Add logging of admin actions (#5757)

* Add logging of admin actions * Update brakeman whitelist * Log creates, updates and destroys with history of changes * i18n: Update Polish translation (#5782) Signed-off-by: Marcin Mikołajczak <me@m4sk.in> * Split admin navigation into moderation and administration * Redesign audit log page * 🇵🇱 (#5795) * Add color coding to audit log * Change dismiss->resolve, log all outcomes of report as resolve * Update terminology (e-mail blacklist) (#5796) * Update terminology (e-mail blacklist) imho looks better * Update en.yml * Fix code style issues * i18n-tasks normalize
2017-11-24 02:05:53 +01:00 · 2017-11-24 02:05:53 +01:00 · e84fecb7e9
commit e84fecb7e9
parent 801eee0ff3
34 changed files with 490 additions and 43 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -7,10 +7,10 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 122,
+      "line": 143,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).inbox_url, Account.find(params[:id]).inbox_url)",
-      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":15,"file":"app/controllers/admin/accounts_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/accounts/show"
@ -26,10 +26,10 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 128,
+      "line": 149,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).shared_inbox_url, Account.find(params[:id]).shared_inbox_url)",
-      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":15,"file":"app/controllers/admin/accounts_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/accounts/show"
@ -45,10 +45,10 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 35,
+      "line": 54,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).url, Account.find(params[:id]).url)",
-      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":15,"file":"app/controllers/admin/accounts_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/accounts/show"
@ -76,6 +76,25 @@
      "confidence": "Weak",
      "note": ""
    },
+    {
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
+      "fingerprint": "4b6a895e2805578d03ceedbe1d469cc75a0c759eba093722523edb4b8683c873",
+      "check_name": "Render",
+      "message": "Render path contains parameter value",
+      "file": "app/views/admin/action_logs/index.html.haml",
+      "line": 5,
+      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(action => Admin::ActionLog.page(params[:page]), {})",
+      "render_path": [{"type":"controller","class":"Admin::ActionLogsController","method":"index","line":7,"file":"app/controllers/admin/action_logs_controller.rb"}],
+      "location": {
+        "type": "template",
+        "template": "admin/action_logs/index"
+      },
+      "user_input": "params[:page]",
+      "confidence": "Weak",
+      "note": ""
+    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 4,
@ -83,10 +102,10 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 131,
+      "line": 152,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).followers_url, Account.find(params[:id]).followers_url)",
-      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":15,"file":"app/controllers/admin/accounts_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/accounts/show"
@ -102,10 +121,10 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 106,
+      "line": 127,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).salmon_url, Account.find(params[:id]).salmon_url)",
-      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":15,"file":"app/controllers/admin/accounts_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/accounts/show"
@ -124,7 +143,7 @@
      "line": 31,
      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
      "code": "render(action => filtered_custom_emojis.eager_load(:local_counterpart).page(params[:page]), {})",
-      "render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":9,"file":"app/controllers/admin/custom_emojis_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":10,"file":"app/controllers/admin/custom_emojis_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/custom_emojis/index"
@ -163,7 +182,7 @@
      "line": 64,
      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
      "code": "render(action => filtered_accounts.page(params[:page]), {})",
-      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"index","line":10,"file":"app/controllers/admin/accounts_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"index","line":12,"file":"app/controllers/admin/accounts_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/accounts/index"
@ -179,10 +198,10 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 95,
+      "line": 116,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).remote_url, Account.find(params[:id]).remote_url)",
-      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":15,"file":"app/controllers/admin/accounts_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/accounts/show"
@ -221,7 +240,7 @@
      "line": 25,
      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
      "code": "render(action => filtered_reports.page(params[:page]), {})",
-      "render_path": [{"type":"controller","class":"Admin::ReportsController","method":"index","line":9,"file":"app/controllers/admin/reports_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::ReportsController","method":"index","line":10,"file":"app/controllers/admin/reports_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/reports/index"
@ -237,10 +256,10 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 125,
+      "line": 146,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).outbox_url, Account.find(params[:id]).outbox_url)",
-      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":15,"file":"app/controllers/admin/accounts_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/accounts/show"
@ -269,6 +288,6 @@
      "note": ""
    }
  ],
-  "updated": "2017-10-20 00:00:54 +0900",
+  "updated": "2017-11-19 20:34:18 +0100",
  "brakeman_version": "4.0.1"
 }