presidentbeef brakeman issues

presidentbeef / brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

https://brakemanscanner.org/

Other

7.02k stars 732 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

False positive when methods chained on permitted params

#1885 bschmeck opened 3 days ago
0
Accept ActiveStorage::Filename#sanitized and to_i as safe

#1883 bb opened 2 weeks ago
2
Require Prism 1.0+ for --prism

#1882 presidentbeef closed 1 week ago
1
Start of redo of rescanning

#1881 presidentbeef opened 2 weeks ago
1
Match globally excluded paths more accurately

#1880 presidentbeef opened 2 weeks ago
1
Ensure exact match when rejecting global excludes with `EXCLUDED_PATHS`

#1879 gazayas closed 2 weeks ago
3
Fix recursion in masgn

#1878 presidentbeef closed 3 weeks ago
1
SystemStackError crash during a run, with no report emitted.

#1877 xxx closed 3 weeks ago
2
Do not treat private methods as routable

#1876 presidentbeef opened 1 month ago
1
Test with Prism in CI

#1875 presidentbeef opened 1 month ago
2
Rails 6.1.7.9 recognized as EOL

#1874 bradherman closed 1 month ago
2
Ignore more native gems when building gem

#1872 presidentbeef closed 1 month ago
1
Doubt about an XSS warning

#1871 dgarofoli1987 opened 1 month ago
1
Brakeman dynamic render path error when finding records inside components

#1870 anthonyshchang opened 2 months ago
0
brakeman 6.2.1 ships binaries that are linked against ruby 3.1.0

#1869 kirillrdy closed 1 month ago
4
Revamp command injection in `pipeline*` calls

#1868 presidentbeef closed 2 months ago
1
Possible issue with --skip-files on folders containing symlinks in 6.2.1

#1866 schinery opened 3 months ago
1
New end-of-support dates for Rails

#1865 presidentbeef closed 2 months ago
1
Add build dependencies for Docker

#1864 presidentbeef closed 3 months ago
1
False positive when passing a command array to Open3.pipeline

#1862 alexandergitter closed 2 months ago
1
Add `--show-ignored` flag

#1861 gazayas closed 3 months ago
3
Remove updated entry in brakeman.ignore

#1860 tobyhs closed 1 week ago
1
UnscopedFind for `find_by!`

#1859 presidentbeef closed 4 months ago
1
Add optional use of Prism parser

#1858 presidentbeef closed 4 months ago
1
Use `puts` for `$stderr` output in command line

#1857 gazayas closed 4 months ago
3
Ability to include multiple brakeman.ignore files via cmd

#1856 Karl-H opened 4 months ago
1
Fix compatibility with `--enable-frozen-string-literal`

#1855 casperisfine closed 4 months ago
8
README.md: `require: false` to bundler instructions

#1854 runephilosof-abtion closed 4 months ago
2
Fix all warnings in the test suite

#1853 casperisfine closed 4 months ago
3
Add remediation advice for command injection warnings

#1852 rangerscience closed 4 months ago
2
Unvalidated `redirect_back` false negatives

#1851 mattyb opened 5 months ago
2
`eval` call not being detected

#1850 johansenja closed 4 months ago
2
Does not identify Rails 8 applications

#1849 ron-shinall closed 5 months ago
0
Command injection false positive

#1848 jasonperrone closed 4 months ago
2
Enable aliases for YAML safe_load of `secrets.yml` file

#1847 chaadow closed 4 months ago
4
Initial work for adding Rails 8 support

#1846 ron-shinall closed 5 months ago
8
Incorrect identification of User input; Unable to dynamically render fully qualified path

#1845 garettarrowood closed 6 months ago
1
Fix parsing issue of yields in ERB templates

#1844 presidentbeef closed 6 months ago
1
Handle multiple assignment with splats

#1843 presidentbeef closed 6 months ago
1
https://github.com/presidentbeef/brakeman/issues/1841

#1842 kwerle opened 6 months ago
8
brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module)

#1841 kwerle opened 6 months ago
0
Support non-standard gemfile naming for dual booting Rails apps

#1840 eliotsykes opened 7 months ago
1
False negatives due to --skip-libs ignoring app/ files.

#1839 kevinjacobs opened 7 months ago
2
Address false warnings raised for known renderable classes specified with fully qualified paths

#1838 that-jill closed 4 months ago
2
Add option to exclude "updated" in brakeman.ignore

#1837 tobyhs closed 1 week ago
5
Fix JSON comparison test

#1836 presidentbeef closed 7 months ago
1
Add test-report.json to .gitignore

#1835 tobyhs closed 8 months ago
2
Issue with adding autoload_paths for views dir

#1834 SethHorsley closed 4 months ago
1
Parsing Error on splat operator

#1833 ryochin closed 6 months ago
0
with_content for ViewComponent flagged as dynamic render path

#1832 gavingmiller opened 8 months ago
4