def check_for_dynamic_path result
view = result[:call][2]
if sexp? view and original? result
if input = has_immediate_user_input?(view)
if string_interp? view
confidence = :medium
else
confidence = :high
end
elsif input = include_user_input?(view)
confidence = :weak
else
return
end
return if input.type == :model
return if safe_param? input.match
message = msg("Render path contains ", msg_input(input))
warn :result => result,
:warning_type => "Dynamic Render Path",
:warning_code => :dynamic_render_path,
:message => message,
:user_input => input,
:confidence => confidence
end
end