Oops, forgot a major one: Brakeman will now ignore route information and treat all controller methods as actions by default.
https://github.com/presidentbeef/brakeman/pull/219 On 21.12.2012 10:36, Justin wrote: > With the upgrade to RubyParser 3.x which required substantial code > changes, Brakeman 1.9 will be a fairly major release. > > To try it out, install with: gem install brakeman --pre > > These changes are all included in the 1.9 preview: > > * Update to RubyParser 3.x > * Handle Rails 4/strong_parameters gem > * Optional intra-procedural data flow for simple helper methods in > controllers (use `--interprocedural` to try it out) > * Output Brakeman version in HTML/JSON > * Output scan duration in HTML/JSON > * Reduce Sexp creation > * Session check was looking for Rails3::... which is silly > * Fix check for string interpolation in commands (command injection) > * Support newer `validates :format` validation call > * Add apptree for file system access (brynary) > * JSON output does not mangle code formatting > > There is a possibility that one more major change will be introduced > in > 1.9, but I'm still working on it ;) > > Please report any issues so they can be fixed before Christmas! > > -Justin
