Releases | Ecosyste.ms: Ruby

https://github.com/presidentbeef/brakeman - 8.0.2

Reline console control should use stderr
Fix logger cleanup based method (Imran Iqbal)

- Ruby
Published by presidentbeef 28 days ago

https://github.com/presidentbeef/brakeman - 8.0.1

Fix for disappearing cursor when no warnings are reported

- Ruby
Published by presidentbeef about 1 month ago

https://github.com/presidentbeef/brakeman - 8.0.0

Complete revamp of scan progress output and logging
--skip-libs removed (#1839
--index-libs removed
Fix qualified constant lookup to respect module/class context (Mike Dalessio)
Fix singleton method prefixes (viralpraxis)
Faster file globbing for templates (Mikael Henriksson)
No longer produce weak dynamic render path warnings
Replace Erubis with Erubi (#1970)

- Ruby
Published by presidentbeef about 1 month ago

https://github.com/presidentbeef/brakeman - 7.1.2

This was released on December 25, 2025

Update ruby_parser to remove max version restriction (Chedli Bourguiba)
Increase minimum Ruby version to 3.2.0
Reduce SQL injection false positives from count (and other) calls (#1936)
Remove more XSS false positives related to Haml attribute builder
Update Minitest version to 6.0

- Ruby
Published by presidentbeef about 1 month ago

https://github.com/presidentbeef/brakeman - 7.1.1

Exclude directories before searching for files (#1925)
Check for unsafe SQL when two arguments are passed to AR methods (Patrick Brinich-Langlois)
Fix SQL injection check for calculate method (Rohan Sharma)
Check each side of or SQL arguments (#1935)
Consider Tempfile.create.path as safe input (Ali Ismayilov)
Fix false positive when calling with_content on ViewComponents (Peer Allan)
Add FilePath#to_path for Ruby 3.5 compatibility (S.H.)
Ignore attribute builder in Haml 6 (#1952)
Word wrap text report output in pager

- Ruby
Published by presidentbeef 4 months ago

https://github.com/presidentbeef/brakeman - 7.1.0

Add Haml 6.x support (#1914, #1841, etc.)
Support render model shortcut (#959, #1940, etc.)
Add --ensure-no-obsolete-config-entries option (viralpraxis)
Update JUnit report for CircleCI (Philippe Bernery)
Improve ignored warnings layout in HTML report (Sebastien Savater)
Only load escape functionality from cgi library (Earlopain)
Add EOL dates for Rails 8.0 and Ruby 3.4
Use lazy file lists for AppTree

- Ruby
Published by presidentbeef 8 months ago

https://github.com/presidentbeef/brakeman - 7.0.2

Fix error with empty BUNDLE_GEMFILE env variable

- Ruby
Published by presidentbeef 11 months ago

https://github.com/presidentbeef/brakeman - 7.0.1

Avoid warning on evaluation of plain strings (#1919)
Enable use of custom/alternative Gemfiles (#1840, #1907)
Fix error on directory with rb extension (viralpraxis)
Support terminal-table 4.0 (Chedli Bourguiba)
Better support Prism 1.4.0 (#1927)
Only output timing for each file when using --debug

- Ruby
Published by presidentbeef 11 months ago

https://github.com/presidentbeef/brakeman - 7.0.0

Default to using Prism parser if available (disable with --no-prism)
Disable following symbolic links by default (re-enable with --follow-symlinks)
Remove updated entry in Brakeman ignore files (Toby Hsieh)
Major changes to how rescanning works
Fix hardcoded globally excluded paths (#1830)
Always warn about deserializing from Marshal
Update eval check to be a little noisier
Output originalBaseUriIds for SARIF format report (#1889)
Add step (and timing) for finding files
Fix recursion when handling multiple assignment expressions (#1877)
Fix array/hash unknown index handling
Update terminal-table version
Add CSV library as explicit dependency for Ruby 3.4 support
Raise minimum Ruby version to 3.1

- Ruby
Published by presidentbeef about 1 year ago

https://github.com/presidentbeef/brakeman - 6.2.2

New end-of-support dates for Rails
Revamp command injection detection in pipeline* calls (#1862)
Exclude more native gems from vendored gems in brakeman gem (#1869)

- Ruby
Published by presidentbeef over 1 year ago

https://github.com/presidentbeef/brakeman - 6.2.1

Add optional support for Prism parser (use --prism)
Handle parallel assignment with splats (#1833)
Warn about unscoped finds with find_by! (#1786)
Add initial Rails 8 support (Ron Shinall)
Add support for symbolic links (Lu Zhu)
Support YAML aliases in secret configs (Chedli Bourguiba)
Add --show-ignored option (Gabriel Arcangel Zayas)
Treat ::X and X the same, for now (Jill Klang)
Remediation advice for command injection Nicholas Barone
Fix compatibility with default frozen string literals (Jean Boussier)
Fix Ruby warnings in test suite (Jean Boussier)

- Ruby
Published by presidentbeef over 1 year ago

https://github.com/presidentbeef/brakeman - 6.1.2

Avoid detecting Phlex components as dynamic render paths (Máximo Mussini)
Avoid detecting ViewComponentContrib::Base as dynamic render paths (vividmuimui)
Avoid copying Sexps that are too large (#1818, #1546)
Add EOL date for Ruby 3.3.0
Remove deprecated use of Kernel#open("|...")
Remove safe_yaml gem dependency
Update Highline to 3.0 (#1812)

- Ruby
Published by presidentbeef about 2 years ago

https://github.com/presidentbeef/brakeman - 6.1.1

Handle racc as a default gem in Ruby 3.3.0

- Ruby
Published by presidentbeef about 2 years ago

https://github.com/presidentbeef/brakeman - 6.1.0

Add check for unfiltered search with Ransack
Add --timing to add timing duration for scan steps
Add PG::Connection.escape_string as a SQL sanitization method (Joévin Soulenq)
Handle class << self
Fix class method lookup in parent classes
Fix keyword splats in filter arguments

- Ruby
Published by presidentbeef about 2 years ago

https://github.com/presidentbeef/brakeman - 6.0.0.1 - Docker only

This release is to fix the Ruby version used in the Docker image.

No other changes.

- Ruby
Published by presidentbeef almost 3 years ago

https://github.com/presidentbeef/brakeman - 6.0.0

Drop support for Ruby 1.8/1.9 syntax
Raise minimum Ruby version to 3.0
Add obsolete fingerprints to comparison report (#1758)
Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
Fix false positive with content_tag in newer Rails (#1778)
Scan directories that include the word public
Fix end-of-life dates for Ruby

- Ruby
Published by presidentbeef almost 3 years ago

https://github.com/presidentbeef/brakeman - 5.4.1

Add Rails 6.1 and 7.0 default configuration values
Support Rails 7 redirect options
Add redirect_back and redirect_back_or_to to open redirect check
Revise checking for request.env to only consider request headers
Prevent redirects using url_from being marked as unsafe (Lachlan Sylvester)
Warn about unscoped find for find_by(id: ...)
Support presence, presence_in and in? (#1569)
Fix issue with if expressions in when clauses (#1743)
Fix file/line location for EOL software warnings

- Ruby
Published by presidentbeef about 3 years ago

https://github.com/presidentbeef/brakeman - 5.4.0

Add check for weak RSA key sizes and padding modes (#1736)
Add check for absolute paths issue with Pathname (#1721)
Handle multiple values and splats in case/when (#1730)
Ignore more model methods in redirects (#1723)
Fix load_rails_defaults overwriting settings in the Rails application (James Gregory-Monk)
Use relative paths for CodeClimate report format (Mike Poage)

- Ruby
Published by presidentbeef over 3 years ago

https://github.com/presidentbeef/brakeman - 5.3.1

Fix version range for CVE-2022-32209

- Ruby
Published by presidentbeef over 3 years ago

https://github.com/presidentbeef/brakeman - 5.3.0

Add CWE information to warnings (Stephen Aghaulor)
Include explicit engine or lib paths in vendor/ (Joe Rafaniello)
Add check for CVE-2022-32209
Load rexml as a Brakeman dependency
Fix "full call" information propagating unnecessarily

- Ruby
Published by presidentbeef over 3 years ago

https://github.com/presidentbeef/brakeman - 5.2.3

Fix error with hash shorthand syntax (#1700)
Match order of interactive options with help message (@roryokane)

- Ruby
Published by presidentbeef over 3 years ago

https://github.com/presidentbeef/brakeman - 5.2.2

Respect equality in if conditions (#1683)
Update message for unsafe reflection (Pedro Baracho)
Handle nil when joining values (Dan Buettner)
Add additional String methods for SQL injection check (#1669)
Update ruby_parser for Ruby 3.1 support (Merek Skubela)

- Ruby
Published by presidentbeef almost 4 years ago

https://github.com/presidentbeef/brakeman - 5.2.1

Add warning codes for EOL software warnings (#1671)

- Ruby
Published by presidentbeef about 4 years ago

https://github.com/presidentbeef/brakeman - 5.2.0

Initial Rails 7 support (#1653)
Require Ruby 2.5.0+ (#1649)
Fix issue with calls to foo.root in routes (#1640)
Ignore I18n.locale in SQL queries (#1597)
Do not treat sanitize_sql_like as safe
Add new checks for unsupported Ruby and Rails version
Bundled version of ruby_parser updated to 3.18.1

- Ruby
Published by presidentbeef about 4 years ago

https://github.com/presidentbeef/brakeman - 5.1.2

Updated ruby_parser (Ryan Davis)
Fix issue where the previous output is still visible (Jason Frey)
Handle cases where enums are not symbols (#1627)
Support newer Haml with ::Haml::AttributeBuilder.build
Fix sorting with nil line numbers

- Ruby
Published by presidentbeef over 4 years ago

https://github.com/presidentbeef/brakeman - 5.1.1

Unrefactor IgnoreConfig's use of Brakeman::FilePath

(Fixes bugs with -I and also relative paths for -i.)

- Ruby
Published by presidentbeef over 4 years ago

https://github.com/presidentbeef/brakeman - 5.1.0

Report Formats
- Add GitHub Actions format (Klaus Badelt)
- Add ignored warnings to SARIF report (Eli Block)
- Fix SARIF report when checks have no description (Eli Block)
- Adjust copy of --interactive menu (Elia Schito)
Performance
- Read and parse files in parallel
Ruby Interpretation
- Initial support for ActiveRecord enums (#1492)
- Interprocedural dataflow from very simple class methods
- Support Array#fetch and Hash#fetch (#1571)
- Support Array#push
- Support Array#*
- Better Array#join support
- Support Hash#values and Hash#values_at
- Support Hash#include?
SQL Injection
- Update SQL injection check for Rails 6.0/6.1
- Add --sql-safe-methods option (Esty Scheiner)
- Ignore dates in SQL
- Ignore sanitize_sql_like in SQL (#1571)
- Ignore method calls on numbers in SQL (#1571)
Other Fixes
- Ignore renderables in dynamic render path check (Brad Parker)
- Fix false positive in command injection with Open3.capture (Richard Fitzgerald)
- Fix infinite loop on mixin self-includes (Andrew Szczepanski)
- Check for user-controlled evaluation even if it's a call target (#1590)
Refactoring
- Refactor cookie?/param? methods (Keenan Brock)
- Better method definition tracking and lookup

- Ruby
Published by presidentbeef over 4 years ago

https://github.com/presidentbeef/brakeman - 5.0.4

Update bundled ruby_parser to include argument forwarding support (brakeman gem only)

- Ruby
Published by presidentbeef over 4 years ago

https://github.com/presidentbeef/brakeman - 5.0.2

Fix Loofah version check

- Ruby
Published by presidentbeef over 4 years ago

https://github.com/presidentbeef/brakeman - 5.0.1

Support loading slim/smart (#1570)
Set more line numbers on Sexps (#1579)
Detect ::Rails.application.configure too (#1584)
Always ignore slice/only calls for mass assignment
Don't fail if $HOME/$USER are not defined
Convert splat array arguments to arguments
Bundle unreleased RubyParser changes

- Ruby
Published by presidentbeef almost 5 years ago

https://github.com/presidentbeef/brakeman - 5.0.0

Scan (almost) all Ruby files in project
Revamp CSV report to a CSV list of warnings
Add Sonarqube report format (Adam England)
Add check for (more) unsafe method reflection (#1488, #1507, and #1508)
Add check for potential HTTP verb confusion (#1432)
Add --[no-]skip-vendor option
Ignore uuid as a safe attribute
Ignore Tempfile#path in shell commands
Ignore development environment
Collapse __send__ calls
Set Rails configuration defaults based on load_defaults version
Update Ruby requirement to version 2.4.0
Suggest using --force if no Rails application is detected

- Ruby
Published by presidentbeef about 5 years ago

https://github.com/presidentbeef/brakeman - 4.10.1

Declare REXML as a dependency (Ruby 3.0 compatibility)
Use Sexp#sexp_body instead of Sexp#[..] (Ruby 3.0 compatibility)
Prevent render loops when template names are absolute paths (#1536)
Ensure RubyParser is passed file path as a String (#1534)
Support new Haml 5.2.0 escaping method (#1517)

- Ruby
Published by presidentbeef about 5 years ago

https://github.com/presidentbeef/brakeman - 5.0.0.pre1

Add check for (more) unsafe method reflection
Suggest using --force if no Rails application is detected
Add Sonarqube report format (Adam England)
Add check for potential HTTP verb confusion
Add --[no-]skip-vendor option
Scan (almost) all Ruby files in project
Add support for Haml 5.2.0

- Ruby
Published by presidentbeef over 5 years ago

https://github.com/presidentbeef/brakeman - 4.10.0

Add SARIF report format (Steve Winton)

- Ruby
Published by presidentbeef over 5 years ago

https://github.com/presidentbeef/brakeman - 4.9.1

Use version from active_record for non-Rails apps (Ulysse Buonomo)
Check chomped strings for SQL injection (#1509)
Always set line number for joined arrays (#1499)
Avoid warning about missing attr_accessible if protected_attributes gem is used (#1512)
Bundle latest ruby_parser (4.15.0)

- Ruby
Published by presidentbeef over 5 years ago

https://github.com/presidentbeef/brakeman - 4.9.0

Add --ensure-ignore-notes (Eli Block)
Add check for user input in ERB.new (Matt Hickman)
Add check for CVE-2020-8166 (Jamie Finnigan)
Always scan environment.rb
Avoid warning when safe_yaml is used via YAML.load(..., safe: true)
Do not warn about mass assignment with params.permit!.slice
Ignore params.permit! in path helpers
Treat Dir.glob as safe source of values in guards
Remove whitelist/blacklist language, add clarifications
Add "full call" information to call index results
Updated Slim dependency (Jeremiah Church)

- Ruby
Published by presidentbeef over 5 years ago

https://github.com/presidentbeef/brakeman - 4.8.1

Warn about global(!) mass assignment
Check SQL query strings using String#strip or String.squish (#1459)
Handle non-symbol keys in locals hash for render (#1465)
Index calls in render arguments (#1459)

- Ruby
Published by presidentbeef almost 6 years ago

https://github.com/presidentbeef/brakeman - 4.8.2

Add --text-fields option
Add check for CVE-2020-8159
Add check for escaping HTML entities in JSON configuration option
Fix authenticate_or_request_with_http_basic check for passed blocks (Hugo Corbucci)

- Ruby
Published by presidentbeef almost 6 years ago

https://github.com/presidentbeef/brakeman - 4.8.0

Add JUnit XML report format (Naoki Kimurai)
Sort ignore files by fingerprint and line (Ngan Pham)
Catch dangerous concatenation in CheckExecute (Jacob Evelyn)
User-friendly message when ignore config file has invalid JSON (D. Hicks)
Freeze call index results, fix thread-safety issue
Properly render confidence in Markdown report (#1446)
Report old warnings as fixed if zero warnings reported
Initialize Rails version with nil (Carsten Wirth)
Fix output test when using newer Minitest

- Ruby
Published by presidentbeef about 6 years ago

https://github.com/presidentbeef/brakeman - 4.7.2

Add request.params as query parameters (#1398)
Handle more permit! cases (#1426)
Remove version guard for named_scope vs. scope
Find SQL injection in String#strip_heredoc target (#1433)
Ensure file name is set when processing models
Bundle ruby_parser version 3.14.1 (#1429)

- Ruby
Published by presidentbeef over 6 years ago

https://github.com/presidentbeef/brakeman - 4.7.1

Sort text report by file and line (Jacob Evelyn)
Catch reverse tabnabbing with :_blank symbol (Jacob Evelyn)
Convert s(:lambda) to s(:call) in Sexp#block_call (#1410)
Check string length against limit before joining
Fix flaky rails4 test (Adam Kiczula)
Fix errors from frozen Symbol#to_s in Ruby 2.7
Add release dates to each version in CHANGES (TheSpartan1980)

- Ruby
Published by presidentbeef over 6 years ago

https://github.com/presidentbeef/brakeman - 4.7.0

Update Haml support to Haml 5.x (#1044)
Catch shell injection from -c shell commands (Jacob Evelyn)
Correctly handle non-symbols in CheckCookieSerialization (Phil Turnbull)
Refactor Brakeman::Differ#second_pass (Benoit Côté-Jodoin)
Fix version_between? (Andrey Glushkov)
Ignore interpolation in %W[] (#1399)
Ignore form_for for XSS check

- Ruby
Published by presidentbeef over 6 years ago

https://github.com/presidentbeef/brakeman - 4.6.1

Fix Reverse Tabnabbing warning message (Steffen Schildknecht / Jörg Schiller)

- Ruby
Published by presidentbeef over 6 years ago

https://github.com/presidentbeef/brakeman - 4.6.0

Add check for cookie serialization with Marshal (#1316)
Add reverse tabnabbing check (Linos Giannopoulos)
Avoid warning about file access with ActiveStorage::Filename#sanitized (Tejas Bubane)
Update loofah version for fixing CVE-2018-8048 (Markus Nölle)
Warn people that Haml 5 is not fully supported (Jared Beck)
Index calls in initializers
Improve template output handling in conditional branches
Avoid assigning nil line numbers to Sexps
Add special warning code for custom checks
Add call matching by regular expression
Skip calls to dup (#1374)
Restore Warning#relative_path
Better handling of gems with no version declared

- Ruby
Published by presidentbeef over 6 years ago

https://github.com/presidentbeef/brakeman - 4.5.1

Add initial Rails 6 support
Add optional check for config.force_ssl (#1181)
Add deserialization warning for Oj.load/object_load
Add SQL injection checks for destroy_by/delete_by
Add SQL injection checks for find_or_create_by and friends
Check link_to with block for href XSS (#1339)
Convert !! calls to boolean value (#1343)
Use relative paths for __FILE__
Represent file paths internally as Brakeman::FilePath
Handle empty partial names
Handle trailing comma in block args
Remove code for Ruby versions prior to 1.9

- Ruby
Published by presidentbeef almost 7 years ago

https://github.com/presidentbeef/brakeman - 4.5.0

Officially drop support for running with older Ruby versions
More thoroughly handle Shellwords escaping (#1323)
Handle non-integer version number comparisons (#1305)
Better handling of splat/kwsplat arguments (#1204)
Handle ** inside Hash literals
Add support for CoffeeScript in Slim templates
Improve support for embedded template "filters"
Remove Sass dependency
Avoid joining strings with different encodings
Improve "user input" reported for SQL injection
Stop swallowing exceptions in AliasProcessor
Add original exception to Tracker#errors list
Use FileParser in Scanner to parse files
Set location information in CheckContentTag
Update RubyParser to 3.13.0

- Ruby
Published by presidentbeef almost 7 years ago

https://github.com/presidentbeef/brakeman - 4.4.0

Add check for CVE-2018-3760
Add --enable option to enable optional checks
Add Dockerfile to run Brakeman inside Docker (Ryan Kemper)
Handle empty secrets.yml files (Naoki Kimura)
Ignore Tempfiles in FileAccess warnings (Christina Koller)
Avoid warning about command injection when String#shellescape and Shellwords.shelljoin are used (George Ogata)
Treat if not like unless (#1225)
Fix Rails 4 configuration handling
Set default encoding to UTF-8
Support reading gem versions from gemspecs
Support gem versions which are just major.minor (e.g. 3.0)
Correctly set rel="noreferrer" in HTML reports
Fix thread-safety issue in CallIndex
Fix trim mode for ERb templates in old Rails versions
Avoid nil errors when concatenating arrays
Add rendered template information to render paths
Trim some unnecessary files from bundled gems
Deadcode and typo fixes found via Coverity
Complete overhaul of warning message construction
Update to Slim 4.0.1 (Jake Peterson)
Update to RubyParser 3.12.0
Updated license

- Ruby
Published by presidentbeef about 7 years ago

https://github.com/presidentbeef/brakeman - 4.3.1

Add :BRAKEMAN_SAFE_LITERAL to represent known-safe literals
Handle Array#map and Array#each over literal arrays (#1208 / #1224)
Use safe literal when accessing literal hash with unknown key (#1213)
Allow symbolize_keys to be called on params in SQL (Jacob Evelyn)
Improve handling of conditionals in shell commands (Jacob Evelyn)
Avoid deprecated use of ERB in Ruby 2.6 (Koichi ITO)
Ignore Object#freeze, use the target instead (#1211)
Ignore foreign_key calls in SQL (#1202)
Handle included calls outside of classes/modules (#1209)
Fix error when setting line number in implicit renders (#1210)

- Ruby
Published by presidentbeef over 7 years ago

https://github.com/presidentbeef/brakeman - 4.3.0

Add --parser-timeout option
Improve timeout error messages
Check exec-type calls even if they are targets (#1199)
Index Kernel#` calls even if they are targets (#1183)
BaseCheck#include_interp? should return first string interpolation (#1189)
Ignore Process.pid in system calls
Warn about dangerous link_to href with sanitize() (#1187)
Ignore params#to_h and params#to_hash in SQL checks (#1180)
Convert Array#join to string interpolation (#1179)
Change "".freeze to just "" (#1182)
--color can be used to force color output (#1175)
Track parent calls in call index
Fix reported line numbers for CVE-2018-3741 and CVE-2018-8048
Code Climate: omit leading dot from only_files (Todd Mazierski)

- Ruby
Published by presidentbeef almost 8 years ago

https://github.com/presidentbeef/brakeman - 4.2.1

Add warning for CVE-2018-3741
Add warning for CVE-2018-8048
Scan app/jobs/ directory
Handle template_exists? in controllers (#1124)

- Ruby
Published by presidentbeef almost 8 years ago

https://github.com/presidentbeef/brakeman - 4.2.0

Handle ERb use of String#<< method for Ruby 2.5 (Pocke)
Exclude template folders in lib/ (kru0096)
Warn about SQL injection with not
Avoid warning about symbol DoS on Model#attributes (#1096)
Avoid warning about open redirects with model methods ending with _path(#1117)
Avoid warning about command injection with Shellwords.escape (#1159)
Use ivars from initialize in libraries
Fix multiple assignment of globals (#1155)
Sexp#body= can accept :rlist from Sexp#body_list
Update RubyParser to 3.11.0

- Ruby
Published by presidentbeef about 8 years ago

https://github.com/presidentbeef/brakeman - 4.1.1

Remove check for use of permit with *_id keys
Avoid duplicate warnings about permitted attributes

- Ruby
Published by presidentbeef about 8 years ago

https://github.com/presidentbeef/brakeman - 4.1.0

Add check for dangerous keys in permit
Add optional check for divide by zero
Remove errors about divide by zero
Warn about dynamic values in Arel.sql
Show better location for Sass errors (Andrew Bromwich)
Avoid warning about file access for temp files (#1110)
Avoid CSRF warning in Rails 5.2 default config (#1132)
Better processing of op_asgn1 (e.g. x[:y] += 1) (#1103)
Handle nested destructuring/multiple assignment
Do not warn on params.permit with safe values (#1000)
Use HTTPS for warning links
Try to guess options for less pager (#1118)
Do not page if results fit on screen
Leave results on screen after paging
Fix upgrade version for CVE-2016-6316
Fix include_paths for Code Climate engine (Will Fleming)
Support app_path configuration for Code Climate engine (Noah Davis)
Refactor Code Climate engine options parsing (Noah Davis)

- Ruby
Published by presidentbeef about 8 years ago

https://github.com/presidentbeef/brakeman - 4.0.1

Disable pager when CI environment variable is set
Fix output when pager fails

- Ruby
Published by presidentbeef over 8 years ago

https://github.com/presidentbeef/brakeman - 4.0.0

--exit-on-warn is now the default (#852)
--exit-on-error is now the default (#1083)
"Plain" report output is now the default
Add simple pager for reports output to terminal
Remove low confidence mass assignment warnings
Reduce warnings about XSS in link_to
Treat request.cookies like cookies (#1090)
Treat fail/raise like early returns (#754)
Rename "Cross Site Scripting" to "Cross-Site Scripting" (Paul Tetreau)
Remove reliance on CONFIDENCE constant in checks
Fix --exit-on-error and --exit-on-warn in config files

- Ruby
Published by presidentbeef over 8 years ago

https://github.com/presidentbeef/brakeman - 3.7.2

Fix --ensure-latest (David Guyon)

- Ruby
Published by presidentbeef over 8 years ago

https://github.com/presidentbeef/brakeman - 3.7.1

Handle simple guard with return at end of branch (#1073)
Add more collection methods for iteration detection
Modularize bin/brakeman
Improve multi-value Sexp error message
Update ruby2ruby and ruby_parser dependencies

- Ruby
Published by presidentbeef over 8 years ago

https://github.com/presidentbeef/brakeman - 3.7.0

Avoid interpolating hashes/arrays on failed access (#921)
Fix false positive for redirect_to in Rails 4 (Mário Areias)
Show progress indicator in interactive mode (#1012)
Handle simple conditional guards that use return (#1057)
Improve support for rails4/rails5 options in config file (#1059)
Updated RubyParser to master

- Ruby
Published by presidentbeef over 8 years ago

https://github.com/presidentbeef/brakeman - 3.6.2

Remove --rake option
By default, do not honor additional check paths in config
Properly handle template names without .html or .js
Catch YAML parsing errors in session settings check (#1046)
Better handling of if expressions in HAML rendering (#1032)
Avoid warning about SQLi with to_s in exists? (#1045)
Handle safe call operator in checks (#1031)
Handle empty if expressions when finding return values
Set template file names during rendering for better errors
Limit Slim dependency to before 3.0.8
Update RubyParser to 3.9.0

- Ruby
Published by presidentbeef almost 9 years ago

https://github.com/presidentbeef/brakeman - 3.6.1

Fix error when using --compare (Sean Gransee)

- Ruby
Published by presidentbeef almost 9 years ago

https://github.com/presidentbeef/brakeman - 3.6.0

Branch inside of case expressions (#944, #972, #1002)
Check targetless SQL calls outside of known models
Fix issue with nested interpolation inside SQL strings (#1008)
Add --exit-on-error (Michael Grosser)
Only report CVE-2015-3227 when exact version is known (#933, #995)
Print command line option errors without modification (#1010)
Ignore GraphQL tags inside ERB templates
Avoid recursive Concerns

- Ruby
Published by presidentbeef almost 9 years ago

https://github.com/presidentbeef/brakeman - 3.5.0

Warn about SQL injection even if target is not known ActiveRecord model
Avoid warning about models as SQL injection (#655, #680, #833)
Avoid warning about SQLi in all, first, or last after Rails 4.0
Treat templates without .html as HTML anyway (#790)
Report check name in JSON and plain reports (#971)
Add --ensure-latest option (tamgrosser / Michael Grosser)
Add --no-summary to hide summaries in HTML/text reports (#963)
Fail on invalid checks specified by -x or -t (#970)
Handle included block in concerns (#958)
Updated RubyParser/Ruby2Ruby dependencies

- Ruby
Published by presidentbeef about 9 years ago