Comments (2)
Ah, it's pretty complicated to deal with logical expressions like that, so right now Brakeman only handles simple conditions.
If you moved EMAIL_TYPES.include?(type)
to a nested if
it should work:
if user && check_permission!(user)
if EMAIL_TYPES.include?(type)
# ...
Or you could flip the if
statements - it might be cheaper to do the array check first.
In any case, try it and see if the Brakeman warning goes away. The other issue that might come up is if EMAIL_TYPES
is defined somewhere Brakeman doesn't pick up properly.
from brakeman.
from brakeman.
Related Issues (20)
- False positive - loofah gem 2.19.1 is already beyond suggested upgrade of 2.2.1 HOT 2
- Config in environment files generated by external services are not detected HOT 1
- Documentation Missing for Path Traversal HOT 2
- `abbrev` warning for ruby 3.4.0 HOT 4
- Possibility to ignore/skip directories/paths HOT 4
- UnsafeReflection requires array to be defined with values strictly in the context of the execution HOT 4
- Brakeman does not follow directory symlinks HOT 7
- Brakeman hangs on some platforms HOT 5
- Brakeman unable to detect Renderables in a Gem? HOT 2
- Command Injection doesn't detect shellescape unless the code is in the same function HOT 2
- Undeliverable address [email protected] in LICENSE.md HOT 2
- Controller with "log" in pathname excluded from scan HOT 1
- Check Graphql end-point for vulnerabilities HOT 1
- with_content for ViewComponent flagged as dynamic render path HOT 4
- Parsing Error on splat operator
- Issue with adding autoload_paths for views dir HOT 1
- False negatives due to --skip-libs ignoring app/ files. HOT 1
- Support non-standard gemfile naming for dual booting Rails apps HOT 1
- brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module)
- Incorrect identification of User input; Unable to dynamically render fully qualified path HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brakeman.