Skip to content

Commit 0a067c3

Browse files
BulletdevBulletdev
committed
chore: brakeman ignore adjust
1 parent 2e3fad4 commit 0a067c3

File tree

1 file changed

+42
-2
lines changed

1 file changed

+42
-2
lines changed

.brakeman.ignore

Lines changed: 42 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,48 @@
3939
"file": "Gemfile.lock",
4040
"line": 224,
4141
"note": "Rails 7.1.x is still secure, will upgrade to 7.2/8.0 in next sprint"
42+
},
43+
{
44+
"warning_type": "SQL Injection",
45+
"warning_code": 0,
46+
"fingerprint": "82553a8da70acefb77b22bab7fb95616b808a9604a23dff455508e0ad77e3107",
47+
"check_name": "SQL",
48+
"message": "Possible SQL injection",
49+
"file": "app/modules/analytics/services/database_metadata_cache_service.rb",
50+
"line": 213,
51+
"note": "False positive — uses parameterized query with $1/$2 placeholders and a separate bindings array"
52+
},
53+
{
54+
"warning_type": "SQL Injection",
55+
"warning_code": 0,
56+
"fingerprint": "8bf697cde545723f2f3d339a8fc87f1cbb80dccb7cc50ea42243ebde2c0d7883",
57+
"check_name": "SQL",
58+
"message": "Possible SQL injection",
59+
"file": "app/modules/search/services/search_service.rb",
60+
"line": 53,
61+
"note": "False positive — IDs from Meilisearch are individually escaped with connection.quote() before interpolation"
62+
},
63+
{
64+
"warning_type": "Mass Assignment",
65+
"warning_code": 105,
66+
"fingerprint": "8273a221da2916071e72130e8e4a184b37aa96df641daff5c11d7069740e2c81",
67+
"check_name": "PermitAttributes",
68+
"message": "Potentially dangerous key allowed for mass assignment",
69+
"file": "app/modules/scouting/controllers/players_controller.rb",
70+
"line": 295,
71+
"note": "':role' is a player in-game position (Top/Mid/ADC/etc), not a user access role"
72+
},
73+
{
74+
"warning_type": "Mass Assignment",
75+
"warning_code": 105,
76+
"fingerprint": "88173572797556fd8d8d2da622fdb463673c0793a9ec10126b1803fc39f04f06",
77+
"check_name": "PermitAttributes",
78+
"message": "Potentially dangerous key allowed for mass assignment",
79+
"file": "app/modules/scouting/controllers/players_controller.rb",
80+
"line": 322,
81+
"note": "':role' is a player in-game position (Top/Mid/ADC/etc), not a user access role"
4282
}
4383
],
44-
"updated": "2025-10-08 00:00:00 +0000",
45-
"brakeman_version": "7.1.0"
84+
"updated": "2026-03-23 00:00:00 +0000",
85+
"brakeman_version": "8.0.4"
4686
}

0 commit comments

Comments
 (0)