Changes since 3.6.2:
- Avoid interpolating hashes/arrays on failed access (#921)
- Fix false positive for
redirect_toin Rails 4 (Mário Areias)
- Show progress indicator in interactive mode (#1012)
- Handle simple conditional guards that use
- Improve support for
rails5options in config file (#1059)
- Updated RubyParser to master
Performance Improvement with Hash/Array Accesses
When Brakeman sees a hash or array access that it cannot resolve (i.e. can’t find the value for the key), it will no longer copy the entire hash/array value to the call site.
For some applications, this will significantly improve performance.
This may cause some warning fingerprints to change.
Unsafe Hash in Redirects
Thanks to Mário Areias, Brakeman correctly handles
Progress Indicator in Interactive Mode
-I to manage false positives, Brakeman will now show how far you are through the warnings.
Simple Guards with Return
Brakeman can now recognize simple guard conditions such as:
return unless [:safe, :values].include? params[:x]
Rails Version Option in Brakeman Configuration
It is now possible to specify just
:rails4: true or
:rails5: true in a Brakeman configuration file.
brakeman gem bundles as-of-yet unreleased changes in RubyParser. This includes “squiggly heredoc” support (
<<~), improved line numbers, and a few other fixes.
The SHA256 sums for this release are:
f46550d7c7827644a5663ccc10a6ca222e2534648f68630e3a777cb73df59824 brakeman-3.7.0.gem 0ea5359ae802284695500b92a03bf1d022574953a0da44607ff7f715f456c37e brakeman-min-3.7.0.gem f6f17e9f1f71a68b486d68f2b3413607fb47154a0fb6a6da23d9d7be87f37967 brakeman-lib-3.7.0.gem
Thank you to everyone who reported bugs and contributed to this release.
If you find Brakeman valuable and want to support its development, check out Brakeman Pro.