We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
method
Is your feature request related to a problem? Please describe.
The following code does not get flagged as a vulnerability by Brakeman:
def show (params[:klass].to_s).method(params[:method]).(params[:argument]) end
While this minimal example seems overly obvious that it shouldn't be written, Brakeman doesn't flag it at all 😢 (using brakeman 4.8.2)
Describe the solution you'd like
It would be great if this got caught by Brakeman! 😁 I believe the main issue here is method is dangerous if given user controlled input.
The text was updated successfully, but these errors were encountered:
😐
Agree, this should be flagged and it is not difficult to do so.
Sorry, something went wrong.
Add check for #method(user_input)
9a62afc
Fixes #1488
ba2d4ff
Successfully merging a pull request may close this issue.
Is your feature request related to a problem? Please describe.
The following code does not get flagged as a vulnerability by Brakeman:
While this minimal example seems overly obvious that it shouldn't be written, Brakeman doesn't flag it at all 😢 (using brakeman 4.8.2)
Describe the solution you'd like
It would be great if this got caught by Brakeman! 😁 I believe the main issue here is
method
is dangerous if given user controlled input.The text was updated successfully, but these errors were encountered: