From 1f37f1fd3026197adb8761dea88206cac3c122b6 Mon Sep 17 00:00:00 2001 From: Aidan Cornelius-Bell Date: Wed, 1 Jan 2025 06:58:00 +1030 Subject: [PATCH] Update brakeman ignores --- config/brakeman.ignore | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 config/brakeman.ignore diff --git a/config/brakeman.ignore b/config/brakeman.ignore new file mode 100644 index 0000000..e112c16 --- /dev/null +++ b/config/brakeman.ignore @@ -0,0 +1,39 @@ +{ + "ignored_warnings": [ + { + "warning_type": "Cross-Site Scripting", + "warning_code": 2, + "fingerprint": "7c053c7a80798a3d98f74be3f5ba8013f5929683686f7f61010774b36559ef8e", + "check_name": "CrossSiteScripting", + "message": "Unescaped model attribute", + "file": "app/views/pubview/show_public.html.erb", + "line": 14, + "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting", + "code": "MarkdownRenderer.render((Page.find_by(:slug => params[:slug], :visibility => ([\"visible\", \"user_only\", \"admin_only\"])) or (Page.find_by(:slug => params[:slug], :visibility => ([\"visible\", \"user_only\"])) or Page.find_by(:slug => params[:slug], :visibility => :visible))).content)", + "render_path": [ + { + "type": "controller", + "class": "PubviewController", + "method": "show_public", + "line": 23, + "file": "app/controllers/pubview_controller.rb", + "rendered": { + "name": "pubview/show_public", + "file": "app/views/pubview/show_public.html.erb" + } + } + ], + "location": { + "type": "template", + "template": "pubview/show_public" + }, + "user_input": "Page.find_by(:slug => params[:slug], :visibility => ([\"visible\", \"user_only\", \"admin_only\"]))", + "confidence": "Weak", + "cwe_id": [ + 79 + ], + "note": "" + } + ], + "brakeman_version": "7.0.0" +} -- 2.39.5