Some minor fixes for a minor release.
Changes since 4.7.1:
request.paramsas query parameters (#1398)
- Handle more
- Remove version guard for
- Find SQL injection in
- Ensure file name is set when processing models
ruby_parserversion 3.14.1 (#1429)
More Query Parameters
request.params has been added as a query parameters method.
More cases of
permit! will be identified, particularly when it is the target of a method call.
scope will be handled regardless of detected Rails version.
SQL Injection with
strip_heredoc is now treated as returning a string.
This fixes false positives if the target is a plain string and fixes false negatives if the target has interpolation.
Model File Names
In some cases, warnings were missing file names because the file name was not being passed to the model processor.
The file name will now be passed along, and there is a new test in the test suite for file names on warnings.
The SHA256 sums for this release are:
339d6f3707a2c0a32003536a231255b839a0b87bd6a7ebef3c82aedd1bdd3ac8 brakeman-4.7.2.gem 39ce3a5fe248dee8c78fe671441d2abbfec66cec923ee9f56c62018229d3c9b0 brakeman-lib-4.7.2.gem efa07aa8476ef5553c91734093349a3ed55e2ef05b469d3dcecfdaabede37296 brakeman-min-4.7.2.gem
Thank you to everyone who reported bugs and contributed to this release!
Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.
Follow @brakeman on Twitter and hang out on Gitter for questions and discussion.