# File lib/brakeman/checks/check_select_vulnerability.rb, line 37 def process_result result return if duplicate? result third_arg = result[:call].third_arg #Check for user input in options parameter if sexp? third_arg and include_user_input? third_arg add_result result if string_interp? third_arg confidence = :medium else confidence = :weak end warn :template => result[:location][:template], :warning_type => "Cross-Site Scripting", :warning_code => :select_options_vuln, :result => result, :message => @message, :confidence => confidence end end