Changes since 5.2.1:
- Respect equality in
- Update message for unsafe reflection (Pedro Baracho)
nilwhen joining values (Dan Buettner)
- Add additional String methods for SQL injection check (#1669)
ruby_parserfor Ruby 3.1 support (Merek Skubela)
Equality Checks in Conditions
When Brakeman comes across code like:
if x == 1 # do something with x end
It will now assume
1 inside of the
Unsafe Reflection Messages
Pedro Baracho updated the messages for unsafe reflection to be clearer.
Another String Joining Fix
Dan Buettner fixed an exception when a
nil gets into a string joining operation.
More SQL Injection
When Brakeman checks for SQL injection, there are a number of methods (like
strip) that essentially return the string itself.
This list of methods has been expanded to include
The SHA256 sums for this release are:
246c9540f5d90fbde39c95999d319f9706bf79668f66bb35419825c1cbef61ae brakeman-5.2.2.gem 1b559598d78919c0f6f3a8e8602b86ab35f825810b1d7daf872b7791b452e78b brakeman-lib-5.2.2.gem 4c34dcc1900bf872254eee2b313b1634ffacc9002fd7d26b8390259318cf6194 brakeman-min-5.2.2.gem
Thank you to everyone who reported bugs and contributed to this release!