Sha256: 52bd9172b0b00ee727f6e93023f37668d76e5c8d6ab55ddf82e0d295b93734c6

Contents?: true

Size: 877 Bytes

Versions: 177

Compression:

Stored size: 877 Bytes

Contents

Can detect:
-Possibly unescaped model attributes or parameters in views (Cross Site Scripting)
-Bad string interpolation in calls to Model.find, Model.last, Model.first, etc., as well as chained calls (SQL Injection)
-String interpolation in find_by_sql (SQL Injection)
-String interpolation or params in calls to system, exec, and syscall and `` (Command Injection)
-Unrestricted mass assignments
-Global restriction of mass assignment
-Missing call to protect_from_forgery in ApplicationController (CSRF protection)
-Default routes, per-controller and globally
-Redirects based on params (probably too broad currently)
-Validation regexes not using \A and \z
-Calls to render with dynamic paths

General capabilities:
-Search for method calls based on target class and/or method name
-Determine 'output' of templates using ERB, Erubis, or HAML. Can handle automatic escaping

Version data entries

177 entries across 177 versions & 3 rubygems

Version Path
brakeman-min-3.7.2 FEATURES
brakeman-lib-3.7.2 FEATURES
brakeman-3.7.2 FEATURES
brakeman-lib-3.7.1 FEATURES
brakeman-min-3.7.1 FEATURES
brakeman-3.7.1 FEATURES
brakeman-lib-3.7.0 FEATURES
brakeman-min-3.7.0 FEATURES
brakeman-3.7.0 FEATURES
brakeman-min-3.6.2 FEATURES
brakeman-lib-3.6.2 FEATURES
brakeman-3.6.2 FEATURES
brakeman-3.6.1 FEATURES
brakeman-min-3.6.1 FEATURES
brakeman-lib-3.6.1 FEATURES
brakeman-lib-3.6.0 FEATURES
brakeman-min-3.6.0 FEATURES
brakeman-3.6.0 FEATURES
brakeman-min-3.5.0 FEATURES
brakeman-lib-3.5.0 FEATURES