presidentbeef/brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
RubyNOASSERTION
Issues
- 0
Incorrect identification of User input; Unable to dynamically render fully qualified path
#1845 opened by garettarrowood - 1
- 0
Parsing Error on splat operator
#1833 opened by ryochin - 4
Possibility to ignore/skip directories/paths
#1815 opened by djpremier - 1
Config in environment files generated by external services are not detected
#1794 opened by tdutreui-solocal - 2
False positive Send where `send` is inside conditional that prevents arbitrary user input.
#1782 opened by JoeCohen - 4
- 3
- 1
Unscoped find does not traverse concerns
#1787 opened by rbclark - 5
Parse error on Ruby 3.2 anonymous keyword spread
#1765 opened by Mange - 2
- 1
content_tag no longer considered dangerous
#1778 opened by oreoshake - 1
False positive for `protect_from_forgery` when defaults for rails 7 are used
#1784 opened by Pritilender - 3
- 2
Relax Rails app structure constraints
#1775 opened by gejustin - 2
Add checks for weak public-key cryptography
#1736 opened by bdewater - 1
Add "obsolete" entries to comparison results
#1758 opened by gPrado - 14
Segmentation Fault in ruby 3.2.0 ( EDIT: fixed in 3.2.2 )
#1753 opened by chaadow - 1
False positive for send_file
#1766 opened by daniel-prause - 5
- 4
Rule for Pathname.join with forward slash.
#1721 opened by tehryanx - 2
SVG Icon for vscode-icons
#1746 opened by anthony0030 - 0
case statement with ternary or if then causes crash
#1743 opened by andrewroth - 3
False positive dangerous send case when
#1730 opened by ngouy - 1
Missing tag in git for version 5.3.1
#1739 opened by dentarg - 1
Bang variants of `last`, `first` and similar fail with false positives.
#1723 opened by powersurge360 - 2
rails-html-sanitizer 1.4.3
#1727 opened by jmortlock - 0
brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module)
#1841 opened by kwerle - 1
Issue with adding autoload_paths for views dir
#1834 opened by iseth - 1
- 7
Brakeman does not follow directory symlinks
#1817 opened by lubert - 4
- 1
Controller with "log" in pathname excluded from scan
#1830 opened by scottwillson - 1
Check Graphql end-point for vulnerabilities
#1831 opened by palexvs - 2
- 2
Command Injection doesn't detect shellescape unless the code is in the same function
#1824 opened by allard - 2
Broken link to Unmaintained Dependency
#1757 opened by davetron5000 - 4
`abbrev` warning for ruby 3.4.0
#1812 opened by chaadow - 2
Brakeman unable to detect Renderables in a Gem?
#1819 opened by gavingmiller - 5
Brakeman hangs on some platforms
#1818 opened by stanley90 - 2
Documentation Missing for Path Traversal
#1808 opened by barnaclebarnes - 1
safe-methods: pass "pointed" methods?
#1738 opened by akimd - 8
- 5
- 4
UnsafeReflection requires array to be defined with values strictly in the context of the execution
#1816 opened by zhisme - 0
Unscoped find not alerted for `find_by!`
#1786 opened by rbclark - 1
- 0
- 0
- 1
Is it possible to enforce sanitization for all title attributes using `#h` or `#html_safe`?
#1741 opened by ndbroadbent