Merge pull request #1657 from presidentbeef/unignore_sanitize_sql_like

Do not treat `sanitize_sql_like` as safe

lib/brakeman/checks/check_sql.rb

@@ -584,7 +584,7 @@ def check_string_arg exp
   end
 
   IGNORE_METHODS_IN_SQL = Set[:id, :merge_conditions, :table_name, :quoted_table_name,
-    :quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array, :sanitize_sql_like,
+    :quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array,
     :sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
     :sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
     :to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,

test/tests/github_output.rb

@@ -6,7 +6,7 @@ def setup
   end
 
   def test_report_format
-    assert_equal 40, @@report.lines.count, "Did you add vulnerabilities to the Rails 6 app? Update this test please!"
+    assert_equal 41, @@report.lines.count, "Did you add vulnerabilities to the Rails 6 app? Update this test please!"
     @@report.lines.each do |line|
       assert line.start_with?('::'), 'Every line must start with `::`'
       assert_equal 2, line.scan('::').count, 'Every line must have exactly 2 `::`'

test/tests/rails6.rb

@@ -13,7 +13,7 @@ def expected
       :controller => 0,
       :model => 0,
       :template => 4,
-      :generic => 34
+      :generic => 35
     }
   end
 
@@ -148,7 +148,7 @@ def test_sql_injection_date_integer_target_false_positive
   end
 
   def test_sql_injection_sanitize_sql_like
-    assert_no_warning :type => :warning,
+    assert_warning :type => :warning,
       :warning_code => 0,
       :fingerprint => "8dde11c95a0f3acb4f982ff6554ac3ba821334ee04aee7f1fb0ea01c8919baad",
       :warning_type => "SQL Injection",