{ "ignored_warnings": [ { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "0a0e15f9dafcf95f8eb3f73cff6f4d101b1775476d4fbd16c512385cdace28b2", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/common_initializers_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::CommonInitializersVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "1544155a02dec97b194b2faeb6b73badf6c0b3f9fc2062d720b536a2da0df02c", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/circleci_config_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::CircleciConfigVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "179c9da0ad088b607b422758a414d8529b6e96ca8c8d6a60e41aee7d64cebde2", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/sitemap_config_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::SitemapConfigVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "1b24328b139588437cad24c263d3bfe4995f7613b56898fa99a65457b1010cda", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/sync_neeto_commons/sync_formatters.rb", "line": 23, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`cp #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} #{file}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommons::SyncFormatters", "method": "s(:self).process" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "3d5197ecbde2765e5614d2a71193ad38c63ab547b4eea083c0842e751b4159db", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/sync_neeto_commons/sync_husky.rb", "line": 27, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`cp #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} #{file}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommons::SyncHusky", "method": "s(:self).sync_with_husky_files_in_neeto_commons" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "42d21dd51ae4cb0fe2d24767b76122ee51e665ba304c14cf6de8e2db2730b538", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/webpacker_config_verifier.rb", "line": 14, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`diff #{commons_copy} #{local_copy} | grep '<'`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::WebpackerConfigVerifier", "method": "compare_files" }, "user_input": "commons_copy", "confidence": "Medium", "cwe_id": [ 77 ], "note": "Both local_copy and commons_copy are defined in the backend." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "569c8874183a7e43dcb77f555b6574045b733e640d7950a45951f392f8a82955", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/cypress_plugins_index_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::CypressPluginsIndexVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "56d0797e3a02d51297989fdef6166d102244d8baeeeaf9603cf87674bce2fddb", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/neeto_commons_sync_verifier.rb", "line": 39, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`diff #{local_file} #{common_file.to_s}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCommonsSyncVerifier", "method": "same_file?" }, "user_input": "local_file", "confidence": "Medium", "cwe_id": [ 77 ], "note": "Both local_file and common_file are defined in the backend." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "5a24cb0a1817fea1f9ffbe004f7b95e738727fede385d34d06023c4fbc219e93", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/cypress_config_verifier.rb", "line": 43, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`diff #{local_file} #{common_file.to_s}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::CypressConfigVerifier", "method": "same_file?" }, "user_input": "local_file", "confidence": "Medium", "cwe_id": [ 77 ], "note": "local_file is defined in the backend" }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "5d7af3ca27abd6d522cc0375ffe4ebdc9234b5878c1d4e0555e97af849ef94e5", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/sync_neeto_commons_verifier/misc_files_verifier.rb", "line": 24, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "system(\"cat #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} | diff #{file} - 1> /dev/null\")", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommonsVerifier::MiscFilesVerifier", "method": "find_non_complied_misc_files" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "607f1ee1b1f5e61cefa7b30720c213ee4849d5e149720a6896894192a7d7ca00", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/sync_neeto_commons/sync_husky.rb", "line": 28, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "system(\"chmod +x #{file}\")", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommons::SyncHusky", "method": "s(:self).sync_with_husky_files_in_neeto_commons" }, "user_input": "file", "confidence": "Medium", "cwe_id": [ 77 ], "note": "file mentioned here is the files from HUSKY_FILES, defined in backend." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "6b624991d4078d8793f2fcf605ae6c3747fd81d281388526fc24bc7b4fac55a7", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/slugignore_file_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::SlugignoreFileVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "71370e09dd25546b1273e3e6a3c8e65ab2e0bdd4ba0d1c107c0fcac6ec541399", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/newrelic_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NewrelicVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "7a6c37477ef89cb8863e4e5e142fb99d59ed9103c3215e6279049c919f0f0209", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/sync_neeto_commons_verifier/test_support_files_verifier.rb", "line": 23, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "system(\"cat #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} | diff #{file} - 1> /dev/null\")", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommonsVerifier::TestSupportFilesVerifier", "method": "non_complied_test_support_files" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "aba6ca1a7652fe8643697e3af4b4e43f834375f1101d84ce1e017dec5c4c3cf6", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/sync_neeto_commons_verifier/bin_files_verifier.rb", "line": 24, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "system(\"cat #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} | diff #{file} - 1> /dev/null\")", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommonsVerifier::BinFilesVerifier", "method": "find_non_complied_bin_files" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "abab3d09b40b36e3b9f387cbf7c344ba94acdee14986046cf64d752577d4af4a", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/bump_version_with_pr_label_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::BumpVersionWithPrLabelVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "add17d8f75504153921279b16facfec7c5ea6fa355d8c3cad83bac953281ad22", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/sync_neeto_commons/sync_test_support.rb", "line": 33, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`cp #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} #{file}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommons::SyncTestSupport", "method": "s(:self).sync_support_files" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "b096054fa4b1a017055a1d4eec3f7ac49e9c3b8eb80f089c897c9158fc6c3569", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/sync_neeto_commons/sync_bin.rb", "line": 27, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`cp #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} #{file}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommons::SyncBin", "method": "s(:self).sync_bin_files" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "bcaeb36f4a16f121785192f5b526fedb2e38f307d2623364dff71cfaea094696", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/sync_neeto_commons_verifier/formatter_files_verifier.rb", "line": 24, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "system(\"cat #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} | diff #{file} - 1> /dev/null\")", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommonsVerifier::FormatterFilesVerifier", "method": "find_non_complied_formatter_files" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "c96b160c649d9a8753933a7be5c8741b525bfb2e1844d8bbb4f40fb8412834c4", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/common_gemfile_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::CommonGemfileVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "cd1faeb9312eb4f92f8840a47943b1945b7d8ac02a7a556dfd977e7192cbd9a2", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/auto_update_prs_with_latest_master_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::AutoUpdatePrsWithLatestMasterVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "cd549bd21917fa5191058d64894de2e28e6c9657f1c3a77c7da9f58ef0994d55", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/ruby_version_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::RubyVersionVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "dae89b5d2512acd50f9590a5b86f48c319dd143036bdecbcc25e22163de5f8c1", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/docker_file_dev_verifier.rb", "line": 18, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`#{verify_command}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::DockerFileDevVerifier", "method": "valid?" }, "user_input": "verify_command", "confidence": "Medium", "cwe_id": [ 77 ], "note": "verify_command is defined in the backend. It is safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "e53d551282bb5a249621de730bb03de7772a31f8b413c7f858e9d8cb1144222c", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/environment_config_verifier.rb", "line": 31, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "system(\"cat #{file} | grep -q '#{command}'\")", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::EnvironmentConfigVerifier", "method": "config_missing?" }, "user_input": "file", "confidence": "Medium", "cwe_id": [ 77 ], "note": "file and command mentioned here are the key-value pairs of environment_configs method defined in the backend." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "e94a5761c8e782433a1dea9d381195406bb5506d23932513674e43a12d1a69a3", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/sync_neeto_commons/sync_misc.rb", "line": 31, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "`cp #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} #{file}`", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommons::SyncMisc", "method": "s(:self).sync_misc_files" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." }, { "warning_type": "Command Injection", "warning_code": 14, "fingerprint": "f579f44c4e33e0dc59d7eac09fb2e40da3f6a15c342b03420ec741318ebf53cb", "check_name": "Execute", "message": "Possible command injection", "file": "lib/neeto_compliance/verifiers/sync_neeto_commons_verifier/husky_files_verifier.rb", "line": 24, "link": "https://brakemanscanner.org/docs/warning_types/command_injection/", "code": "system(\"cat #{NeetoCompliance::SyncNeetoCommons.neeto_commons_url}#{file} | diff #{file} - 1> /dev/null\")", "render_path": null, "location": { "type": "method", "class": "NeetoCompliance::NeetoCompliance::SyncNeetoCommonsVerifier::HuskyFilesVerifier", "method": "find_non_complied_husky_files" }, "user_input": "NeetoCompliance::SyncNeetoCommons.neeto_commons_url", "confidence": "Medium", "cwe_id": [ 77 ], "note": "neeto_commons_url return the path of commons directory of the specific neeto_compliance gem specifiec in Gemfile. Hence, is it safe to assume the code is not vulnerable to Command Injection." } ], "updated": "2023-03-24 17:47:08 +0530", "brakeman_version": "5.4.1" }