Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Command injection false positive when code is in different files #1323
Brakeman version: 4.4.0
Link to Rails application code: https://github.com/mo-nathan/brakeman-bug (isolated cases that demonstrates issue)
Full warning from Brakeman:
def a_cmd a = A.new result, status = Open3.capture2e("ls", Shellwords.escape(a.z)) end
Why might this be a false positive?