Open ShadSterling opened 3 years ago
Thank you for reporting this @ShadSterling.
Finding just calls on ActiveRecord objects is pretty hard, so Brakeman is a bit aggressive about identifying potential DB queries.
This case can be addressed, though.
So, actually to address this particular case Brakeman needs to do something with default argument values and that's kind of a big change. I'll have to ponder this.
Background
Brakeman version: 5.0.0 Rails version: 5.2.4.5 Ruby version: 2.6.5p114
Link to Rails application code: (not public)
False Positive
Full warning from Brakeman:
Relevant code:
The pretty_print method is the helper for pretty_inspect; see https://docs.ruby-lang.org/en/3.0.0/PP.html#class-PP-label-Output+Customization
Why might this be a false positive?
There's no SQL here, we're generating strings for pretty_inspect for log messages