New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Command injection false positive in enumeration #1224

bannable opened this Issue Jun 1, 2018 · 1 comment


None yet
2 participants

bannable commented Jun 1, 2018


Brakeman version: 4.3.0
Rails version:
Ruby version: 2.3.7p456

False Positive

Full warning from Brakeman:

Confidence: Medium
Category: Command Injection
Check: Execute
Code: `echo #{table}`

Relevant code:

  def safe
    tables = %w(one two)
    tables.each { |table| `echo #{table}` }

This comment has been minimized.


presidentbeef commented Jun 5, 2018

Fixed by #1227 (and actually a duplicate of #1208).

Repository owner locked and limited conversation to collaborators Jul 14, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.