Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
False Positive: command injection when escaped upstream. #1159
Brakeman version: ~> 4.1
Link to Rails application code: No
When a variable is escaped upstream to a method, Brakeman claims that there could be command injection, even though it's escaped upstream in the initializer.
Why might this be a false positive?
Because it's escaped upstream of the method.