Brakeman, a vulnerability scanner for RoR apps

Hi all,

I would like to introduce you to brakeman, a static analysis tool which searches for security vulnerabilities in Ruby on Rails applications.

Although this is the first public release, brakeman can already help you find:

-SQL injection -Command injection -Unrestricted mass assignment -Unsafe redirects -Cross site scripting vulnerabilities -Evaluation of user input -Insufficient validation regexes -Unsafe file access

...and more! All without requiring a web server, database, or even completely working code.

== Installation ==

  gem install brakeman


== Basic Use ==

To generate an HTML report with default options:

  brakeman -o report.html /path/to/rails/app

Brakeman has quite a few options, so be sure to use

  brakeman -h

to see what is available and also take a gander at the README.

== Problems/Suggestions ==

I'm very interested in any Rails applications which brakeman has trouble scanning so that I can make it as useful as possible. If brakeman does not work for you or there are any problems please file an issue so I can make improvements.

Brakeman is only expected to work with Rails > 2.0 and < 3.0.

Suggestions are very welcome.