Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix `to_sql` false positive #194

Merged
merged 2 commits into from Dec 11, 2012

Conversation

Projects
None yet
2 participants
@presidentbeef
Copy link
Owner

presidentbeef commented Nov 30, 2012

Brakeman was warning on interpolation of strings generated by Arel's to_sql method, as reported here.


def test_to_sql_interpolation
#Should not warn
prices = Produt.select(:price).where("created_at < :time").to_sql

This comment has been minimized.

Copy link
@oreoshake

oreoshake Dec 11, 2012

Contributor

Sorry, I don't remember what brought this up. But that line would never warn, even before to_sql was whitelisted, right?

This comment has been minimized.

Copy link
@presidentbeef

presidentbeef Dec 11, 2012

Author Owner

Oh, supposed to refer to the line below where it gets interpolated.

This comment has been minimized.

Copy link
@oreoshake

oreoshake Dec 11, 2012

Contributor

D'oh :shipit:

presidentbeef added a commit that referenced this pull request Dec 11, 2012

@presidentbeef presidentbeef merged commit c0b8715 into master Dec 11, 2012

1 check passed

default The Travis build passed
Details

@presidentbeef presidentbeef deleted the fix_to_sql_false_positive branch Feb 25, 2015

Repository owner locked and limited conversation to collaborators Feb 16, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.