def warn_sanitizer_cve cve, link, upgrade_version
message = msg(msg_version(tracker.config.gem_version('rails-html-sanitizer''rails-html-sanitizer'), "rails-html-sanitizer"), " is vulnerable ", msg_cve(cve), ". Upgrade to ", msg_version(upgrade_version, "rails-html-sanitizer"))
if tracker.find_call(:target => false, :method => :sanitize).any?
confidence = :high
else
confidence = :medium
end
warn :warning_type => "Cross-Site Scripting",
:warning_code => cve.tr('-', '_').to_sym,
:message => message,
:gem_info => gemfile_or_environment('rails-html-sanitizer''rails-html-sanitizer'),
:confidence => confidence,
:link_path => link
end