98 lines
3.4 KiB
Plaintext
98 lines
3.4 KiB
Plaintext
{
|
|
"ignored_warnings": [
|
|
{
|
|
"warning_type": "SQL Injection",
|
|
"warning_code": 0,
|
|
"fingerprint": "08f15e8e259f1da31762507f718191732f86a4f4f6d2fe2719e70fd22c9bc738",
|
|
"check_name": "SQL",
|
|
"message": "Possible SQL injection",
|
|
"file": "app/models/search.rb",
|
|
"line": 34,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
|
"code": "Search::Result.from(Searchable.search_index_table_name(user.account_id)).joins(\"INNER JOIN cards ON #{Searchable.search_index_table_name(user.account_id)}.card_id = cards.id\")",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "Search",
|
|
"method": "perform_search"
|
|
},
|
|
"user_input": "Searchable.search_index_table_name(user.account_id)",
|
|
"confidence": "Medium",
|
|
"cwe_id": [
|
|
89
|
|
],
|
|
"note": ""
|
|
},
|
|
{
|
|
"warning_type": "Mass Assignment",
|
|
"warning_code": 70,
|
|
"fingerprint": "ac0fa1970dea215e2f47a5676ffd63d8728951e361da12a53dd424bf6dc46f2a",
|
|
"check_name": "MassAssignment",
|
|
"message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
|
|
"file": "app/helpers/pagination_helper.rb",
|
|
"line": 14,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
|
|
"code": "params.permit!",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "PaginationHelper",
|
|
"method": "pagination_link"
|
|
},
|
|
"user_input": null,
|
|
"confidence": "Medium",
|
|
"cwe_id": [
|
|
915
|
|
],
|
|
"note": ""
|
|
},
|
|
{
|
|
"warning_type": "Remote Code Execution",
|
|
"warning_code": 24,
|
|
"fingerprint": "b00571393e95a8c7d77b1ed963cfc5cc89333bc82f447cf8783549d817990305",
|
|
"check_name": "UnsafeReflection",
|
|
"message": "Unsafe reflection method `safe_constantize` called on model attribute",
|
|
"file": "app/models/notifier.rb",
|
|
"line": 8,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
|
|
"code": "\"Notifier::#{Event.eventable.class}EventNotifier\".safe_constantize",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "Notifier",
|
|
"method": "s(:self).for"
|
|
},
|
|
"user_input": "Event.eventable.class",
|
|
"confidence": "Medium",
|
|
"cwe_id": [
|
|
470
|
|
],
|
|
"note": ""
|
|
},
|
|
{
|
|
"warning_type": "SQL Injection",
|
|
"warning_code": 0,
|
|
"fingerprint": "c05a5b5487f25eb46f1e6e6980ea952e65c460a27f1d67b093cd0cc028ec041b",
|
|
"check_name": "SQL",
|
|
"message": "Possible SQL injection",
|
|
"file": "app/models/card/searchable.rb",
|
|
"line": 15,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
|
"code": "joins(\"INNER JOIN #{Searchable.search_index_table_name(user.account_id)} ON #{Searchable.search_index_table_name(user.account_id)}.card_id = cards.id AND #{Searchable.search_index_table_name(user.account_id)}.board_id = cards.board_id\")",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "Card::Searchable",
|
|
"method": null
|
|
},
|
|
"user_input": "Searchable.search_index_table_name(user.account_id)",
|
|
"confidence": "Medium",
|
|
"cwe_id": [
|
|
89
|
|
],
|
|
"note": ""
|
|
}
|
|
],
|
|
"brakeman_version": "7.1.1"
|
|
}
|