Adding false positive for package vulnerability warning

malparty · Jun 18, 2021 · 88cd76a · 88cd76a
1 parent 4baed99
commit 88cd76a
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
@@ -0,0 +1,22 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Cross-Site Scripting",
+      "warning_code": 106,
+      "fingerprint": "c8adc1c0caf2c9251d1d8de588fb949070212d0eed5e1580aee88bab2287b772",
+      "check_name": "SanitizeMethods",
+      "message": "loofah gem 2.10.0 is vulnerable (CVE-2018-8048). Upgrade to 2.2.1",
+      "file": "Gemfile.lock",
+      "line": 214,
+      "link": "https://github.com/flavorjones/loofah/issues/144",
+      "code": null,
+      "render_path": null,
+      "location": null,
+      "user_input": null,
+      "confidence": "Medium",
+      "note": ""
+    }
+  ],
+  "updated": "2021-06-18 15:28:26 +0700",
+  "brakeman_version": "5.0.1"
+}