Brakeman 1.0 has been released!
# What is is
Brakeman provides vulnerability checks for Rails applications by scanning the source code. No deployment or application stack required.
Brakeman searches for:
* Cross Site Scripting * SQL Injection * Command Injection * Mass Assignment * Cross-Site Request Forgery * Unprotected Redirects * Default Routes * Insufficient Format Validation * Dynamic Render Paths * Dangerous Evaluation * File Access * Unsafe Session Settings * Version-specific Rails vulnerabilities * ...and more!
# How to use it
gem install brakeman
brakeman your_app_path
# Changes since 0.9.2
* Better handling of assignments inside ifs * Check more expressions for SQL injection * Use latest ruby_parser for better 1.9 syntax support * Better behavior for Brakeman as a library * Brakeman can now be used as a library * Faster call search * Add option to return error code if warnings are found (tw-ngreen) * Allow truncated messages to be expanded in HTML * Keep expanded context in view in HTML output * Fix summary when using warning thresholds * Better support for Rails 3 routes * Reduce SQL injection duplicate warnings * Lower confidence on mass assignment with no user input * Ignore mass assignment using all literal arguments