From 6c1d8bc6532898b5176c6b8f1389af6878c58f09 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Sun, 2 May 2021 17:53:29 -0700
Subject: [PATCH] Safe value for unknown index into all literals array

---
 .../processors/lib/call_conversion_helper.rb      |  2 ++
 test/tests/alias_processor.rb                     | 15 +++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/lib/brakeman/processors/lib/call_conversion_helper.rb b/lib/brakeman/processors/lib/call_conversion_helper.rb
index 7cc511a1fc..7acb4a1f91 100644
--- a/lib/brakeman/processors/lib/call_conversion_helper.rb
+++ b/lib/brakeman/processors/lib/call_conversion_helper.rb
@@ -76,6 +76,8 @@ def process_array_access array, args, original_exp = nil
 
         #Have to do this because first element is :array and we have to skip it
         array[1..-1][index] or original_exp
+      elsif all_literals? array
+        safe_literal(array.line)
       else
         original_exp
       end
diff --git a/test/tests/alias_processor.rb b/test/tests/alias_processor.rb
index 895aee1630..aafb0f63c8 100644
--- a/test/tests/alias_processor.rb
+++ b/test/tests/alias_processor.rb
@@ -130,6 +130,14 @@ def test_array_fetch
     RUBY
   end
 
+  def test_array_fetch_unknown_literal
+    assert_alias ':BRAKEMAN_SAFE_LITERAL', <<-RUBY
+    x = [1, 2, 3]
+    y = x.fetch(z)
+    y
+    RUBY
+  end
+
   def test_array_append
     assert_alias '[1, 2, 3]', <<-RUBY
       x = [1]
@@ -221,6 +229,13 @@ def test_hash_fetch
     RUBY
   end
 
+  def test_hash_fetch_unknown_literal
+    assert_alias ':BRAKEMAN_SAFE_LITERAL', <<-RUBY
+      x = { a: 0, b: 1, c: 3 }
+      x.fetch(:z)
+    RUBY
+  end
+
   def test_hash_update
     assert_alias "2", <<-RUBY
       @foo = {