A static analysis security vulnerability scanner for Ruby on Rails applications
OTHER License
Bot releases are visible (Hide)
Published by presidentbeef over 6 years ago
String#<<
method for Ruby 2.5 (Pocke)lib/
(kru0096)not
Model#attributes
(#1096)_path
(#1117)Shellwords.escape
(#1159)initialize
in librariesSexp#body=
can accept :rlist
from Sexp#body_list
Published by presidentbeef almost 7 years ago
permit
with *_id
keysPublished by presidentbeef almost 7 years ago
permit
Arel.sql
op_asgn1
(e.g. x[:y] += 1
) (#1103)params.permit
with safe values (#1000)less
pager (#1118)include_paths
for Code Climate engine (Will Fleming)app_path
configuration for Code Climate engine (Noah Davis)Published by presidentbeef about 7 years ago
CI
environment variable is setPublished by presidentbeef about 7 years ago
--exit-on-warn
is now the default (#852)--exit-on-error
is now the default (#1083)link_to
request.cookies
like cookies
(#1090)fail
/raise
like early returns (#754)CONFIDENCE
constant in checks--exit-on-error
and --exit-on-warn
in config filesPublished by presidentbeef about 7 years ago
--ensure-latest
(David Guyon)Published by presidentbeef over 7 years ago
redirect_to
in Rails 4 (Mário Areias)return
(#1057)rails4
/rails5
options in config file (#1059)Published by presidentbeef over 7 years ago
--rake
option.html
or .js
if
expressions in HAML rendering (#1032)to_s
in exists?
(#1045)if
expressions when finding return valuesPublished by presidentbeef over 7 years ago
--compare
(Sean Gransee)Published by presidentbeef over 7 years ago
case
expressions (#944, #972, #1002)--exit-on-error
(Michael Grosser)Concern
sPublished by presidentbeef over 7 years ago
all
, first
, or last
after Rails 4.0.html
as HTML anyway (#790)--ensure-latest
option (tamgrosser / Michael Grosser)--no-summary
to hide summaries in HTML/text reports (#963)-x
or -t
(#970)included
block in concerns (#958)Published by presidentbeef almost 8 years ago
--debug
Published by presidentbeef almost 8 years ago
-I
plain
report format (#914)--no-exit-warn
(#925)Published by presidentbeef almost 8 years ago
ActionController::Base
(Jason Yeo).ruby-version
or Gemfilewhere_values_hash
in SQLi (#942)Published by presidentbeef about 8 years ago
content_tag
with CVE-2016-6316Published by presidentbeef about 8 years ago
link_to
hrefs (#897)Published by presidentbeef over 8 years ago
Preview of 3.2.0
Published by presidentbeef over 8 years ago
Published by presidentbeef over 8 years ago
validates_format_of
(Dmitrij Fedorenko)--force-scan
option (Neil Matatall)if
branches in templates&.
operationsquoted_primary_key
(#884)