| blob | 40ea427af1280ac404583c9ffc12b8fd80c19f94 |
1 {
2 "ignored_warnings": [
3 {
4 "warning_type": "SQL Injection",
5 "warning_code": 0,
6 "fingerprint": "011b2643940ba1112f7a737e403abe3616ad91764703c801cc35a48d36b721da",
7 "check_name": "SQL",
8 "message": "Possible SQL injection",
9 "file": "app/models/concerns/spree/product_scopes.rb",
10 "line": 64,
11 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
12 "code": "where(\"#{price_table_name}.amount <= ?\", price)",
13 "render_path": null,
14 "location": {
15 "type": "method",
16 "class": "Spree",
17 "method": null
18 },
19 "user_input": "price_table_name",
20 "confidence": "Medium",
21 "cwe_id": [
22 89
23 ],
24 "note": "interpolating table name"
25 },
26 {
27 "warning_type": "Redirect",
28 "warning_code": 18,
29 "fingerprint": "05d3870f66d650510c859a8949d5686b05eb028825083b096d0f65fedf80b118",
30 "check_name": "Redirect",
31 "message": "Possible unprotected redirect",
32 "file": "lib/spree/core/controller_helpers/auth.rb",
33 "line": 25,
34 "link": "https://brakemanscanner.org/docs/warning_types/redirect/",
35 "code": "redirect_to((session[\"spree_user_return_to\"] or (request.env[\"HTTP_REFERER\"] or default)))",
36 "render_path": null,
37 "location": {
38 "type": "method",
39 "class": "Spree::Core::ControllerHelpers::Auth",
40 "method": "redirect_back_or_default"
41 },
42 "user_input": "request.env[\"HTTP_REFERER\"]",
43 "confidence": "High",
44 "cwe_id": [
45 601
46 ],
47 "note": ""
48 },
49 {
50 "warning_type": "SQL Injection",
51 "warning_code": 0,
52 "fingerprint": "1c12fcb833b0ddffa07880acb7e604922c0d1d52de598316186241baf16551cd",
53 "check_name": "SQL",
54 "message": "Possible SQL injection",
55 "file": "app/finders/spree/taxons/find.rb",
56 "line": 75,
57 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
58 "code": "taxons.joins(\"INNER JOIN #{Spree::Taxon.table_name} AS parent_taxon ON parent_taxon.id = #{Spree::Taxon.table_name}.parent_id\").join_translation_table(Taxon, \"parent_taxon\").where([\"#{Taxon.translation_table_alias}.permalink = ?\", parent_permalink])",
59 "render_path": null,
60 "location": {
61 "type": "method",
62 "class": "Spree::Taxons::Find",
63 "method": "by_parent_permalink"
64 },
65 "user_input": "Taxon.translation_table_alias",
66 "confidence": "Weak",
67 "cwe_id": [
68 89
69 ],
70 "note": ""
71 },
72 {
73 "warning_type": "SQL Injection",
74 "warning_code": 0,
75 "fingerprint": "1f02952550c2f54d044c9577a45e7ba7c7990c8b8a59d1dac83a96790237f507",
76 "check_name": "SQL",
77 "message": "Possible SQL injection",
78 "file": "app/models/concerns/spree/product_scopes.rb",
79 "line": 139,
80 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
81 "code": "joins(:properties).join_translation_table(Property).join_translation_table(ProductProperty).where(\"#{ProductProperty.translation_table_alias}.value = ?\", value)",
82 "render_path": null,
83 "location": {
84 "type": "method",
85 "class": "Spree::ProductScopes",
86 "method": null
87 },
88 "user_input": "ProductProperty.translation_table_alias",
89 "confidence": "Weak",
90 "cwe_id": [
91 89
92 ],
93 "note": ""
94 },
95 {
96 "warning_type": "SQL Injection",
97 "warning_code": 0,
98 "fingerprint": "7928c0813a0bf084ead091b4554ef6abea9ae9c7167936f5c62da9e328b9f736",
99 "check_name": "SQL",
100 "message": "Possible SQL injection",
101 "file": "app/models/concerns/spree/product_scopes.rb",
102 "line": 139,
103 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
104 "code": "joins(:properties).join_translation_table(Property).join_translation_table(ProductProperty).where(\"#{ProductProperty.translation_table_alias}.value = ?\", value)",
105 "render_path": null,
106 "location": {
107 "type": "method",
108 "class": "Spree",
109 "method": null
110 },
111 "user_input": "ProductProperty.translation_table_alias",
112 "confidence": "Weak",
113 "cwe_id": [
114 89
115 ],
116 "note": ""
117 },
118 {
119 "warning_type": "SQL Injection",
120 "warning_code": 0,
121 "fingerprint": "857c335935a00f584137f31dbcb1a4532af5c8bb5cf53a86058b4af98c6597dc",
122 "check_name": "SQL",
123 "message": "Possible SQL injection",
124 "file": "lib/spree/translation_migrations.rb",
125 "line": 21,
126 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
127 "code": "ActiveRecord::Base.connection.execute(\"\\n UPDATE #{resource_class.table_name}\\n SET #{resource_class.translatable_fields.map do\n \"#{f}=null\"\n end.join(\", \")};\\n \")",
128 "render_path": null,
129 "location": {
130 "type": "method",
131 "class": "Spree::TranslationMigrations",
132 "method": "transfer_translation_data"
133 },
134 "user_input": "resource_class.translatable_fields.map do\n \"#{f}=null\"\n end.join(\", \")",
135 "confidence": "Medium",
136 "cwe_id": [
137 89
138 ],
139 "note": ""
140 },
141 {
142 "warning_type": "SQL Injection",
143 "warning_code": 0,
144 "fingerprint": "965d3919f811ab63b7b8d62da528559a7f38dc122c57efea7136e7ec5ef1f062",
145 "check_name": "SQL",
146 "message": "Possible SQL injection",
147 "file": "app/models/concerns/spree/product_scopes.rb",
148 "line": 68,
149 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
150 "code": "where(\"#{price_table_name}.amount >= ?\", price)",
151 "render_path": null,
152 "location": {
153 "type": "method",
154 "class": "Spree::ProductScopes",
155 "method": null
156 },
157 "user_input": "price_table_name",
158 "confidence": "Medium",
159 "cwe_id": [
160 89
161 ],
162 "note": "interpolating table name"
163 },
164 {
165 "warning_type": "SQL Injection",
166 "warning_code": 0,
167 "fingerprint": "98607ecfb86c2d3c2567390f813861edbc42d6ffa9f482afb7c0b3464eaf6e73",
168 "check_name": "SQL",
169 "message": "Possible SQL injection",
170 "file": "app/models/concerns/spree/translatable_resource_scopes.rb",
171 "line": 18,
172 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
173 "code": "joins(\"LEFT OUTER JOIN #{translatable_class::Translation.table_name} #{translatable_class.translation_table_alias}\\n ON #{translatable_class.translation_table_alias}.#{\"#{translatable_class.table_name.singularize}_id\"} = #{(translatable_class.table_name or join_on_table_alias)}.id\\n AND #{translatable_class.translation_table_alias}.locale = '#{Mobility.locale}'\")",
174 "render_path": null,
175 "location": {
176 "type": "method",
177 "class": "Spree::TranslatableResourceScopes",
178 "method": "join_translation_table"
179 },
180 "user_input": "translatable_class.translation_table_alias",
181 "confidence": "Medium",
182 "cwe_id": [
183 89
184 ],
185 "note": ""
186 },
187 {
188 "warning_type": "SQL Injection",
189 "warning_code": 0,
190 "fingerprint": "abd8e90e7a7dfbcdcd6d44fd3fb550598aee6d7a9ef2bb132ad1a18a3c50be30",
191 "check_name": "SQL",
192 "message": "Possible SQL injection",
193 "file": "app/models/concerns/spree/product_scopes.rb",
194 "line": 64,
195 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
196 "code": "where(\"#{price_table_name}.amount <= ?\", price)",
197 "render_path": null,
198 "location": {
199 "type": "method",
200 "class": "Spree::ProductScopes",
201 "method": null
202 },
203 "user_input": "price_table_name",
204 "confidence": "Medium",
205 "cwe_id": [
206 89
207 ],
208 "note": "interpolating table name"
209 },
210 {
211 "warning_type": "SQL Injection",
212 "warning_code": 0,
213 "fingerprint": "c1c97347a2d74ea41d46519e3bfbd94c511a1bd9c285f3f2a1fa0cb7e624d232",
214 "check_name": "SQL",
215 "message": "Possible SQL injection",
216 "file": "lib/spree/translation_migrations.rb",
217 "line": 32,
218 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
219 "code": "ActiveRecord::Base.connection.execute(\"\\n UPDATE #{resource_class.table_name}\\n SET (#{resource_class.translatable_fields.join(\", \")}) = #{(\"ROW\" or \"\")}(#{resource_class.translatable_fields.map do\n \"#{resource_class::Translation.table_name}.#{f}\"\n end.join(\", \")})\\n FROM #{resource_class::Translation.table_name}\\n WHERE #{resource_class::Translation.table_name}.#{\"#{resource_class.table_name.singularize}_id\"} = #{resource_class.table_name}.id\\n \")",
220 "render_path": null,
221 "location": {
222 "type": "method",
223 "class": "Spree::TranslationMigrations",
224 "method": "revert_translation_data_transfer"
225 },
226 "user_input": "resource_class.translatable_fields.join(\", \")",
227 "confidence": "Medium",
228 "cwe_id": [
229 89
230 ],
231 "note": ""
232 },
233 {
234 "warning_type": "SQL Injection",
235 "warning_code": 0,
236 "fingerprint": "c2bc48d98076b7c4fc3314c6a85f7bd1132efe5fcc346da4d28df7c25f93633f",
237 "check_name": "SQL",
238 "message": "Possible SQL injection",
239 "file": "app/models/spree/variant.rb",
240 "line": 126,
241 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
242 "code": "joins(:product).join_translation_table(Product).where(\"LOWER(#{Product.translation_table_alias}.name) LIKE LOWER(:query)\\n OR LOWER(sku) LIKE LOWER(:query)\", :query => (\"%#{query}%\"))",
243 "render_path": null,
244 "location": {
245 "type": "method",
246 "class": "Spree::Variant",
247 "method": "Spree::Variant.product_name_or_sku_cont"
248 },
249 "user_input": "Product.translation_table_alias",
250 "confidence": "Weak",
251 "cwe_id": [
252 89
253 ],
254 "note": ""
255 },
256 {
257 "warning_type": "SQL Injection",
258 "warning_code": 0,
259 "fingerprint": "ed253ae6b1b4ea3fe3d87d3652380fecab80133319b1ed041d98d163fd16b815",
260 "check_name": "SQL",
261 "message": "Possible SQL injection",
262 "file": "app/finders/spree/taxons/find.rb",
263 "line": 71,
264 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
265 "code": "taxons.joins(:parent).join_translation_table(Taxon, \"parents_spree_taxons\").where([\"#{Taxon.translation_table_alias}.permalink = ?\", parent_permalink])",
266 "render_path": null,
267 "location": {
268 "type": "method",
269 "class": "Spree::Taxons::Find",
270 "method": "by_parent_permalink"
271 },
272 "user_input": "Taxon.translation_table_alias",
273 "confidence": "Weak",
274 "cwe_id": [
275 89
276 ],
277 "note": ""
278 },
279 {
280 "warning_type": "SQL Injection",
281 "warning_code": 0,
282 "fingerprint": "efcc57e1a5648d7db59d1beaf5e399d2278539a8667b19c520b305a6ca7e15e8",
283 "check_name": "SQL",
284 "message": "Possible SQL injection",
285 "file": "app/models/concerns/spree/product_scopes.rb",
286 "line": 68,
287 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
288 "code": "where(\"#{price_table_name}.amount >= ?\", price)",
289 "render_path": null,
290 "location": {
291 "type": "method",
292 "class": "Spree",
293 "method": null
294 },
295 "user_input": "price_table_name",
296 "confidence": "Medium",
297 "cwe_id": [
298 89
299 ],
300 "note": "interpolating table name"
301 },
302 {
303 "warning_type": "SQL Injection",
304 "warning_code": 0,
305 "fingerprint": "f14dd62fac0dd1e9d5532dd5efc770e2eb873a8db80faf366b6295378634754a",
306 "check_name": "SQL",
307 "message": "Possible SQL injection",
308 "file": "lib/spree/translation_migrations.rb",
309 "line": 16,
310 "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
311 "code": "ActiveRecord::Base.connection.execute(\"\\n INSERT INTO #{resource_class::Translation.table_name} (#{resource_class.translatable_fields.join(\", \")}, #{\"#{resource_class.table_name.singularize}_id\"}, locale, created_at, updated_at)\\n SELECT #{resource_class.translatable_fields.join(\", \")}, id, '#{default_locale}' as locale, created_at, updated_at FROM #{resource_class.table_name};\\n \")",
312 "render_path": null,
313 "location": {
314 "type": "method",
315 "class": "Spree::TranslationMigrations",
316 "method": "transfer_translation_data"
317 },
318 "user_input": "resource_class.translatable_fields.join(\", \")",
319 "confidence": "Medium",
320 "cwe_id": [
321 89
322 ],
323 "note": ""
324 }
325 ],
326 "updated": "2023-03-22 20:11:32 +0100",
327 "brakeman_version": "5.4.1"
328 }