Brakeman Pro 1.7.2 Released

Feb 22, 2018

Brakeman Pro Desktop 1.7.2 and Brakeman Pro Engine 4.2.0 are now available!

Besides some bug and false positive fixes, this release extends analysis of libraries (mostly files in lib/) to pull instance variable values from the initialize method when analyzing classes.

Update List:

  • Use ivars from initialize in libraries
  • Exclude template folders in lib/
  • Warn about SQL injection with not
  • Fix false positive symbol DoS on Model#attributes
  • Fix false positive open redirects with model methods ending with _path
  • Fix false positive command injection with Shellwords.escape
  • Fix error when handling multiple assignment of globals
  • Handle ERb use of String#<< method for Ruby 2.5
  • Updated RubyParser and related libraries

Want to know more about Brakeman Pro?

Brakeman Pro is a static analysis security tool for Ruby on Rails applications.

Brakeman Pro can be used as a desktop application, Ruby Gem, and as a Code Climate engine.

If you have not purchased Brakeman Pro yet, you can review pricing and purchase licenses directly from our site.

Need to try before buying? Take Brakeman Pro Desktop for a spin.

Please feel free to contact us with any questions!