Merge remote-tracking branch 'parent/main' into kb-upstream-20231018

2023-10-18 11:13:56 +09:00 · 2023-10-18 11:13:56 +09:00 · 527ded889d
commit 527ded889d
parent 9972dfae61 5ef26d8fd5
32 changed files with 556 additions and 586 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -33,76 +33,6 @@
      ],
      "note": ""
    },
-    {
-      "warning_type": "Denial of Service",
-      "warning_code": 76,
-      "fingerprint": "7b6abba5699755348e7ee82a4694bfbf574b41c7cce2d0db0f7c11ae3f983c72",
-      "check_name": "RegexDoS",
-      "message": "Model attribute used in regular expression",
-      "file": "lib/mastodon/cli/domains.rb",
-      "line": 128,
-      "link": "https://brakemanscanner.org/docs/warning_types/denial_of_service/",
-      "code": "/\\.?(#{DomainBlock.where(:severity => 1).pluck(:domain).map do\n Regexp.escape(domain)\n end.join(\"|\")})$/",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Mastodon::CLI::Domains",
-        "method": "crawl"
-      },
-      "user_input": "DomainBlock.where(:severity => 1).pluck(:domain)",
-      "confidence": "Weak",
-      "cwe_id": [
-        20,
-        185
-      ],
-      "note": ""
-    },
-    {
-      "warning_type": "Mass Assignment",
-      "warning_code": 105,
-      "fingerprint": "874be88fedf4c680926845e9a588d3197765a6ccbfdd76466b44cc00151c612e",
-      "check_name": "PermitAttributes",
-      "message": "Potentially dangerous key allowed for mass assignment",
-      "file": "app/controllers/api/v1/admin/reports_controller.rb",
-      "line": 88,
-      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
-      "code": "params.permit(:resolved, :account_id, :target_account_id)",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Api::V1::Admin::ReportsController",
-        "method": "filter_params"
-      },
-      "user_input": ":account_id",
-      "confidence": "High",
-      "cwe_id": [
-        915
-      ],
-      "note": ""
-    },
-    {
-      "warning_type": "Mass Assignment",
-      "warning_code": 105,
-      "fingerprint": "ab5035dd1a9f8c3a8d92fb2c37e8fe86fede4f87c91b71aa32e89c9eede602fc",
-      "check_name": "PermitAttributes",
-      "message": "Potentially dangerous key allowed for mass assignment",
-      "file": "app/controllers/api/v1/notifications_controller.rb",
-      "line": 81,
-      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
-      "code": "params.permit(:account_id, :types => ([]), :exclude_types => ([]))",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Api::V1::NotificationsController",
-        "method": "browserable_params"
-      },
-      "user_input": ":account_id",
-      "confidence": "High",
-      "cwe_id": [
-        915
-      ],
-      "note": ""
-    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 4,