A static analysis security vulnerability scanner for Ruby on Rails applications
OTHER License
Bot releases are visible (Hide)
Published by presidentbeef over 8 years ago
4
if no Rails application is detected (#869)Rails.env.test?
(#862)find_and_preserve
with a block (#837)Array#first
protect_from_forgery
(Jason Yeo)u
helper (Chad Dollins)params.slice
(#866)slice
in redirect_to
and link_to
(#832)popen
with array (#851)include_paths
(Gordon Diggs)Published by presidentbeef over 8 years ago
&.
operator (#796)params[:action]
/params[:controller]
(#812)targets: nil
fastercsv
dependencymulti-json
dependencyPublished by presidentbeef over 8 years ago
Published by presidentbeef over 8 years ago
--only-files
and --skip-files
(Patrick Toomey)--only-files
(Will Fleming)permit
in SQL (669)detect
(376)render params
(CVE-2016-0752)strip_tags
XSS (CVE-2015-7579)sanitize
XSS (CVE-2015-7578/80)reject_if
proc bypass (CVE-2015-7577)Published by presidentbeef over 8 years ago
secrets.yml
if in .gitignore (#777)safe_yaml
error (#778)Published by presidentbeef almost 9 years ago
without_protection: true
with hash literal (#769)exit_on_warn
in config file (#771)user_input
in JSONbefore_filter
with block is a call (#763)Published by presidentbeef almost 9 years ago
current_user
like a model (#744)find/find_by*
in hrefsprivate def ...
Warning#initialize
Sexp
nodeshtml_safe
like raw
Net::HTTP.start
link_to
gems.rb
/gems.locked
(#705)eval
warningsPublished by presidentbeef about 9 years ago
j
/escape_javascript
safe inside Haml JavaScript blocks (#708)find_and_preserve
callsa.try(&:b)
like a.b()
Published by presidentbeef over 9 years ago
Published by presidentbeef over 9 years ago
protect_from_forgery
without exceptions (Neil Matatall)quoted_table_name
in SQL (Gabriel Sobhrinho)open
Array#include?
guard conditionals (#604)to_s
in SQL (#638)Published by presidentbeef over 9 years ago
ruby_parser
to ~> 3.6.2primary_key
, table_name_prefix
, table_name_suffix
as safe in SQL--compare
and --add-checks-path
togethersimple_format
usage CVE warningPublished by presidentbeef over 9 years ago
--add-libs-path
for additional libraries (Patrick Toomey)app/
(Neal Harris)protect_from_forgery
warning unless ApplicationController
inherits from ActionController::Base
(#573)Published by presidentbeef almost 10 years ago
--exit-on-warn --compare
only returns error code on new warnings (Jeff Yip)--separate-models
to be the default(local var)
lib/
filesx = x.y
(#552)<%==
in ERBPublished by presidentbeef about 10 years ago
exists
arel method from SQL injection checkPublished by presidentbeef about 10 years ago
--add-checks-path
option for external checks (Clint Gibler)-4
option to force Rails 4 modesend
(#523)Published by presidentbeef about 10 years ago
Published by presidentbeef over 10 years ago
:host
setting in redirects with chained callsfind_by
/find_by!
to SQLi check for Rails 4+=
protected_attributes
gem in Rails 4 (Geoffrey Hichborn)Published by presidentbeef over 10 years ago
rescue Exception