Merge pull request #1859 from presidentbeef/unscoped_find_by_bang

UnscopedFind for `find_by!`

lib/brakeman/checks/check_unscoped_find.rb

@@ -24,7 +24,7 @@ def run_check
       process_result call
     end
 
-    tracker.find_call(:method => :find_by, :targets => associated_model_names).each do |result|
+    tracker.find_call(:methods => [:find_by, :find_by!], :targets => associated_model_names).each do |result|
       arg = result[:call].first_arg
 
       if hash? arg and hash_access(arg, :id)

test/apps/rails4/app/controllers/users_controller.rb

@@ -134,5 +134,6 @@ def find_and_create_em
 
   def email_find_by
     Email.find_by id: params[:email][:id]
+    Email.find_by! id: params[:email][:id]
   end
 end

test/tests/rails4.rb

@@ -21,7 +21,7 @@ def expected
       :controller => 0,
       :model => 3,
       :template => 8,
-      :generic => 89
+      :generic => 90
     }
   end
 
@@ -1612,6 +1612,20 @@ def test_unscoped_find_by
       user_input: s(:call, s(:call, s(:params), :[], s(:lit, :email)), :[], s(:lit, :id))
   end
 
+  def test_unscoped_find_by_bang
+    assert_warning check_name: "UnscopedFind",
+      type: :warning,
+      warning_code: 82,
+      fingerprint: "da4c77ce860d5567bfaf5e915b734e54712a276dfbee36694757754a49ed4e0c",
+      warning_type: "Unscoped Find",
+      line: 137,
+      message: /^Unscoped\ call\ to\ `Email\#find_by!`/,
+      confidence: 2,
+      relative_path: "app/controllers/users_controller.rb",
+      code: s(:call, s(:const, :Email), :find_by!, s(:hash, s(:lit, :id), s(:call, s(:call, s(:params), :[], s(:lit, :email)), :[], s(:lit, :id)))),
+      user_input: s(:call, s(:call, s(:params), :[], s(:lit, :email)), :[], s(:lit, :id))
+  end
+
   def test_before_filter_block
     assert_warning :type => :warning,
       :warning_code => 13,