presidentbeef/brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
RubyNOASSERTION
Issues
- 0
Issue with adding autoload_paths for views dir
#1834 opened by iseth - 0
Parsing Error on splat operator
#1833 opened by ryochin - 4
- 1
Controller with "log" in pathname excluded from scan
#1830 opened by scottwillson - 1
Check Graphql end-point for vulnerabilities
#1831 opened by palexvs - 2
- 7
Brakeman does not follow directory symlinks
#1817 opened by lubert - 2
Command Injection doesn't detect shellescape unless the code is in the same function
#1824 opened by allard - 2
Broken link to Unmaintained Dependency
#1757 opened by davetron5000 - 4
`abbrev` warning for ruby 3.4.0
#1812 opened by chaadow - 2
Brakeman unable to detect Renderables in a Gem?
#1819 opened by gavingmiller - 5
Brakeman hangs on some platforms
#1818 opened by stanley90 - 2
Documentation Missing for Path Traversal
#1808 opened by barnaclebarnes - 1
safe-methods: pass "pointed" methods?
#1738 opened by akimd - 8
- 5
- 4
UnsafeReflection requires array to be defined with values strictly in the context of the execution
#1816 opened by zhisme - 4
Possibility to ignore/skip directories/paths
#1815 opened by djpremier - 1
Config in environment files generated by external services are not detected
#1794 opened by tdutreui-solocal - 4
- 2
False positive Send where `send` is inside conditional that prevents arbitrary user input.
#1782 opened by JoeCohen - 3
- 1
Unscoped find does not traverse concerns
#1787 opened by rbclark - 2
- 5
Parse error on Ruby 3.2 anonymous keyword spread
#1765 opened by Mange - 0
Unscoped find not alerted for `find_by!`
#1786 opened by rbclark - 1
False positive for `protect_from_forgery` when defaults for rails 7 are used
#1784 opened by Pritilender - 1
content_tag no longer considered dangerous
#1778 opened by oreoshake - 3
- 2
Relax Rails app structure constraints
#1775 opened by gejustin - 2
Add checks for weak public-key cryptography
#1736 opened by bdewater - 1
Add "obsolete" entries to comparison results
#1758 opened by gPrado - 14
Segmentation Fault in ruby 3.2.0 ( EDIT: fixed in 3.2.2 )
#1753 opened by chaadow - 5
- 1
- 1
False positive for send_file
#1766 opened by daniel-prause - 0
- 4
Rule for Pathname.join with forward slash.
#1721 opened by tehryanx - 0
- 2
SVG Icon for vscode-icons
#1746 opened by anthony0030 - 0
case statement with ternary or if then causes crash
#1743 opened by andrewroth - 1
Is it possible to enforce sanitization for all title attributes using `#h` or `#html_safe`?
#1741 opened by ndbroadbent - 1
Missing tag in git for version 5.3.1
#1739 opened by dentarg - 3
False positive dangerous send case when
#1730 opened by ngouy - 1
Bang variants of `last`, `first` and similar fail with false positives.
#1723 opened by powersurge360 - 1
UnscopedFind check ignore certain models
#1707 opened by Mathiou04 - 2
rails-html-sanitizer 1.4.3
#1727 opened by jmortlock - 0
Add Check: REDoS from match/match? coercing unsafe strings to regular expressions
#1714 opened by bensheldon - 2
Parsing error when using `render locals` with Ruby 3.1 shorthand hash syntax
#1709 opened by Timmitry - 2
License Request Email Broken
#1706 opened by carltonsmith