github presidentbeef/brakeman v3.1.5

  • Support directories better in --only-files and --skip-files (Patrick Toomey)
  • Fix CodeClimate construction of --only-files (Will Fleming)
  • Avoid warning about permit in SQL (669)
  • Handle guards using detect (376)
  • Handle module names with self methods (#785)
  • Add session manipulation documentation (#791)
  • Check for implicit integer comparison in dynamic finders
  • Avoid warning on user input in comparisons
  • Add check for denial of service via routes (CVE-2015-7581)
  • Warn about RCE with render params (CVE-2016-0752)
  • Add check for strip_tags XSS (CVE-2015-7579)
  • Add check for sanitize XSS (CVE-2015-7578/80)
  • Add check for reject_if proc bypass (CVE-2015-7577)
  • Add check for mime-type denial of service (CVE-2016-0751)
  • Add check for basic auth timing attack (CVE-2015-7576)
  • Add initial Rails 5 support
latest releases: v5.1.1, v5.1.0, v5.0.4...
5 years ago