Do not use string interpolation when composing SQL queries.
Using string interpolation when composing SQL queries is just one step away from creating a security issue. It's against the Rails best practices to do so. Doing so actually results into Brakeman complaining loudly.
Task: replace string interpolation with use of parameterization of queries and/or AREL.
#3 Updated by Martin Povolny almost 3 years ago
I started with Brakeman scan and `grep` and with Foreman only and did not spend much time on this yet.
I think that basic checking should be done on regular basis possibly as part of the CI and also for plugins. Brakeman can be used and/or services such as Hakiri (https://hakiri.io/).
I don't have a list of issues. Initial one can be obtained by running Brakeman.
In my opinion as a starting point all issues reported by Brakeman should be fixed or marked as false positives in the Brakeman config file (to be included with Foreman).