diff options
| author | Gareth Rees <gareth@mysociety.org> | 2014-10-06 16:00:12 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2014-12-18 15:16:39 +0000 |
| commit | 6d587c328b7d58fb322bd9cf490b213c3ff1ffad (patch) | |
| tree | e9f343c9dd1e28b813b10e88a49a90a3eee90835 | |
| parent | 56a849eeb4dd8fbd968bb987ba7dacc353557c14 (diff) | |
Add brakeman config and ignore files
| -rw-r--r-- | config/brakeman.ignore | 63 | ||||
| -rw-r--r-- | config/brakeman.yml | 4 |
2 files changed, 67 insertions, 0 deletions
diff --git a/config/brakeman.ignore b/config/brakeman.ignore new file mode 100644 index 000000000..391013a5a --- /dev/null +++ b/config/brakeman.ignore @@ -0,0 +1,63 @@ +{ + "ignored_warnings": [ + { + "location": { + "type": "method", + "method": "list_all_csv", + "class": "PublicBodyController" + }, + "file": "app/controllers/public_body_controller.rb", + "warning_code": 16, + "render_path": null, + "link": "http://brakemanscanner.org/docs/warning_types/file_access/", + "warning_type": "File Access", + "code": "File.open(Tempfile.new(\"all-authorities.csv\", File.join(InfoRequest.download_zip_dir, \"download\")).path, \"w\")", + "line": 211, + "confidence": "Weak", + "user_input": "InfoRequest.download_zip_dir", + "message": "Model attribute used in file name", + "fingerprint": "00ce9cdd1d2c3f220bae94cb854393b5072ee1da064ca7a3af693fe2867d51c8", + "note": "InfoRequest.download_zip_dir does not contain user input" + }, + { + "location": { + "type": "method", + "method": "list_all_csv", + "class": "PublicBodyController" + }, + "file": "app/controllers/public_body_controller.rb", + "warning_code": 16, + "render_path": null, + "link": "http://brakemanscanner.org/docs/warning_types/file_access/", + "warning_type": "File Access", + "code": "File.rename(Tempfile.new(\"all-authorities.csv\", File.join(InfoRequest.download_zip_dir, \"download\")).path, File.join(File.join(InfoRequest.download_zip_dir, \"download\"), \"all-authorities.csv\"))", + "line": 213, + "confidence": "Weak", + "user_input": "InfoRequest.download_zip_dir", + "message": "Model attribute used in file name", + "fingerprint": "6078628aa47451d597e211629d80dcea0fdc7600dc066cabf2c0a4b9e07a75cc", + "note": "InfoRequest.download_zip_dir does not contain user input" + }, + { + "location": { + "type": "method", + "method": "list_all_csv", + "class": "PublicBodyController" + }, + "file": "app/controllers/public_body_controller.rb", + "warning_code": 16, + "render_path": null, + "link": "http://brakemanscanner.org/docs/warning_types/file_access/", + "warning_type": "File Access", + "code": "FileUtils.mkdir_p(File.join(InfoRequest.download_zip_dir, \"download\"))", + "line": 194, + "confidence": "Weak", + "user_input": "InfoRequest.download_zip_dir", + "message": "Model attribute used in file name", + "fingerprint": "5ed20f867c17c814cfe117906161a26f37b986d694996c9fd0089d4f971dc1d0", + "note": "InfoRequest.download_zip_dir does not contain user input" + } + ], + "updated": "Thu Oct 02 10:43:19 +0000 2014", + "brakeman_version": "2.6.2" +} diff --git a/config/brakeman.yml b/config/brakeman.yml new file mode 100644 index 000000000..1f95903fd --- /dev/null +++ b/config/brakeman.yml @@ -0,0 +1,4 @@ +--- +:output_files: +- tmp/brakeman.html +- tmp/brakeman.json |