Avoid copying Sexps that are too large

Addresses #1816, #1546, ...
presidentbeef · Jan 25, 2024 · 180e872 · 180e872
1 parent 7c34984
commit 180e872
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/lib/brakeman/processors/alias_processor.rb b/lib/brakeman/processors/alias_processor.rb
@@ -32,6 +32,7 @@ def initialize tracker = nil, current_file = nil
     @or_depth_limit = (tracker && tracker.options[:branch_limit]) || 5 #arbitrary default
     @meth_env = nil
     @current_file = current_file
+    @mass_limit = (tracker && tracker.options[:mass_limit]) || 1000 # arbitrary default
     set_env_defaults
   end
 
@@ -82,8 +83,12 @@ def process_default exp
   def replace exp, int = 0
     return exp if int > 3
 
-    if replacement = env[exp] and not duplicate? replacement
-      replace(replacement.deep_clone(exp.line), int + 1)
+    if replacement = env[exp]
+      if not duplicate? replacement and replacement.mass < @mass_limit
+        replace(replacement.deep_clone(exp.line), int + 1)
+      else
+        exp
+      end
     elsif tracker and replacement = tracker.constant_lookup(exp) and not duplicate? replacement
       replace(replacement.deep_clone(exp.line), int + 1)
     else