brakeman issues

Fix markdown message with pipe character

1

Warning message containing codes with pipe character `|` breaks markdown table

Possible unprotected redirect for URL

2

Brakeman version: 5.2.1 Rails version: 6.1.4.6 Ruby version: 3.1.0 I am having this result for an url that allows user to download a document. Confidence: High Category: Redirect Check: Redirect...

QuentinBonnafet

Report on: allow_forgery_protection = false

2

**Is your feature request related to a problem? Please describe.** @presidentbeef and I have talked about this a bit already, but the gist is that I recommend adding a rule...

forced-request

I would like brakeman docker image to be cross platform

4

While brakeman amd does work on my shiny new mbp, it's less than optimal. Building x-platform images is pretty easy. I'm willing to contribute effort to get this done.

kwerle

Apparently never ending "Indexing call sites..."

12

Hi Justin, ### Background Brakeman version: 5.2.1 Rails version: 6.1.4.1 Ruby version: 2.7.2 Link to Rails application code: Sorry, I don't own the code, cannot do that. Besides I don't...

akimd

Possible false positive for unprotected redirect using Pundit policy_scopes

1

### Background Brakeman version: 4.10.1 Rails version: 6.1.1 Ruby version: 3.0.0 #### False Positive *Full* warning from Brakeman: ``` Confidence: Weak Category: Redirect Check: Redirect Message: Possible unprotected redirect Code:...

mylanconnolly

`latest` brakeman image in docker hub is older than `5.2.1`

6

As a follow-up to #1510, I thought I'd raise the same issue. Any chance we could get the brakeman image updated on Dockerhub? Thank you!

shamrt

Trigger Mass Assignment rule on other foreign keys than account_id

1

**Is your feature request related to a problem? Please describe.** In order to improve IDOR prevention, it would be interesting to be able to add foreign keys that could trigger...

Owpac-doctolib

SQL injection false negative for connections on complex objects

2

### Background Brakeman version: 5.2.1 Rails version: 6 and 7 Ruby version: 3.0.3p157 def not_detected_injection_risk(query) base_record = [ActiveRecord::Base].find {true} base_record.connection.exec_query("SELECT * where x = #{query}") end def detected_injection_risk(query) base_record =...

EQuincerot

Unscoped find with `find` and `find_by`

3

### Background Brakeman version: 5.1.1 Rails version: 6.1.4 Ruby version: 2.7.2 Link to Rails application code: `Unscoped call to Organization#find near line 11: Organization.find(params[:organiser_id])` #### False Positive *Full* warning from...

fidalgo

brakeman
brakeman copied to clipboard

Metadata

Fix markdown message with pipe character

Possible unprotected redirect for URL

Report on: allow_forgery_protection = false

I would like brakeman docker image to be cross platform

Apparently never ending "Indexing call sites..."

Possible false positive for unprotected redirect using Pundit policy_scopes

`latest` brakeman image in docker hub is older than `5.2.1`

Trigger Mass Assignment rule on other foreign keys than account_id

SQL injection false negative for connections on complex objects

Unscoped find with `find` and `find_by`

← Metadata

Owner

Metadata

brakeman brakeman copied to clipboard

Metadata

← Metadata

Owner

Metadata

brakeman
brakeman copied to clipboard