diff --git a/config/brakeman.ignore b/config/brakeman.ignore index 2b01354c6..fa6a9db90 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -1,5 +1,28 @@ { "ignored_warnings": [ + { + "warning_type": "SQL Injection", + "warning_code": 0, + "fingerprint": "1261c0a89b23c1d7386d684f41c26cc230fa9b5b00d062d7f8d4d1a15bde96a8", + "check_name": "SQL", + "message": "Possible SQL injection", + "file": "app/models/card/entropic.rb", + "line": 9, + "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", + "code": "left_outer_joins(:collection => :entropy_configuration).where(\"last_active_at <= DATETIME('now', '-' || COALESCE(entropy_configurations.#{period_name}, ?) || ' seconds')\", Entropy::Configuration.default.public_send(period_name))", + "render_path": null, + "location": { + "type": "method", + "class": "Card::Entropic", + "method": null + }, + "user_input": "period_name", + "confidence": "Weak", + "cwe_id": [ + 89 + ], + "note": "" + }, { "warning_type": "SQL Injection", "warning_code": 0, @@ -7,7 +30,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/concerns/searchable.rb", - "line": 14, + "line": 22, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "joins(\"join #{using} idx on #{table_name}.id = idx.rowid\")", "render_path": null, @@ -23,30 +46,6 @@ ], "note": "" }, - { - "warning_type": "Dangerous Eval", - "warning_code": 13, - "fingerprint": "971ca740ceee7ae9a7d02a257964afd0b80672b3a4c49eeaf8a07a178bb84e78", - "check_name": "Evaluation", - "message": "Dynamic string evaluated as code", - "file": "lib/rails_ext/action_text_has_markdown.rb", - "line": 7, - "link": "https://brakemanscanner.org/docs/warning_types/dangerous_eval/", - "code": "class_eval(\" def #{name}\\n markdown_#{name} || build_markdown_#{name}\\n end\\n\\n def #{name}_html\\n #{name}.to_html\\n end\\n\\n def #{name}_plain_text\\n #{name}.to_plain_text\\n end\\n\\n def #{name}?\\n markdown_#{name}.present?\\n end\\n\\n def #{name}=(content)\\n self.#{name}.content = content\\n end\\n\", \"lib/rails_ext/action_text_has_markdown.rb\", 8)", - "render_path": null, - "location": { - "type": "method", - "class": "ActionText::HasMarkdown", - "method": "has_markdown" - }, - "user_input": null, - "confidence": "Weak", - "cwe_id": [ - 913, - 95 - ], - "note": "" - }, { "warning_type": "Remote Code Execution", "warning_code": 24,