From 87e52206d725038c3cb2f34384241b6a7979d93c Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Sat, 15 Oct 2016 10:38:10 -0700
Subject: [PATCH] Attempt to get and use Ruby version from app

either .ruby-version or Gemfile

Closes #928
---
 lib/brakeman/checks/check_symbol_dos.rb  |  1 +
 lib/brakeman/processors/gem_processor.rb | 27 +++++++++++++++---------
 lib/brakeman/scanner.rb                  |  4 ++++
 lib/brakeman/tracker/config.rb           | 11 +++++++++-
 4 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/lib/brakeman/checks/check_symbol_dos.rb b/lib/brakeman/checks/check_symbol_dos.rb
index 1038a45885..9b1a650def 100644
--- a/lib/brakeman/checks/check_symbol_dos.rb
+++ b/lib/brakeman/checks/check_symbol_dos.rb
@@ -9,6 +9,7 @@ class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
 
   def run_check
     return if rails_version and rails_version >= "5.0.0"
+    return if tracker.config.ruby_version >= "2.2"
 
     tracker.find_call(:methods => UNSAFE_METHODS, :nested => true).each do |result|
       check_unsafe_symbol_creation(result)
diff --git a/lib/brakeman/processors/gem_processor.rb b/lib/brakeman/processors/gem_processor.rb
index bbeaa99307..ae123bb0bd 100644
--- a/lib/brakeman/processors/gem_processor.rb
+++ b/lib/brakeman/processors/gem_processor.rb
@@ -21,19 +21,26 @@ def process_gems gem_files
   end
 
   def process_call exp
-    if exp.target == nil and exp.method == :gem
-      gem_name = exp.first_arg
-      return exp unless string? gem_name
+    if exp.target == nil
+      if exp.method == :gem
+        gem_name = exp.first_arg
+        return exp unless string? gem_name
 
-      gem_version = exp.second_arg
+        gem_version = exp.second_arg
 
-      version = if string? gem_version
-                  gem_version.value
-                else
-                  nil
-                end
+        version = if string? gem_version
+                    gem_version.value
+                  else
+                    nil
+                  end
 
-      @tracker.config.add_gem gem_name.value, version, @gemfile, exp.line
+        @tracker.config.add_gem gem_name.value, version, @gemfile, exp.line
+      elsif exp.method == :ruby
+        version = exp.first_arg
+        if string? version
+          @tracker.config.set_ruby_version version.value
+        end
+      end
     end
 
     exp
diff --git a/lib/brakeman/scanner.rb b/lib/brakeman/scanner.rb
index 55f2aa4241..8e1eb2340b 100644
--- a/lib/brakeman/scanner.rb
+++ b/lib/brakeman/scanner.rb
@@ -108,6 +108,10 @@ def process_config
       tracker.config.escape_html = true
       Brakeman.notify "[Notice] Escaping HTML by default"
     end
+
+    if @app_tree.exists? ".ruby-version"
+      tracker.config.set_ruby_version @app_tree.read ".ruby-version"
+    end
   end
 
   def process_config_file file
diff --git a/lib/brakeman/tracker/config.rb b/lib/brakeman/tracker/config.rb
index 3e9a379d0a..081dd0e795 100644
--- a/lib/brakeman/tracker/config.rb
+++ b/lib/brakeman/tracker/config.rb
@@ -5,7 +5,7 @@ class Config
     include Util
 
     attr_reader :rails, :tracker
-    attr_accessor :rails_version
+    attr_accessor :rails_version, :ruby_version
     attr_writer :erubis, :escape_html
     attr_reader :gems
 
@@ -16,6 +16,7 @@ def initialize tracker
       @settings = {}
       @escape_html = nil
       @erubis = nil
+      @ruby_version = ""
     end
 
     def allow_forgery_protection?
@@ -92,6 +93,14 @@ def set_rails_version
       end
     end
 
+    def set_ruby_version version
+      return unless version.is_a? String
+
+      if version =~ /(\d+\.\d+\.\d+)/
+        self.ruby_version = $1
+      end
+    end
+
     def session_settings
       @rails[:action_controller] &&
         @rails[:action_controller][:session]