Brakeman - Rails Security Scanner

Static analysis security scanner for Ruby on Rails

Brakeman 1.2 Released

First Brakeman release of 2012!

Changes since 1.1:

  • Speed improvements for CheckExecute and CheckRender
  • Check named_scope and scope for SQL injection
  • Add --rake option to create rake task to run Brakeman
  • Add --summary option to only output summary
  • Add experimental support for rescanning a subset of files
  • Fix a problem with Rails 3 routes

Besides those, there has also been quite a bit of code improvement internally.

Speed Improvements

The checks for command injection and dynamic render paths should be considerably faster now.

More SQL Injection Checks

Thanks to a5sk4s for pointing out that Brakeman was not checking named_scope for SQL injection. This has been rectified. For Rails 3.1 and up, scope will be checked.

Also, it seems common to use Model.table_name inside SQL statements. This will no longer raise a warning.

Brakeman Rake Task

The --rake option can now be used to install a Rake task for running Brakeman. The task will be copied to lib/tasks/brakeman.rake.

To use, run this from the root of the Rails app:

brakeman --rake

Then, to run Brakeman:

rake brakeman:run

Naturally, this requires Rake to be installed.

To output to a specific file:

rake brakeman:run["report.html"]

More actions may be added in the future.

Summary Option

Sometimes the specifics of a scan are not needed. The --summary option will limit the report output to just the summary section.

Rescan for Subset of Files

This release adds experimental support for rescanning a subset of paths in a Rails application. Please see this example.

Issues

Please report any problems or questions on GitHub or send a tweet to @Brakeman!

Comments