def check_cve_2018_8048
if loofah_vulnerable_cve_2018_8048?
message = msg(msg_version(tracker.config.gem_version(:loofah), "loofah gem"), " is vulnerable (CVE-2018-8048). Upgrade to 2.1.2")
if tracker.find_call(:target => false, :method => :sanitize).any?
confidence = :high
else
confidence = :medium
end
warn :warning_type => "Cross-Site Scripting",
:warning_code => :CVE_2018_8048,
:message => message,
:gem_info => gemfile_or_environment(:loofah),
:confidence => confidence,
:link_path => "https://github.com/flavorjones/loofah/issues/144"
end
end