You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Brakeman should report both eval in this code as dangerous but doesn't:
class ApplicationController < ActionController::Base
def dangerous_eval
# reported by Brakeman
eval(params[:code])
end
def also_dangerous_eval
# not reported by Brakeman
eval(params[:code]).to_s
end
end
Background
Brakeman version: 5.0.1
Rails version: 6.1.3.2
Ruby version: 2.7.2
Link to Rails application code: https://github.com/Becojo/rails-eval-to-s
Issue
Brakeman should report both eval in this code as dangerous but doesn't:
https://github.com/Becojo/rails-eval-to-s/blob/e983dd26f19ec14bedc1c22eb3afd377e098433e/app/controllers/application_controller.rb#L1-L11
The text was updated successfully, but these errors were encountered: