Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues cited by Brakeman #860

Open
jhsu802701 opened this issue Nov 27, 2018 · 0 comments
Open

Issues cited by Brakeman #860

jhsu802701 opened this issue Nov 27, 2018 · 0 comments

Comments

@jhsu802701
Copy link
Contributor

Brakeman Report errors:

  • invalid byte sequence in US-ASCII (app/views/pages/what.html.erb)
  • app/views/repos/_docs.html.slim is not valid US-ASCII
  • app/views/repos/_issues.html.slim is not valid US-ASCII
  • app/views/users/after_signup/set_privacy.html.slim is not valid US-ASCII
  • app/views/users/token_delete.html.slim is not valid US-ASCII

Brakeman warnings:

Confidence: High                       
Category: Redirect                                                              
Check: Redirect                                                                 
Message: Possible unprotected redirect                                          
Code: redirect_to(IssueAssignment.find(params[:id]).issue.html_url)             
File: app/controllers/issue_assignments_controller.rb                           
Line: 15                                                                        
                                                                                
Confidence: High                                                                
Category: Redirect                                                              
Check: Redirect                                                                 
Message: Possible unprotected redirect                                          
Code: redirect_to(DocMethod.find(params[:id]).to_github)                        
File: app/controllers/doc_methods_controller.rb                                 
Line: 43                   

Confidence: Medium                                                              
Category: Command Injection                                                     
Check: Execute                                                                  
Message: Possible command injection                                             
Code: `cd #{dir} && git clone #{clone_url} 2>&1`      
File: app/models/github_fetcher/repo.rb
Line: 19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix brakeman issues
1 participant
@jhsu802701