{ "scan_info": { "app_path": "/home/masx/developer/dockerize-rails", "rails_version": "5.2.2", "security_warnings": 4, "start_time": "2019-11-01 22:07:50 +0100", "end_time": "2019-11-01 22:07:50 +0100", "duration": 0.166390277, "checks_performed": [ "BasicAuth", "BasicAuthTimingAttack", "ContentTag", "CookieSerialization", "CreateWith", "CrossSiteScripting", "DefaultRoutes", "Deserialize", "DetailedExceptions", "DigestDoS", "DynamicFinders", "EscapeFunction", "Evaluation", "Execute", "FileAccess", "FileDisclosure", "FilterSkipping", "ForgerySetting", "HeaderDoS", "I18nXSS", "JRubyXML", "JSONEncoding", "JSONParsing", "LinkTo", "LinkToHref", "MailTo", "MassAssignment", "MimeTypeDoS", "ModelAttrAccessible", "ModelAttributes", "ModelSerialize", "NestedAttributes", "NestedAttributesBypass", "NumberToCurrency", "PermitAttributes", "QuoteTableName", "Redirect", "RegexDoS", "Render", "RenderDoS", "RenderInline", "ResponseSplitting", "RouteDoS", "SQL", "SQLCVEs", "SSLVerify", "SafeBufferManipulation", "SanitizeMethods", "SelectTag", "SelectVulnerability", "Send", "SendFile", "SessionManipulation", "SessionSettings", "SimpleFormat", "SingleQuotes", "SkipBeforeFilter", "SprocketsPathTraversal", "StripTags", "SymbolDoSCVE", "TranslateBug", "UnsafeReflection", "ValidationRegex", "WithoutProtection", "XMLDoS", "YAMLParsing" ], "number_of_controllers": 2, "number_of_models": 2, "number_of_templates": 7, "ruby_version": "2.6.3", "brakeman_version": "4.7.1" }, "warnings": [ { "warning_type": "Dangerous Eval", "warning_code": 13, "fingerprint": "490f917262d1384df60e24097536f6c9039e5f5ba11fe11bf0981109cd286fc5", "check_name": "Evaluation", "message": "User input in eval", "file": "app/controllers/posts_controller.rb", "line": 29, "link": "https://brakemanscanner.org/docs/warning_types/dangerous_eval/", "code": "eval(params)", "render_path": null, "location": { "type": "method", "class": "PostsController", "method": "create" }, "user_input": "params", "confidence": "High" }, { "warning_type": "Mass Assignment", "warning_code": 70, "fingerprint": "5b486a498b14e1a12361c50863e2770c966799c9d5c6b6b9ab9bd8797c28a986", "check_name": "MassAssignment", "message": "Parameters should be whitelisted for mass assignment", "file": "app/controllers/posts_controller.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", "code": "params.permit!", "render_path": null, "location": { "type": "method", "class": "PostsController", "method": "new" }, "user_input": null, "confidence": "High" }, { "warning_type": "Mass Assignment", "warning_code": 70, "fingerprint": "5b486a498b14e1a12361c50863e2770c966799c9d5c6b6b9ab9bd8797c28a986", "check_name": "MassAssignment", "message": "Parameters should be whitelisted for mass assignment", "file": "app/controllers/posts_controller.rb", "line": 19, "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", "code": "params.permit!", "render_path": null, "location": { "type": "method", "class": "PostsController", "method": "new" }, "user_input": null, "confidence": "High" }, { "warning_type": "SQL Injection", "warning_code": 0, "fingerprint": "6e457f0a360661641a71555352f13a7cb2d983916b936007fce4e3826b837402", "check_name": "SQL", "message": "Possible SQL injection", "file": "app/controllers/posts_controller.rb", "line": 13, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "User.where(\"#{params[:query]}\")", "render_path": null, "location": { "type": "method", "class": "PostsController", "method": "show" }, "user_input": "params[:query]", "confidence": "Medium" } ], "ignored_warnings": [ ], "errors": [ ], "obsolete": [ ] }