Click here to lend your support to: rails-brakeman.com and make a donation at www.pledgie.com !

railsbp/rails-bestpractices.com

Edit Repository Rails-bestpractices.com
Build
151
Duration
6 secs
Finished
2014-09-05 10:27:33 UTC
Branch
master
Commit
3866b35
Message
update to rails 4.0.8
Brakeman Report

Summary

Scanned/Reported Total
Controllers 16
Models 20
Templates 60
Errors 0
Security Warnings 12 (4)
Ignored Warnings 0

Warning Type Total
Cross Site Scripting 4
Mass Assignment 1
Redirect 5
SQL Injection 2

Security Warnings

Confidence Class Method Warning Type Message
High AnswersController create Redirect
Possible unprotected redirect near line 10: redirect_to(Question.find_cached(params[:question_id]), :...
High JobsController update Redirect
Possible unprotected redirect near line 35: redirect_to(Job.find_cached(params[:id]), :notice => "You...
High PostsController update Redirect
Possible unprotected redirect near line 43: redirect_to(Post.find_cached(params[:id]), :notice => "Yo...
High SponsorsController show Redirect
Possible unprotected redirect near line 5: redirect_to(Sponsor.find_cached(params[:id]).website_url)
Medium Post prev SQL Injection
Possible SQL injection near line 76: Post.published.where(["#{(local order)} < ?", self.send((local o...
Medium Post next SQL Injection
Possible SQL injection near line 84: Post.published.where(["#{(local order)} > ?", self.send((local o...
Medium Mass Assignment create_with is vulnerable to strong params bypass. Upgrade to Rails 4.0.9 or patch
Weak QuestionsController update Redirect
Possible unprotected redirect near line 40: redirect_to(current_user.questions.find(params[:id]))

View Warnings

Confidence Template Warning Type Message
Medium blog_posts/show (BlogPostsController#show) Cross Site Scripting
Unescaped model attribute near line 12: BlogPost.find_cached(params[:id]).body
Medium pages/show (PagesController#show) Cross Site Scripting
Unescaped model attribute near line 5: Page.find_cached_by_name(params[:name]).body
Medium posts/show (PostsController#show) Cross Site Scripting
Unescaped model attribute near line 23: Post.find_cached(params[:id]).cached_formatted_html
Medium questions/show (AnswersController#create) Cross Site Scripting
Unescaped model attribute near line 20: Question.find_cached(params[:question_id]).cached_formatted_h...