Ruby on Rails Static Analysis Security Tool

Brakeman 5.1.2 Released

Here’s a small bugfix release with a big parser update!

Huge thanks as always to Ryan Davis for maintaining ruby_parser.

Changes since 5.1.1:

  • Updated ruby_parser (Ryan Davis)
  • Fix issue where the previous output is still visible (Jason Frey)
  • Handle cases where enums are not symbols (#1627)
  • Support newer Haml with
  • Fix sorting with nil line numbers

Updated RubyParser

Once again, Ryan Davis comes through with a great update of ruby_parser including support for newer Ruby 2.7 and 3.0 syntaxes as well as many other fixes and improvements.


Output Cleanup

Jason Frey cleaned up the Processing libs... updates so it doesn’t look like Processing libs...ssed anymore.


Enums Without Symbols

Calls to enum where the first argument is not a symbol will be ignored for now.


Newer Haml

In Haml 5.2.2 the method started popping up and Brakeman was treating it as suspicious.

For now, ignoring it because it seems pretty safe.


Sorting with Missing Line Numbers

In some, apparently rare cases, if two warnings have the same confidence, warning type, and are in the same file, but have nil line numbers, then it could (but doesn’t always) cause a sorting error.



The SHA256 sums for this release are:

d95b1cee8d751db8300c9390d8c90cf3e54f725c4d448f7ccfbdb9a723b6377a  brakeman-5.1.2.gem
8e6a25a4da113269e70a0e536325e8a18b02745f23dea25ecf640c675961961c  brakeman-lib-5.1.2.gem
7b272fa7efc2f25208614bd801993e2b161b4edbf8c423c93b6b13aaee09ae84  brakeman-min-5.1.2.gem

Reporting Issues

Thank you to everyone who reported bugs and contributed to this release!

Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.

Follow @brakeman on Twitter and hang out on Gitter for questions and discussion.