Brakeman Pro Desktop 1.7.2 and Brakeman Pro Engine 4.2.0 are now available!
Besides some bug and false positive fixes, this release extends analysis of libraries (mostly files in
lib/) to pull instance variable values from the
initialize method when analyzing classes.
- Use ivars from
- Exclude template folders in
- Warn about SQL injection with
- Fix false positive symbol DoS on
- Fix false positive open redirects with model methods ending with
- Fix false positive command injection with
- Fix error when handling multiple assignment of globals
- Handle ERb use of
String#<<method for Ruby 2.5
- Updated RubyParser and related libraries
Want to know more about Brakeman Pro?
Brakeman Pro is a static analysis security tool for Ruby on Rails applications.
If you have not purchased Brakeman Pro yet, you can review pricing and purchase licenses directly from our site.
Need to try before buying? Take Brakeman Pro Desktop for a spin.
Please feel free to contact us with any questions!