Justin Collins
Justin Collins
That's the longest successful run I've ever heard of. Unless there is a really obvious root cause that you can easily reproduce with sample code, it's probably going to be...
@akimd Not as-is, but adding logging for different stages is pretty easy. I can send you a diff, if you want. Typically, though, there is some pathological case that causes...
Hi @montdidier! Thank you for bringing this up. I'm not 100% convinced the current state of Brakeman is wrong, but the wording of the changes is a bit confusing. However,...
Okay, I've got it now. This only applies to upgraded apps. This seems like a bit of a catch-22. If the app is upgraded, it needs to have the configuration...
Okay, I think I see the disconnect here. > if config.action_controller.default_protect_from_forgery is nil as what might expect in an upgraded app, [...] > > It might not be enabled explicitly...
Opened https://github.com/presidentbeef/brakeman/pull/1531 to at least load the config into `tracker.config.rails[...]`.
I have a branch that will do what you expect. Stay tuned, I'll have a PR up soon.
@montdidier I've merged into `main`. Can you rebase and test that behavior is what you expect? Some actual tests would be nice, too, if you have time.