From 538190b6bf13f8eb7a22bc4cf94f1af3884ccc57 Mon Sep 17 00:00:00 2001
From: Mark Moser <mark.moser@perficient.com>
Date: Mon, 27 Feb 2017 11:17:15 -0600
Subject: [PATCH] resolved some brakeman false positives

---
 app/services/fake_quiz.rb |  2 ++
 config/brakeman.ignore    | 56 +++++++++++++++++++++++++++++++++++++--
 2 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/app/services/fake_quiz.rb b/app/services/fake_quiz.rb
index 835305f..6929504 100644
--- a/app/services/fake_quiz.rb
+++ b/app/services/fake_quiz.rb
@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+# :nocov:
 class FakeQuiz
   def create_completed_quizzes num = 10
     num.times do
@@ -67,3 +68,4 @@ class FakeQuiz
       end
     end # rubocop:enable Metrics/MethodLength
 end
+# :nocov:
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index 3348c50..ff0142e 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -1,10 +1,62 @@
 {
   "ignored_warnings": [
     {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2",
+      "message": "Possible SQL injection",
+      "file": "app/controllers/admin/candidate_controller.rb",
+      "line": 9,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "Candidate.order(\"#{sort_column} #{sort_direction}\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::CandidateController",
+        "method": "index"
+      },
+      "user_input": "sort_column",
+      "confidence": "Medium",
+      "note": ""
+    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "7b53c580318f2405b59e3332311533ed2d3b395020107634b5362462896dcc1a",
+      "message": "Possible SQL injection",
+      "file": "app/controllers/admin/result_controller.rb",
+      "line": 16,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{sort_column} #{sort_direction}\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::ResultController",
+        "method": "index"
+      },
+      "user_input": "sort_column",
+      "confidence": "Medium",
+      "note": ""
+    },
+    {
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
       "fingerprint": "da17225c940987e6239cc4ecfe27bcb1e5da2db1134435dc3e1025d97927e0ba",
+      "message": "Render path contains parameter value",
+      "file": "app/views/admin/question/options.html.erb",
+      "line": 3,
+      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(partial => \"admin/question/#{params[:input_type]}\", { :locals => ({ :question => ((Question.find(params[:question_id]) or Question.new)) }) })",
+      "render_path": [{"type":"controller","class":"Admin::QuestionController","method":"options","line":58,"file":"app/controllers/admin/question_controller.rb"}],
+      "location": {
+        "type": "template",
+        "template": "admin/question/options"
+      },
+      "user_input": "params[:input_type]",
+      "confidence": "Medium",
       "note": "false positive"
     }
   ],
-  "updated": "2016-09-19 09:06:25 -0500",
-  "brakeman_version": "3.4.0"
+  "updated": "2017-02-27 11:16:00 -0600",
+  "brakeman_version": "3.4.1"
 }