Changes since 4.7.1:
Some minor fixes for a minor release.
More Query Parameters
request.params
has been added as a query parameters method.
(changes)
More permit!
More cases of permit!
will be identified, particularly when it is the target of a method call.
(changes)
More Scopes
Both named_scope
and scope
will be handled regardless of detected Rails version.
(changes)
SQL Injection with strip_heredoc
strip_heredoc
is now treated as returning a string.
This fixes false positives if the target is a plain string and fixes false negatives if the target has interpolation.
(changes)
Model File Names
In some cases, warnings were missing file names because the file name was not being passed to the model processor.
The file name will now be passed along, and there is a new test in the test suite for file names on warnings.
(changes)
Checksums
The SHA256 sums for this release are:
Reporting Issues
Thank you to everyone who reported bugs and contributed to this release!
Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.
Hang out on GitHub for questions and discussion.