Created
March 11, 2021 18:04
-
-
Save githubteacher/e8bfcff2c48f3a5814eb71328040c3e3 to your computer and use it in GitHub Desktop.
Revisions
-
githubteacher created this gist
Mar 11, 2021 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,1321 @@ { "version": "2.1.0", "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", "runs": [ { "tool": { "driver": { "name": "Brakeman", "informationUri": "https://brakemanscanner.org", "semanticVersion": "4.10.0", "rules": [ { "id": "BRAKE0102", "name": "ContentTag/Cross-Site Scripting", "fullDescription": { "text": "Checks for XSS in calls to content_tag." }, "helpUri": "https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ", "help": { "text": "More info: https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ.", "markdown": "[More info](https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ)." }, "properties": { "tags": [ "ContentTag" ] } }, { "id": "BRAKE0116", "name": "CSRFTokenForgeryCVE/Cross-Site Request Forgery", "fullDescription": { "text": "Checks for versions with CSRF token forgery vulnerability (CVE-2020-8166)." }, "helpUri": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw", "help": { "text": "More info: https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw.", "markdown": "[More info](https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw)." }, "properties": { "tags": [ "CSRFTokenForgeryCVE" ] } }, { "id": "BRAKE0077", "name": "DefaultRoutes/Remote Code Execution", "fullDescription": { "text": "Checks for default routes." }, "helpUri": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", "help": { "text": "More info: http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf.", "markdown": "[More info](http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf)." }, "properties": { "tags": [ "DefaultRoutes" ] } }, { "id": "BRAKE0014", "name": "Execute/Command Injection", "fullDescription": { "text": "Finds instances of possible command injection." }, "helpUri": "https://brakemanscanner.org/docs/warning_types/command_injection/", "help": { "text": "More info: https://brakemanscanner.org/docs/warning_types/command_injection/.", "markdown": "[More info](https://brakemanscanner.org/docs/warning_types/command_injection/)." }, "properties": { "tags": [ "Execute" ] } }, { "id": "BRAKE0063", "name": "I18nXSS/Cross-Site Scripting", "fullDescription": { "text": "Checks for i18n XSS (CVE-2013-4491)." }, "helpUri": "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ", "help": { "text": "More info: https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ.", "markdown": "[More info](https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ)." }, "properties": { "tags": [ "I18nXSS" ] } }, { "id": "BRAKE0049", "name": "JSONParsing/Remote Code Execution", "fullDescription": { "text": "Checks for JSON parsing vulnerabilities CVE-2013-0333 and CVE-2013-0269." }, "helpUri": "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion", "help": { "text": "More info: https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion.", "markdown": "[More info](https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion)." }, "properties": { "tags": [ "JSONParsing" ] } }, { "id": "BRAKE0094", "name": "MimeTypeDoS/Denial of Service", "fullDescription": { "text": "Checks for mime type denial of service (CVE-2016-0751)." }, "helpUri": "https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ", "help": { "text": "More info: https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ.", "markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ)." }, "properties": { "tags": [ "MimeTypeDoS" ] } }, { "id": "BRAKE0073", "name": "NumberToCurrency/Cross-Site Scripting", "fullDescription": { "text": "Checks for number helpers XSS vulnerabilities in certain versions." }, "helpUri": "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ", "help": { "text": "More info: https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ.", "markdown": "[More info](https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ)." }, "properties": { "tags": [ "NumberToCurrency" ] } }, { "id": "BRAKE0018", "name": "Redirect/Redirect", "fullDescription": { "text": "Looks for calls to redirect_to with user input as arguments." }, "helpUri": "https://brakemanscanner.org/docs/warning_types/redirect/", "help": { "text": "More info: https://brakemanscanner.org/docs/warning_types/redirect/.", "markdown": "[More info](https://brakemanscanner.org/docs/warning_types/redirect/)." }, "properties": { "tags": [ "Redirect" ] } }, { "id": "BRAKE0075", "name": "RenderDoS/Denial of Service", "fullDescription": { "text": "Warn about denial of service with render :text (CVE-2014-0082)." }, "helpUri": "https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ", "help": { "text": "More info: https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ.", "markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ)." }, "properties": { "tags": [ "RenderDoS" ] } }, { "id": "BRAKE0108", "name": "SprocketsPathTraversal/Path Traversal", "fullDescription": { "text": "Checks for CVE-2018-3760." }, "helpUri": "https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ", "help": { "text": "More info: https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ.", "markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ)." }, "properties": { "tags": [ "SprocketsPathTraversal" ] } }, { "id": "BRAKE0046", "name": "SQLCVEs/SQL Injection", "fullDescription": { "text": "Checks for several SQL CVEs." }, "helpUri": "https://groups.google.com/d/topic/rubyonrails-security/DCNTNp_qjFM/discussion", "help": { "text": "More info: https://groups.google.com/d/topic/rubyonrails-security/DCNTNp_qjFM/discussion.", "markdown": "[More info](https://groups.google.com/d/topic/rubyonrails-security/DCNTNp_qjFM/discussion)." }, "properties": { "tags": [ "SQLCVEs" ] } }, { "id": "BRAKE0047", "name": "SQLCVEs/SQL Injection", "fullDescription": { "text": "Checks for several SQL CVEs." }, "helpUri": "https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion", "help": { "text": "More info: https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion.", "markdown": "[More info](https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion)." }, "properties": { "tags": [ "SQLCVEs" ] } }, { "id": "BRAKE0069", "name": "SQLCVEs/SQL Injection", "fullDescription": { "text": "Checks for several SQL CVEs." }, "helpUri": "https://groups.google.com/d/msg/ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ", "help": { "text": "More info: https://groups.google.com/d/msg/ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ.", "markdown": "[More info](https://groups.google.com/d/msg/ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ)." }, "properties": { "tags": [ "SQLCVEs" ] } }, { "id": "BRAKE0055", "name": "SymbolDoSCVE/Denial of Service", "fullDescription": { "text": "Checks for versions with ActiveRecord symbol denial of service vulnerability." }, "helpUri": "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ", "help": { "text": "More info: https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ.", "markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ)." }, "properties": { "tags": [ "SymbolDoSCVE" ] } }, { "id": "BRAKE0088", "name": "XMLDoS/Denial of Service", "fullDescription": { "text": "Checks for XML denial of service (CVE-2015-3227)." }, "helpUri": "https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J", "help": { "text": "More info: https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J.", "markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J)." }, "properties": { "tags": [ "XMLDoS" ] } }, { "id": "BRAKE0048", "name": "YAMLParsing/Remote Code Execution", "fullDescription": { "text": "Checks for YAML parsing vulnerabilities (CVE-2013-0156)." }, "helpUri": "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion", "help": { "text": "More info: https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion.", "markdown": "[More info](https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion)." }, "properties": { "tags": [ "YAMLParsing" ] } }, { "id": "BRAKE0002", "name": "CrossSiteScripting/Cross-Site Scripting", "fullDescription": { "text": "Checks for unescaped output in views." }, "helpUri": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting", "help": { "text": "More info: https://brakemanscanner.org/docs/warning_types/cross_site_scripting.", "markdown": "[More info](https://brakemanscanner.org/docs/warning_types/cross_site_scripting)." }, "properties": { "tags": [ "CrossSiteScripting" ] } }, { "id": "BRAKE0056", "name": "SanitizeMethods/Cross-Site Scripting", "fullDescription": { "text": "Checks for versions with vulnerable sanitize and sanitize_css." }, "helpUri": "https://groups.google.com/d/msg/rubyonrails-security/4_QHo4BqnN8/_RrdfKk12I4J", "help": { "text": "More info: https://groups.google.com/d/msg/rubyonrails-security/4_QHo4BqnN8/_RrdfKk12I4J.", "markdown": "[More info](https://groups.google.com/d/msg/rubyonrails-security/4_QHo4BqnN8/_RrdfKk12I4J)." }, "properties": { "tags": [ "SanitizeMethods" ] } }, { "id": "BRAKE0012", "name": "DefaultRoutes/Default Routes", "fullDescription": { "text": "Checks for default routes." }, "helpUri": "https://brakemanscanner.org/docs/warning_types/default_routes/", "help": { "text": "More info: https://brakemanscanner.org/docs/warning_types/default_routes/.", "markdown": "[More info](https://brakemanscanner.org/docs/warning_types/default_routes/)." }, "properties": { "tags": [ "DefaultRoutes" ] } }, { "id": "BRAKE0060", "name": "ModelAttrAccessible/Mass Assignment", "fullDescription": { "text": "Reports models which have dangerous attributes defined via attr_accessible." }, "helpUri": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", "help": { "text": "More info: https://brakemanscanner.org/docs/warning_types/mass_assignment/.", "markdown": "[More info](https://brakemanscanner.org/docs/warning_types/mass_assignment/)." }, "properties": { "tags": [ "ModelAttrAccessible" ] } } ] } }, "results": [ { "ruleId": "BRAKE0102", "ruleIndex": 0, "level": "warning", "message": { "text": "Rails 3.2.9.rc2 `content_tag` does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to Rails 3.2.22.4." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0116", "ruleIndex": 1, "level": "warning", "message": { "text": "Rails 3.2.9.rc2 has a vulnerability that may allow CSRF token forgery. Upgrade to Rails 5.2.4.3 or patch." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0077", "ruleIndex": 2, "level": "error", "message": { "text": "Rails 3.2.9.rc2 with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to Rails 3.2.18." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0014", "ruleIndex": 3, "level": "error", "message": { "text": "Possible command injection." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/controllers/exec_controller.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 5 } } } ] }, { "ruleId": "BRAKE0014", "ruleIndex": 3, "level": "error", "message": { "text": "Possible command injection." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/controllers/exec_controller/command_dependency.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 3 } } } ] }, { "ruleId": "BRAKE0014", "ruleIndex": 3, "level": "error", "message": { "text": "Possible command injection." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/models/multi_model.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 5 } } } ] }, { "ruleId": "BRAKE0014", "ruleIndex": 3, "level": "error", "message": { "text": "Possible command injection." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/models/multi_model.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 13 } } } ] }, { "ruleId": "BRAKE0014", "ruleIndex": 3, "level": "error", "message": { "text": "Possible command injection." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/models/user/command_dependency.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 3 } } } ] }, { "ruleId": "BRAKE0063", "ruleIndex": 4, "level": "warning", "message": { "text": "Rails 3.2.9.rc2 has an XSS vulnerability in i18n 0.6.1 (CVE-2013-4491). Upgrade to Rails 4.0.2 or i18n 0.6.6." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 44 } } } ] }, { "ruleId": "BRAKE0049", "ruleIndex": 5, "level": "error", "message": { "text": "json gem 1.7.5 has a remote code execution vulnerability. Upgrade to json gem 1.7.7." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 49 } } } ] }, { "ruleId": "BRAKE0094", "ruleIndex": 6, "level": "warning", "message": { "text": "Rails 3.2.9.rc2 is vulnerable to denial of service via mime type caching (CVE-2016-0751). Upgrade to Rails 3.2.22.1." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0073", "ruleIndex": 7, "level": "warning", "message": { "text": "Rails 3.2.9.rc2 has a vulnerability in number helpers (CVE-2014-0081). Upgrade to Rails 3.2.17." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0018", "ruleIndex": 8, "level": "error", "message": { "text": "Possible unprotected redirect." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/controllers/removal_controller.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 14 } } } ] }, { "ruleId": "BRAKE0075", "ruleIndex": 9, "level": "error", "message": { "text": "Rails 3.2.9.rc2 has a denial of service vulnerability (CVE-2014-0082). Upgrade to Rails 3.2.17." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0108", "ruleIndex": 10, "level": "note", "message": { "text": "sprockets 2.1.3 has a path traversal vulnerability (CVE-2018-3760). Upgrade to sprockets 2.12.5 or newer." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 87 } } } ] }, { "ruleId": "BRAKE0046", "ruleIndex": 11, "level": "error", "message": { "text": "Rails 3.2.9.rc2 contains a SQL injection vulnerability (CVE-2012-5664). Upgrade to Rails 3.2.18." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0047", "ruleIndex": 12, "level": "error", "message": { "text": "Rails 3.2.9.rc2 contains a SQL injection vulnerability (CVE-2013-0155). Upgrade to Rails 3.2.11." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0069", "ruleIndex": 13, "level": "error", "message": { "text": "Rails 3.2.9.rc2 contains a SQL injection vulnerability (CVE-2013-6417). Upgrade to Rails 3.2.16." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0055", "ruleIndex": 14, "level": "warning", "message": { "text": "Rails 3.2.9.rc2 has a denial of service vulnerability in ActiveRecord. Upgrade to Rails 3.2.13 or patch." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0088", "ruleIndex": 15, "level": "warning", "message": { "text": "Rails 3.2.9.rc2 is vulnerable to denial of service via XML parsing (CVE-2015-3227). Upgrade to Rails 3.2.22." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0048", "ruleIndex": 16, "level": "error", "message": { "text": "Rails 3.2.9.rc2 has a remote code execution vulnerability. Upgrade to Rails 3.2.11 or disable XML parsing." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Gemfile.lock", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 64 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped model attribute." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/removal/_partial.html.erb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped parameter value." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/removal/controller_removed.html.erb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped parameter value." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/removal/implicit_render.html.erb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 2 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped model attribute." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/users/_form.html.erb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped parameter value." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/users/_slimmer.html.slim", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 6 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped model attribute." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/users/_slimmer.html.slim", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 8 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped model attribute." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/users/mixed_in.html.erb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped parameter value." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/users/show.html.erb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 15 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped parameter value." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/users/slimming.html.slim", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 3 } } } ] }, { "ruleId": "BRAKE0002", "ruleIndex": 17, "level": "error", "message": { "text": "Unescaped model attribute." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/users/slimming.html.slim", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 4 } } } ] }, { "ruleId": "BRAKE0056", "ruleIndex": 18, "level": "error", "message": { "text": "Rails 3.2.9.rc2 has a vulnerability in `sanitize_css`. Upgrade to Rails 3.2.13 or patch." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/views/users/sanitized.html.erb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 2 } } } ] }, { "ruleId": "BRAKE0012", "ruleIndex": 19, "level": "warning", "message": { "text": "Any public method in `GlobGetController` can be used as an action for `get` requests." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0012", "ruleIndex": 19, "level": "warning", "message": { "text": "Any public method in `GlobPostController` can be used as an action for `post` requests." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0012", "ruleIndex": 19, "level": "warning", "message": { "text": "Any public method in `GlobPutController` can be used as an action for `put` requests." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0012", "ruleIndex": 19, "level": "warning", "message": { "text": "Any public method in `GlobMatchController` can be used as an action for `matched` requests." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0012", "ruleIndex": 19, "level": "warning", "message": { "text": "Any public method in `FooGetController` can be used as an action for `get` requests." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0012", "ruleIndex": 19, "level": "warning", "message": { "text": "Any public method in `FooPostController` can be used as an action for `post` requests." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0012", "ruleIndex": 19, "level": "warning", "message": { "text": "Any public method in `FooPutController` can be used as an action for `put` requests." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0012", "ruleIndex": 19, "level": "warning", "message": { "text": "Any public method in `BarMatchController` can be used as an action for `matched` requests." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "config/routes.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0060", "ruleIndex": 20, "level": "note", "message": { "text": "Potentially dangerous attribute available for mass assignment." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/models/account.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0060", "ruleIndex": 20, "level": "warning", "message": { "text": "Potentially dangerous attribute available for mass assignment." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/models/account.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0060", "ruleIndex": 20, "level": "error", "message": { "text": "Potentially dangerous attribute available for mass assignment." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/models/user.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0060", "ruleIndex": 20, "level": "error", "message": { "text": "Potentially dangerous attribute available for mass assignment." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/models/user.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] }, { "ruleId": "BRAKE0060", "ruleIndex": 20, "level": "note", "message": { "text": "Potentially dangerous attribute available for mass assignment." }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "app/models/user.rb", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 1 } } } ] } ] } ] }