abunchtell
/
mastodon
1
0
Atdalīts 0
Kods Problēmas 0 Aktivitāte
The code powering m.abunchtell.com https://m.abunchtell.com
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
6167 Revīzijas
1 Atzars
94 MiB
 
 
 
 
Koks: 890968603b
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '890968603b'
${ noResults }
mastodon/config/brakeman.ignore

394 rindas
19 KiB
Neapstrādāts Vainot Vēsture 

  1. {

  2.   "ignored_warnings": [

  3.     {

  4.       "warning_type": "SQL Injection",

  5.       "warning_code": 0,

  6.       "fingerprint": "04dbbc249b989db2e0119bbb0f59c9818e12889d2b97c529cdc0b1526002ba4b",

  7.       "check_name": "SQL",

  8.       "message": "Possible SQL injection",

  9.       "file": "app/models/report.rb",

  10.       "line": 86,

  11.       "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",

  12.       "code": "Admin::ActionLog.from(\"(#{[Admin::ActionLog.where(:target_type => \"Report\", :target_id => id, :created_at => ((created_at..updated_at))).unscope(:order), Admin::ActionLog.where(:target_type => \"Account\", :target_id => target_account_id, :created_at => ((created_at..updated_at))).unscope(:order), Admin::ActionLog.where(:target_type => \"Status\", :target_id => status_ids, :created_at => ((created_at..updated_at))).unscope(:order)].map do\n \"(#{query.to_sql})\"\n end.join(\" UNION ALL \")}) AS admin_action_logs\")",

  13.       "render_path": null,

  14.       "location": {

  15.         "type": "method",

  16.         "class": "Report",

  17.         "method": "history"

  18.       },

  19.       "user_input": "Admin::ActionLog.where(:target_type => \"Status\", :target_id => status_ids, :created_at => ((created_at..updated_at))).unscope(:order)",

  20.       "confidence": "High",

  21.       "note": ""

  22.     },

  23.     {

  24.       "warning_type": "Cross-Site Scripting",

  25.       "warning_code": 4,

  26.       "fingerprint": "0adbe361b91afff22ba51e5fc2275ec703cc13255a0cb3eecd8dab223ab9f61e",

  27.       "check_name": "LinkToHref",

  28.       "message": "Potentially unsafe model attribute in link_to href",

  29.       "file": "app/views/admin/accounts/show.html.haml",

  30.       "line": 167,

  31.       "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",

  32.       "code": "link_to(Account.find(params[:id]).inbox_url, Account.find(params[:id]).inbox_url)",

  33.       "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],

  34.       "location": {

  35.         "type": "template",

  36.         "template": "admin/accounts/show"

  37.       },

  38.       "user_input": "Account.find(params[:id]).inbox_url",

  39.       "confidence": "Weak",

  40.       "note": ""

  41.     },

  42.     {

  43.       "warning_type": "Cross-Site Scripting",

  44.       "warning_code": 4,

  45.       "fingerprint": "1fc29c578d0c89bf13bd5476829d272d54cd06b92ccf6df18568fa1f2674926e",

  46.       "check_name": "LinkToHref",

  47.       "message": "Potentially unsafe model attribute in link_to href",

  48.       "file": "app/views/admin/accounts/show.html.haml",

  49.       "line": 173,

  50.       "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",

  51.       "code": "link_to(Account.find(params[:id]).shared_inbox_url, Account.find(params[:id]).shared_inbox_url)",

  52.       "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],

  53.       "location": {

  54.         "type": "template",

  55.         "template": "admin/accounts/show"

  56.       },

  57.       "user_input": "Account.find(params[:id]).shared_inbox_url",

  58.       "confidence": "Weak",

  59.       "note": ""

  60.     },

  61.     {

  62.       "warning_type": "Cross-Site Scripting",

  63.       "warning_code": 4,

  64.       "fingerprint": "2129d4c1e63a351d28d8d2937ff0b50237809c3df6725c0c5ef82b881dbb2086",

  65.       "check_name": "LinkToHref",

  66.       "message": "Potentially unsafe model attribute in link_to href",

  67.       "file": "app/views/admin/accounts/show.html.haml",

  68.       "line": 75,

  69.       "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",

  70.       "code": "link_to(Account.find(params[:id]).url, Account.find(params[:id]).url)",

  71.       "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],

  72.       "location": {

  73.         "type": "template",

  74.         "template": "admin/accounts/show"

  75.       },

  76.       "user_input": "Account.find(params[:id]).url",

  77.       "confidence": "Weak",

  78.       "note": ""

  79.     },

  80.     {

  81.       "warning_type": "Mass Assignment",

  82.       "warning_code": 105,

  83.       "fingerprint": "28d81cc22580ef76e912b077b245f353499aa27b3826476667224c00227af2a9",

  84.       "check_name": "PermitAttributes",

  85.       "message": "Potentially dangerous key allowed for mass assignment",

  86.       "file": "app/controllers/admin/reports_controller.rb",

  87.       "line": 80,

  88.       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",

  89.       "code": "params.permit(:account_id, :resolved, :target_account_id)",

  90.       "render_path": null,

  91.       "location": {

  92.         "type": "method",

  93.         "class": "Admin::ReportsController",

  94.         "method": "filter_params"

  95.       },

  96.       "user_input": ":account_id",

  97.       "confidence": "High",

  98.       "note": ""

  99.     },

  100.     {

  101.       "warning_type": "Dynamic Render Path",

  102.       "warning_code": 15,

  103.       "fingerprint": "4b6a895e2805578d03ceedbe1d469cc75a0c759eba093722523edb4b8683c873",

  104.       "check_name": "Render",

  105.       "message": "Render path contains parameter value",

  106.       "file": "app/views/admin/action_logs/index.html.haml",

  107.       "line": 4,

  108.       "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",

  109.       "code": "render(action => Admin::ActionLog.page(params[:page]), {})",

  110.       "render_path": [{"type":"controller","class":"Admin::ActionLogsController","method":"index","line":7,"file":"app/controllers/admin/action_logs_controller.rb"}],

  111.       "location": {

  112.         "type": "template",

  113.         "template": "admin/action_logs/index"

  114.       },

  115.       "user_input": "params[:page]",

  116.       "confidence": "Weak",

  117.       "note": ""

  118.     },

  119.     {

  120.       "warning_type": "Redirect",

  121.       "warning_code": 18,

  122.       "fingerprint": "5fad11cd67f905fab9b1d5739d01384a1748ebe78c5af5ac31518201925265a7",

  123.       "check_name": "Redirect",

  124.       "message": "Possible unprotected redirect",

  125.       "file": "app/controllers/remote_interaction_controller.rb",

  126.       "line": 20,

  127.       "link": "https://brakemanscanner.org/docs/warning_types/redirect/",

  128.       "code": "redirect_to(RemoteFollow.new(resource_params).interact_address_for(Status.find(params[:id])))",

  129.       "render_path": null,

  130.       "location": {

  131.         "type": "method",

  132.         "class": "RemoteInteractionController",

  133.         "method": "create"

  134.       },

  135.       "user_input": "RemoteFollow.new(resource_params).interact_address_for(Status.find(params[:id]))",

  136.       "confidence": "High",

  137.       "note": ""

  138.     },

  139.     {

  140.       "warning_type": "Cross-Site Scripting",

  141.       "warning_code": 4,

  142.       "fingerprint": "64b5b2a02ede9c2b3598881eb5a466d63f7d27fe0946aa00d570111ec7338d2e",

  143.       "check_name": "LinkToHref",

  144.       "message": "Potentially unsafe model attribute in link_to href",

  145.       "file": "app/views/admin/accounts/show.html.haml",

  146.       "line": 176,

  147.       "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",

  148.       "code": "link_to(Account.find(params[:id]).followers_url, Account.find(params[:id]).followers_url)",

  149.       "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],

  150.       "location": {

  151.         "type": "template",

  152.         "template": "admin/accounts/show"

  153.       },

  154.       "user_input": "Account.find(params[:id]).followers_url",

  155.       "confidence": "Weak",

  156.       "note": ""

  157.     },

  158.     {

  159.       "warning_type": "Dynamic Render Path",

  160.       "warning_code": 15,

  161.       "fingerprint": "67afc0d5f7775fa5bd91d1912e1b5505aeedef61876347546fa20f92fd6915e6",

  162.       "check_name": "Render",

  163.       "message": "Render path contains parameter value",

  164.       "file": "app/views/stream_entries/embed.html.haml",

  165.       "line": 3,

  166.       "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",

  167.       "code": "render(action => \"stream_entries/#{Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase}\", { Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase.to_sym => Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity, :centered => true, :autoplay => ActiveModel::Type::Boolean.new.cast(params[:autoplay]) })",

  168.       "render_path": [{"type":"controller","class":"StatusesController","method":"embed","line":59,"file":"app/controllers/statuses_controller.rb"}],

  169.       "location": {

  170.         "type": "template",

  171.         "template": "stream_entries/embed"

  172.       },

  173.       "user_input": "params[:id]",

  174.       "confidence": "Weak",

  175.       "note": ""

  176.     },

  177.     {

  178.       "warning_type": "Cross-Site Scripting",

  179.       "warning_code": 4,

  180.       "fingerprint": "82f7b0d09beb3ab68e0fa16be63cedf4e820f2490326e9a1cec05761d92446cd",

  181.       "check_name": "LinkToHref",

  182.       "message": "Potentially unsafe model attribute in link_to href",

  183.       "file": "app/views/admin/accounts/show.html.haml",

  184.       "line": 149,

  185.       "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",

  186.       "code": "link_to(Account.find(params[:id]).salmon_url, Account.find(params[:id]).salmon_url)",

  187.       "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],

  188.       "location": {

  189.         "type": "template",

  190.         "template": "admin/accounts/show"

  191.       },

  192.       "user_input": "Account.find(params[:id]).salmon_url",

  193.       "confidence": "Weak",

  194.       "note": ""

  195.     },

  196.     {

  197.       "warning_type": "Dynamic Render Path",

  198.       "warning_code": 15,

  199.       "fingerprint": "8d843713d99e8403f7992f3e72251b633817cf9076ffcbbad5613859d2bbc127",

  200.       "check_name": "Render",

  201.       "message": "Render path contains parameter value",

  202.       "file": "app/views/admin/custom_emojis/index.html.haml",

  203.       "line": 45,

  204.       "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",

  205.       "code": "render(action => filtered_custom_emojis.eager_load(:local_counterpart).page(params[:page]), {})",

  206.       "render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":11,"file":"app/controllers/admin/custom_emojis_controller.rb"}],

  207.       "location": {

  208.         "type": "template",

  209.         "template": "admin/custom_emojis/index"

  210.       },

  211.       "user_input": "params[:page]",

  212.       "confidence": "Weak",

  213.       "note": ""

  214.     },

  215.     {

  216.       "warning_type": "SQL Injection",

  217.       "warning_code": 0,

  218.       "fingerprint": "9ccb9ba6a6947400e187d515e0bf719d22993d37cfc123c824d7fafa6caa9ac3",

  219.       "check_name": "SQL",

  220.       "message": "Possible SQL injection",

  221.       "file": "lib/mastodon/snowflake.rb",

  222.       "line": 87,

  223.       "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",

  224.       "code": "connection.execute(\"        CREATE OR REPLACE FUNCTION timestamp_id(table_name text)\\n        RETURNS bigint AS\\n        $$\\n          DECLARE\\n            time_part bigint;\\n            sequence_base bigint;\\n            tail bigint;\\n          BEGIN\\n            time_part := (\\n              -- Get the time in milliseconds\\n              ((date_part('epoch', now()) * 1000))::bigint\\n              -- And shift it over two bytes\\n              << 16);\\n\\n            sequence_base := (\\n              'x' ||\\n              -- Take the first two bytes (four hex characters)\\n              substr(\\n                -- Of the MD5 hash of the data we documented\\n                md5(table_name ||\\n                  '#{SecureRandom.hex(16)}' ||\\n                  time_part::text\\n                ),\\n                1, 4\\n              )\\n            -- And turn it into a bigint\\n            )::bit(16)::bigint;\\n\\n            -- Finally, add our sequence number to our base, and chop\\n            -- it to the last two bytes\\n            tail := (\\n              (sequence_base + nextval(table_name || '_id_seq'))\\n              & 65535);\\n\\n            -- Return the time part and the sequence part. OR appears\\n            -- faster here than addition, but they're equivalent:\\n            -- time_part has no trailing two bytes, and tail is only\\n            -- the last two bytes.\\n            RETURN time_part | tail;\\n          END\\n        $$ LANGUAGE plpgsql VOLATILE;\\n\")",

  225.       "render_path": null,

  226.       "location": {

  227.         "type": "method",

  228.         "class": "Mastodon::Snowflake",

  229.         "method": "define_timestamp_id"

  230.       },

  231.       "user_input": "SecureRandom.hex(16)",

  232.       "confidence": "Medium",

  233.       "note": ""

  234.     },

  235.     {

  236.       "warning_type": "Dynamic Render Path",

  237.       "warning_code": 15,

  238.       "fingerprint": "9f31d941f3910dba2e9bfcd81aef4513249bd24c02d0f98e13ad44fdeeccd0e8",

  239.       "check_name": "Render",

  240.       "message": "Render path contains parameter value",

  241.       "file": "app/views/admin/accounts/index.html.haml",

  242.       "line": 67,

  243.       "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",

  244.       "code": "render(action => filtered_accounts.page(params[:page]), {})",

  245.       "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"index","line":12,"file":"app/controllers/admin/accounts_controller.rb"}],

  246.       "location": {

  247.         "type": "template",

  248.         "template": "admin/accounts/index"

  249.       },

  250.       "user_input": "params[:page]",

  251.       "confidence": "Weak",

  252.       "note": ""

  253.     },

  254.     {

  255.       "warning_type": "Redirect",

  256.       "warning_code": 18,

  257.       "fingerprint": "ba699ddcc6552c422c4ecd50d2cd217f616a2446659e185a50b05a0f2dad8d33",

  258.       "check_name": "Redirect",

  259.       "message": "Possible unprotected redirect",

  260.       "file": "app/controllers/media_controller.rb",

  261.       "line": 10,

  262.       "link": "https://brakemanscanner.org/docs/warning_types/redirect/",

  263.       "code": "redirect_to(MediaAttachment.attached.find_by!(:shortcode => ((params[:id] or params[:medium_id]))).file.url(:original))",

  264.       "render_path": null,

  265.       "location": {

  266.         "type": "method",

  267.         "class": "MediaController",

  268.         "method": "show"

  269.       },

  270.       "user_input": "MediaAttachment.attached.find_by!(:shortcode => ((params[:id] or params[:medium_id]))).file.url(:original)",

  271.       "confidence": "High",

  272.       "note": ""

  273.     },

  274.     {

  275.       "warning_type": "Cross-Site Scripting",

  276.       "warning_code": 4,

  277.       "fingerprint": "bb0ad5c4a42e06e3846c2089ff5269c17f65483a69414f6ce65eecf2bb11fab7",

  278.       "check_name": "LinkToHref",

  279.       "message": "Potentially unsafe model attribute in link_to href",

  280.       "file": "app/views/admin/accounts/show.html.haml",

  281.       "line": 138,

  282.       "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",

  283.       "code": "link_to(Account.find(params[:id]).remote_url, Account.find(params[:id]).remote_url)",

  284.       "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],

  285.       "location": {

  286.         "type": "template",

  287.         "template": "admin/accounts/show"

  288.       },

  289.       "user_input": "Account.find(params[:id]).remote_url",

  290.       "confidence": "Weak",

  291.       "note": ""

  292.     },

  293.     {

  294.       "warning_type": "Redirect",

  295.       "warning_code": 18,

  296.       "fingerprint": "bb7e94e60af41decb811bb32171f1b27e9bf3f4d01e9e511127362e22510eb11",

  297.       "check_name": "Redirect",

  298.       "message": "Possible unprotected redirect",

  299.       "file": "app/controllers/remote_follow_controller.rb",

  300.       "line": 19,

  301.       "link": "https://brakemanscanner.org/docs/warning_types/redirect/",

  302.       "code": "redirect_to(RemoteFollow.new(resource_params).subscribe_address_for(Account.find_local!(params[:account_username])))",

  303.       "render_path": null,

  304.       "location": {

  305.         "type": "method",

  306.         "class": "RemoteFollowController",

  307.         "method": "create"

  308.       },

  309.       "user_input": "RemoteFollow.new(resource_params).subscribe_address_for(Account.find_local!(params[:account_username]))",

  310.       "confidence": "High",

  311.       "note": ""

  312.     },

  313.     {

  314.       "warning_type": "Dynamic Render Path",

  315.       "warning_code": 15,

  316.       "fingerprint": "c5d6945d63264af106d49367228d206aa2f176699ecdce2b98fac101bc6a96cf",

  317.       "check_name": "Render",

  318.       "message": "Render path contains parameter value",

  319.       "file": "app/views/admin/reports/index.html.haml",

  320.       "line": 22,

  321.       "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",

  322.       "code": "render(action => filtered_reports.page(params[:page]), {})",

  323.       "render_path": [{"type":"controller","class":"Admin::ReportsController","method":"index","line":10,"file":"app/controllers/admin/reports_controller.rb"}],

  324.       "location": {

  325.         "type": "template",

  326.         "template": "admin/reports/index"

  327.       },

  328.       "user_input": "params[:page]",

  329.       "confidence": "Weak",

  330.       "note": ""

  331.     },

  332.     {

  333.       "warning_type": "Cross-Site Scripting",

  334.       "warning_code": 4,

  335.       "fingerprint": "e04aafe1e06cf8317fb6ac0a7f35783e45aa1274272ee6eaf28d39adfdad489b",

  336.       "check_name": "LinkToHref",

  337.       "message": "Potentially unsafe model attribute in link_to href",

  338.       "file": "app/views/admin/accounts/show.html.haml",

  339.       "line": 170,

  340.       "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",

  341.       "code": "link_to(Account.find(params[:id]).outbox_url, Account.find(params[:id]).outbox_url)",

  342.       "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],

  343.       "location": {

  344.         "type": "template",

  345.         "template": "admin/accounts/show"

  346.       },

  347.       "user_input": "Account.find(params[:id]).outbox_url",

  348.       "confidence": "Weak",

  349.       "note": ""

  350.     },

  351.     {

  352.       "warning_type": "Mass Assignment",

  353.       "warning_code": 105,

  354.       "fingerprint": "e867661b2c9812bc8b75a5df12b28e2a53ab97015de0638b4e732fe442561b28",

  355.       "check_name": "PermitAttributes",

  356.       "message": "Potentially dangerous key allowed for mass assignment",

  357.       "file": "app/controllers/api/v1/reports_controller.rb",

  358.       "line": 42,

  359.       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",

  360.       "code": "params.permit(:account_id, :comment, :forward, :status_ids => ([]))",

  361.       "render_path": null,

  362.       "location": {

  363.         "type": "method",

  364.         "class": "Api::V1::ReportsController",

  365.         "method": "report_params"

  366.       },

  367.       "user_input": ":account_id",

  368.       "confidence": "High",

  369.       "note": ""

  370.     },

  371.     {

  372.       "warning_type": "Dynamic Render Path",

  373.       "warning_code": 15,

  374.       "fingerprint": "fbd0fc59adb5c6d44b60e02debb31d3af11719f534c9881e21435bbff87404d6",

  375.       "check_name": "Render",

  376.       "message": "Render path contains parameter value",

  377.       "file": "app/views/stream_entries/show.html.haml",

  378.       "line": 23,

  379.       "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",

  380.       "code": "render(partial => \"stream_entries/#{Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase}\", { :locals => ({ Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase.to_sym => Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity, :include_threads => true }) })",

  381.       "render_path": [{"type":"controller","class":"StatusesController","method":"show","line":30,"file":"app/controllers/statuses_controller.rb"}],

  382.       "location": {

  383.         "type": "template",

  384.         "template": "stream_entries/show"

  385.       },

  386.       "user_input": "params[:id]",

  387.       "confidence": "Weak",

  388.       "note": ""

  389.     }

  390.   ],

  391.   "updated": "2018-08-30 21:55:10 +0200",

  392.   "brakeman_version": "4.2.1"

  393. }