search

OregonStateUniversity / ltpbr-explorer

Tracking artificial beaver dams for river restoration.
http://bdaexplorer.com
GNU General Public License v3.0
1 stars 0 forks source link

User: tighten username validation #396

Closed ybakos closed 6 months ago

ybakos commented 6 months ago

Per the brakeman security advisory.

== Warnings ==

Confidence: High
Category: Format Validation
Check: ValidationRegex
Message: Insufficient validation for `username` using `/^[a-zA-Z0-9_\.]*$/`. Use `\A` and `\z` as anchors
File: app/models/user.rb
Line: 11