Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Unvalidated redirect false negatives #1398
Brakeman version: 4.6.1
I noticed a few places where brakeman doesn't flag certain instances of unvalidated redirect vulnerabilities. Here's some example contrived controller code:
Two of these 4 examples get correctly flagged, but all are vulnerable to open redirects (unless manually adding
In any case - I will take a deeper look. Thanks!