mirror of
https://github.com/SrIzan10/hc-harbor.git
synced 2026-05-01 10:45:21 +00:00
86 lines
3.6 KiB
Plaintext
86 lines
3.6 KiB
Plaintext
{
|
|
"ignored_warnings": [
|
|
{
|
|
"warning_type": "SQL Injection",
|
|
"warning_code": 0,
|
|
"fingerprint": "06ca3650eaeb8d28e062c1c6dcbeab95fb2ccd0c5bb49165ad469bcb6b791d3e",
|
|
"check_name": "SQL",
|
|
"message": "Possible SQL injection",
|
|
"file": "app/models/concerns/heartbeatable.rb",
|
|
"line": 175,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
|
"code": "Arel.sql(\"DATE_TRUNC('day', to_timestamp(time) AT TIME ZONE '#{(user_timezone or \"UTC\")}')\")",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "Heartbeatable",
|
|
"method": "daily_durations"
|
|
},
|
|
"user_input": "user_timezone",
|
|
"confidence": "Medium",
|
|
"cwe_id": [
|
|
89
|
|
],
|
|
"note": ""
|
|
},
|
|
{
|
|
"warning_type": "Cross-Site Scripting",
|
|
"warning_code": 4,
|
|
"fingerprint": "8184712392e74f5ce3734b80dcfd36172e118373aa4d12bb8756004866bd72c9",
|
|
"check_name": "LinkToHref",
|
|
"message": "Potentially unsafe model attribute in `link_to` href",
|
|
"file": "app/views/admin/ysws_reviews/show.html.erb",
|
|
"line": 65,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/link_to_href",
|
|
"code": "link_to(\"View on Airtable\", (Unresolved Model).new.airtable_url, :target => \"_blank\", :style => \"display: inline-block; padding: 0.4rem 0.8rem; background-color: #374151; color: #E5E7EB; text-decoration: none; border-radius: 0.25rem; font-size: 0.85rem;\")",
|
|
"render_path": [
|
|
{
|
|
"type": "controller",
|
|
"class": "Admin::YswsReviewsController",
|
|
"method": "show",
|
|
"line": 7,
|
|
"file": "app/controllers/admin/ysws_reviews_controller.rb",
|
|
"rendered": {
|
|
"name": "admin/ysws_reviews/show",
|
|
"file": "app/views/admin/ysws_reviews/show.html.erb"
|
|
}
|
|
}
|
|
],
|
|
"location": {
|
|
"type": "template",
|
|
"template": "admin/ysws_reviews/show"
|
|
},
|
|
"user_input": "(Unresolved Model).new.airtable_url",
|
|
"confidence": "Weak",
|
|
"cwe_id": [
|
|
79
|
|
],
|
|
"note": ""
|
|
},
|
|
{
|
|
"warning_type": "SQL Injection",
|
|
"warning_code": 0,
|
|
"fingerprint": "db41fbf90d0feb7b7c1c11545d498447162cf5e54e091d2ddcfcaba28b2513f6",
|
|
"check_name": "SQL",
|
|
"message": "Possible SQL injection",
|
|
"file": "app/jobs/one_time/generate_unique_heartbeat_hashes_job.rb",
|
|
"line": 32,
|
|
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
|
"code": "Heartbeat.where(:id => chunk.map do\n index = 1\nputs(\"Processing heartbeat #{heartbeat.id} (#{1} of #{batch.size})\")\nfield_hash = Heartbeat.generate_fields_hash(heartbeat.attributes)\nputs(\"Field hash: #{Heartbeat.generate_fields_hash(heartbeat.attributes)}\")\n[heartbeat.id, Heartbeat.generate_fields_hash(heartbeat.attributes)]\n end.map(&:first)).update_all(\"fields_hash = CASE #{chunk.map do\n index = 1\nputs(\"Processing heartbeat #{heartbeat.id} (#{1} of #{batch.size})\")\nfield_hash = Heartbeat.generate_fields_hash(heartbeat.attributes)\nputs(\"Field hash: #{Heartbeat.generate_fields_hash(heartbeat.attributes)}\")\n[heartbeat.id, Heartbeat.generate_fields_hash(heartbeat.attributes)]\n end.map do\n \"WHEN id = #{id} THEN '#{hash}'\"\n end.join(\" \")} END\")",
|
|
"render_path": null,
|
|
"location": {
|
|
"type": "method",
|
|
"class": "OneTime::GenerateUniqueHeartbeatHashesJob",
|
|
"method": "perform"
|
|
},
|
|
"user_input": "Heartbeat.generate_fields_hash(heartbeat.attributes)",
|
|
"confidence": "High",
|
|
"cwe_id": [
|
|
89
|
|
],
|
|
"note": ""
|
|
}
|
|
],
|
|
"brakeman_version": "7.0.2"
|
|
}
|