Update brakeman ignores

diff --git a/config/brakeman.ignore b/config/brakeman.ignore
new file mode 100644 (file)
index 0000000..e112c16
--- /dev/null
+++ b/config/brakeman.ignore
@@ -0,0 +1,39 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Cross-Site Scripting",
+      "warning_code": 2,
+      "fingerprint": "7c053c7a80798a3d98f74be3f5ba8013f5929683686f7f61010774b36559ef8e",
+      "check_name": "CrossSiteScripting",
+      "message": "Unescaped model attribute",
+      "file": "app/views/pubview/show_public.html.erb",
+      "line": 14,
+      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+      "code": "MarkdownRenderer.render((Page.find_by(:slug => params[:slug], :visibility => ([\"visible\", \"user_only\", \"admin_only\"])) or (Page.find_by(:slug => params[:slug], :visibility => ([\"visible\", \"user_only\"])) or Page.find_by(:slug => params[:slug], :visibility => :visible))).content)",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "PubviewController",
+          "method": "show_public",
+          "line": 23,
+          "file": "app/controllers/pubview_controller.rb",
+          "rendered": {
+            "name": "pubview/show_public",
+            "file": "app/views/pubview/show_public.html.erb"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "pubview/show_public"
+      },
+      "user_input": "Page.find_by(:slug => params[:slug], :visibility => ([\"visible\", \"user_only\", \"admin_only\"]))",
+      "confidence": "Weak",
+      "cwe_id": [
+        79
+      ],
+      "note": ""
+    }
+  ],
+  "brakeman_version": "7.0.0"
+}