resolved some brakeman false positives
This commit is contained in:
parent
4ba35ccf33
commit
538190b6bf
@ -1,4 +1,5 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
# :nocov:
|
||||||
class FakeQuiz
|
class FakeQuiz
|
||||||
def create_completed_quizzes num = 10
|
def create_completed_quizzes num = 10
|
||||||
num.times do
|
num.times do
|
||||||
@ -67,3 +68,4 @@ class FakeQuiz
|
|||||||
end
|
end
|
||||||
end # rubocop:enable Metrics/MethodLength
|
end # rubocop:enable Metrics/MethodLength
|
||||||
end
|
end
|
||||||
|
# :nocov:
|
||||||
|
@ -1,10 +1,62 @@
|
|||||||
{
|
{
|
||||||
"ignored_warnings": [
|
"ignored_warnings": [
|
||||||
{
|
{
|
||||||
|
"warning_type": "SQL Injection",
|
||||||
|
"warning_code": 0,
|
||||||
|
"fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2",
|
||||||
|
"message": "Possible SQL injection",
|
||||||
|
"file": "app/controllers/admin/candidate_controller.rb",
|
||||||
|
"line": 9,
|
||||||
|
"link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||||
|
"code": "Candidate.order(\"#{sort_column} #{sort_direction}\")",
|
||||||
|
"render_path": null,
|
||||||
|
"location": {
|
||||||
|
"type": "method",
|
||||||
|
"class": "Admin::CandidateController",
|
||||||
|
"method": "index"
|
||||||
|
},
|
||||||
|
"user_input": "sort_column",
|
||||||
|
"confidence": "Medium",
|
||||||
|
"note": ""
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"warning_type": "SQL Injection",
|
||||||
|
"warning_code": 0,
|
||||||
|
"fingerprint": "7b53c580318f2405b59e3332311533ed2d3b395020107634b5362462896dcc1a",
|
||||||
|
"message": "Possible SQL injection",
|
||||||
|
"file": "app/controllers/admin/result_controller.rb",
|
||||||
|
"line": 16,
|
||||||
|
"link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
|
||||||
|
"code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{sort_column} #{sort_direction}\")",
|
||||||
|
"render_path": null,
|
||||||
|
"location": {
|
||||||
|
"type": "method",
|
||||||
|
"class": "Admin::ResultController",
|
||||||
|
"method": "index"
|
||||||
|
},
|
||||||
|
"user_input": "sort_column",
|
||||||
|
"confidence": "Medium",
|
||||||
|
"note": ""
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"warning_type": "Dynamic Render Path",
|
||||||
|
"warning_code": 15,
|
||||||
"fingerprint": "da17225c940987e6239cc4ecfe27bcb1e5da2db1134435dc3e1025d97927e0ba",
|
"fingerprint": "da17225c940987e6239cc4ecfe27bcb1e5da2db1134435dc3e1025d97927e0ba",
|
||||||
|
"message": "Render path contains parameter value",
|
||||||
|
"file": "app/views/admin/question/options.html.erb",
|
||||||
|
"line": 3,
|
||||||
|
"link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
|
||||||
|
"code": "render(partial => \"admin/question/#{params[:input_type]}\", { :locals => ({ :question => ((Question.find(params[:question_id]) or Question.new)) }) })",
|
||||||
|
"render_path": [{"type":"controller","class":"Admin::QuestionController","method":"options","line":58,"file":"app/controllers/admin/question_controller.rb"}],
|
||||||
|
"location": {
|
||||||
|
"type": "template",
|
||||||
|
"template": "admin/question/options"
|
||||||
|
},
|
||||||
|
"user_input": "params[:input_type]",
|
||||||
|
"confidence": "Medium",
|
||||||
"note": "false positive"
|
"note": "false positive"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"updated": "2016-09-19 09:06:25 -0500",
|
"updated": "2017-02-27 11:16:00 -0600",
|
||||||
"brakeman_version": "3.4.0"
|
"brakeman_version": "3.4.1"
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user