def check_for_rce result
return unless version_between? "0.0.0", "3.2.22" or
version_between? "4.0.0", "4.1.14" or
version_between? "4.2.0", "4.2.5"
view = result[:call][2]
if sexp? view and not duplicate? result
if params? view
add_result result
return if safe_param? view
warn :result => result,
:warning_type => "Remote Code Execution",
:warning_code => :dynamic_render_path_rce,
:message => msg("Passing query parameters to ", msg_code("render"), " is vulnerable in ", msg_version(rails_version), " ", msg_cve("CVE-2016-0752")),
:user_input => view,
:confidence => :high
end
end
end