Add a brakeman.ignore file

samvera · Jun 2, 2017 · 8085bd6 · 8085bd6
1 parent 95ef6a8
commit 8085bd6
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 4 deletions.
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -3,10 +3,11 @@ engines:
   brakeman:
     enabled: true
     exclude_fingerprints:
-      - 6ad4464dbb2a999591c7be8346dc137c3372b280f4a8b0c024fef91dfebeeb83
-      - c05c1baf940f00a565ffe12f8b8a213fa06cebd734e0dae92057db28dc7c018b
-      - b388847a782f9d55d164f632b892125496082b9cfe5813720327ae6afbaf607b
-      - c7c241833ba150c2e4c72a26e1ac4d674230cb5e5c87322bedfe2b50dd09247d
+      - 23ba0830f304065acab598cd07d285a4e0df786cb64533e04d2e8efa6d7a4a5b
+      - 4e8248816e1ec892a23bec95d9436e09eea45ace7460811086c6c831a439833e
+      - 5496595e01ffb5b2e2d79b371c5af19b9d822561a99b38992537cfa03ff7e38f
+      - a625206570d0bafe8634bdaf900d5f2ee742c61e7e26089a0be4439016de79a9
+      - d34e876702fc1f6c09d3a88d5c55b2c309b0ccfe2c738942934ef90ac2db892a
   duplication:
     enabled: true
     exclude_fingerprints:

diff --git a/config/brakeman.ignore b/config/brakeman.ignore
@@ -0,0 +1,105 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "23ba0830f304065acab598cd07d285a4e0df786cb64533e04d2e8efa6d7a4a5b",
+      "check_name": "SQL",
+      "message": "Possible SQL injection",
+      "file": "app/controllers/hyrax/users_controller.rb",
+      "line": 38,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "::User.where(*base_query).where(\"#{Devise.authentication_keys.first} like lower(?) OR display_name like lower(?)\", (nil or ((\"%\" + query.downcase) + \"%\")), (nil or ((\"%\" + query.downcase) + \"%\"))).registered.where(\"#{Devise.authentication_keys.first} not in (?)\", [::User.batch_user_key, ::User.audit_user_key])",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Hyrax::UsersController",
+        "method": "search"
+      },
+      "user_input": "Devise.authentication_keys.first",
+      "confidence": "Weak",
+      "note": ""
+    },
+    {
+      "warning_type": "Command Injection",
+      "warning_code": 14,
+      "fingerprint": "4e8248816e1ec892a23bec95d9436e09eea45ace7460811086c6c831a439833e",
+      "check_name": "Execute",
+      "message": "Possible command injection",
+      "file": "lib/hyrax/controlled_vocabulary/importer/language.rb",
+      "line": 41,
+      "link": "http://brakemanscanner.org/docs/warning_types/command_injection/",
+      "code": "system(\"gunzip #{download_path}\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Hyrax::ControlledVocabulary::Importer::Language",
+        "method": "extract"
+      },
+      "user_input": "download_path",
+      "confidence": "Medium",
+      "note": ""
+    },
+    {
+      "warning_type": "Cross Site Scripting",
+      "warning_code": 4,
+      "fingerprint": "5496595e01ffb5b2e2d79b371c5af19b9d822561a99b38992537cfa03ff7e38f",
+      "check_name": "LinkToHref",
+      "message": "Unsafe parameter value in link_to href",
+      "file": "app/views/hyrax/my/_facet_selected.html.erb",
+      "line": 7,
+      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
+      "code": "link_to(\"X\", hyrax.url_for(remove_facet_params(k, selected_facet, params).merge(:action => :index)), :class => \"close\", :data => ({ :dismiss => \"alert\" }))",
+      "render_path": [{"type":"template","name":"hyrax/collections/edit","line":26,"file":"app/views/hyrax/collections/edit.html.erb"}],
+      "location": {
+        "type": "template",
+        "template": "hyrax/my/_facet_selected"
+      },
+      "user_input": "params",
+      "confidence": "Medium",
+      "note": ""
+    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "a625206570d0bafe8634bdaf900d5f2ee742c61e7e26089a0be4439016de79a9",
+      "check_name": "SQL",
+      "message": "Possible SQL injection",
+      "file": "app/controllers/hyrax/users_controller.rb",
+      "line": 35,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "::User.where(*base_query).where(\"#{Devise.authentication_keys.first} like lower(?) OR display_name like lower(?)\", (nil or ((\"%\" + query.downcase) + \"%\")), (nil or ((\"%\" + query.downcase) + \"%\")))",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Hyrax::UsersController",
+        "method": "search"
+      },
+      "user_input": "Devise.authentication_keys.first",
+      "confidence": "Weak",
+      "note": ""
+    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "d34e876702fc1f6c09d3a88d5c55b2c309b0ccfe2c738942934ef90ac2db892a",
+      "check_name": "SQL",
+      "message": "Possible SQL injection",
+      "file": "app/models/concerns/hyrax/user.rb",
+      "line": 27,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "where(\"#{Devise.authentication_keys.first} not in (?)\", [::User.batch_user_key, ::User.audit_user_key])",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Hyrax::User",
+        "method": null
+      },
+      "user_input": "Devise.authentication_keys.first",
+      "confidence": "Medium",
+      "note": ""
+    }
+  ],
+  "updated": "2017-06-02 10:13:18 -0500",
+  "brakeman_version": "3.6.2"
+}