Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SQL injection not detected for certain heredocs #1433
Brakeman version: 4.7.1
Link to Rails application code: https://github.com/cbortz/brakeman-bug/blob/master/app/models/character.rb
Otherwise, the standard heredoc (
I've created a dummy Rails project and run brakeman with the debug flag (see output below). You'll see that only two possible SQL injections were detected, rather than three.