Click here to lend your support to: rails-brakeman.com and make a donation at www.pledgie.com !

dylan8902/website

Edit Repository Website
Build
304
Duration
19 secs
Finished
2017-02-14 02:17:02 UTC
Branch
master
Commit
9153c42
Message
Merge pull request #222 from dylan8902/development Add active css class when question is visible
Brakeman Report

Summary

Scanned/Reported Total
Controllers 85
Models 40
Templates 229
Errors 0
Security Warnings 42 (38)
Ignored Warnings 0

Warning Type Total
Cross Site Scripting 3
File Access 1
SQL Injection 38

Security Warnings

Confidence Class Method Warning Type Message
High AccountsController index SQL Injection
Possible SQL injection near line 16: Account.order((params[:order] or "name"))
High AccountsController all SQL Injection
Possible SQL injection near line 33: Account.order((params[:order] or "created_at DESC"))
High AnalyticsController search SQL Injection
Possible SQL injection near line 49: Analytic.where(params.permit([:ip, :user_agent])).order((params[...
High BlogPostsController index SQL Injection
Possible SQL injection near line 12: BlogPost.order((params[:order] or "created_at DESC"))
High BlogPostsController all SQL Injection
Possible SQL injection near line 28: BlogPost.order((params[:order] or "created_at DESC"))
High BlogTagsController show SQL Injection
Possible SQL injection near line 28: BlogTag.find_by_tag(params[:id]).blog_posts.order((params[:order...
High EpisodesController index SQL Injection
Possible SQL injection near line 16: Episode.where(:user_id => 1).order((params[:order] or "created_a...
High EpisodesController user SQL Injection
Possible SQL injection near line 33: User.find(params[:id]).episodes.order((params[:order] or "create...
High EpisodesController all SQL Injection
Possible SQL injection near line 49: Episode.order((params[:order] or "created_at DESC"))
High FacebookPostsController index SQL Injection
Possible SQL injection near line 9: FacebookPost.order((params[:order] or "created_at DESC"))
High FacebookPostsController all SQL Injection
Possible SQL injection near line 25: FacebookPost.order((params[:order] or "created_at DESC"))
High IphoneLocationsController index SQL Injection
Possible SQL injection near line 9: IphoneLocation.order((params[:order] or "created_at DESC"))
High IsMyBusDelayedController stops SQL Injection
Possible SQL injection near line 34: BusStop.select("bus_stops.*, #{"7912*ASIN(SQRT(POWER(SIN((lat-#{...
High IsMyPlaneDelayedController airports SQL Injection
Possible SQL injection near line 72: Airport.select("airports.*, #{"7912*ASIN(SQRT(POWER(SIN((lat-#{p...
High LocationsController index SQL Injection
Possible SQL injection near line 10: Location.order((params[:order] or "created_at DESC"))
High Music::DjEventsController index SQL Injection
Possible SQL injection near line 12: DjEvent.order((params[:order] or "created_at DESC"))
High Music::GigsController index SQL Injection
Possible SQL injection near line 9: Gig.order((params[:order] or "created_at DESC"))
High Music::ListensController index SQL Injection
Possible SQL injection near line 9: Track.order((params[:order] or "created_at DESC"))
High Music::ListensController all SQL Injection
Possible SQL injection near line 38: Track.order((params[:order] or "created_at DESC"))
High PhonecallsController index SQL Injection
Possible SQL injection near line 13: Phonecall.order((params[:order] or "created_at DESC"))
High PhonecallsController all SQL Injection
Possible SQL injection near line 42: Phonecall.order((params[:order] or "created_at DESC"))
High PhonecallsController contact SQL Injection
Possible SQL injection near line 89: Phonecall.where(:contact => (params[:contact])).order((params[:o...
High PhotosController index SQL Injection
Possible SQL injection near line 10: Photo.order((params[:order] or "created_at DESC"))
High ProjectsController index SQL Injection
Possible SQL injection near line 11: Project.order((params[:order] or "created_at DESC"))
High ProjectsController all SQL Injection
Possible SQL injection near line 27: Project.order((params[:order] or "created_at DESC"))
High Quiz::QuestionsController index SQL Injection
Possible SQL injection near line 13: Quiz::Question.order((params[:order] or "created_at DESC"))
High Quiz::QuestionsController index SQL Injection
Possible SQL injection near line 15: Quiz::Question.visible.order((params[:order] or "created_at DESC...
High Quiz::UsersController index SQL Injection
Possible SQL injection near line 12: Quiz::User.order((params[:order] or "created_at DESC"))
High RunningEventsController index SQL Injection
Possible SQL injection near line 12: RunningEvent.order((params[:order] or "created_at DESC"))
High RunningEventsController all SQL Injection
Possible SQL injection near line 27: RunningEvent.order((params[:order] or "created_at DESC"))
High SecurityVulnerabilitiesController index SQL Injection
Possible SQL injection near line 12: SecurityVulnerability.order((params[:order] or "created_at DESC"...
High SecurityVulnerabilitiesController all SQL Injection
Possible SQL injection near line 29: SecurityVulnerability.order((params[:order] or "created_at DESC"...
High TextMessagesController index SQL Injection
Possible SQL injection near line 13: TextMessage.order((params[:order] or "created_at DESC"))
High TextMessagesController contact SQL Injection
Possible SQL injection near line 41: TextMessage.find_all_by_contact(params[:contact]).order((params[...
High TrainsController index SQL Injection
Possible SQL injection near line 9: Train.order((params[:order] or "created_at DESC"))
High TrainsController all SQL Injection
Possible SQL injection near line 25: Train.order((params[:order] or "created_at DESC"))
High TweetsController index SQL Injection
Possible SQL injection near line 9: Tweet.order((params[:order] or "created_at DESC"))
High TweetsController all SQL Injection
Possible SQL injection near line 25: Tweet.order((params[:order] or "created_at DESC"))
Weak Music::ArtistsController show File Access
Parameter value used in file name near line 84: File.open(Rails.root.join("json", "#{params[:id]}.jso...

View Warnings

Confidence Template Warning Type Message
Medium analytics/show (AnalyticsController#show) Cross Site Scripting
Unsafe model attribute in link_to href near line 12: link_to(Analytic.find(params[:id]).ip, (analytic...
Medium analytics/show (AnalyticsController#show) Cross Site Scripting
Unsafe model attribute in link_to href near line 13: link_to(Analytic.find(params[:id]).user_agent, (...
Medium analytics/show (AnalyticsController#show) Cross Site Scripting
Unsafe model attribute in link_to href near line 14: link_to(Analytic.find(params[:id]).referer, (ana...