You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dangerous Eval General User input in eval near line 16: eval("class ::#{ExportedReport::Base.where(:id => report_id).pluck(:report_type).first} < ::ExportedReport::Base; end") High
Hi @garettarrowood - Brakeman warns about this code because it's pulling a value from the database and using it inside of an eval. Brakeman assumes any value coming from the database is potentially dangerous.
You might consider something like this instead of using eval:
Background
Brakeman version: 6.1.2
Rails version: 6.1.7.7
Ruby version: 3.0.6
Link to Rails application code: private
False Positive
Full warning from Brakeman:
Relevant code:
Why might this be a false positive?
There is no User input being processed in this snippet of code.
The text was updated successfully, but these errors were encountered: