Skip to content

Instantly share code, notes, and snippets.

@githubteacher
Created March 11, 2021 18:04
Show Gist options
  • Save githubteacher/e8bfcff2c48f3a5814eb71328040c3e3 to your computer and use it in GitHub Desktop.
Save githubteacher/e8bfcff2c48f3a5814eb71328040c3e3 to your computer and use it in GitHub Desktop.
{
"version": "2.1.0",
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"runs": [
{
"tool": {
"driver": {
"name": "Brakeman",
"informationUri": "https://brakemanscanner.org",
"semanticVersion": "4.10.0",
"rules": [
{
"id": "BRAKE0102",
"name": "ContentTag/Cross-Site Scripting",
"fullDescription": {
"text": "Checks for XSS in calls to content_tag."
},
"helpUri": "https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ",
"help": {
"text": "More info: https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ.",
"markdown": "[More info](https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ)."
},
"properties": {
"tags": [
"ContentTag"
]
}
},
{
"id": "BRAKE0116",
"name": "CSRFTokenForgeryCVE/Cross-Site Request Forgery",
"fullDescription": {
"text": "Checks for versions with CSRF token forgery vulnerability (CVE-2020-8166)."
},
"helpUri": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
"help": {
"text": "More info: https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw.",
"markdown": "[More info](https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw)."
},
"properties": {
"tags": [
"CSRFTokenForgeryCVE"
]
}
},
{
"id": "BRAKE0077",
"name": "DefaultRoutes/Remote Code Execution",
"fullDescription": {
"text": "Checks for default routes."
},
"helpUri": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf",
"help": {
"text": "More info: http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf.",
"markdown": "[More info](http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf)."
},
"properties": {
"tags": [
"DefaultRoutes"
]
}
},
{
"id": "BRAKE0014",
"name": "Execute/Command Injection",
"fullDescription": {
"text": "Finds instances of possible command injection."
},
"helpUri": "https://brakemanscanner.org/docs/warning_types/command_injection/",
"help": {
"text": "More info: https://brakemanscanner.org/docs/warning_types/command_injection/.",
"markdown": "[More info](https://brakemanscanner.org/docs/warning_types/command_injection/)."
},
"properties": {
"tags": [
"Execute"
]
}
},
{
"id": "BRAKE0063",
"name": "I18nXSS/Cross-Site Scripting",
"fullDescription": {
"text": "Checks for i18n XSS (CVE-2013-4491)."
},
"helpUri": "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ",
"help": {
"text": "More info: https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ.",
"markdown": "[More info](https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ)."
},
"properties": {
"tags": [
"I18nXSS"
]
}
},
{
"id": "BRAKE0049",
"name": "JSONParsing/Remote Code Execution",
"fullDescription": {
"text": "Checks for JSON parsing vulnerabilities CVE-2013-0333 and CVE-2013-0269."
},
"helpUri": "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion",
"help": {
"text": "More info: https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion.",
"markdown": "[More info](https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion)."
},
"properties": {
"tags": [
"JSONParsing"
]
}
},
{
"id": "BRAKE0094",
"name": "MimeTypeDoS/Denial of Service",
"fullDescription": {
"text": "Checks for mime type denial of service (CVE-2016-0751)."
},
"helpUri": "https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
"help": {
"text": "More info: https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ.",
"markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ)."
},
"properties": {
"tags": [
"MimeTypeDoS"
]
}
},
{
"id": "BRAKE0073",
"name": "NumberToCurrency/Cross-Site Scripting",
"fullDescription": {
"text": "Checks for number helpers XSS vulnerabilities in certain versions."
},
"helpUri": "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
"help": {
"text": "More info: https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ.",
"markdown": "[More info](https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ)."
},
"properties": {
"tags": [
"NumberToCurrency"
]
}
},
{
"id": "BRAKE0018",
"name": "Redirect/Redirect",
"fullDescription": {
"text": "Looks for calls to redirect_to with user input as arguments."
},
"helpUri": "https://brakemanscanner.org/docs/warning_types/redirect/",
"help": {
"text": "More info: https://brakemanscanner.org/docs/warning_types/redirect/.",
"markdown": "[More info](https://brakemanscanner.org/docs/warning_types/redirect/)."
},
"properties": {
"tags": [
"Redirect"
]
}
},
{
"id": "BRAKE0075",
"name": "RenderDoS/Denial of Service",
"fullDescription": {
"text": "Warn about denial of service with render :text (CVE-2014-0082)."
},
"helpUri": "https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ",
"help": {
"text": "More info: https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ.",
"markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ)."
},
"properties": {
"tags": [
"RenderDoS"
]
}
},
{
"id": "BRAKE0108",
"name": "SprocketsPathTraversal/Path Traversal",
"fullDescription": {
"text": "Checks for CVE-2018-3760."
},
"helpUri": "https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ",
"help": {
"text": "More info: https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ.",
"markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ)."
},
"properties": {
"tags": [
"SprocketsPathTraversal"
]
}
},
{
"id": "BRAKE0046",
"name": "SQLCVEs/SQL Injection",
"fullDescription": {
"text": "Checks for several SQL CVEs."
},
"helpUri": "https://groups.google.com/d/topic/rubyonrails-security/DCNTNp_qjFM/discussion",
"help": {
"text": "More info: https://groups.google.com/d/topic/rubyonrails-security/DCNTNp_qjFM/discussion.",
"markdown": "[More info](https://groups.google.com/d/topic/rubyonrails-security/DCNTNp_qjFM/discussion)."
},
"properties": {
"tags": [
"SQLCVEs"
]
}
},
{
"id": "BRAKE0047",
"name": "SQLCVEs/SQL Injection",
"fullDescription": {
"text": "Checks for several SQL CVEs."
},
"helpUri": "https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion",
"help": {
"text": "More info: https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion.",
"markdown": "[More info](https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion)."
},
"properties": {
"tags": [
"SQLCVEs"
]
}
},
{
"id": "BRAKE0069",
"name": "SQLCVEs/SQL Injection",
"fullDescription": {
"text": "Checks for several SQL CVEs."
},
"helpUri": "https://groups.google.com/d/msg/ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ",
"help": {
"text": "More info: https://groups.google.com/d/msg/ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ.",
"markdown": "[More info](https://groups.google.com/d/msg/ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ)."
},
"properties": {
"tags": [
"SQLCVEs"
]
}
},
{
"id": "BRAKE0055",
"name": "SymbolDoSCVE/Denial of Service",
"fullDescription": {
"text": "Checks for versions with ActiveRecord symbol denial of service vulnerability."
},
"helpUri": "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ",
"help": {
"text": "More info: https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ.",
"markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ)."
},
"properties": {
"tags": [
"SymbolDoSCVE"
]
}
},
{
"id": "BRAKE0088",
"name": "XMLDoS/Denial of Service",
"fullDescription": {
"text": "Checks for XML denial of service (CVE-2015-3227)."
},
"helpUri": "https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J",
"help": {
"text": "More info: https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J.",
"markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J)."
},
"properties": {
"tags": [
"XMLDoS"
]
}
},
{
"id": "BRAKE0048",
"name": "YAMLParsing/Remote Code Execution",
"fullDescription": {
"text": "Checks for YAML parsing vulnerabilities (CVE-2013-0156)."
},
"helpUri": "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion",
"help": {
"text": "More info: https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion.",
"markdown": "[More info](https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion)."
},
"properties": {
"tags": [
"YAMLParsing"
]
}
},
{
"id": "BRAKE0002",
"name": "CrossSiteScripting/Cross-Site Scripting",
"fullDescription": {
"text": "Checks for unescaped output in views."
},
"helpUri": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
"help": {
"text": "More info: https://brakemanscanner.org/docs/warning_types/cross_site_scripting.",
"markdown": "[More info](https://brakemanscanner.org/docs/warning_types/cross_site_scripting)."
},
"properties": {
"tags": [
"CrossSiteScripting"
]
}
},
{
"id": "BRAKE0056",
"name": "SanitizeMethods/Cross-Site Scripting",
"fullDescription": {
"text": "Checks for versions with vulnerable sanitize and sanitize_css."
},
"helpUri": "https://groups.google.com/d/msg/rubyonrails-security/4_QHo4BqnN8/_RrdfKk12I4J",
"help": {
"text": "More info: https://groups.google.com/d/msg/rubyonrails-security/4_QHo4BqnN8/_RrdfKk12I4J.",
"markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/4_QHo4BqnN8/_RrdfKk12I4J)."
},
"properties": {
"tags": [
"SanitizeMethods"
]
}
},
{
"id": "BRAKE0012",
"name": "DefaultRoutes/Default Routes",
"fullDescription": {
"text": "Checks for default routes."
},
"helpUri": "https://brakemanscanner.org/docs/warning_types/default_routes/",
"help": {
"text": "More info: https://brakemanscanner.org/docs/warning_types/default_routes/.",
"markdown": "[More info](https://brakemanscanner.org/docs/warning_types/default_routes/)."
},
"properties": {
"tags": [
"DefaultRoutes"
]
}
},
{
"id": "BRAKE0060",
"name": "ModelAttrAccessible/Mass Assignment",
"fullDescription": {
"text": "Reports models which have dangerous attributes defined via attr_accessible."
},
"helpUri": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
"help": {
"text": "More info: https://brakemanscanner.org/docs/warning_types/mass_assignment/.",
"markdown": "[More info](https://brakemanscanner.org/docs/warning_types/mass_assignment/)."
},
"properties": {
"tags": [
"ModelAttrAccessible"
]
}
}
]
}
},
"results": [
{
"ruleId": "BRAKE0102",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Rails 3.2.9.rc2 `content_tag` does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to Rails 3.2.22.4."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0116",
"ruleIndex": 1,
"level": "warning",
"message": {
"text": "Rails 3.2.9.rc2 has a vulnerability that may allow CSRF token forgery. Upgrade to Rails 5.2.4.3 or patch."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0077",
"ruleIndex": 2,
"level": "error",
"message": {
"text": "Rails 3.2.9.rc2 with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to Rails 3.2.18."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0014",
"ruleIndex": 3,
"level": "error",
"message": {
"text": "Possible command injection."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/controllers/exec_controller.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 5
}
}
}
]
},
{
"ruleId": "BRAKE0014",
"ruleIndex": 3,
"level": "error",
"message": {
"text": "Possible command injection."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/controllers/exec_controller/command_dependency.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 3
}
}
}
]
},
{
"ruleId": "BRAKE0014",
"ruleIndex": 3,
"level": "error",
"message": {
"text": "Possible command injection."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/models/multi_model.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 5
}
}
}
]
},
{
"ruleId": "BRAKE0014",
"ruleIndex": 3,
"level": "error",
"message": {
"text": "Possible command injection."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/models/multi_model.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 13
}
}
}
]
},
{
"ruleId": "BRAKE0014",
"ruleIndex": 3,
"level": "error",
"message": {
"text": "Possible command injection."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/models/user/command_dependency.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 3
}
}
}
]
},
{
"ruleId": "BRAKE0063",
"ruleIndex": 4,
"level": "warning",
"message": {
"text": "Rails 3.2.9.rc2 has an XSS vulnerability in i18n 0.6.1 (CVE-2013-4491). Upgrade to Rails 4.0.2 or i18n 0.6.6."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 44
}
}
}
]
},
{
"ruleId": "BRAKE0049",
"ruleIndex": 5,
"level": "error",
"message": {
"text": "json gem 1.7.5 has a remote code execution vulnerability. Upgrade to json gem 1.7.7."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 49
}
}
}
]
},
{
"ruleId": "BRAKE0094",
"ruleIndex": 6,
"level": "warning",
"message": {
"text": "Rails 3.2.9.rc2 is vulnerable to denial of service via mime type caching (CVE-2016-0751). Upgrade to Rails 3.2.22.1."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0073",
"ruleIndex": 7,
"level": "warning",
"message": {
"text": "Rails 3.2.9.rc2 has a vulnerability in number helpers (CVE-2014-0081). Upgrade to Rails 3.2.17."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0018",
"ruleIndex": 8,
"level": "error",
"message": {
"text": "Possible unprotected redirect."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/controllers/removal_controller.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 14
}
}
}
]
},
{
"ruleId": "BRAKE0075",
"ruleIndex": 9,
"level": "error",
"message": {
"text": "Rails 3.2.9.rc2 has a denial of service vulnerability (CVE-2014-0082). Upgrade to Rails 3.2.17."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0108",
"ruleIndex": 10,
"level": "note",
"message": {
"text": "sprockets 2.1.3 has a path traversal vulnerability (CVE-2018-3760). Upgrade to sprockets 2.12.5 or newer."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 87
}
}
}
]
},
{
"ruleId": "BRAKE0046",
"ruleIndex": 11,
"level": "error",
"message": {
"text": "Rails 3.2.9.rc2 contains a SQL injection vulnerability (CVE-2012-5664). Upgrade to Rails 3.2.18."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0047",
"ruleIndex": 12,
"level": "error",
"message": {
"text": "Rails 3.2.9.rc2 contains a SQL injection vulnerability (CVE-2013-0155). Upgrade to Rails 3.2.11."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0069",
"ruleIndex": 13,
"level": "error",
"message": {
"text": "Rails 3.2.9.rc2 contains a SQL injection vulnerability (CVE-2013-6417). Upgrade to Rails 3.2.16."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0055",
"ruleIndex": 14,
"level": "warning",
"message": {
"text": "Rails 3.2.9.rc2 has a denial of service vulnerability in ActiveRecord. Upgrade to Rails 3.2.13 or patch."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0088",
"ruleIndex": 15,
"level": "warning",
"message": {
"text": "Rails 3.2.9.rc2 is vulnerable to denial of service via XML parsing (CVE-2015-3227). Upgrade to Rails 3.2.22."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0048",
"ruleIndex": 16,
"level": "error",
"message": {
"text": "Rails 3.2.9.rc2 has a remote code execution vulnerability. Upgrade to Rails 3.2.11 or disable XML parsing."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Gemfile.lock",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 64
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped model attribute."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/removal/_partial.html.erb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped parameter value."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/removal/controller_removed.html.erb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped parameter value."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/removal/implicit_render.html.erb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 2
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped model attribute."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/users/_form.html.erb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped parameter value."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/users/_slimmer.html.slim",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 6
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped model attribute."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/users/_slimmer.html.slim",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 8
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped model attribute."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/users/mixed_in.html.erb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped parameter value."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/users/show.html.erb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 15
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped parameter value."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/users/slimming.html.slim",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 3
}
}
}
]
},
{
"ruleId": "BRAKE0002",
"ruleIndex": 17,
"level": "error",
"message": {
"text": "Unescaped model attribute."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/users/slimming.html.slim",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 4
}
}
}
]
},
{
"ruleId": "BRAKE0056",
"ruleIndex": 18,
"level": "error",
"message": {
"text": "Rails 3.2.9.rc2 has a vulnerability in `sanitize_css`. Upgrade to Rails 3.2.13 or patch."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/views/users/sanitized.html.erb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 2
}
}
}
]
},
{
"ruleId": "BRAKE0012",
"ruleIndex": 19,
"level": "warning",
"message": {
"text": "Any public method in `GlobGetController` can be used as an action for `get` requests."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0012",
"ruleIndex": 19,
"level": "warning",
"message": {
"text": "Any public method in `GlobPostController` can be used as an action for `post` requests."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0012",
"ruleIndex": 19,
"level": "warning",
"message": {
"text": "Any public method in `GlobPutController` can be used as an action for `put` requests."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0012",
"ruleIndex": 19,
"level": "warning",
"message": {
"text": "Any public method in `GlobMatchController` can be used as an action for `matched` requests."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0012",
"ruleIndex": 19,
"level": "warning",
"message": {
"text": "Any public method in `FooGetController` can be used as an action for `get` requests."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0012",
"ruleIndex": 19,
"level": "warning",
"message": {
"text": "Any public method in `FooPostController` can be used as an action for `post` requests."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0012",
"ruleIndex": 19,
"level": "warning",
"message": {
"text": "Any public method in `FooPutController` can be used as an action for `put` requests."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0012",
"ruleIndex": 19,
"level": "warning",
"message": {
"text": "Any public method in `BarMatchController` can be used as an action for `matched` requests."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "config/routes.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0060",
"ruleIndex": 20,
"level": "note",
"message": {
"text": "Potentially dangerous attribute available for mass assignment."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/models/account.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0060",
"ruleIndex": 20,
"level": "warning",
"message": {
"text": "Potentially dangerous attribute available for mass assignment."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/models/account.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0060",
"ruleIndex": 20,
"level": "error",
"message": {
"text": "Potentially dangerous attribute available for mass assignment."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/models/user.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0060",
"ruleIndex": 20,
"level": "error",
"message": {
"text": "Potentially dangerous attribute available for mass assignment."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/models/user.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
},
{
"ruleId": "BRAKE0060",
"ruleIndex": 20,
"level": "note",
"message": {
"text": "Potentially dangerous attribute available for mass assignment."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "app/models/user.rb",
"uriBaseId": "%SRCROOT%"
},
"region": {
"startLine": 1
}
}
}
]
}
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment