{ "ignored_warnings": [ { "warning_type": "Redirect", "warning_code": 18, "fingerprint": "3ea917c822b3e5b1dad1e672ba4a40c0e8e37abf8cea9cf5793772942aa07f99", "check_name": "Redirect", "message": "Possible unprotected redirect", "file": "app/controllers/plans_controller.rb", "line": 295, "link": "https://brakemanscanner.org/docs/warning_types/redirect/", "code": "redirect_to(Plan.deep_copy(Plan.find(params[:id])), :notice => success_message(_(\"plan\"), _(\"copied\")))", "render_path": null, "location": { "type": "method", "class": "PlansController", "method": "duplicate" }, "user_input": "Plan.deep_copy(Plan.find(params[:id]))", "confidence": "High", "note": "" }, { "warning_type": "Redirect", "warning_code": 18, "fingerprint": "715556db27ab9050c36a6e9db8f6a79a2ec53bd24bcfc15a967e9e745f357245", "check_name": "Redirect", "message": "Possible unprotected redirect", "file": "app/controllers/orgs_controller.rb", "line": 92, "link": "https://brakemanscanner.org/docs/warning_types/redirect/", "code": "redirect_to(\"#{\"#{request.base_url.gsub(\"http:\", \"https:\")}#{Rails.application.config.shibboleth_login}\"}?target=#{\"#{user_shibboleth_omniauth_callback_url.gsub(\"http:\", \"https:\")}\"}&entityID=#{OrgIdentifier.where(:org_id => params[\"shib-ds\"][:org_id], :identifier_scheme => IdentifierScheme.find_by(:name => \"shibboleth\")).first.identifier}\")", "render_path": null, "location": { "type": "method", "class": "OrgsController", "method": "shibboleth_ds_passthru" }, "user_input": "OrgIdentifier.where(:org_id => params[\"shib-ds\"][:org_id], :identifier_scheme => IdentifierScheme.find_by(:name => \"shibboleth\")).first.identifier", "confidence": "High", "note": "" }, { "warning_type": "SQL Injection", "warning_code": 0, "fingerprint": "7bd7ecdde88008eac29303c8c264366d1d670eb468e316c17a6121d4684b8bca", "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/user.rb", "line": 343, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "User.where(\"LOWER(#{field}) = :value\", :value => val.to_s.downcase)", "render_path": null, "location": { "type": "method", "class": "User", "method": "User.where_case_insensitive" }, "user_input": "field", "confidence": "Medium", "note": "" }, { "warning_type": "Redirect", "warning_code": 18, "fingerprint": "9af8ff997f5587d8fa01550ea532d84fdf6b0095d892343d4431945ced6c09da", "check_name": "Redirect", "message": "Possible unprotected redirect", "file": "app/controllers/splash_logs_controller.rb", "line": 14, "link": "https://brakemanscanner.org/docs/warning_types/redirect/", "code": "redirect_to(params[:destination])", "render_path": null, "location": { "type": "method", "class": "SplashLogsController", "method": "create" }, "user_input": "params[:destination]", "confidence": "High", "note": "" }, { "warning_type": "SQL Injection", "warning_code": 0, "fingerprint": "a2f11c8d81b0932f4fe0de989fc8bb0e689cbbfdc26fddc2b1a13177ba62c1b5", "check_name": "SQL", "message": "Possible SQL injection", "file": "app/controllers/concerns/paginable.rb", "line": 118, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "scope.search(@paginable_params[:search]).order(\"#{@paginable_params[:sort_field]} #{upcasing_sort_direction}\")", "render_path": null, "location": { "type": "method", "class": "Paginable", "method": "refine_query" }, "user_input": "@paginable_params[:sort_field]", "confidence": "Weak", "note": "" } ], "updated": "2018-08-27 16:10:15 +0100", "brakeman_version": "4.3.1" }