brakeman
https://github.com/presidentbeef/brakeman
Ruby
A static analysis security vulnerability scanner for Ruby on Rails applications
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
3 Subscribers
Add a CodeTriage badge to brakeman
Help out
- Issues
- check for potential HTTP verb confusion warns for `unless request.get?`
- Namespaced classes that are not fully qualified can cause difference in false positives/negatives (WIP)
- Brakeman fails to find strong parameters if the protected attributes gem is installed
- Another Dynamic Render Path false positive
- False negative: 'name LIKE ?', params[:name]
- False Positive: Interpolating method with constant return value interpreted as SQL Injection
- Namespaced classes that are not fully qualified can cause difference in false positives/negatives
- Consider warning on token, password checks that look vulnerable to timing attacks
- Use yard `@return` to resolve "Unresolved Model" errors
- false positive when using .order("FIELD(id, ...)")
- Docs
- Subscribe to help with docs for this repo and come back later