Update rubocop checks

CentauriSolutions · Apr 26, 2023 · 43ee4c6 · 43ee4c6
1 parent 1356948
commit 43ee4c6
Showing 1 changed file with 18 additions and 104 deletions.
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
@@ -1,25 +1,5 @@
 {
  "ignored_warnings": [
- {
- "warning_type": "SQL Injection",
- "warning_code": 0,
- "fingerprint": "0d397b68a35ce834a819fc2cea25c7f87b866af69522552878057fc36de75b43",
- "check_name": "SQL",
- "message": "Possible SQL injection",
- "file": "app/controllers/admin_controller.rb",
- "line": 118,
- "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
- "code": "rel.where(\"#{\"#{key} ilike :query\"}\", :query => (\"%#{params[:search]}%\"))",
- "render_path": null,
- "location": {
- "type": "method",
- "class": "AdminController",
- "method": "filter"
- },
- "user_input": "key",
- "confidence": "Weak",
- "note": "Key comes from a hardcoded whitelist; all user-supplied parameters are escaped via prepared statement paremeters (:query)"
- },
  {
  "warning_type": "SQL Injection",
  "warning_code": 0,
@@ -40,26 +20,6 @@
  "confidence": "Medium",
  "note": "A NotificationEvent is only created in code, via an admin action (creating, updating ,or deleting certain models). The specific fields noted (model_type and event_type) are generated from the model's class name and the lifeclcye callback name."
  },
- {
- "warning_type": "SQL Injection",
- "warning_code": 0,
- "fingerprint": "8b34b86172779236c878dc632831a2c2c19a6aa2e10bf46424811fe79e12de0e",
- "check_name": "SQL",
- "message": "Possible SQL injection",
- "file": "app/controllers/admin/users_controller.rb",
- "line": 202,
- "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
- "code": "rel.joins(:emails).where(\"#{case key\nwhen \"email\" then\n \"emails.address ilike :query\"\nelse\n \"#{key} ilike :query\"\nend}\", :query => (\"%#{params[:search]}%\"))",
- "render_path": null,
- "location": {
- "type": "method",
- "class": "Admin::UsersController",
- "method": "filter"
- },
- "user_input": "case key\nwhen \"email\" then\n \"emails.address ilike :query\"\nelse\n \"#{key} ilike :query\"\nend",
- "confidence": "Weak",
- "note": "Key comes from a hardcoded whitelist; all user-supplied parameters are escaped via prepared statement paremeters (:query)"
- },
  {
  "warning_type": "Redirect",
  "warning_code": 18,
@@ -80,6 +40,22 @@
  "confidence": "High",
  "note": "This is restricted to be only a same-host redirect or to a non fully-qualified path"
  },
+ {
+ "warning_type": "Unmaintained Dependency",
+ "warning_code": 121,
+ "fingerprint": "9a3951031616a07c8e02c86652f537e92c08685da97f5ec2b12d5d3602b55bb8",
+ "check_name": "EOLRuby",
+ "message": "Support for Ruby 2.7.6 ended on 2023-03-31",
+ "file": "Gemfile.lock",
+ "line": 305,
+ "link": "https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/",
+ "code": null,
+ "render_path": null,
+ "location": null,
+ "user_input": null,
+ "confidence": "High",
+ "note": ""
+ },
  {
  "warning_type": "Cross-Site Scripting",
  "warning_code": 2,
@@ -110,70 +86,8 @@
  "user_input": null,
  "confidence": "High",
  "note": "Rendering an admin-editable template into an admin-only page."
- },
- {
- "warning_type": "Cross-Site Scripting",
- "warning_code": 2,
- "fingerprint": "b0e78553e12950f66f3164d2313a7e57647e1cccc0da7326640f55325384b3b9",
- "check_name": "CrossSiteScripting",
- "message": "Unescaped model attribute",
- "file": "app/views/profile/show.html.erb",
- "line": 9,
- "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
- "code": "Liquid::Template.parse(Setting.registered_home_template).render(template_variables)",
- "render_path": [
- {
- "type": "controller",
- "class": "ProfileController",
- "method": "show",
- "line": 11,
- "file": "app/controllers/profile_controller.rb",
- "rendered": {
- "name": "profile/show",
- "file": "app/views/profile/show.html.erb"
- }
- }
- ],
- "location": {
- "type": "template",
- "template": "profile/show"
- },
- "user_input": "Setting.registered_home_template",
- "confidence": "Weak",
- "note": "Setting.registered_home_template is only configurable by an admin."
- },
- {
- "warning_type": "Cross-Site Scripting",
- "warning_code": 2,
- "fingerprint": "d8b56afa5b1bbeadb976a865bfe5b32a3cc33c198ac523fb44b8868ff95b31fa",
- "check_name": "CrossSiteScripting",
- "message": "Unescaped model attribute",
- "file": "app/views/dashboard/home.html.erb",
- "line": 1,
- "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
- "code": "Liquid::Template.parse(Setting.dashboard_template).render(template_variables)",
- "render_path": [
- {
- "type": "controller",
- "class": "DashboardController",
- "method": "home",
- "line": 9,
- "file": "app/controllers/dashboard_controller.rb",
- "rendered": {
- "name": "dashboard/home",
- "file": "app/views/dashboard/home.html.erb"
- }
- }
- ],
- "location": {
- "type": "template",
- "template": "dashboard/home"
- },
- "user_input": "Setting.dashboard_template",
- "confidence": "Weak",
- "note": "Setting.dashboard_template is only configurable by an admin."
  }
  ],
- "updated": "2021-12-11 17:21:29 +0100",
- "brakeman_version": "5.1.1"
+ "updated": "2023-04-26 14:41:18 -0400",
+ "brakeman_version": "5.2.1"
 }