Currently, Brakeman Pro supports creating custom rules to search for specific method calls.
Custom rules are shared across all projects and can be enabled/disabled per application.
Creating a Custom Rule
To create a custom rule, first click on the application name in the project tree pane.
Then click the “+” button by the Custom Rules table.
After configuring the custom rule, click “Save” to save the rule. It will be enabled for the current project and will be applied the next time the project is scanned.
Custom Rule Options
Rule Name
The rule name will be displayed in warnings and the rule list.
Description
This description will be shown in the details drawer for each warning.
Category
By default, custom rules are their own category. However, you may assign the rule to a specific warning category.
Severity
Select the severity level for resulting warnings.
Targets
Targets are the “object” of the method calls to match. For example, in Kernel.puts, the target would be Kernel. If no target is specified, the rule will match any target.
To specify multiple targets, separate them by commas. For example: Kernel,Object,User.
Methods
At least one method must be specified for each rule.
To specify multiple methods, separate them by commas. For example: puts,system,delete.
Require User Input
If this option is enabled, the rule will only match when one or more arguments include potential user input.
To match all uses of a method, leave this option disabled.
Editing Custom Rules
To edit custom rules, click the pencil icon in the “Edit” column by the rule to be edited.
Note changes only occur on the next scan of project.