Brakeman v5.1.0 Release Notes

Release Date: 2021-07-19 // 3 months ago
    • ๐ŸŽ‰ Initial support for ActiveRecord enums
    • ๐Ÿ‘Œ Support Hash#include?
    • Interprocedural dataflow from very simple class methods
    • ๐Ÿ›  Fix SARIF report when checks have no description (Eli Block)
    • โž• Add ignored warnings to SARIF report (Eli Block)
    • โž• Add --sql-safe-methods option (Esty Scheiner)
    • โšก๏ธ Update SQL injection check for Rails 6.0/6.1
    • ๐Ÿ›  Fix false positive in command injection with Open3.capture (Richard Fitzgerald)
    • ๐Ÿ›  Fix infinite loop on mixin self-includes (Andrew Szczepanski)
    • Ignore dates in SQL
    • โ™ป๏ธ Refactor cookie?/param? methods (Keenan Brock)
    • Ignore renderables in dynamic render path check (Brad Parker)
    • ๐Ÿ‘Œ Support Array#push
    • ๐Ÿ‘ Better Array#join support
    • Adjust copy of --interactive menu (Elia Schito)
    • ๐Ÿ‘Œ Support Array#*
    • ๐Ÿ‘ Better method definition tracking and lookup
    • ๐Ÿ‘Œ Support Hash#values and Hash#values_at
    • Check for user-controlled evaluation even if it's a call target
    • ๐Ÿ‘Œ Support Array#fetch and Hash#fetch
    • Ignore sanitize_sql_like in SQL
    • Ignore method calls on numbers in SQL
    • โž• Add GitHub Actions format (Klaus Badelt)
    • ๐Ÿ“œ Read and parse files in parallel