Skip to content

Security Warnings #3

Open
Open
Security Warnings#3
Labels
todo
@boringmachine

Description

@boringmachine
boringmachine
opened on Sep 5, 2014

brakeman Karoshi

+SUMMARY+

+-------------------+--------+
| Scanned/Reported | Total |
+-------------------+--------+
| Controllers | 14 |
| Models | 10 |
| Templates | 90 |
| Errors | 0 |
| Security Warnings | 17 (1) |
+-------------------+--------+

+----------------------+-------+
| Warning Type | Total |
+----------------------+-------+
| Cross Site Scripting | 1 |
| Mass Assignment | 15 |
| Session Setting | 1 |
+----------------------+-------+

+SECURITY WARNINGS+

+------------+-------+--------+-----------------+------------------------------------------------------------->>
| Confidence | Class | Method | Warning Type | Message >>
+------------+-------+--------+-----------------+------------------------------------------------------------->>
| High | | | Session Setting | Session secret should not be included in version control nea>>
+------------+-------+--------+-----------------+------------------------------------------------------------->>

Model Warnings:

+------------+------------+-----------------+----------------------------------------------------------------->>
| Confidence | Model | Warning Type | Message >>
+------------+------------+-----------------+----------------------------------------------------------------->>
| Weak | Comment | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | Comment | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | Group | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | GroupTopic | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | GroupTopic | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | GroupUser | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | GroupUser | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | Post | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | Post | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | Post | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | Post | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | Post | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | PostTag | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | PostTag | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
| Weak | User | Mass Assignment | Potentially dangerous attribute available for mass assignment: :>>
+------------+------------+-----------------+----------------------------------------------------------------->>

View Warnings:

+------------+-------------------------------------+----------------------+----------------------------------->>
| Confidence | Template | Warning Type | Message >>
+------------+-------------------------------------+----------------------+----------------------------------->>
| Medium | groups/edit (GroupsController#edit) | Cross Site Scripting | Unsafe parameter value in link_to >>
+------------+-------------------------------------+----------------------+----------------------------------->>

Metadata

Metadata

Assignees

No one assigned

    Labels

    todo

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions