prevent rails 5.2+ without defaults being oked

montdidier · montdidier · commit aba023bdac3d · 2020-11-19T11:43:53.000+08:00
diff --git a/lib/brakeman/tracker/config.rb b/lib/brakeman/tracker/config.rb
@@ -20,9 +20,7 @@ def initialize tracker
 
     def default_protect_from_forgery?
       if version_between? "5.2.0.beta1", "9.9.9"
-        if @rails.dig(:action_controller, :default_protect_from_forgery) == Sexp.new(:false)
-          return false
-        else
+        if @rails.dig(:action_controller, :default_protect_from_forgery) == Sexp.new(:true)
           return true
         end
       end
