brakeman
https://github.com/presidentbeef/brakeman
Ruby
A static analysis security vulnerability scanner for Ruby on Rails applications
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
3 Subscribers
Add a CodeTriage badge to brakeman
Help out
- Issues
- False positive - unescaped model attribute
- Unsafe Deserialization False Negative - File access is not treated as tainted
- Unvalidated redirect false negatives
- XSS false positive when doing math on parameter values
- Do not prune ignore file entries for other types when running specific checks
- Command injection false positive with File.join()
- False positive: where(foo) if foo.is_a?(Hash)
- False positive: Possible unprotected redirect when passing a Hash argument via method call
- Command injection warning with conditional constant array
- False Positive: Interpolating method with constant return value interpreted as SQL Injection
- Docs
- Subscribe to help with docs for this repo and come back later