Justin Collins
Justin Collins
Thank you for the clear examples and the example application! I am looking at this now... I really don't want to try to replicate Ruby's name resolution, but I don't...
I spent some time on this previously: https://github.com/presidentbeef/brakeman/compare/class_names There are a lot of changes because I tried to lift class names into an actual class instead of managing them as...
Hi @dreamsInDigital, thank you for bringing this up. I agree with you. It could be categorized as Remote Code Execution or even Server-Side Template Injection. I don't think it would...
I was thinking this was just changing the category but actually `render inline: ...` and `render text: ...` need to be separated out. (Just as a small update here.)
So... `string.find` has apparently never matched the documentation (the code is 8-9 years old). It's actually called `find_first`. You can see the mismatch here: https://github.com/presidentbeef/brat/blob/main/core/core.lua#L4910-L4924 `string.find` is from `enumerable.find` which...
Geez, even when you try to do everything right sometimes it's still not enough 😄
Brakeman does its best to scan all Ruby files in the scan directory, so in theory this is kind of addressed.
Added test and merged in #1776
Might have been fixed upstream. Not sure. But it's not a Brakeman issue.