Oops, forgot a major one: Brakeman will now ignore route information
and treat all controller methods as actions by default.
https://github.com/presidentbeef/brakeman/pull/219
On 21.12.2012 10:36, Justin wrote:
> With the upgrade to RubyParser 3.x which required substantial code
> changes, Brakeman 1.9 will be a fairly major release.
>
> To try it out, install with: gem install brakeman --pre
>
> These changes are all included in the 1.9 preview:
>
> * Update to RubyParser 3.x
> * Handle Rails 4/strong_parameters gem
> * Optional intra-procedural data flow for simple helper methods in
> controllers (use `--interprocedural` to try it out)
> * Output Brakeman version in HTML/JSON
> * Output scan duration in HTML/JSON
> * Reduce Sexp creation
> * Session check was looking for Rails3::... which is silly
> * Fix check for string interpolation in commands (command injection)
> * Support newer `validates :format` validation call
> * Add apptree for file system access (brynary)
> * JSON output does not mangle code formatting
>
> There is a possibility that one more major change will be introduced
> in
> 1.9, but I'm still working on it ;)
>
> Please report any issues so they can be fixed before Christmas!
>
> -Justin
