{ "ignored_warnings": [ { "warning_type": "Redirect", "warning_code": 18, "fingerprint": "0ae5c3990d49dfbfd4fd61874451f7a576d5056aca913068adf58c314625f810", "check_name": "Redirect", "message": "Possible unprotected redirect", "file": "app/controllers/api/v1/posts_controller.rb", "line": 20, "link": "https://brakemanscanner.org/docs/warning_types/redirect/", "code": "redirect_to((params[:redirect_to] or origin.to_s))", "render_path": null, "location": { "type": "method", "class": "Api::V1::PostsController", "method": "create" }, "user_input": "params[:redirect_to]", "confidence": "High", "cwe_id": [ 601 ], "note": "https://0xacab.org/sutty/sutty/-/issues/14957" }, { "warning_type": "Denial of Service", "warning_code": 76, "fingerprint": "1947d1a2ae6e4bf718d0cc563e660efca96897165e9a8dd18186c1d7abe6ddf6", "check_name": "RegexDoS", "message": "Model attribute used in regular expression", "file": "app/controllers/api/v1/base_controller.rb", "line": 20, "link": "https://brakemanscanner.org/docs/warning_types/denial_of_service/", "code": "/\\.#{Site.domain}\\z/", "render_path": null, "location": { "type": "method", "class": "Api::V1::BaseController", "method": "site_id" }, "user_input": "Site.domain", "confidence": "Medium", "cwe_id": [ 20, 185 ], "note": "No es un atributo, es una variable de entorno" }, { "warning_type": "Cross-Site Scripting", "warning_code": 4, "fingerprint": "28d98d08a15c4b3ad94a2cfa20a12573de12d99f1a30b3ca51074ee1f1886592", "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in `link_to` href", "file": "app/views/layouts/_breadcrumb.haml", "line": 19, "link": "https://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(t(\".tienda\"), Site.find(params[:site_id]).tienda_url, :role => \"button\", :class => \"btn\")", "render_path": [ { "type": "controller", "class": "Api::V1::NoticesController", "method": "site", "line": 31, "file": "app/controllers/api/v1/notices_controller.rb", "rendered": { "name": "layouts/application", "file": "app/views/layouts/application.html.haml" } }, { "type": "template", "name": "layouts/application", "line": 25, "file": "app/views/layouts/application.html.haml", "rendered": { "name": "layouts/_breadcrumb", "file": "app/views/layouts/_breadcrumb.haml" } } ], "location": { "type": "template", "template": "layouts/_breadcrumb" }, "user_input": "Site.find(params[:site_id]).tienda_url", "confidence": "Weak", "cwe_id": [ 79 ], "note": "" }, { "warning_type": "Redirect", "warning_code": 18, "fingerprint": "5034e51aaa1bac06d15fdde5956edffbfd65f94f5620a409526bbea896dc7b5f", "check_name": "Redirect", "message": "Possible unprotected redirect", "file": "app/controllers/api/v1/contact_controller.rb", "line": 26, "link": "https://brakemanscanner.org/docs/warning_types/redirect/", "code": "redirect_to((params[:redirect] or origin.to_s))", "render_path": null, "location": { "type": "method", "class": "Api::V1::ContactController", "method": "receive" }, "user_input": "params[:redirect]", "confidence": "High", "cwe_id": [ 601 ], "note": "https://0xacab.org/sutty/sutty/-/issues/14957" }, { "warning_type": "Mass Assignment", "warning_code": 70, "fingerprint": "50582f39f8dfa900d3f2b5b9908b1592f8b8bd9e2d0b9d1cc05d77e5ede2d94e", "check_name": "MassAssignment", "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys", "file": "app/views/layouts/_link_rel_alternate.haml", "line": 2, "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", "code": "params.permit!", "render_path": [ { "type": "controller", "class": "Api::V1::BaseController", "method": "site_id", "line": 20, "file": "app/controllers/api/v1/base_controller.rb", "rendered": { "name": "layouts/application", "file": "app/views/layouts/application.html.haml" } }, { "type": "template", "name": "layouts/application", "line": 21, "file": "app/views/layouts/application.html.haml", "rendered": { "name": "layouts/_link_rel_alternate", "file": "app/views/layouts/_link_rel_alternate.haml" } } ], "location": { "type": "template", "template": "layouts/_link_rel_alternate" }, "user_input": null, "confidence": "Medium", "cwe_id": [ 915 ], "note": "" }, { "warning_type": "Mass Assignment", "warning_code": 70, "fingerprint": "b8e0aa898288bebb614ccc1340d169caa196d315c6ac2e4744081cc892c2ae97", "check_name": "MassAssignment", "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys", "file": "app/views/layouts/_breadcrumb.haml", "line": 30, "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", "code": "params.permit!", "render_path": [ { "type": "controller", "class": "Api::V1::BaseController", "method": "site_id", "line": 20, "file": "app/controllers/api/v1/base_controller.rb", "rendered": { "name": "layouts/application", "file": "app/views/layouts/application.html.haml" } }, { "type": "template", "name": "layouts/application", "line": 25, "file": "app/views/layouts/application.html.haml", "rendered": { "name": "layouts/_breadcrumb", "file": "app/views/layouts/_breadcrumb.haml" } } ], "location": { "type": "template", "template": "layouts/_breadcrumb" }, "user_input": null, "confidence": "Medium", "cwe_id": [ 915 ], "note": "" }, { "warning_type": "Cross-Site Scripting", "warning_code": 4, "fingerprint": "c051421c7cf4c2706b8e27bfd2f3b0661ec6a6df873da322a6b634b59e80351b", "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in `link_to` href", "file": "app/views/sites/_form.haml", "line": 74, "link": "https://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(t(\".design.url\"), (Unresolved Model).new.url, :target => \"_blank\", :class => \"btn\")", "render_path": [ { "type": "controller", "class": "SitesController", "method": "new", "line": 31, "file": "app/controllers/sites_controller.rb", "rendered": { "name": "sites/new", "file": "app/views/sites/new.haml" } }, { "type": "template", "name": "sites/new", "line": 6, "file": "app/views/sites/new.haml", "rendered": { "name": "sites/_form", "file": "app/views/sites/_form.haml" } } ], "location": { "type": "template", "template": "sites/_form" }, "user_input": "(Unresolved Model).new.url", "confidence": "Weak", "cwe_id": [ 79 ], "note": "" } ], "updated": "2024-01-11 18:12:14 -0300", "brakeman_version": "5.4.1" }