Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

322 lines (287 sloc) 7.896 kb
<!DOCTYPE HTML SYSTEM>
<html>
<head>
<title>Brakeman Report</title>
<script>
function toggle(context) {
var elem = document.getElementById(context);
if (elem.style.display != "block")
elem.style.display = "block";
else
elem.style.display = "none";
elem.parentNode.scrollIntoView();
}
</script>
<style>
/* CSS style used for HTML reports */
body {
font-family: sans-serif;
color: #161616;
}
p {
font-weight: bold;
font-size: 11pt;
color: #2D0200;
}
th {
background-color: #980905;
border-bottom: 5px solid #530200;
color: white;
font-size: 11pt;
padding: 1px 8px 1px 8px;
}
td {
border-bottom: 2px solid white;
font-family: monospace;
padding: 5px 8px 1px 8px;
}
table {
background-color: #FCF4D4;
border-collapse: collapse;
}
h1 {
color: #2D0200;
font-size: 14pt;
}
h2 {
color: #2D0200;
font-size: 12pt;
}
span.high-confidence {
font-weight:bold;
color: red;
}
span.med-confidence {
}
span.weak-confidence {
color:gray;
}
div.warning_message {
cursor: pointer;
}
div.warning_message:hover {
background-color: white;
}
table caption {
background-color: #FFE;
padding: 2px;
}
table.context {
margin-top: 5px;
margin-bottom: 5px;
border-left: 1px solid #90e960;
color: #212121;
}
tr.context {
background-color: white;
}
tr.first {
border-top: 1px solid #7ecc54;
padding-top: 2px;
}
tr.error {
background-color: #f4c1c1 !important
}
tr.near_error {
background-color: #f4d4d4 !important
}
tr.alt {
background-color: #e8f4d4;
}
td.context {
padding: 2px 10px 0px 6px;
border-bottom: none;
}
td.context_line {
padding: 2px 8px 0px 7px;
border-right: 1px solid #b3bda4;
border-bottom: none;
color: #6e7465;
}
pre.context {
margin-bottom: 1px;
}
.user_input {
background-color: #fcecab;
}
</style>
</head>
<body>
<h1>Brakeman Report</h1>
<table>
<tr>
<th>Application Path</th>
<th>Rails Version</th>
<th>Report Generation Time</th>
<th>Checks Performed</th>
</tr>
<tr>
<td>/home/rkcudjoe/code/showcase</td>
<td>3.2.6</td>
<td>2012-06-19 07:41:07 -0400</td>
<td>BasicAuth, CrossSiteScripting, DefaultRoutes, EscapeFunction, Evaluation, Execute, FileAccess, FilterSkipping, ForgerySetting, LinkTo, LinkToHref, MailTo, MassAssignment, ModelAttributes, NestedAttributes, QuoteTableName, Redirect, Render, ResponseSplitting, SQL, SafeBufferManipulation, SelectVulnerability, Send, SendFile, SessionSettings, SkipBeforeFilter, StripTags, TranslateBug, ValidationRegex, WithoutProtection</td>
</tr>
</table>
<br>
<h2 id='summary'>Summary</h2>
<table>
<tr>
<th>Scanned/Reported</th>
<th>Total</th>
</tr>
<tr>
<td>Controllers</td>
<td>8</td>
</tr>
<tr>
<td>Models</td>
<td>6</td>
</tr>
<tr>
<td>Templates</td>
<td>53</td>
</tr>
<tr>
<td>Errors</td>
<td>1</td>
</tr>
<tr>
<td>Security Warnings</td>
<td>1 <span class='high-confidence'>(0)</span></td>
</tr>
</table>
<br>
<table>
<tr>
<th>Warning Type</th>
<th>Total</th>
</tr>
<tr>
<td>Dynamic Render Path</td>
<td>1</td>
</tr>
</table>
<br>
<div onClick="toggle('errors_table');"> <h2>Exceptions raised during the analysis (click to see them)</h2 ></div> <div id='errors_table' style='display:none'>
<table>
<tr>
<th>Error</th>
<th>Location</th>
</tr>
<tr>
<td> parse error on value &quot;) );@output_buffer &lt;&lt; (&quot; (tSTRING)</td>
<td>could not parse /home/rkcudjoe/code/showcase/app/views/users/index.js.erb</td>
</tr>
</table>
</div>
<h2>Security Warnings</h2>
<table>
<tr>
<th>General Warnings</th>
</tr>
<tr>
<td>[NONE]</td>
</tr>
</table><p>View Warnings</p>
<table>
<tr>
<th>Confidence</th>
<th>Template</th>
<th>Warning Type</th>
<th>Message</th>
</tr>
<tr>
<td><span class='weak-confidence'>Weak</span></td>
<td>messages/index (MessagesController#index)</td>
<td>Dynamic Render Path</td>
<td><div class='warning_message' onClick="toggle('context1');toggle('message1');toggle('full_message1')" ><span id='message1' style='display:block' >Render path contains parameter value near line 8: render(action =&gt; current_user.received_messages.pag...</span><span id='full_message1' style='display:none'>Render path contains parameter value near line 8: render(action =&gt; current_user.received_messages.paginate(:page =&gt; (<span class="user_input">params[:page]</span>), :per_page =&gt; 10), { })</span><table id='context1' class='context' style='display:none'><caption>/app/views/messages/index.html.erb</caption> <tr class='context first'>
<td class='context_line'>
<pre class='context'>3</pre>
</td>
<td class='context'>
<pre class='context'> &lt;/br&gt;</pre>
</td>
</tr>
<tr class='context alt'>
<td class='context_line'>
<pre class='context'>4</pre>
</td>
<td class='context'>
<pre class='context'> &lt;b&gt;&lt;%= link_to &quot; Compose&quot;, new_message_path, class: &quot;icon-pencil btn btn-small&quot; %&gt; &lt;/b&gt;&lt;/br&gt;</pre>
</td>
</tr>
<tr class='context'>
<td class='context_line'>
<pre class='context'>5</pre>
</td>
<td class='context'>
<pre class='context'> &lt;/br&gt;</pre>
</td>
</tr>
<tr class='context alt'>
<td class='context_line'>
<pre class='context'>6</pre>
</td>
<td class='context'>
<pre class='context'> &lt;% if @messages.present? %&gt; </pre>
</td>
</tr>
<tr class='context near_error'>
<td class='context_line'>
<pre class='context'>7</pre>
</td>
<td class='context'>
<pre class='context'> &lt;%#= will_paginate %&gt;</pre>
</td>
</tr>
<tr class='context alt error'>
<td class='context_line'>
<pre class='context'>8</pre>
</td>
<td class='context'>
<pre class='context'> &lt;%= render @messages %&gt;</pre>
</td>
</tr>
<tr class='context near_error'>
<td class='context_line'>
<pre class='context'>9</pre>
</td>
<td class='context'>
<pre class='context'> &lt;%= will_paginate %&gt;</pre>
</td>
</tr>
<tr class='context alt'>
<td class='context_line'>
<pre class='context'>10</pre>
</td>
<td class='context'>
<pre class='context'> &lt;% else %&gt;</pre>
</td>
</tr>
<tr class='context'>
<td class='context_line'>
<pre class='context'>11</pre>
</td>
<td class='context'>
<pre class='context'> &lt;center&gt;&lt;h6&gt; No Messages &lt;/h6&gt;&lt;/center&gt;</pre>
</td>
</tr>
<tr class='context alt'>
<td class='context_line'>
<pre class='context'>12</pre>
</td>
<td class='context'>
<pre class='context'> &lt;% end %&gt;</pre>
</td>
</tr>
<tr class='context'>
<td class='context_line'>
<pre class='context'>13</pre>
</td>
<td class='context'>
<pre class='context'>&lt;/div&gt;</pre>
</td>
</tr>
</table></div></td>
</tr>
</table></body></html>
Jump to Line
Something went wrong with that request. Please try again.