Merge pull request #1789 from joevin-slq-docto/handle_pg_connection_e…

…scape_string Add PG::Connection.escape_string as authorized sanitization function
presidentbeef · Oct 13, 2023 · 4353b8a · 4353b8a
2 parents 9f63df9 + 6bb1e7f
commit 4353b8a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb
@@ -591,7 +591,7 @@ def check_string_arg exp
     :sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
     :sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
     :to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,
-    :where_values_hash, :foreign_key, :uuid
+    :where_values_hash, :foreign_key, :uuid, :escape, :escape_string
   ]
 
   def ignore_methods_in_sql