Skip to content

Desired Features

Jump to bottom Edit New page
bryan-ash edited this page Dec 10, 2010 · 7 revisions

a.k.a. "TODO List"

Test Suite

Brakeman needs tests. It is scary to make changes without them.

Rails 3

Rails 3 is here to stay, maybe Brakeman 1.0.0?

Document How to Create Checks

Put up a guide for how to add checks to Brakeman.

Check for Symbol Creation

Look for parameters being turned into symbols (potential memory DOS kind of vulnerability).

PDF Support

Should not be too difficult.

Document How to Create Custom Reports

Maybe there needs to be a better architecture for this, too.

Add Support For Ignoring Specified Model Methods

Currently, the methods average, count, maximum, minimum, and sum are not considered model attributes when checking for cross site scripting. Allow the user to add methods to that list.

Support Comparing Reports

For example, if Brakeman is run as a commit hook or a nightly cron job, have it be able to know if there have been any changes in the report.

Add a custom footer
Add a custom sidebar
Clone this wiki locally