From 30b6adcd1cfe4da2e6123762acf9c2c17144b14f Mon Sep 17 00:00:00 2001 From: Jorge Manrubia Date: Fri, 18 Jul 2025 10:57:13 +0200 Subject: [PATCH] Update brakeman --- config/brakeman.ignore | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/config/brakeman.ignore b/config/brakeman.ignore index 2c640eb3b..12307b2bd 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -25,7 +25,7 @@ { "type": "template", "name": "searches/show", - "line": 25, + "line": 28, "file": "app/views/searches/show.html.erb", "rendered": { "name": "searches/_result", @@ -74,7 +74,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/concerns/searchable.rb", - "line": 36, + "line": 28, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "joins(\"join #{using} idx on #{table_name}.id = idx.rowid\")", "render_path": null, @@ -90,6 +90,29 @@ ], "note": "" }, + { + "warning_type": "SQL Injection", + "warning_code": 0, + "fingerprint": "49f2925b6e92d95f3dc5c423e92250badafc6a12e90983a35c441b3459796870", + "check_name": "SQL", + "message": "Possible SQL injection", + "file": "app/models/concerns/searchable.rb", + "line": 31, + "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", + "code": "joins(\"join #{using} idx on #{table_name}.id = idx.rowid\").where(\"#{using} match ?\", Search::Query.wrap(query).to_s)", + "render_path": null, + "location": { + "type": "method", + "class": "Searchable", + "method": "searchable_by" + }, + "user_input": "using", + "confidence": "Weak", + "cwe_id": [ + 89 + ], + "note": "" + }, { "warning_type": "Cross-Site Scripting", "warning_code": 2, @@ -115,7 +138,7 @@ { "type": "template", "name": "searches/show", - "line": 25, + "line": 28, "file": "app/views/searches/show.html.erb", "rendered": { "name": "searches/_result", @@ -182,7 +205,7 @@ { "type": "template", "name": "searches/show", - "line": 25, + "line": 28, "file": "app/views/searches/show.html.erb", "rendered": { "name": "searches/_result",