Comments (1)
Hmmm...I can't repro this.
I used this in a view:
<%= link_to 'http://brakemanscanner.org' do
made_up params[:x]
end %>
Which raised a warning. Then ran with -s made_up
and it didn't raise a warning.
from brakeman.
Related Issues (20)
- Brakeman hangs on some platforms HOT 5
- Brakeman unable to detect Renderables in a Gem? HOT 2
- Command Injection doesn't detect shellescape unless the code is in the same function HOT 2
- Undeliverable address [email protected] in LICENSE.md HOT 2
- Controller with "log" in pathname excluded from scan HOT 1
- Check Graphql end-point for vulnerabilities HOT 1
- with_content for ViewComponent flagged as dynamic render path HOT 4
- Parsing Error on splat operator
- Issue with adding autoload_paths for views dir HOT 1
- False negatives due to --skip-libs ignoring app/ files. HOT 2
- Support non-standard gemfile naming for dual booting Rails apps HOT 1
- brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module)
- Incorrect identification of User input; Unable to dynamically render fully qualified path HOT 1
- Command injection false positive HOT 2
- Does not identify Rails 8 applications
- `eval` call not being detected HOT 2
- Unvalidated `redirect_back` false negatives HOT 2
- Ability to include multiple brakeman.ignore files via cmd HOT 1
- False positive when passing a command array to Open3.pipeline
- Possible issue with --skip-files on folders containing symlinks in 6.2.1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brakeman.