Permalink
Commits on Mar 8, 2012
  1. Merge branch 'master' of github.com:presidentbeef/brakeman

    Justin Collins committed Mar 8, 2012
  2. Add more tests for link_to

    Justin Collins committed Mar 8, 2012
Commits on Mar 7, 2012
  1. Fixes to CheckLinkTo for Rails 2.0 and 2.3

    Justin Collins committed Mar 7, 2012
    and link_to with a block
Commits on Mar 6, 2012
  1. Bump to 1.5.1

    presidentbeef committed Mar 6, 2012
    [ci skip]
  2. Update CHANGES

    presidentbeef committed Mar 6, 2012
  3. Support Rails 3 partial render (no :partial => ...)

    presidentbeef committed Mar 6, 2012
    `render 'blah'` apparently noew renders the partial '_blah'
Commits on Mar 5, 2012
  1. Add additional check for global mass assign disable

    presidentbeef committed Mar 5, 2012
    that looks like this:
    
    module ActiveRecord
      class Base
        attr_accessible
      end
    end
    
    Also, could be wrong, but I think old check was broken?
  2. Report module in Brakeman::FindCall results

    presidentbeef committed Mar 5, 2012
    but please don't ever use Brakeman::FindCall if it can
    be avoided
Commits on Mar 2, 2012
  1. README updates

    Justin Collins committed Mar 2, 2012
  2. Bump to 1.5.0

    presidentbeef committed Mar 2, 2012
    [ci skip]
  3. Add check for skipping CSRF with :except

    Justin Collins committed Mar 2, 2012
    instead of using :only.
    This is essentially a blacklist vs. whitelist issue.
  4. Add test for skipping CSRF with :except

    Justin Collins committed Mar 2, 2012
  5. Tests for SafeBuffer vulnerability

    Justin Collins committed Mar 2, 2012
  6. Oops, update expected warnings for Rails 2 tests

    Justin Collins committed Mar 2, 2012
  7. Remove select() as an XSS safe method in Rails 2

    Justin Collins committed Mar 2, 2012
  8. Add test for select vulnerability in Rails 3

    Justin Collins committed Mar 2, 2012
Commits on Feb 28, 2012
  1. Switch to 1.9.2 on Travis CI

    Justin Collins committed Feb 28, 2012
    since most development is done with 1.9.3 now
  2. Ignore resource routes if default routes already

    Justin Collins committed Feb 28, 2012
    fixes bug where resource routes attempted to merge into
    :allow_all_actions
  3. Fix check for nested targets in Rails 2 routes

    Justin Collins committed Feb 28, 2012
  4. Update copyright

    Justin Collins committed Feb 28, 2012
  5. Standardize SQL methods to check

    Justin Collins committed Feb 28, 2012
    because before they were kind of all over the place
  6. Ignore Model#id for XSS check

    Justin Collins committed Feb 28, 2012
  7. Use Set[] instead of Set.new([])

    Justin Collins committed Feb 28, 2012
Commits on Feb 27, 2012
  1. Add json as a report format

    Justin Collins committed Feb 27, 2012