SQL Injection false positive with where_values_hash #942

Closed
JasonBarnabe opened this Issue Oct 4, 2016 · 1 comment

Projects

None yet

2 participants

@JasonBarnabe
Contributor

Use of where_values_hash is causing a false positive in brakeman.

class CanadianGroup < Group
  has_many :products,
           -> { where(Product.canadian.where_values_hash) }
end

(Product.canadian here is a scope.)

@presidentbeef
Owner

Hi Jason,

Yes, I'll fix that up soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment