brakeman: drop two obsolete warnings, ignore new searchable sql
This commit is contained in:
+26
-72
@@ -1,51 +1,5 @@
|
||||
{
|
||||
"ignored_warnings": [
|
||||
{
|
||||
"warning_type": "SQL Injection",
|
||||
"warning_code": 0,
|
||||
"fingerprint": "2a34f36c066816753df7779e99a34c276efdb3590c16a681145c3ff62b894331",
|
||||
"check_name": "SQL",
|
||||
"message": "Possible SQL injection",
|
||||
"file": "app/models/concerns/searchable.rb",
|
||||
"line": 43,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||
"code": "joins(\"join #{using} idx on #{table_name}.id = idx.rowid\")",
|
||||
"render_path": null,
|
||||
"location": {
|
||||
"type": "method",
|
||||
"class": "Searchable",
|
||||
"method": "searchable_by"
|
||||
},
|
||||
"user_input": "using",
|
||||
"confidence": "Medium",
|
||||
"cwe_id": [
|
||||
89
|
||||
],
|
||||
"note": ""
|
||||
},
|
||||
{
|
||||
"warning_type": "SQL Injection",
|
||||
"warning_code": 0,
|
||||
"fingerprint": "49f2925b6e92d95f3dc5c423e92250badafc6a12e90983a35c441b3459796870",
|
||||
"check_name": "SQL",
|
||||
"message": "Possible SQL injection",
|
||||
"file": "app/models/concerns/searchable.rb",
|
||||
"line": 46,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||
"code": "joins(\"join #{using} idx on #{table_name}.id = idx.rowid\").where(\"#{using} match ?\", Search::Query.wrap(query).to_s)",
|
||||
"render_path": null,
|
||||
"location": {
|
||||
"type": "method",
|
||||
"class": "Searchable",
|
||||
"method": "searchable_by"
|
||||
},
|
||||
"user_input": "using",
|
||||
"confidence": "Weak",
|
||||
"cwe_id": [
|
||||
89
|
||||
],
|
||||
"note": ""
|
||||
},
|
||||
{
|
||||
"warning_type": "SQL Injection",
|
||||
"warning_code": 0,
|
||||
@@ -53,7 +7,7 @@
|
||||
"check_name": "SQL",
|
||||
"message": "Possible SQL injection",
|
||||
"file": "app/models/search.rb",
|
||||
"line": 33,
|
||||
"line": 34,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||
"code": "Search::Result.from(Searchable.search_index_table_name(user.account_id)).joins(\"INNER JOIN cards ON #{Searchable.search_index_table_name(user.account_id)}.card_id = cards.id\")",
|
||||
"render_path": null,
|
||||
@@ -69,29 +23,6 @@
|
||||
],
|
||||
"note": ""
|
||||
},
|
||||
{
|
||||
"warning_type": "SQL Injection",
|
||||
"warning_code": 0,
|
||||
"fingerprint": "e2069dcaa15f04898b9ad356ee3277e4a0b718e88c991c86d896dbded1b47f97",
|
||||
"check_name": "SQL",
|
||||
"message": "Possible SQL injection",
|
||||
"file": "app/models/card/searchable.rb",
|
||||
"line": 12,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||
"code": "joins(\"INNER JOIN #{Searchable.search_index_table_name(account_id)} ON #{Searchable.search_index_table_name(account_id)}.card_id = cards.id AND #{Searchable.search_index_table_name(account_id)}.board_id = cards.board_id\")",
|
||||
"render_path": null,
|
||||
"location": {
|
||||
"type": "method",
|
||||
"class": "Card::Searchable",
|
||||
"method": null
|
||||
},
|
||||
"user_input": "Searchable.search_index_table_name(account_id)",
|
||||
"confidence": "Medium",
|
||||
"cwe_id": [
|
||||
89
|
||||
],
|
||||
"note": ""
|
||||
},
|
||||
{
|
||||
"warning_type": "Mass Assignment",
|
||||
"warning_code": 70,
|
||||
@@ -99,7 +30,7 @@
|
||||
"check_name": "MassAssignment",
|
||||
"message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
|
||||
"file": "app/helpers/pagination_helper.rb",
|
||||
"line": 13,
|
||||
"line": 14,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
|
||||
"code": "params.permit!",
|
||||
"render_path": null,
|
||||
@@ -137,7 +68,30 @@
|
||||
470
|
||||
],
|
||||
"note": ""
|
||||
},
|
||||
{
|
||||
"warning_type": "SQL Injection",
|
||||
"warning_code": 0,
|
||||
"fingerprint": "c05a5b5487f25eb46f1e6e6980ea952e65c460a27f1d67b093cd0cc028ec041b",
|
||||
"check_name": "SQL",
|
||||
"message": "Possible SQL injection",
|
||||
"file": "app/models/card/searchable.rb",
|
||||
"line": 15,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||
"code": "joins(\"INNER JOIN #{Searchable.search_index_table_name(user.account_id)} ON #{Searchable.search_index_table_name(user.account_id)}.card_id = cards.id AND #{Searchable.search_index_table_name(user.account_id)}.board_id = cards.board_id\")",
|
||||
"render_path": null,
|
||||
"location": {
|
||||
"type": "method",
|
||||
"class": "Card::Searchable",
|
||||
"method": null
|
||||
},
|
||||
"user_input": "Searchable.search_index_table_name(user.account_id)",
|
||||
"confidence": "Medium",
|
||||
"cwe_id": [
|
||||
89
|
||||
],
|
||||
"note": ""
|
||||
}
|
||||
],
|
||||
"brakeman_version": "7.1.0"
|
||||
"brakeman_version": "7.1.1"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user