kandi background
Explore Kits

brakeman | static analysis security vulnerability scanner for Ruby | Security library

 by   presidentbeef Ruby Version: v5.2.2 License: Non-SPDX

 by   presidentbeef Ruby Version: v5.2.2 License: Non-SPDX

Download this library from

kandi X-RAY | brakeman Summary

brakeman is a Ruby library typically used in Security, Ruby On Rails applications. brakeman has no bugs, it has no vulnerabilities and it has medium support. However brakeman has a Non-SPDX License. You can download it from GitHub.
Brakeman is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • brakeman has a medium active ecosystem.
  • It has 6367 star(s) with 699 fork(s). There are 166 watchers for this library.
  • There were 3 major release(s) in the last 12 months.
  • There are 82 open issues and 611 have been closed. On average issues are closed in 108 days. There are 8 open pull requests and 0 closed requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of brakeman is v5.2.2
brakeman Support
Best in #Security
Average in #Security
brakeman Support
Best in #Security
Average in #Security

quality kandi Quality

  • brakeman has 0 bugs and 0 code smells.
brakeman Quality
Best in #Security
Average in #Security
brakeman Quality
Best in #Security
Average in #Security

securitySecurity

  • brakeman has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • brakeman code analysis shows 0 unresolved vulnerabilities.
  • There are 0 security hotspots that need review.
brakeman Security
Best in #Security
Average in #Security
brakeman Security
Best in #Security
Average in #Security

license License

  • brakeman has a Non-SPDX License.
  • Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.
brakeman License
Best in #Security
Average in #Security
brakeman License
Best in #Security
Average in #Security

buildReuse

  • brakeman releases are available to install and integrate.
  • Installation instructions, examples and code snippets are available.
  • brakeman saves you 18817 person hours of effort in developing the same functionality from scratch.
  • It has 37182 lines of code, 3276 functions and 865 files.
  • It has high code complexity. Code complexity directly impacts maintainability of the code.
brakeman Reuse
Best in #Security
Average in #Security
brakeman Reuse
Best in #Security
Average in #Security
Top functions reviewed by kandi - BETA

kandi has reviewed brakeman and discovered the below as its top functions. This is intended to give you an instant insight into brakeman implemented functionality, and help decide if they suit your requirements.

  • Set up Rails 3 . 1 . 3 . 3 . 3 . 3
    • Loads the default configuration .
      • Parses the AST list of files .
        • Parse a template
          • Search for a given constant .
            • Parse ERB template
              • Process the given template
                • compile a filter
                  • Saves warning to file
                    • Parse a conditional expression on expression

                      Get all kandi verified functions for this library.

                      Get all kandi verified functions for this library.

                      brakeman Key Features

                      A static analysis security vulnerability scanner for Ruby on Rails applications

                      brakeman Examples and Code Snippets

                      See all related Code Snippets

                      Installation

                      copy iconCopydownload iconDownload
                      gem install brakeman
                      

                      Usage

                      copy iconCopydownload iconDownload
                      brakeman
                      

                      Basic Options

                      copy iconCopydownload iconDownload
                      brakeman -o output_file
                      

                      Confidence levels

                      copy iconCopydownload iconDownload
                      brakeman -w3
                      

                      Configuration files

                      copy iconCopydownload iconDownload
                      $ brakeman -C --skip-files plugins/
                      ---
                      :skip_files:
                      - plugins/
                      

                      Building

                      copy iconCopydownload iconDownload
                      git clone git://github.com/presidentbeef/brakeman.git
                      cd brakeman
                      gem build brakeman.gemspec
                      gem install brakeman*.gem
                      

                      Dynamic link_to path with params[:controller]: Brakeman Dangerous Send

                      copy iconCopydownload iconDownload
                      = link_to send("delete_#{controller_name}_path"), ...
                      
                      DELETE /things/1
                      
                      = link_to(model_instance, method: :destroy) do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      
                      = link_to [:delete, controller_name], method: :delete, data: { confirm: delete_confirmation } do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      
                      = link_to send("delete_#{controller_name}_path"), ...
                      
                      DELETE /things/1
                      
                      = link_to(model_instance, method: :destroy) do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      
                      = link_to [:delete, controller_name], method: :delete, data: { confirm: delete_confirmation } do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      
                      = link_to send("delete_#{controller_name}_path"), ...
                      
                      DELETE /things/1
                      
                      = link_to(model_instance, method: :destroy) do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      
                      = link_to [:delete, controller_name], method: :delete, data: { confirm: delete_confirmation } do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      
                      = link_to send("delete_#{controller_name}_path"), ...
                      
                      DELETE /things/1
                      
                      = link_to(model_instance, method: :destroy) do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      
                      = link_to [:delete, controller_name], method: :delete, data: { confirm: delete_confirmation } do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      

                      How to test write to file with rspec?

                      copy iconCopydownload iconDownload
                      allow(File).to receive(:open).with('config/brakeman.yml', 'wb') do |file|
                        expect(file).to receive(:write).with(response.body)
                      end
                      

                      rails active_storage:install IS NOT WORKING

                      copy iconCopydownload iconDownload
                      bin/rails activestorage:install
                      
                      require "active_storage"
                      
                      require "active_storage/engine"
                      
                      require "active_storage"
                      
                      require "active_storage/engine"
                      
                      require "active_storage/engine"
                      
                      require "active_storage/engine"
                      
                      bundle exec rails active_storage:install
                      
                      require "active_storage/engine"
                      
                      bundle exec rails active_storage:install
                      

                      Is this use of a Ruby eval method really dangerous, and if so what's the alternative? (Rails)

                      copy iconCopydownload iconDownload
                      <% user.available_transitions.each do |t| %>
                        <%= link_to t.to_s.humanize, admin_user_path(user, transition: t), class: 'dropdown-item', method: :patch %>
                      <% end %>
                      

                      How to fix 'Possible SQL injection' in raw SQL when scanning with Brakeman

                      copy iconCopydownload iconDownload
                      ".. (1, #{Student.get_level_name(1)});"
                      
                      INSERT INTO "students" ("student_id", "created_at", "updated_at")
                      VALUES ($1, $2, $3)
                      RETURNING "id"
                      [["student_id", "1"], ["created_at", "2019-09-27 07:06:57.198752"], ["updated_at", "2019-09-27 07:06:57.198752"]]
                      
                      Student.create(student_id: 1, level: Student.get_level_name(1))
                      
                      ".. (1, #{Student.get_level_name(1)});"
                      
                      INSERT INTO "students" ("student_id", "created_at", "updated_at")
                      VALUES ($1, $2, $3)
                      RETURNING "id"
                      [["student_id", "1"], ["created_at", "2019-09-27 07:06:57.198752"], ["updated_at", "2019-09-27 07:06:57.198752"]]
                      
                      Student.create(student_id: 1, level: Student.get_level_name(1))
                      
                      ".. (1, #{Student.get_level_name(1)});"
                      
                      INSERT INTO "students" ("student_id", "created_at", "updated_at")
                      VALUES ($1, $2, $3)
                      RETURNING "id"
                      [["student_id", "1"], ["created_at", "2019-09-27 07:06:57.198752"], ["updated_at", "2019-09-27 07:06:57.198752"]]
                      
                      Student.create(student_id: 1, level: Student.get_level_name(1))
                      

                      Understanding bundler dependency resolution

                      copy iconCopydownload iconDownload
                      Bundler could not find compatible versions for gem "actionpack":
                        In Gemfile:
                          jquery-datatables-rails was resolved to 3.4.0, which depends on
                            actionpack (>= 3.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            actionpack (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            actionpack (>= 3.0)
                      
                          simple_form was resolved to 4.1.0, which depends on
                            actionpack (>= 5.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              actionpack (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "activemodel":
                        In Gemfile:
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activemodel (= 5.2.3)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                      Bundler could not find compatible versions for gem "activerecord":
                        In Gemfile:
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            activerecord (>= 2.3.9)
                      
                          better_delayed_job_web was resolved to 1.3.12, which depends on
                            activerecord (> 3.0.0)
                      
                          delayed_job_active_record was resolved to 4.1.4, which depends on
                            activerecord (>= 3.0, < 6.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activerecord (= 5.2.3)
                      
                      Bundler could not find compatible versions for gem "activesupport":
                        In Gemfile:
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activesupport
                      
                          delayed_job was resolved to 4.1.8, which depends on
                            activesupport (>= 3.0, < 6.1)
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0) was resolved to 4.2.2, which depends on
                              activesupport (>= 4.0, < 6)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activesupport (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            activesupport (>= 3.0)
                      
                          shoulda-matchers was resolved to 4.1.2, which depends on
                            activesupport (>= 4.2.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              activesupport (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "axlsx":
                        In Gemfile:
                          axlsx
                      
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            axlsx (>= 1.0.13)
                      
                          axlsx_rails was resolved to 0.5.2, which depends on
                            axlsx (>= 2.0.1)
                      
                      Bundler could not find compatible versions for gem "exception_notification":
                        In Gemfile:
                          exception_notification
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0)
                      
                      Bundler could not find compatible versions for gem "rails":
                        In Gemfile:
                          rails (= 5.2.3)
                      
                          acts_as_tenant was resolved to 0.4.4, which depends on
                            rails (>= 4.0)
                      
                          axlsx_rails was resolved to 0.1.5, which depends on
                            rails (>= 3.1)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                        gem web-console, '< 4.0'
                      
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activemodel (>= 4.0, < 5.0.0.alpha)
                      
                      # gem 'active_model-errors_details'
                      
                      Bundler could not find compatible versions for gem "railties":
                        In Gemfile:
                          quiet_assets was resolved to 1.0.1, which depends on
                            railties (~> 3.1)
                      
                       # gem 'quiet_assets'
                      
                      Bundler could not find compatible versions for gem "actionpack":
                        In Gemfile:
                          jquery-datatables-rails was resolved to 3.4.0, which depends on
                            actionpack (>= 3.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            actionpack (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            actionpack (>= 3.0)
                      
                          simple_form was resolved to 4.1.0, which depends on
                            actionpack (>= 5.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              actionpack (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "activemodel":
                        In Gemfile:
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activemodel (= 5.2.3)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                      Bundler could not find compatible versions for gem "activerecord":
                        In Gemfile:
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            activerecord (>= 2.3.9)
                      
                          better_delayed_job_web was resolved to 1.3.12, which depends on
                            activerecord (> 3.0.0)
                      
                          delayed_job_active_record was resolved to 4.1.4, which depends on
                            activerecord (>= 3.0, < 6.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activerecord (= 5.2.3)
                      
                      Bundler could not find compatible versions for gem "activesupport":
                        In Gemfile:
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activesupport
                      
                          delayed_job was resolved to 4.1.8, which depends on
                            activesupport (>= 3.0, < 6.1)
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0) was resolved to 4.2.2, which depends on
                              activesupport (>= 4.0, < 6)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activesupport (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            activesupport (>= 3.0)
                      
                          shoulda-matchers was resolved to 4.1.2, which depends on
                            activesupport (>= 4.2.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              activesupport (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "axlsx":
                        In Gemfile:
                          axlsx
                      
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            axlsx (>= 1.0.13)
                      
                          axlsx_rails was resolved to 0.5.2, which depends on
                            axlsx (>= 2.0.1)
                      
                      Bundler could not find compatible versions for gem "exception_notification":
                        In Gemfile:
                          exception_notification
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0)
                      
                      Bundler could not find compatible versions for gem "rails":
                        In Gemfile:
                          rails (= 5.2.3)
                      
                          acts_as_tenant was resolved to 0.4.4, which depends on
                            rails (>= 4.0)
                      
                          axlsx_rails was resolved to 0.1.5, which depends on
                            rails (>= 3.1)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                        gem web-console, '< 4.0'
                      
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activemodel (>= 4.0, < 5.0.0.alpha)
                      
                      # gem 'active_model-errors_details'
                      
                      Bundler could not find compatible versions for gem "railties":
                        In Gemfile:
                          quiet_assets was resolved to 1.0.1, which depends on
                            railties (~> 3.1)
                      
                       # gem 'quiet_assets'
                      
                      Bundler could not find compatible versions for gem "actionpack":
                        In Gemfile:
                          jquery-datatables-rails was resolved to 3.4.0, which depends on
                            actionpack (>= 3.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            actionpack (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            actionpack (>= 3.0)
                      
                          simple_form was resolved to 4.1.0, which depends on
                            actionpack (>= 5.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              actionpack (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "activemodel":
                        In Gemfile:
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activemodel (= 5.2.3)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                      Bundler could not find compatible versions for gem "activerecord":
                        In Gemfile:
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            activerecord (>= 2.3.9)
                      
                          better_delayed_job_web was resolved to 1.3.12, which depends on
                            activerecord (> 3.0.0)
                      
                          delayed_job_active_record was resolved to 4.1.4, which depends on
                            activerecord (>= 3.0, < 6.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activerecord (= 5.2.3)
                      
                      Bundler could not find compatible versions for gem "activesupport":
                        In Gemfile:
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activesupport
                      
                          delayed_job was resolved to 4.1.8, which depends on
                            activesupport (>= 3.0, < 6.1)
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0) was resolved to 4.2.2, which depends on
                              activesupport (>= 4.0, < 6)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activesupport (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            activesupport (>= 3.0)
                      
                          shoulda-matchers was resolved to 4.1.2, which depends on
                            activesupport (>= 4.2.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              activesupport (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "axlsx":
                        In Gemfile:
                          axlsx
                      
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            axlsx (>= 1.0.13)
                      
                          axlsx_rails was resolved to 0.5.2, which depends on
                            axlsx (>= 2.0.1)
                      
                      Bundler could not find compatible versions for gem "exception_notification":
                        In Gemfile:
                          exception_notification
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0)
                      
                      Bundler could not find compatible versions for gem "rails":
                        In Gemfile:
                          rails (= 5.2.3)
                      
                          acts_as_tenant was resolved to 0.4.4, which depends on
                            rails (>= 4.0)
                      
                          axlsx_rails was resolved to 0.1.5, which depends on
                            rails (>= 3.1)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                        gem web-console, '< 4.0'
                      
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activemodel (>= 4.0, < 5.0.0.alpha)
                      
                      # gem 'active_model-errors_details'
                      
                      Bundler could not find compatible versions for gem "railties":
                        In Gemfile:
                          quiet_assets was resolved to 1.0.1, which depends on
                            railties (~> 3.1)
                      
                       # gem 'quiet_assets'
                      
                      Bundler could not find compatible versions for gem "actionpack":
                        In Gemfile:
                          jquery-datatables-rails was resolved to 3.4.0, which depends on
                            actionpack (>= 3.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            actionpack (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            actionpack (>= 3.0)
                      
                          simple_form was resolved to 4.1.0, which depends on
                            actionpack (>= 5.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              actionpack (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "activemodel":
                        In Gemfile:
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activemodel (= 5.2.3)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                      Bundler could not find compatible versions for gem "activerecord":
                        In Gemfile:
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            activerecord (>= 2.3.9)
                      
                          better_delayed_job_web was resolved to 1.3.12, which depends on
                            activerecord (> 3.0.0)
                      
                          delayed_job_active_record was resolved to 4.1.4, which depends on
                            activerecord (>= 3.0, < 6.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activerecord (= 5.2.3)
                      
                      Bundler could not find compatible versions for gem "activesupport":
                        In Gemfile:
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activesupport
                      
                          delayed_job was resolved to 4.1.8, which depends on
                            activesupport (>= 3.0, < 6.1)
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0) was resolved to 4.2.2, which depends on
                              activesupport (>= 4.0, < 6)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activesupport (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            activesupport (>= 3.0)
                      
                          shoulda-matchers was resolved to 4.1.2, which depends on
                            activesupport (>= 4.2.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              activesupport (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "axlsx":
                        In Gemfile:
                          axlsx
                      
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            axlsx (>= 1.0.13)
                      
                          axlsx_rails was resolved to 0.5.2, which depends on
                            axlsx (>= 2.0.1)
                      
                      Bundler could not find compatible versions for gem "exception_notification":
                        In Gemfile:
                          exception_notification
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0)
                      
                      Bundler could not find compatible versions for gem "rails":
                        In Gemfile:
                          rails (= 5.2.3)
                      
                          acts_as_tenant was resolved to 0.4.4, which depends on
                            rails (>= 4.0)
                      
                          axlsx_rails was resolved to 0.1.5, which depends on
                            rails (>= 3.1)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                        gem web-console, '< 4.0'
                      
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activemodel (>= 4.0, < 5.0.0.alpha)
                      
                      # gem 'active_model-errors_details'
                      
                      Bundler could not find compatible versions for gem "railties":
                        In Gemfile:
                          quiet_assets was resolved to 1.0.1, which depends on
                            railties (~> 3.1)
                      
                       # gem 'quiet_assets'
                      
                      Bundler could not find compatible versions for gem "actionpack":
                        In Gemfile:
                          jquery-datatables-rails was resolved to 3.4.0, which depends on
                            actionpack (>= 3.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            actionpack (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            actionpack (>= 3.0)
                      
                          simple_form was resolved to 4.1.0, which depends on
                            actionpack (>= 5.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              actionpack (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "activemodel":
                        In Gemfile:
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activemodel (= 5.2.3)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                      Bundler could not find compatible versions for gem "activerecord":
                        In Gemfile:
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            activerecord (>= 2.3.9)
                      
                          better_delayed_job_web was resolved to 1.3.12, which depends on
                            activerecord (> 3.0.0)
                      
                          delayed_job_active_record was resolved to 4.1.4, which depends on
                            activerecord (>= 3.0, < 6.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activerecord (= 5.2.3)
                      
                      Bundler could not find compatible versions for gem "activesupport":
                        In Gemfile:
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activesupport
                      
                          delayed_job was resolved to 4.1.8, which depends on
                            activesupport (>= 3.0, < 6.1)
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0) was resolved to 4.2.2, which depends on
                              activesupport (>= 4.0, < 6)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activesupport (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            activesupport (>= 3.0)
                      
                          shoulda-matchers was resolved to 4.1.2, which depends on
                            activesupport (>= 4.2.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              activesupport (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "axlsx":
                        In Gemfile:
                          axlsx
                      
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            axlsx (>= 1.0.13)
                      
                          axlsx_rails was resolved to 0.5.2, which depends on
                            axlsx (>= 2.0.1)
                      
                      Bundler could not find compatible versions for gem "exception_notification":
                        In Gemfile:
                          exception_notification
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0)
                      
                      Bundler could not find compatible versions for gem "rails":
                        In Gemfile:
                          rails (= 5.2.3)
                      
                          acts_as_tenant was resolved to 0.4.4, which depends on
                            rails (>= 4.0)
                      
                          axlsx_rails was resolved to 0.1.5, which depends on
                            rails (>= 3.1)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                        gem web-console, '< 4.0'
                      
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activemodel (>= 4.0, < 5.0.0.alpha)
                      
                      # gem 'active_model-errors_details'
                      
                      Bundler could not find compatible versions for gem "railties":
                        In Gemfile:
                          quiet_assets was resolved to 1.0.1, which depends on
                            railties (~> 3.1)
                      
                       # gem 'quiet_assets'
                      
                      Bundler could not find compatible versions for gem "actionpack":
                        In Gemfile:
                          jquery-datatables-rails was resolved to 3.4.0, which depends on
                            actionpack (>= 3.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            actionpack (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            actionpack (>= 3.0)
                      
                          simple_form was resolved to 4.1.0, which depends on
                            actionpack (>= 5.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              actionpack (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "activemodel":
                        In Gemfile:
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activemodel (= 5.2.3)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                      Bundler could not find compatible versions for gem "activerecord":
                        In Gemfile:
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            activerecord (>= 2.3.9)
                      
                          better_delayed_job_web was resolved to 1.3.12, which depends on
                            activerecord (> 3.0.0)
                      
                          delayed_job_active_record was resolved to 4.1.4, which depends on
                            activerecord (>= 3.0, < 6.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activerecord (= 5.2.3)
                      
                      Bundler could not find compatible versions for gem "activesupport":
                        In Gemfile:
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activesupport
                      
                          delayed_job was resolved to 4.1.8, which depends on
                            activesupport (>= 3.0, < 6.1)
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0) was resolved to 4.2.2, which depends on
                              activesupport (>= 4.0, < 6)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activesupport (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            activesupport (>= 3.0)
                      
                          shoulda-matchers was resolved to 4.1.2, which depends on
                            activesupport (>= 4.2.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              activesupport (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "axlsx":
                        In Gemfile:
                          axlsx
                      
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            axlsx (>= 1.0.13)
                      
                          axlsx_rails was resolved to 0.5.2, which depends on
                            axlsx (>= 2.0.1)
                      
                      Bundler could not find compatible versions for gem "exception_notification":
                        In Gemfile:
                          exception_notification
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0)
                      
                      Bundler could not find compatible versions for gem "rails":
                        In Gemfile:
                          rails (= 5.2.3)
                      
                          acts_as_tenant was resolved to 0.4.4, which depends on
                            rails (>= 4.0)
                      
                          axlsx_rails was resolved to 0.1.5, which depends on
                            rails (>= 3.1)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                        gem web-console, '< 4.0'
                      
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activemodel (>= 4.0, < 5.0.0.alpha)
                      
                      # gem 'active_model-errors_details'
                      
                      Bundler could not find compatible versions for gem "railties":
                        In Gemfile:
                          quiet_assets was resolved to 1.0.1, which depends on
                            railties (~> 3.1)
                      
                       # gem 'quiet_assets'
                      
                      Bundler could not find compatible versions for gem "actionpack":
                        In Gemfile:
                          jquery-datatables-rails was resolved to 3.4.0, which depends on
                            actionpack (>= 3.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            actionpack (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            actionpack (>= 3.0)
                      
                          simple_form was resolved to 4.1.0, which depends on
                            actionpack (>= 5.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              actionpack (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "activemodel":
                        In Gemfile:
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activemodel (= 5.2.3)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                      Bundler could not find compatible versions for gem "activerecord":
                        In Gemfile:
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            activerecord (>= 2.3.9)
                      
                          better_delayed_job_web was resolved to 1.3.12, which depends on
                            activerecord (> 3.0.0)
                      
                          delayed_job_active_record was resolved to 4.1.4, which depends on
                            activerecord (>= 3.0, < 6.1)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activerecord (= 5.2.3)
                      
                      Bundler could not find compatible versions for gem "activesupport":
                        In Gemfile:
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activesupport
                      
                          delayed_job was resolved to 4.1.8, which depends on
                            activesupport (>= 3.0, < 6.1)
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0) was resolved to 4.2.2, which depends on
                              activesupport (>= 4.0, < 6)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            activesupport (= 5.2.3)
                      
                          rspec-rails was resolved to 3.8.2, which depends on
                            activesupport (>= 3.0)
                      
                          shoulda-matchers was resolved to 4.1.2, which depends on
                            activesupport (>= 4.2.0)
                      
                          rails (= 5.2.3) was resolved to 5.2.3, which depends on
                            sprockets-rails (>= 2.0.0) was resolved to 3.2.1, which depends on
                              activesupport (>= 4.0)
                      
                      Bundler could not find compatible versions for gem "axlsx":
                        In Gemfile:
                          axlsx
                      
                          acts_as_xlsx was resolved to 1.0.6, which depends on
                            axlsx (>= 1.0.13)
                      
                          axlsx_rails was resolved to 0.5.2, which depends on
                            axlsx (>= 2.0.1)
                      
                      Bundler could not find compatible versions for gem "exception_notification":
                        In Gemfile:
                          exception_notification
                      
                          exception_notification-rake was resolved to 0.3.0, which depends on
                            exception_notification (~> 4.2.0)
                      
                      Bundler could not find compatible versions for gem "rails":
                        In Gemfile:
                          rails (= 5.2.3)
                      
                          acts_as_tenant was resolved to 0.4.4, which depends on
                            rails (>= 4.0)
                      
                          axlsx_rails was resolved to 0.1.5, which depends on
                            rails (>= 3.1)
                      
                          web-console was resolved to 4.0.1, which depends on
                            activemodel (>= 6.0.0)
                      
                        gem web-console, '< 4.0'
                      
                          active_model-errors_details was resolved to 1.1.1, which depends on
                            activemodel (>= 4.0, < 5.0.0.alpha)
                      
                      # gem 'active_model-errors_details'
                      
                      Bundler could not find compatible versions for gem "railties":
                        In Gemfile:
                          quiet_assets was resolved to 1.0.1, which depends on
                            railties (~> 3.1)
                      
                       # gem 'quiet_assets'
                      

                      Overcommit RailsSchemaUpToDate passes when --run but fails when commit

                      copy iconCopydownload iconDownload
                      if migration_files.any? && schema_files.none?
                      
                      $ OVERCOMMIT_DISABLED=1 git ci -m "Overcommit and Linters added"
                      
                      if migration_files.any? && schema_files.none?
                      
                      $ OVERCOMMIT_DISABLED=1 git ci -m "Overcommit and Linters added"
                      

                      How can I sanitise this SQL query?

                      copy iconCopydownload iconDownload
                      def self.search(search)
                      
                              where("body LIKE ?", "%#{search}%")
                      end
                      

                      Brakeman does not like rescue

                      copy iconCopydownload iconDownload
                      def find_object
                        return_object = begin
                          Rails.cache.fetch(cache_key + '/variableInsideObject') do
                            GemClient.find(id).variableInsideObject
                          end
                        rescue HttpServices::ResourceNotFoundError => e
                          Rails.logger.error(e)
                          raise ApplicationController::ExternalServiceError,
                            "variable inside object not found for id: #{id}"
                        end
                      end
                      

                      Ruby on Rails - When to use params.permit! and how to replace it

                      copy iconCopydownload iconDownload
                      params.permit(:attr1,:attr2..)
                      
                      params.require(:key).permit(:attr1, :attr2..)
                      
                      params.permit(:attr1,:attr2..)
                      
                      params.require(:key).permit(:attr1, :attr2..)
                      

                      See all related Code Snippets

                      Community Discussions

                      Trending Discussions on brakeman
                      • Dynamic link_to path with params[:controller]: Brakeman Dangerous Send
                      • Is there any plugin available for breakman in rubymine?
                      • How to test write to file with rspec?
                      • How to fix Brakeman redirect issue with multiple rest endpoints
                      • rails active_storage:install IS NOT WORKING
                      • Is this use of a Ruby eval method really dangerous, and if so what's the alternative? (Rails)
                      • How to fix 'Possible SQL injection' in raw SQL when scanning with Brakeman
                      • Understanding bundler dependency resolution
                      • Why is brakeman-guard raising "NoMethodError: undefined method `gsub'"
                      • Regex, devise & brakeman. Ruby on rails 5.2.2
                      Trending Discussions on brakeman

                      QUESTION

                      Dynamic link_to path with params[:controller]: Brakeman Dangerous Send

                      Asked 2021-May-04 at 18:14

                      I have the following partial _filters.html.haml which has been used many times in my code:

                      - resource ||= params[:controller]
                      = link_to send("delete_#{resource}_path"), method: :delete, data: { confirm: delete_confirmation } do
                         = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      

                      It has a dynamic delete path constructed from params[:controller]. Brakeman gives the following error message for the above code:

                      Confidence: High
                      Category: Dangerous Send
                      Check: Send
                      Message: User controlled method execution
                      Code: send("delete_#{params[:controller]}_path")
                      

                      Is this a valid error shown by Brakeman? I know that whitelisting the params is one solution to avoid dangerous send. Is there any better way of resolving this?

                      ANSWER

                      Answered 2021-May-04 at 18:14

                      This doesn't actually allow user controlled method execution since params[:controller] and params[:action] are set by the Rails router and will override any user provided values.

                      It is very stinky though. A slight improvement would be to use the controller_name helper method:

                      = link_to send("delete_#{controller_name}_path"), ...
                      

                      But it really begs the question why on earth you inflicted this monstrosity on yourself to begin with. What is this even supposed to do since its missing an id - destroy everything?

                      If you want to destroy a resource in Rails you send a DELETE request to the member path:

                      DELETE /things/1
                      

                      Since there is no silly prefix in the URL you can just generate it with:

                      = link_to(model_instance, method: :destroy) do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      

                      If you really do need to generate a path dynamically use the polymorphic route helpers instead of send:

                      = link_to [:delete, controller_name], method: :delete, data: { confirm: delete_confirmation } do
                        = fa_icon delete_icon, class: 'm-r-quarter', text: delete_text
                      

                      Source https://stackoverflow.com/questions/67389541

                      Community Discussions, Code Snippets contain sources that include Stack Exchange Network

                      Vulnerabilities

                      No vulnerabilities reported

                      Install brakeman

                      Using Docker to build from source:.

                      Support

                      For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

                      DOWNLOAD this Library from

                      Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
                      over 430 million Knowledge Items
                      Find more libraries
                      Reuse Solution Kits and Libraries Curated by Popular Use Cases
                      Explore Kits

                      Save this library and start creating your kit

                      Explore Related Topics

                      Share this Page

                      share link
                      Reuse Pre-built Kits with brakeman
                      Consider Popular Security Libraries
                      Try Top Libraries by presidentbeef
                      Compare Security Libraries with Highest Support
                      Compare Security Libraries with Highest Quality
                      Compare Security Libraries with Highest Security
                      Compare Security Libraries with Permissive License
                      Compare Security Libraries with Highest Reuse
                      Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
                      over 430 million Knowledge Items
                      Find more libraries
                      Reuse Solution Kits and Libraries Curated by Popular Use Cases
                      Explore Kits

                      Save this library and start creating your kit

                      • © 2022 Open Weaver Inc.