Update brakeman
This commit is contained in:
+24
-25
@@ -1,5 +1,28 @@
|
||||
{
|
||||
"ignored_warnings": [
|
||||
{
|
||||
"warning_type": "SQL Injection",
|
||||
"warning_code": 0,
|
||||
"fingerprint": "1261c0a89b23c1d7386d684f41c26cc230fa9b5b00d062d7f8d4d1a15bde96a8",
|
||||
"check_name": "SQL",
|
||||
"message": "Possible SQL injection",
|
||||
"file": "app/models/card/entropic.rb",
|
||||
"line": 9,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||
"code": "left_outer_joins(:collection => :entropy_configuration).where(\"last_active_at <= DATETIME('now', '-' || COALESCE(entropy_configurations.#{period_name}, ?) || ' seconds')\", Entropy::Configuration.default.public_send(period_name))",
|
||||
"render_path": null,
|
||||
"location": {
|
||||
"type": "method",
|
||||
"class": "Card::Entropic",
|
||||
"method": null
|
||||
},
|
||||
"user_input": "period_name",
|
||||
"confidence": "Weak",
|
||||
"cwe_id": [
|
||||
89
|
||||
],
|
||||
"note": ""
|
||||
},
|
||||
{
|
||||
"warning_type": "SQL Injection",
|
||||
"warning_code": 0,
|
||||
@@ -7,7 +30,7 @@
|
||||
"check_name": "SQL",
|
||||
"message": "Possible SQL injection",
|
||||
"file": "app/models/concerns/searchable.rb",
|
||||
"line": 14,
|
||||
"line": 22,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||
"code": "joins(\"join #{using} idx on #{table_name}.id = idx.rowid\")",
|
||||
"render_path": null,
|
||||
@@ -23,30 +46,6 @@
|
||||
],
|
||||
"note": ""
|
||||
},
|
||||
{
|
||||
"warning_type": "Dangerous Eval",
|
||||
"warning_code": 13,
|
||||
"fingerprint": "971ca740ceee7ae9a7d02a257964afd0b80672b3a4c49eeaf8a07a178bb84e78",
|
||||
"check_name": "Evaluation",
|
||||
"message": "Dynamic string evaluated as code",
|
||||
"file": "lib/rails_ext/action_text_has_markdown.rb",
|
||||
"line": 7,
|
||||
"link": "https://brakemanscanner.org/docs/warning_types/dangerous_eval/",
|
||||
"code": "class_eval(\" def #{name}\\n markdown_#{name} || build_markdown_#{name}\\n end\\n\\n def #{name}_html\\n #{name}.to_html\\n end\\n\\n def #{name}_plain_text\\n #{name}.to_plain_text\\n end\\n\\n def #{name}?\\n markdown_#{name}.present?\\n end\\n\\n def #{name}=(content)\\n self.#{name}.content = content\\n end\\n\", \"lib/rails_ext/action_text_has_markdown.rb\", 8)",
|
||||
"render_path": null,
|
||||
"location": {
|
||||
"type": "method",
|
||||
"class": "ActionText::HasMarkdown",
|
||||
"method": "has_markdown"
|
||||
},
|
||||
"user_input": null,
|
||||
"confidence": "Weak",
|
||||
"cwe_id": [
|
||||
913,
|
||||
95
|
||||
],
|
||||
"note": ""
|
||||
},
|
||||
{
|
||||
"warning_type": "Remote Code Execution",
|
||||
"warning_code": 24,
|
||||
|
||||
Reference in New Issue
Block a user