Update brakeman warnings due to moved code

This commit is contained in:
Kevin McConnell
2024-10-03 16:25:59 +01:00
parent b7feddf6b7
commit f305776fe4
+8 -8
View File
@@ -3,13 +3,13 @@
{
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "6e41fafa4bc61e0923280ba247d7bbcb5e1f1c6ef99dcef5c28ec8aee997249c",
"fingerprint": "2a34f36c066816753df7779e99a34c276efdb3590c16a681145c3ff62b894331",
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/concerns/searchable.rb",
"line": 13,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "joins(\"join #{using} idx on id = idx.rowid\")",
"code": "joins(\"join #{using} idx on #{table_name}.id = idx.rowid\")",
"render_path": null,
"location": {
"type": "method",
@@ -21,24 +21,24 @@
"cwe_id": [
89
],
"note": "String interpolation in query doesn't involve user data"
"note": ""
},
{
"warning_type": "Dynamic Render Path",
"warning_code": 15,
"fingerprint": "bce4f3b9f7cb59333f08e0597859903a473f0ebd0ef07e0deaa1b4bb64598058",
"fingerprint": "95ded3afec947789921bb5e8ce5d29bd8b2e1a7be03623ecd8810051769ef72d",
"check_name": "Render",
"message": "Render path contains parameter value",
"file": "app/views/bubbles/index.html.erb",
"line": 31,
"line": 103,
"link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
"code": "render(action => @bucket.bubbles.ordered_by_activity.limit(10).tagged_with(Current.account.tags.find(params[:tag_id])), {})",
"code": "render(action => @bucket.bubbles.not_popped.reverse_chronologically.mentioning(params[:filter]).ordered_by_activity.limit(10).tagged_with(Current.account.tags.find(params[:tag_id])), {})",
"render_path": [
{
"type": "controller",
"class": "BubblesController",
"method": "index",
"line": 11,
"line": 16,
"file": "app/controllers/bubbles_controller.rb",
"rendered": {
"name": "bubbles/index",
@@ -58,6 +58,6 @@
"note": ""
}
],
"updated": "2024-10-02 16:07:06 -0400",
"updated": "2024-10-03 16:25:56 +0100",
"brakeman_version": "6.2.1"
}