After further investigation, i found that brakeman is throwing Possible sql injection error at line “test = Something::Model.where(params[:param1] So after some research i found that i have to use ActionController::Base.helpers.santize so when i used it as follows, it didnt throw any brakeman error.