From 1bed78345c6a478724fbb6a6525053fc62551d28 Mon Sep 17 00:00:00 2001 From: f Date: Thu, 11 Jan 2024 18:16:38 -0300 Subject: [PATCH] fix: ignorar alertas de brakeman MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * las redirecciones son necesarias para poder reenviar a las páginas de agradecimiento y no podemos saber la url de antemano. * Site.domain no es un atributo sino una configuración estática * Site#tienda_url es un atributo estático * no sabemos todos los parametros de antemano en los breadcrumbs --- config/brakeman.ignore | 252 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 252 insertions(+) create mode 100644 config/brakeman.ignore diff --git a/config/brakeman.ignore b/config/brakeman.ignore new file mode 100644 index 00000000..137d2090 --- /dev/null +++ b/config/brakeman.ignore @@ -0,0 +1,252 @@ +{ + "ignored_warnings": [ + { + "warning_type": "Redirect", + "warning_code": 18, + "fingerprint": "0ae5c3990d49dfbfd4fd61874451f7a576d5056aca913068adf58c314625f810", + "check_name": "Redirect", + "message": "Possible unprotected redirect", + "file": "app/controllers/api/v1/posts_controller.rb", + "line": 20, + "link": "https://brakemanscanner.org/docs/warning_types/redirect/", + "code": "redirect_to((params[:redirect_to] or origin.to_s))", + "render_path": null, + "location": { + "type": "method", + "class": "Api::V1::PostsController", + "method": "create" + }, + "user_input": "params[:redirect_to]", + "confidence": "High", + "cwe_id": [ + 601 + ], + "note": "" + }, + { + "warning_type": "Denial of Service", + "warning_code": 76, + "fingerprint": "1947d1a2ae6e4bf718d0cc563e660efca96897165e9a8dd18186c1d7abe6ddf6", + "check_name": "RegexDoS", + "message": "Model attribute used in regular expression", + "file": "app/controllers/api/v1/base_controller.rb", + "line": 20, + "link": "https://brakemanscanner.org/docs/warning_types/denial_of_service/", + "code": "/\\.#{Site.domain}\\z/", + "render_path": null, + "location": { + "type": "method", + "class": "Api::V1::BaseController", + "method": "site_id" + }, + "user_input": "Site.domain", + "confidence": "Medium", + "cwe_id": [ + 20, + 185 + ], + "note": "No es un atributo, es una variable de entorno" + }, + { + "warning_type": "Cross-Site Scripting", + "warning_code": 4, + "fingerprint": "28d98d08a15c4b3ad94a2cfa20a12573de12d99f1a30b3ca51074ee1f1886592", + "check_name": "LinkToHref", + "message": "Potentially unsafe model attribute in `link_to` href", + "file": "app/views/layouts/_breadcrumb.haml", + "line": 19, + "link": "https://brakemanscanner.org/docs/warning_types/link_to_href", + "code": "link_to(t(\".tienda\"), Site.find(params[:site_id]).tienda_url, :role => \"button\", :class => \"btn\")", + "render_path": [ + { + "type": "controller", + "class": "Api::V1::NoticesController", + "method": "site", + "line": 31, + "file": "app/controllers/api/v1/notices_controller.rb", + "rendered": { + "name": "layouts/application", + "file": "app/views/layouts/application.html.haml" + } + }, + { + "type": "template", + "name": "layouts/application", + "line": 25, + "file": "app/views/layouts/application.html.haml", + "rendered": { + "name": "layouts/_breadcrumb", + "file": "app/views/layouts/_breadcrumb.haml" + } + } + ], + "location": { + "type": "template", + "template": "layouts/_breadcrumb" + }, + "user_input": "Site.find(params[:site_id]).tienda_url", + "confidence": "Weak", + "cwe_id": [ + 79 + ], + "note": "" + }, + { + "warning_type": "Redirect", + "warning_code": 18, + "fingerprint": "5034e51aaa1bac06d15fdde5956edffbfd65f94f5620a409526bbea896dc7b5f", + "check_name": "Redirect", + "message": "Possible unprotected redirect", + "file": "app/controllers/api/v1/contact_controller.rb", + "line": 26, + "link": "https://brakemanscanner.org/docs/warning_types/redirect/", + "code": "redirect_to((params[:redirect] or origin.to_s))", + "render_path": null, + "location": { + "type": "method", + "class": "Api::V1::ContactController", + "method": "receive" + }, + "user_input": "params[:redirect]", + "confidence": "High", + "cwe_id": [ + 601 + ], + "note": "" + }, + { + "warning_type": "Mass Assignment", + "warning_code": 70, + "fingerprint": "50582f39f8dfa900d3f2b5b9908b1592f8b8bd9e2d0b9d1cc05d77e5ede2d94e", + "check_name": "MassAssignment", + "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys", + "file": "app/views/layouts/_link_rel_alternate.haml", + "line": 2, + "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", + "code": "params.permit!", + "render_path": [ + { + "type": "controller", + "class": "Api::V1::BaseController", + "method": "site_id", + "line": 20, + "file": "app/controllers/api/v1/base_controller.rb", + "rendered": { + "name": "layouts/application", + "file": "app/views/layouts/application.html.haml" + } + }, + { + "type": "template", + "name": "layouts/application", + "line": 21, + "file": "app/views/layouts/application.html.haml", + "rendered": { + "name": "layouts/_link_rel_alternate", + "file": "app/views/layouts/_link_rel_alternate.haml" + } + } + ], + "location": { + "type": "template", + "template": "layouts/_link_rel_alternate" + }, + "user_input": null, + "confidence": "Medium", + "cwe_id": [ + 915 + ], + "note": "" + }, + { + "warning_type": "Mass Assignment", + "warning_code": 70, + "fingerprint": "b8e0aa898288bebb614ccc1340d169caa196d315c6ac2e4744081cc892c2ae97", + "check_name": "MassAssignment", + "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys", + "file": "app/views/layouts/_breadcrumb.haml", + "line": 30, + "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", + "code": "params.permit!", + "render_path": [ + { + "type": "controller", + "class": "Api::V1::BaseController", + "method": "site_id", + "line": 20, + "file": "app/controllers/api/v1/base_controller.rb", + "rendered": { + "name": "layouts/application", + "file": "app/views/layouts/application.html.haml" + } + }, + { + "type": "template", + "name": "layouts/application", + "line": 25, + "file": "app/views/layouts/application.html.haml", + "rendered": { + "name": "layouts/_breadcrumb", + "file": "app/views/layouts/_breadcrumb.haml" + } + } + ], + "location": { + "type": "template", + "template": "layouts/_breadcrumb" + }, + "user_input": null, + "confidence": "Medium", + "cwe_id": [ + 915 + ], + "note": "" + }, + { + "warning_type": "Cross-Site Scripting", + "warning_code": 4, + "fingerprint": "c051421c7cf4c2706b8e27bfd2f3b0661ec6a6df873da322a6b634b59e80351b", + "check_name": "LinkToHref", + "message": "Potentially unsafe model attribute in `link_to` href", + "file": "app/views/sites/_form.haml", + "line": 74, + "link": "https://brakemanscanner.org/docs/warning_types/link_to_href", + "code": "link_to(t(\".design.url\"), (Unresolved Model).new.url, :target => \"_blank\", :class => \"btn\")", + "render_path": [ + { + "type": "controller", + "class": "SitesController", + "method": "new", + "line": 31, + "file": "app/controllers/sites_controller.rb", + "rendered": { + "name": "sites/new", + "file": "app/views/sites/new.haml" + } + }, + { + "type": "template", + "name": "sites/new", + "line": 6, + "file": "app/views/sites/new.haml", + "rendered": { + "name": "sites/_form", + "file": "app/views/sites/_form.haml" + } + } + ], + "location": { + "type": "template", + "template": "sites/_form" + }, + "user_input": "(Unresolved Model).new.url", + "confidence": "Weak", + "cwe_id": [ + 79 + ], + "note": "" + } + ], + "updated": "2024-01-11 18:12:14 -0300", + "brakeman_version": "5.4.1" +}