Check for evaluation even if it's a call target

Fixes #1590

lib/brakeman/checks/check_evaluation.rb

@@ -10,7 +10,7 @@ class Brakeman::CheckEvaluation < Brakeman::BaseCheck
   #Process calls
   def run_check
     Brakeman.debug "Finding eval-like calls"
-    calls = tracker.find_call :method => [:eval, :instance_eval, :class_eval, :module_eval]
+    calls = tracker.find_call methods: [:eval, :instance_eval, :class_eval, :module_eval], nested: true
 
     Brakeman.debug "Processing eval-like calls"
     calls.each do |call|

test/apps/rails6/app/controllers/accounts_controller.rb

@@ -22,4 +22,8 @@ def auth_something
       # Do something benign
     end
   end
+
+  def eval_something
+    eval(params[:x]).to_s
+  end
 end

test/tests/github_output.rb

@@ -6,7 +6,7 @@ def setup
   end
 
   def test_report_format
-    assert_equal 33, @@report.lines.count
+    assert_equal 34, @@report.lines.count
     @@report.lines.each do |line|
       assert line.start_with?('::'), 'Every line must start with `::`'
       assert_equal 2, line.scan('::').count, 'Every line must have exactly 2 `::`'

test/tests/rails6.rb

@@ -13,7 +13,7 @@ def expected
       :controller => 0,
       :model => 0,
       :template => 4,
-      :generic => 28
+      :generic => 29
     }
   end
 
@@ -587,4 +587,17 @@ def test_skip_dev_environment
       :code => s(:call, nil, :eval, s(:call, s(:params), :[], s(:lit, :x))),
       :user_input => s(:call, s(:params), :[], s(:lit, :x))
   end
+
+  def test_dangerous_eval_as_method_target
+    assert_warning :type => :warning,
+      :warning_code => 13,
+      :fingerprint => "3c4b94f3fc4ff4cfb005299349eb4f9a89832f35fc33ed9edc8481b98a047edb",
+      :warning_type => "Dangerous Eval",
+      :line => 27,
+      :message => /^User\ input\ in\ eval/,
+      :confidence => 0,
+      :relative_path => "app/controllers/accounts_controller.rb",
+      :code => s(:call, nil, :eval, s(:call, s(:params), :[], s(:lit, :x))),
+      :user_input => s(:call, s(:params), :[], s(:lit, :x))
+  end
 end