Changes since 5.2.1:
- Respect equality in
- Update message for unsafe reflection (Pedro Baracho)
nilwhen joining values (Dan Buettner)
- Add additional String methods for SQL injection check (#1669)
ruby_parserfor Ruby 3.1 support (Merek Skubela)
Equality Checks in Conditions
When Brakeman comes across code like:
if x == 1 # do something with x end
It will now assume
1 inside of the
Unsafe Reflection Messages
Pedro Baracho updated the messages for unsafe reflection to be clearer.
Another String Joining Fix
Dan Buettner fixed an exception when a
nil gets into a string joining operation.
More SQL Injection
When Brakeman checks for SQL injection, there are a number of methods (like
strip) that essentially return the string itself.
This list of methods has been expanded to include
This version of Brakeman includes RubyParser 3.19 which adds support for Ruby 3.1 syntax. Thanks Merek Skubela!
The SHA256 sums for this release are:
246c9540f5d90fbde39c95999d319f9706bf79668f66bb35419825c1cbef61ae brakeman-5.2.2.gem 1b559598d78919c0f6f3a8e8602b86ab35f825810b1d7daf872b7791b452e78b brakeman-lib-5.2.2.gem 4c34dcc1900bf872254eee2b313b1634ffacc9002fd7d26b8390259318cf6194 brakeman-min-5.2.2.gem
Thank you to everyone who reported bugs and contributed to this release!
Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.
Follow @brakeman on Twitter and hang out on Gitter for questions and discussion.