Brakeman

Ruby on Rails Static Analysis Security Tool

Brakeman 7.1.0 Released

Changes since 7.0.2:

  • Add Haml 6.x support (#1914, #1841, etc.)
  • Support render model shortcut (#959, #1940, etc.)
  • Add --ensure-no-obsolete-config-entries option (viralpraxis)
  • Update JUnit report for CircleCI (Philippe Bernery)
  • Improve ignored warnings layout in HTML report (Sebastien Savater)
  • Only load escape functionality from cgi library (Earlopain)
  • Add EOL dates for Rails 8.0 and Ruby 3.4
  • Use lazy file lists for AppTree

Haml 6 Support

Brakeman now ships with and supports Haml 6.

To continue using Brakeman with Haml 5.x, please use the brakeman-lib or brakeman-min gems.

(changes)

Render Shortcuts

After many, many years, Brakeman now supports shortcuts where specific models or collections are rendered. For example: render User.find(..) or render User.all

Brakeman does not currently support rendering of collections with mixed types of models.

(changes)

Fail on Obsolete Ignored Warnings

When Brakeman is configured to ignore warnings, but then those warnings aren’t found, Brakeman reports “obsolete ignored warnings”.

viralpraxis added the --ensure-no-obsolete-config-entries option to return a failure exit code if there are obsolete entries.

(changes)

JUnit Report for CircleCI

Philippe Bernery has fixed JUnit reports to be compatible with CircleCI (again). Thanks!

(changes)

Better Ignored Warnings Layout

Speaking of ignored warnings, Sebastien Savater has improved the layout in the HTML report to make it easier to read notes for ignored warnings.

(changes)

CGI Loading

In preparation for Ruby 3.5, Earlopain updated Brakeman to explcitly load cgi/escape instead of the entire CGI library.

(changes)

Lazy File Lists

Use lazy file lists when managing files in Brakeman::AppTree. This provides a small (~9%) speed improvement for large applications.

(changes)

Checksums

The SHA256 sums for this release are:

bbc708a75a53008490c8b9600b97fa85cb3d5a8818dd1560f18e0b89475d48af  brakeman-7.1.0.gem
b5263ca27a725ad38fb98aa83908b0285eee46c29096eb4fb0b36b2795bbb082  brakeman-lib-7.1.0.gem
0a141eaf08f864680af69c6642f9cf855be3eb89c3d5a3f5b0bd182f9eba2d82  brakeman-min-7.1.0.gem

Reporting Issues

Thank you to everyone who reported bugs and contributed to this release!

Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.

Hang out on Github for questions and discussion.