
commit 01b1565
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/lib/brakeman/processors/alias_processor.rb b/lib/brakeman/processors/alias_processor.rb
@@ -259,8 +259,8 @@ def process_call exp
         exp = target[1]
       end
     when :freeze
-      if string? target
-        exp = process exp.target
+      unless target.nil?
+        exp = target
       end
     when :join
       if array? target and target.length > 2 and (string? first_arg or first_arg.nil?)

diff --git a/test/apps/rails5.2/app/controllers/users_controller.rb b/test/apps/rails5.2/app/controllers/users_controller.rb
@@ -8,4 +8,13 @@ def show
     show_params = params.permit(:id, :name).to_hash.symbolize_keys
     User.where(show_params).qualify.all
   end
+
+  ALLOWED_FOOS = [:bar, :baz].freeze
+  def delete(foo)
+    unless ALLOWED_FOOS.include? foo
+      raise ArgumentError, "Unexpected foo: #{foo}"
+    end
+
+    Person.where("#{foo} >= 1")
+  end
 end