Justin Collins

All the path mangling happens here: https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/app_tree.rb

:thinking: Yes, sounds like a bug if using `ALLOWED_TYPES = Template::ALLOWED_TYPES.freeze` does not generate a finding but not using it does. Replicating Ruby's constant lookup is challenging, so this isn't...

I believe it comes down to [this method](https://github.com/presidentbeef/brakeman/blob/7c3498474843d7c2210a006901dd84f4976fc305/lib/brakeman/tracker/constants.rb#L103C31-L103C31) that adds in constants. Note the `context` parameter that does not get used at all. That parameter includes information about the module/class/method...

Hmmm... I kind of think if Haml has these filters installed by default now, that the fake filters aren't needed? :thinking: And I _think_ they were added in 6.0 when...

Hi @kevinjacobs - you are right, thank you for reporting this. It _should_ be equivalent to `--skip-files lib/ ` (or maybe `--skip-files /lib/`) but due to the change to scan...

I'm really leaning towards either making this entire check optional (non-default) or stop warning about anything that's not string interpolation. It's just becoming too noisy with some of these newer...

Hm, that doesn't really make sense. Brakeman doesn't do anything with `autoload_paths`. Are you sure there are no other changes?

:thinking: Seems interesting

Ignored warnings are included in the JSON output (e.g. `brakeman -f json`). That's the only good way right now.

What's the desired behavior you are looking for? 1. Ignore the ignore file 2. Show all warnings, but ignored warnings are in a separate section or otherwise marked 3. Show...