brakeman
https://github.com/presidentbeef/brakeman
Ruby
A static analysis security vulnerability scanner for Ruby on Rails applications
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
3 Subscribers
Add a CodeTriage badge to brakeman
Help out
- Issues
- Do not prune ignore file entries for other types when running specific checks
- Command injection false positive with File.join()
- False positive: where(foo) if foo.is_a?(Hash)
- False positive: Possible unprotected redirect when passing a Hash argument via method call
- Command injection warning with conditional constant array
- False Positive: Interpolating method with constant return value interpreted as SQL Injection
- Flag Cross-Site Scripting via loop in template
- Can brakeman check ERB/Slim/Haml files for link vulnerabilities?
- Namespaced classes that are not fully qualified can cause difference in false positives/negatives
- False positive - unescaped model attribute with escape_javascript
- Docs
- Subscribe to help with docs for this repo and come back later