Improvements to SQL injection detection #985

merged 10 commits into from Jan 27, 2017


None yet

1 participant

  • Once again warn about SQL injection even if Brakeman isn't sure the method is being called on an ActiveRecord model (but at lower confidence)
  • Do not warn about all, first, or last after Rails 4.0
  • Do not warn about models in SQL (almost always false positives)
@presidentbeef presidentbeef merged commit 2440a90 into master Jan 27, 2017

2 checks passed

ci/circleci Your tests passed on CircleCI!
continuous-integration/travis-ci/pr The Travis CI build passed
@presidentbeef presidentbeef deleted the sql_on_everything branch Jan 27, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment