Brakeman v5.1.0 Release Notes
Release Date: 2021-07-19 // over 2 years ago-
- ๐ Initial support for ActiveRecord enums
- ๐ Support
Hash#include?
- Interprocedural dataflow from very simple class methods
- ๐ Fix SARIF report when checks have no description (Eli Block)
- โ Add ignored warnings to SARIF report (Eli Block)
- โ Add
--sql-safe-methods
option (Esty Scheiner) - โก๏ธ Update SQL injection check for Rails 6.0/6.1
- ๐ Fix false positive in command injection with
Open3.capture
(Richard Fitzgerald) - ๐ Fix infinite loop on mixin self-includes (Andrew Szczepanski)
- Ignore dates in SQL
- ๐จ Refactor
cookie?
/param?
methods (Keenan Brock) - Ignore renderables in dynamic render path check (Brad Parker)
- ๐ Support
Array#push
- ๐ Better
Array#join
support - Adjust copy of
--interactive
menu (Elia Schito) - ๐ Support
Array#*
- ๐ Better method definition tracking and lookup
- ๐ Support
Hash#values
andHash#values_at
- Check for user-controlled evaluation even if it's a call target
- ๐ Support
Array#fetch
andHash#fetch
- Ignore
sanitize_sql_like
in SQL - Ignore method calls on numbers in SQL
- โ Add GitHub Actions format (Klaus Badelt)
- ๐ Read and parse files in parallel