{ "ignored_warnings": [ { "warning_type": "Dynamic Render Path", "warning_code": 15, "fingerprint": "041ae0dc908151bac0ef0952c625f0dce3a05d2c01a710397a613ef10083f7ae", "check_name": "Render", "message": "Render path contains parameter value", "file": "app/controllers/good_job/frontends_controller.rb", "line": 47, "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/", "code": "render(file => (self.class.js_modules[params[:id].to_sym] or raise(ActionController::RoutingError, \"Not Found\")), {})", "render_path": null, "location": { "type": "method", "class": "GoodJob::FrontendsController", "method": "module" }, "user_input": "params[:id].to_sym", "confidence": "Weak", "cwe_id": [ 22 ], "note": "Files are explicitly enumerated in the array" }, { "warning_type": "Dynamic Render Path", "warning_code": 15, "fingerprint": "b0c2888c9b217671d90d0141b49b036af3b2a70c63b02968cc97ae2052c86272", "check_name": "Render", "message": "Render path contains parameter value", "file": "app/controllers/good_job/frontends_controller.rb", "line": 41, "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/", "code": "render(file => ({ :css => ({ :bootstrap => GoodJob::Engine.root.join(\"app\", \"frontend\", \"good_job\", \"vendor\", \"bootstrap\", \"bootstrap.min.css\"), :style => GoodJob::Engine.root.join(\"app\", \"frontend\", \"good_job\", \"style.css\") }), :js => ({ :bootstrap => GoodJob::Engine.root.join(\"app\", \"frontend\", \"good_job\", \"vendor\", \"bootstrap\", \"bootstrap.bundle.min.js\"), :chartjs => GoodJob::Engine.root.join(\"app\", \"frontend\", \"good_job\", \"vendor\", \"chartjs\", \"chart.min.js\"), :es_module_shims => GoodJob::Engine.root.join(\"app\", \"frontend\", \"good_job\", \"vendor\", \"es_module_shims.js\"), :rails_ujs => GoodJob::Engine.root.join(\"app\", \"frontend\", \"good_job\", \"vendor\", \"rails_ujs.js\") }), :svg => ({ :icons => GoodJob::Engine.root.join(\"app\", \"frontend\", \"good_job\", \"icons.svg\") }) }.dig(params[:format].to_sym, params[:id].to_sym) or raise(ActionController::RoutingError, \"Not Found\")), {})", "render_path": null, "location": { "type": "method", "class": "GoodJob::FrontendsController", "method": "static" }, "user_input": "params[:id].to_sym", "confidence": "Weak", "cwe_id": [ 22 ], "note": "Files are explicitly enumerated in the array" }, { "warning_type": "SQL Injection", "warning_code": 0, "fingerprint": "c837568c590d9608a8bb9927b31b9597aaacc72053b6482e1a54bd02aa0dd2d7", "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/good_job/job.rb", "line": 135, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "Arel.sql(\"(CASE #{queues.map.with_index do\n sanitize_sql_array([\"WHEN queue_name = ? THEN ?\", queue_name, index])\n end.join(\" \")} ELSE #{queues.size} END)\")", "render_path": null, "location": { "type": "method", "class": "Job", "method": null }, "user_input": "queues.map.with_index do\n sanitize_sql_array([\"WHEN queue_name = ? THEN ?\", queue_name, index])\n end.join(\" \")", "confidence": "Medium", "cwe_id": [ 89 ], "note": "Developer provided value, queue_name, is sanitized." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "dbb80167f57edebfd9da72e1278d425095a0329755e24d3c50e0fda6bb21c097", "check_name": "Execute", "message": "Possible command injection", "file": "app/models/good_job/process.rb", "line": 32, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`ps -o pid,rss -p #{pid.to_i}`", "render_path": null, "location": { "type": "method", "class": "Process", "method": null }, "user_input": "pid.to_i", "confidence": "Medium", "cwe_id": [ 77 ], "note": "" } ], "updated": "2024-11-16 17:00:20 -0600", "brakeman_version": "6.2.1" }