Brakeman - A Static Analysis Security Holes Scanner

1. Brakeman - A Static Analysis Security Holes Scanner for Ruby on Rails apps
2.  
3. Screenshots
4.  
5. Brakeman
6. Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
7. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.
8.  
9. Install using RubyGems
10. sudo apt-get update
11. sudo apt-get install ruby gem (Install RubyGems and Ruby program language)
12. sudo gem install brakeman (Install Brakeman)
13.  
14. Install with git clone
15. git clone git://github.com/presidentbeef/brakeman
16. cd brakeman
17. sudo apt update
18. sudo apt install ruby gem
19. sudo gem build brakeman.gemspec
20. sudo gem install brakeman-*.gem
21.  
22. Install using Bundler
23. group :development do
24. gem 'brakeman', :require => false
25. end
26.  
27. Usage
28. From a Rails application's root directory: sudo brakeman
29.  
30. Outside of Rails root: brakeman /path/to/rails/application
31.  
32. Basic Options
33. For a full list of options, use brakeman --help or see the OPTIONS.md file.
34.  
35. To specify an output file for the results: brakeman -o output_file
36.  
37. The output format is determined by the file extension or by using the -f option. Current options are: text, html, tabs, json, markdown, csv, and codeclimate.
38.  
39. Multiple output files can be specified: brakeman -o output.html -o output.json
40.  
41. To suppress informational warnings and just output the report: brakeman -q
42.  
43. Note all Brakeman output except reports are sent to stderr, making it simple to redirect stdout to a file and just get the report.
44.  
45. To see all kinds of debugging information: brakeman -d
46.  
47. Specific checks can be skipped, if desired. The name needs to be the correct case. For example, to skip looking for default routes (DefaultRoutes): brakeman -x DefaultRoutes
48.  
49. Multiple checks should be separated by a command: brakeman -x DefaultRoutes,Redirect
50.  
51. To do the opposite and only run a certain set of tests: brakeman -t SQL,ValidationRegex
52.  
53. If Brakeman is running a bit slow, try: brakeman --faster
54.  
55. This will disable some features, but will probably be much faster (currently it is the same as --skip-libs --no-branching). WARNING: This may cause Brakeman to miss some vulnerabilities.
56.  
57. By default, Brakeman will return a non-zero exit code if any security warnings are found or scanning errors are encountered. To disable this: brakeman --no-exit-on-warn --no-exit-on-error
58.  
59. To skip certain files or directories that Brakeman may have trouble parsing, use: brakeman --skip-files file1,/path1/,path2/
60.  
61. To compare results of a scan with a previous scan, use the JSON output option and then: brakeman --compare old_report.json
62.  
63. This will output JSON with two lists: one of fixed warnings and one of new warnings.
64.  
65. Brakeman will ignore warnings if configured to do so. By default, it looks for a configuration file in config/brakeman.ignore. To create and manage this file, use: brakeman -I
66.  
67. Compatibility
68. Brakeman should work with any version of Rails from 2.3.x to 5.x.
69. Brakeman can analyze code written with Ruby 1.8 syntax and newer, but requires at least Ruby 1.9.3 to run.
70.  
71. Warning information: See warning_types for more information on the warnings reported by this tool.
72.  
73. Warning context
74. The HTML output format provides an excerpt from the original application source where a warning was triggered. Due to the processing done while looking for vulnerabilities, the source may not resemble the reported warning and reported line numbers may be slightly off. However, the context still provides a quick look into the code which raised the warning.
75.  
76. Confidence levels
77. Brakeman assigns a confidence level to each warning. This provides a rough estimate of how certain the tool is that a given warning is actually a problem. Naturally, these ratings should not be taken as absolute truth.
78.  
79. There are three levels of confidence:
80. * High - Either this is a simple warning (boolean value) or user input is very likely being used in unsafe ways.
81. * Medium - This generally indicates an unsafe use of a variable, but the variable may or may not be user input.
82. * Weak - Typically means user input was indirectly used in a potentially unsafe manner.
83.  
84. To only get warnings above a given confidence level: brakeman -w3
85.  
86. The -w switch takes a number from 1 to 3, with 1 being low (all warnings) and 3 being high (only highest confidence warnings).
87.  
88. Configuration files
89. Brakeman options can stored and read from YAML files. To simplify the process of writing a configuration file, the -C option will output the currently set options.
90.  
91. Options passed in on the commandline have priority over configuration files.
92.  
93. The default config locations are ./config/brakeman.yml, ~/.brakeman/config.yml, and /etc/brakeman/config.yml
94.  
95. The -c option can be used to specify a configuration file to use.
96.  
97. Continuous Integration
98. There is a plugin available for Jenkins/Hudson.
99. For even more continuous testing, try the Guard plugin.
100.  
101. Who is Using Brakeman: Code Climate, GitHub, Groupon, New Relic, Twitter,... and more!
102.  
103. Homepage/News
104. Website: http://brakemanscanner.org/
105. Twitter: https://twitter.com/brakeman
106. Chat: https://gitter.im/presidentbeef/brakeman
107.  
108. License: see MIT-LICENSE
109.  
110. Download Brakeman: https://github.com/presidentbeef/brakeman