resolved some brakeman false positives

2017-02-27 11:17:15 -06:00 · 2017-02-27 11:17:15 -06:00 · 538190b6bf
commit 538190b6bf
parent 4ba35ccf33
2 changed files with 56 additions and 2 deletions
--- a/app/services/fake_quiz.rb
+++ b/app/services/fake_quiz.rb
@ -1,4 +1,5 @@
 # frozen_string_literal: true
+# :nocov:
 class FakeQuiz
  def create_completed_quizzes num = 10
    num.times do
@ -67,3 +68,4 @@ class FakeQuiz
      end
    end # rubocop:enable Metrics/MethodLength
 end
+# :nocov:
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -1,10 +1,62 @@
 {
  "ignored_warnings": [
    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2",
+      "message": "Possible SQL injection",
+      "file": "app/controllers/admin/candidate_controller.rb",
+      "line": 9,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "Candidate.order(\"#{sort_column} #{sort_direction}\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::CandidateController",
+        "method": "index"
+      },
+      "user_input": "sort_column",
+      "confidence": "Medium",
+      "note": ""
+    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "7b53c580318f2405b59e3332311533ed2d3b395020107634b5362462896dcc1a",
+      "message": "Possible SQL injection",
+      "file": "app/controllers/admin/result_controller.rb",
+      "line": 16,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{sort_column} #{sort_direction}\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::ResultController",
+        "method": "index"
+      },
+      "user_input": "sort_column",
+      "confidence": "Medium",
+      "note": ""
+    },
+    {
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
      "fingerprint": "da17225c940987e6239cc4ecfe27bcb1e5da2db1134435dc3e1025d97927e0ba",
+      "message": "Render path contains parameter value",
+      "file": "app/views/admin/question/options.html.erb",
+      "line": 3,
+      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(partial => \"admin/question/#{params[:input_type]}\", { :locals => ({ :question => ((Question.find(params[:question_id]) or Question.new)) }) })",
+      "render_path": [{"type":"controller","class":"Admin::QuestionController","method":"options","line":58,"file":"app/controllers/admin/question_controller.rb"}],
+      "location": {
+        "type": "template",
+        "template": "admin/question/options"
+      },
+      "user_input": "params[:input_type]",
+      "confidence": "Medium",
      "note": "false positive"
    }
  ],
-  "updated": "2016-09-19 09:06:25 -0500",
-  "brakeman_version": "3.4.0"
+  "updated": "2017-02-27 11:16:00 -0600",
+  "brakeman_version": "3.4.1"
 }