diff --git a/app/services/fake_quiz.rb b/app/services/fake_quiz.rb index 835305f..6929504 100644 --- a/app/services/fake_quiz.rb +++ b/app/services/fake_quiz.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true +# :nocov: class FakeQuiz def create_completed_quizzes num = 10 num.times do @@ -67,3 +68,4 @@ class FakeQuiz end end # rubocop:enable Metrics/MethodLength end +# :nocov: diff --git a/config/brakeman.ignore b/config/brakeman.ignore index 3348c50..ff0142e 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -1,10 +1,62 @@ { "ignored_warnings": [ { + "warning_type": "SQL Injection", + "warning_code": 0, + "fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2", + "message": "Possible SQL injection", + "file": "app/controllers/admin/candidate_controller.rb", + "line": 9, + "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/", + "code": "Candidate.order(\"#{sort_column} #{sort_direction}\")", + "render_path": null, + "location": { + "type": "method", + "class": "Admin::CandidateController", + "method": "index" + }, + "user_input": "sort_column", + "confidence": "Medium", + "note": "" + }, + { + "warning_type": "SQL Injection", + "warning_code": 0, + "fingerprint": "7b53c580318f2405b59e3332311533ed2d3b395020107634b5362462896dcc1a", + "message": "Possible SQL injection", + "file": "app/controllers/admin/result_controller.rb", + "line": 16, + "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/", + "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{sort_column} #{sort_direction}\")", + "render_path": null, + "location": { + "type": "method", + "class": "Admin::ResultController", + "method": "index" + }, + "user_input": "sort_column", + "confidence": "Medium", + "note": "" + }, + { + "warning_type": "Dynamic Render Path", + "warning_code": 15, "fingerprint": "da17225c940987e6239cc4ecfe27bcb1e5da2db1134435dc3e1025d97927e0ba", + "message": "Render path contains parameter value", + "file": "app/views/admin/question/options.html.erb", + "line": 3, + "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/", + "code": "render(partial => \"admin/question/#{params[:input_type]}\", { :locals => ({ :question => ((Question.find(params[:question_id]) or Question.new)) }) })", + "render_path": [{"type":"controller","class":"Admin::QuestionController","method":"options","line":58,"file":"app/controllers/admin/question_controller.rb"}], + "location": { + "type": "template", + "template": "admin/question/options" + }, + "user_input": "params[:input_type]", + "confidence": "Medium", "note": "false positive" } ], - "updated": "2016-09-19 09:06:25 -0500", - "brakeman_version": "3.4.0" + "updated": "2017-02-27 11:16:00 -0600", + "brakeman_version": "3.4.1" }