With the upgrade to RubyParser 3.x which required substantial code changes, Brakeman 1.9 will be a fairly major release.
To try it out, install with: gem install brakeman --pre These changes are all included in the 1.9 preview: * Update to RubyParser 3.x * Handle Rails 4/strong_parameters gem * Optional intra-procedural data flow for simple helper methods in controllers (use `--interprocedural` to try it out) * Output Brakeman version in HTML/JSON * Output scan duration in HTML/JSON * Reduce Sexp creation * Session check was looking for Rails3::... which is silly * Fix check for string interpolation in commands (command injection) * Support newer `validates :format` validation call * Add apptree for file system access (brynary) * JSON output does not mangle code formatting There is a possibility that one more major change will be introduced in 1.9, but I'm still working on it ;) Please report any issues so they can be fixed before Christmas! -Justin
