# File lib/brakeman/checks/check_render.rb, line 63
  def check_for_rce result
    return unless version_between? "0.0.0", "3.2.22" or
                  version_between? "4.0.0", "4.1.14" or
                  version_between? "4.2.0", "4.2.5"


    view = result[:call][2]
    if sexp? view and not duplicate? result
      if params? view
        add_result result
        return if safe_param? view

        warn :result => result,
          :warning_type => "Remote Code Execution",
          :warning_code => :dynamic_render_path_rce,
          :message => msg("Passing query parameters to ", msg_code("render"), " is vulnerable in ", msg_version(rails_version), " ", msg_cve("CVE-2016-0752")),
          :user_input => view,
          :confidence => :high
      end
    end
  end