-
Firstly, thanks @mmozuras for pronto. I'm trialling using it to help with teaching Rails, when reviewing student projects.
The running order of pronto-brakeman and pronto-rails_best_practices can aff…
-
[Brakeman is no longer open source software (OSS)](https://brakemanscanner.org/blog/2019/01/17/brakeman-4-dot-4-dot-0-released).
Thus, I have created [Railroader](https://github.com/david-a-wheeler…
-
The following code is not detected by Brakeman as an unscoped find:
``` ruby
class WhateverController < ApplicationController
def show
Foo.includes(:bar).find(params[:id])
end
end
```
This, …
jarmo updated
6 years ago
-
Looks like Brakeman does not check Graphql Mutations and Resolvers for potential vulnerabilities
Example:
```
# app/graphql/resolvers/user.rb
class Resolvers::User < Resolvers::Base
argu…
-
### Background
Brakeman version: 4.3.0
Ruby version: 2.3.7p456
### Issue
When a `File.join` call is interpolated into a system call, brakeman does not correctly determine if the resulting va…
-
Add badges similar to travis or gemnasium.
-
This is just a duplicate of #698.
**Is your feature request related to a problem? Please describe.**
I am using a function that is sufficient to protect me from dangerous games with file names, as…
akimd updated
5 years ago
-
### Background
Brakeman version: brakeman 5.0.0
Rails version: Rails 6.0.3.4
Ruby version: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux]
### Issue
There are 4 examples that…
-
### Background
Brakeman version: 4.2.1
Rails version: 5.1.6
Ruby version: 2.3.5
### Issue
Defining a `link_to` in a view based on `request.query_parameters` without any sanitization is not …
-
# Summary
We should run security scans to our TravisCI checks to better ensure we don't introduce security vulnerabilities. Let's update our Travis configuration to also run these checks and let us…