brakeman issues

More granularity to --no-exit-on-warn

1

**Is your feature request related to a problem? Please describe.** Currently, regardless of the Warning _Confidence_, warnings can either be considered to be exited on or not. It'd be great...

ain

feature request

Where can I find a description of the JSON report's file format?

2

I want to set up some processing code for the JSON report of brakeman, but I can't find any good data on what the individual entries in the `errors` and...

ianfixes

feature request

Invalid Synopsis Email in LICENSE.md

The email address provided in the "Commercial Uses" section in LICENSE.md is invalid. Emails send to that address return with "User unknown" notice.

hauke-altmann-as

How to fix this command injection warning

2

**Background** Brakeman version: 3.6.1 Rails version: 4.2.7.1 Ruby version: 2.1.2 Hi, sorry if this is a stupid question, but ive trying for a few days to fix my command injection...

alu0100921038

how to fix "Potentially unsafe model attribute in link_to href"

1

I've been looking through the discussions in other issues about false positives, use of sanitize and so on, and am reading that sanitize doesn't completely protect against all circumstances, but...

tansaku

Namespaced classes that are not fully qualified can cause difference in false positives/negatives

3

### Background Brakeman version: 4.5.1 Rails version: 5.0.7.2 Ruby version: 2.4.3 Link to [Rails application code](https://github.com/doliveirakn/brakeman-1387): ### Issue What problem are you seeing? If we reference a namespaced ActiveRecord module...

doliveirakn

False negative: 'name LIKE ?', params[:name]

3

### Background Brakeman version: 3.5.0 Rails version: 4.2.11.1 Ruby version: 2.4.6 ### False negative The follow code is not show as a warning on Brakeman. ```ruby paginate(current_scope.organizations.where("name LIKE ?", "#{params[:name]}%"))...

tpgunther

Dynamic Render Path false positive

1

### Background Brakeman version: 4.7.0 Rails version: 5.2.3 Ruby version: 2.5.3 #### False Positive *Full* warning from Brakeman: ``` Confidence: Weak Category: Dynamic Render Path Check: Render Message: Render path...

grantbdev

Unvalidated redirect false negatives

1

### Background Brakeman version: 4.6.1 Rails version: 5.2.3 Ruby version: Using brakeman docker image ### Issue I noticed a few places where brakeman doesn't flag certain instances of unvalidated redirect...

swallenfriedman

Cannot use brakeman to scan active record code out of rails context

3

**Is your feature request related to a problem? Please describe.** We would love to use brakeman in context of libraries or graphql ruby backend code, not necessarily directly bound to...

jdehaan

brakeman
brakeman copied to clipboard

Metadata

More granularity to --no-exit-on-warn

Where can I find a description of the JSON report's file format?

Invalid Synopsis Email in LICENSE.md

How to fix this command injection warning

how to fix "Potentially unsafe model attribute in link_to href"

Namespaced classes that are not fully qualified can cause difference in false positives/negatives

False negative: 'name LIKE ?', params[:name]

Dynamic Render Path false positive

Unvalidated redirect false negatives

Cannot use brakeman to scan active record code out of rails context

← Metadata

Owner

Metadata

brakeman brakeman copied to clipboard

Metadata

← Metadata

Owner

Metadata

brakeman
brakeman copied to clipboard