Configure brakeman to ignore url safe preview card urls (#25883)

2023-10-20 09:32:16 -04:00 · 2023-10-20 09:32:16 -04:00 · ab0fb81479
commit ab0fb81479
parent 13688539bc
5 changed files with 27 additions and 40 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -1,39 +0,0 @@
-{
-  "ignored_warnings": [
-    {
-      "warning_type": "Cross-Site Scripting",
-      "warning_code": 4,
-      "fingerprint": "cd5cfd7f40037fbfa753e494d7129df16e358bfc43ef0da3febafbf4ee1ed3ac",
-      "check_name": "LinkToHref",
-      "message": "Potentially unsafe model attribute in `link_to` href",
-      "file": "app/views/admin/trends/links/_preview_card.html.haml",
-      "line": 7,
-      "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",
-      "code": "link_to((Unresolved Model).new.title, (Unresolved Model).new.url)",
-      "render_path": [
-        {
-          "type": "template",
-          "name": "admin/trends/links/index",
-          "line": 49,
-          "file": "app/views/admin/trends/links/index.html.haml",
-          "rendered": {
-            "name": "admin/trends/links/_preview_card",
-            "file": "app/views/admin/trends/links/_preview_card.html.haml"
-          }
-        }
-      ],
-      "location": {
-        "type": "template",
-        "template": "admin/trends/links/_preview_card"
-      },
-      "user_input": "(Unresolved Model).new.url",
-      "confidence": "Weak",
-      "cwe_id": [
-        79
-      ],
-      "note": ""
-    }
-  ],
-  "updated": "2023-07-12 11:20:51 -0400",
-  "brakeman_version": "6.0.0"
-}
--- a/config/brakeman.yml
+++ b/config/brakeman.yml
@ -1,3 +1,5 @@
 ---
 :skip_checks:
  - CheckPermitAttributes
+:url_safe_methods:
+  - url_for_preview_card