Join GitHub today
Possible strong params false positive #1180
Brakeman version: 4.2.1
I believe this might be a false positive (but I could definitely be missing some nuance!). If we have this in a controller:
Brakeman gives us:
I believe this is a false positive because we've already used the strong params API to whitelist the query arguments, and because Sequel will sanitize inputs passed in as a hash. I could be missing something though!