<p>I've had a look through the output, and while sure some are false positives, it's picking up a lot of dodgy coding practices that we've otherwise overlooked. Particularly the SQL injection stuff, where some small changes to the code would reduce the opportunity for mishaps later.</p>
<p>So I'm in principle happy to add Brakeman, the question is the best way to do it. If we add it with the return code disabled (as now), then we haven't achieved much since we could add new vulnerabilities without triggering a build failure. So I'd prefer to approach it the way we do with rubocop and erblint, that is to create a configuration that ignores existing problems, but will alert on new problems. We can then work our way through the todo list.</p>
<p>From looking at <a href="https://brakemanscanner.org/docs/options/" rel="nofollow">the brakeman docs</a>, we can create a config file and ignore the failing tests for now.</p>
<p>For this PR, it would also be best to just focus on the installation and configuration of brakeman. The regexp fixes would be valid in a standalone PR.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2229?email_source=notifications&email_token=AAK2OLP4V5HSSA7LGL7SGGTP2D3WDA5CNFSM4HN5ECS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXQN6PA#issuecomment-501276476">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLNEJCGZCASW47RHXCTP2D3WDANCNFSM4HN5ECSQ">mute the thread</a>.<img src="https://github.com/notifications/beacon/AAK2OLJUKAOPLTCBPVKCTIDP2D3WDA5CNFSM4HN5ECS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXQN6PA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2229?email_source=notifications\u0026email_token=AAK2OLP4V5HSSA7LGL7SGGTP2D3WDA5CNFSM4HN5ECS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXQN6PA#issuecomment-501276476",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2229?email_source=notifications\u0026email_token=AAK2OLP4V5HSSA7LGL7SGGTP2D3WDA5CNFSM4HN5ECS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXQN6PA#issuecomment-501276476",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>