76 lines
2.8 KiB
Plaintext
76 lines
2.8 KiB
Plaintext
{
|
|
"ignored_warnings": [
|
|
{
|
|
"warning_type": "SQL Injection",
|
|
"warning_code": 0,
|
|
"fingerprint": "2a34f36c066816753df7779e99a34c276efdb3590c16a681145c3ff62b894331",
|
|
"check_name": "SQL",
|
|
"message": "Possible SQL injection",
|
|
"file": "app/models/concerns/searchable.rb",
|
|
"line": 14,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
|
"code": "joins(\"join #{using} idx on #{table_name}.id = idx.rowid\")",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "Searchable",
|
|
"method": "searchable_by"
|
|
},
|
|
"user_input": "using",
|
|
"confidence": "Medium",
|
|
"cwe_id": [
|
|
89
|
|
],
|
|
"note": ""
|
|
},
|
|
{
|
|
"warning_type": "Dangerous Eval",
|
|
"warning_code": 13,
|
|
"fingerprint": "971ca740ceee7ae9a7d02a257964afd0b80672b3a4c49eeaf8a07a178bb84e78",
|
|
"check_name": "Evaluation",
|
|
"message": "Dynamic string evaluated as code",
|
|
"file": "lib/rails_ext/action_text_has_markdown.rb",
|
|
"line": 7,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/dangerous_eval/",
|
|
"code": "class_eval(\" def #{name}\\n markdown_#{name} || build_markdown_#{name}\\n end\\n\\n def #{name}_html\\n #{name}.to_html\\n end\\n\\n def #{name}_plain_text\\n #{name}.to_plain_text\\n end\\n\\n def #{name}?\\n markdown_#{name}.present?\\n end\\n\\n def #{name}=(content)\\n self.#{name}.content = content\\n end\\n\", \"lib/rails_ext/action_text_has_markdown.rb\", 8)",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "ActionText::HasMarkdown",
|
|
"method": "has_markdown"
|
|
},
|
|
"user_input": null,
|
|
"confidence": "Weak",
|
|
"cwe_id": [
|
|
913,
|
|
95
|
|
],
|
|
"note": ""
|
|
},
|
|
{
|
|
"warning_type": "Remote Code Execution",
|
|
"warning_code": 24,
|
|
"fingerprint": "b00571393e95a8c7d77b1ed963cfc5cc89333bc82f447cf8783549d817990305",
|
|
"check_name": "UnsafeReflection",
|
|
"message": "Unsafe reflection method `safe_constantize` called on model attribute",
|
|
"file": "app/models/notifier.rb",
|
|
"line": 8,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
|
|
"code": "\"Notifier::#{Event.eventable.class}EventNotifier\".safe_constantize",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "Notifier",
|
|
"method": "s(:self).for"
|
|
},
|
|
"user_input": "Event.eventable.class",
|
|
"confidence": "Medium",
|
|
"cwe_id": [
|
|
470
|
|
],
|
|
"note": ""
|
|
}
|
|
],
|
|
"brakeman_version": "7.0.2"
|
|
}
|