RubyGems - alchemy_cms - Versions diffs - 6.1.3 → 7.0.0.pre.a - Mend

alchemy_cms 6.1.3 → 7.0.0.pre.a

Files changed (241) hide show

data/config/brakeman.ignore CHANGED Viewed

@@ -1,36 +1,5 @@
 {
   "ignored_warnings": [
-    {
-      "warning_type": "Cross-Site Scripting",
-      "warning_code": 2,
-      "fingerprint": "068b12d24047e2ece633115ba065ce46fc8c8a26827be7de2565ab721e1c2e82",
-      "check_name": "CrossSiteScripting",
-      "message": "Unescaped parameter value",
-      "file": "app/views/alchemy/admin/elements/update.js.erb",
-      "line": 21,
-      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
-      "code": "Element.find(params[:id]).ingredients_with_errors.map do\n \"[data-ingredient-id=\\\"#{ingredient.id}\\\"]\"\n end.join(\", \")",
-      "render_path": [
-        {
-          "type": "controller",
-          "class": "Alchemy::Admin::ElementsController",
-          "method": "update",
-          "line": 61,
-          "file": "app/controllers/alchemy/admin/elements_controller.rb",
-          "rendered": {
-            "name": "alchemy/admin/elements/update",
-            "file": "app/views/alchemy/admin/elements/update.js.erb"
-          }
-        }
-      ],
-      "location": {
-        "type": "template",
-        "template": "alchemy/admin/elements/update"
-      },
-      "user_input": "params[:id]",
-      "confidence": "Weak",
-      "note": ""
-    },
     {
       "warning_type": "File Access",
       "warning_code": 16,
@@ -49,6 +18,9 @@
       },
       "user_input": "params[:id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     },
     {
@@ -69,6 +41,9 @@
       },
       "user_input": null,
       "confidence": "Medium",
+      "cwe_id": [
+        915
+      ],
       "note": "Because we actually can't know all attributes each inheriting controller supports, we permit all resource model params. It is adviced that all inheriting controllers implement this method and provide its own set of permitted attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
     },
     {
@@ -86,7 +61,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "fold",
-          "line": 102,
+          "line": 98,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/fold",
@@ -100,28 +75,11 @@
       },
       "user_input": "params[:id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     },
-    {
-      "warning_type": "Mass Assignment",
-      "warning_code": 70,
-      "fingerprint": "4b4dc24a6f5251bc1a6851597dfcee39608a2932eb7f81a4a241c00fca8a3043",
-      "check_name": "MassAssignment",
-      "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
-      "file": "app/controllers/alchemy/admin/elements_controller.rb",
-      "line": 155,
-      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
-      "code": "params.fetch(:contents, {}).permit!",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Alchemy::Admin::ElementsController",
-        "method": "contents_params"
-      },
-      "user_input": null,
-      "confidence": "Medium",
-      "note": "`Alchemy::Content` is a polymorphic association of any kind of model extending `Alchemy::Essence`. Since we can't know the attributes of all potential essences we need to permit all attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
-    },
     {
       "warning_type": "Command Injection",
       "warning_code": 14,
@@ -129,7 +87,7 @@
       "check_name": "Execute",
       "message": "Possible command injection",
       "file": "lib/alchemy/upgrader.rb",
-      "line": 30,
+      "line": 33,
       "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
       "code": "`yarn add @alchemy_cms/admin@~#{Alchemy.version}`",
       "render_path": null,
@@ -140,6 +98,9 @@
       },
       "user_input": "Alchemy.version",
       "confidence": "Medium",
+      "cwe_id": [
+        77
+      ],
       "note": "The alchemy version is safe"
     },
     {
@@ -170,6 +131,9 @@
       },
       "user_input": "(Unresolved Model).new.url",
       "confidence": "Weak",
+      "cwe_id": [
+        79
+      ],
       "note": ""
     },
     {
@@ -190,6 +154,9 @@
       },
       "user_input": "params[:id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     },
     {
@@ -207,7 +174,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "index",
-          "line": 15,
+          "line": 16,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/index",
@@ -221,6 +188,9 @@
       },
       "user_input": "params[:page_version_id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     },
     {
@@ -238,7 +208,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "index",
-          "line": 15,
+          "line": 16,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/index",
@@ -252,6 +222,32 @@
       },
       "user_input": "params[:page_version_id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
+      "note": ""
+    },
+    {
+      "warning_type": "Command Injection",
+      "warning_code": 14,
+      "fingerprint": "98ca8e77026312eaa7eec15ce26bfe45aa8dd0fcd38e4cff104cb9dffbde1733",
+      "check_name": "Execute",
+      "message": "Possible command injection",
+      "file": "lib/alchemy/upgrader.rb",
+      "line": 31,
+      "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
+      "code": "`bin/importmap pin @alchemy_cms/admin@~#{Alchemy.version}`",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Alchemy::Upgrader",
+        "method": "update_npm_package"
+      },
+      "user_input": "Alchemy.version",
+      "confidence": "Medium",
+      "cwe_id": [
+        77
+      ],
       "note": ""
     },
     {
@@ -272,9 +268,12 @@
       },
       "user_input": "params[:id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     }
   ],
-  "updated": "2021-10-26 21:44:59 +0200",
-  "brakeman_version": "5.1.1"
+  "updated": "2023-01-31 19:16:48 +0100",
+  "brakeman_version": "5.4.0"
 }