Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix sql injectiion vulenarability #1227

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix sql injectiion vulenarability #1227

wants to merge 2 commits into from

Conversation

StlMaris123
Copy link

@StlMaris123 StlMaris123 commented Feb 3, 2020
edited
Loading

Fixes #1189 (<=== Add issue number here)

  • This pr fixes sql injection vulnerability
  • Adds Gem brakeman to detect more vulnerabilities
    Make sure these boxes are checked before your pull request (PR) is ready to be reviewed and merged. Thanks!
  • PR is descriptively titled 📑 and links the original issue above 🔗
  • tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR -- or run tests locally with rake test
  • code is in uniquely-named feature branch and has no merge conflicts 📁
  • screenshots/GIFs are attached 📎 in case of UI updation
  • ask @publiclab/mapknitter-reviewers for help, in a comment below

We're happy to help you get this ready -- don't be afraid to ask for help, and don't be discouraged if your tests fail at first!

If tests do fail, click on the red X to learn why by reading the logs.

Please be sure you've reviewed our contribution guidelines at https://publiclab.org/contributing-to-public-lab-software

Thanks!

@codeclimate
Copy link

codeclimate bot commented Feb 3, 2020

Code Climate has analyzed commit 9327665 and detected 0 issues on this pull request.

View more on Code Climate.

@codecov
Copy link

codecov bot commented Feb 3, 2020
edited
Loading

Codecov Report

Merging #1227 into main will decrease coverage by 0.35%.
The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1227      +/-   ##
==========================================
- Coverage   73.28%   72.92%   -0.36%     
==========================================
  Files          40       40              
  Lines        1400     1400              
==========================================
- Hits         1026     1021       -5     
- Misses        374      379       +5
Impacted Files Coverage Δ
app/controllers/users_controller.rb 94.11% <0%> (ø) ⬆️
app/mailers/comment_mailer.rb 100% <0%> (ø) ⬆️
app/mailers/application_mailer.rb 100% <0%> (ø) ⬆️
app/controllers/comments_controller.rb 100% <0%> (ø) ⬆️
app/controllers/feeds_controller.rb 100% <0%> (ø) ⬆️
app/channels/application_cable/connection.rb 100% <0%> (ø) ⬆️
app/controllers/utility_controller.rb 100% <0%> (ø) ⬆️
app/channels/application_cable/channel.rb 100% <0%> (ø) ⬆️
lib/exporter.rb 91.92% <0%> (-2.25%) ⬇️
app/controllers/export_controller.rb 90.9% <0%> (ø) ⬆️
... and 20 more

@StlMaris123
Update users_controller.rb
57f9cdb 
use arrow function instead of symbol
@kaustubh-nair
Copy link
Member

Hmm travis is stalled, maybe restarting helps?

@kaustubh-nair kaustubh-nair reopened this Feb 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alaxalves alaxalves alaxalves approved these changes

@jywarren jywarren Awaiting requested review from jywarren

@kaustubh-nair kaustubh-nair Awaiting requested review from kaustubh-nair

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SQL Injection in "sort" parameter on /users/ page
3 participants
@StlMaris123 @kaustubh-nair @alaxalves