New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improvements to SQL injection detection #985

Merged
merged 10 commits into from Jan 27, 2017

Conversation

Projects
None yet
1 participant
@presidentbeef
Owner

presidentbeef commented Jan 27, 2017

  • Once again warn about SQL injection even if Brakeman isn't sure the method is being called on an ActiveRecord model (but at lower confidence)
  • Do not warn about all, first, or last after Rails 4.0
  • Do not warn about models in SQL (almost always false positives)

@presidentbeef presidentbeef merged commit 2440a90 into master Jan 27, 2017

2 checks passed

ci/circleci Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@presidentbeef presidentbeef deleted the sql_on_everything branch Jan 27, 2017

Repository owner locked and limited conversation to collaborators May 18, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.