diff options
| author | James Kiesel <james.kiesel@gmail.com> | 2018-11-06 06:53:25 +1300 |
|---|---|---|
| committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-11-05 18:53:25 +0100 |
| commit | 4c03e05a4e1a237f8a414a0861c03abe3269dbc8 (patch) | |
| tree | 6caa724b3ce982af4e40237a43ecf38d7595030a /config/brakeman.ignore | |
| parent | bb5558de627ca9bc26949570025f6193cd7cbd98 (diff) | |
Allow joining several hashtags in a single column (#8904)
* Nascent tag menu on frontend * Hook up frontend to search * Tag intersection backend first pass * Update yarnlock * WIP * Fix for tags not searching correctly * Make radio buttons function * Simplify radio buttons with modeOption * Better naming * Rearrange options * Add all/any/none functionality on backend * Small PR cleanup * Move to service from scope * Small cleanup, add proper service tests * Don't use send with user input :D * Set appropriate column header * Handle auto updating timeline * Fix up toggle function * Use tag value correctly * A bit more correct to use 'self' rather than 'all' in status scope * Fix some style issues * Fix more code style issues * Style select dropdown more better * Only use to_id'ed value to ensure no SQL injection * Revamp frontend to allow for multiple selects * Update backend / col header to account for more flexible tagging * Update brakeman ignore * Codeclimate suggestions * Fix presenter tag_url * Implement initial PR feedback * Handle additional tag streaming * CodeClimate tweak
Diffstat (limited to 'config/brakeman.ignore')
| -rw-r--r-- | config/brakeman.ignore | 65 |
1 files changed, 43 insertions, 22 deletions
diff --git a/config/brakeman.ignore b/config/brakeman.ignore index e5a5c16b4..58fb243da 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -7,7 +7,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/report.rb", - "line": 86, + "line": 90, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "Admin::ActionLog.from(\"(#{[Admin::ActionLog.where(:target_type => \"Report\", :target_id => id, :created_at => ((created_at..updated_at))).unscope(:order), Admin::ActionLog.where(:target_type => \"Account\", :target_id => target_account_id, :created_at => ((created_at..updated_at))).unscope(:order), Admin::ActionLog.where(:target_type => \"Status\", :target_id => status_ids, :created_at => ((created_at..updated_at))).unscope(:order)].map do\n \"(#{query.to_sql})\"\n end.join(\" UNION ALL \")}) AS admin_action_logs\")", "render_path": null, @@ -40,6 +40,26 @@ "note": "" }, { + "warning_type": "SQL Injection", + "warning_code": 0, + "fingerprint": "19df3740b8d02a9fe0eb52c939b4b87d3a2a591162a6adfa8d64e9c26aeebe6d", + "check_name": "SQL", + "message": "Possible SQL injection", + "file": "app/models/status.rb", + "line": 84, + "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", + "code": "result.joins(\"INNER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}\")", + "render_path": null, + "location": { + "type": "method", + "class": "Status", + "method": null + }, + "user_input": "id", + "confidence": "Weak", + "note": "" + }, + { "warning_type": "Cross-Site Scripting", "warning_code": 4, "fingerprint": "1fc29c578d0c89bf13bd5476829d272d54cd06b92ccf6df18568fa1f2674926e", @@ -175,6 +195,26 @@ "note": "" }, { + "warning_type": "SQL Injection", + "warning_code": 0, + "fingerprint": "6f075c1484908e3ec9bed21ab7cf3c7866be8da3881485d1c82e13093aefcbd7", + "check_name": "SQL", + "message": "Possible SQL injection", + "file": "app/models/status.rb", + "line": 89, + "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", + "code": "result.joins(\"LEFT OUTER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}\")", + "render_path": null, + "location": { + "type": "method", + "class": "Status", + "method": null + }, + "user_input": "id", + "confidence": "Weak", + "note": "" + }, + { "warning_type": "Cross-Site Scripting", "warning_code": 4, "fingerprint": "82f7b0d09beb3ab68e0fa16be63cedf4e820f2490326e9a1cec05761d92446cd", @@ -311,25 +351,6 @@ "note": "" }, { - "warning_type": "Dynamic Render Path", - "warning_code": 15, - "fingerprint": "c5d6945d63264af106d49367228d206aa2f176699ecdce2b98fac101bc6a96cf", - "check_name": "Render", - "message": "Render path contains parameter value", - "file": "app/views/admin/reports/index.html.haml", - "line": 22, - "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/", - "code": "render(action => filtered_reports.page(params[:page]), {})", - "render_path": [{"type":"controller","class":"Admin::ReportsController","method":"index","line":10,"file":"app/controllers/admin/reports_controller.rb"}], - "location": { - "type": "template", - "template": "admin/reports/index" - }, - "user_input": "params[:page]", - "confidence": "Weak", - "note": "" - }, - { "warning_type": "Cross-Site Scripting", "warning_code": 4, "fingerprint": "e04aafe1e06cf8317fb6ac0a7f35783e45aa1274272ee6eaf28d39adfdad489b", @@ -355,7 +376,7 @@ "check_name": "PermitAttributes", "message": "Potentially dangerous key allowed for mass assignment", "file": "app/controllers/api/v1/reports_controller.rb", - "line": 42, + "line": 37, "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", "code": "params.permit(:account_id, :comment, :forward, :status_ids => ([]))", "render_path": null, @@ -388,6 +409,6 @@ "note": "" } ], - "updated": "2018-08-30 21:55:10 +0200", + "updated": "2018-10-20 23:24:45 +1300", "brakeman_version": "4.2.1" } |