brakeman vulnaribility UnsafeReflection.

lynndylanhurley / devise_token_auth

Token based authentication for Rails JSON APIs. Designed to work with jToker and ng-token-auth.

Do What The F*ck You Want To Public License

3.52k stars 1.14k forks source link

brakeman vulnaribility UnsafeReflection. #1587

Closed ryanfox1985 closed 1 year ago

ryanfox1985 commented 1 year ago

Confidence: High
Category: Remote Code Execution
Check: UnsafeReflection
Message: Unsafe reflection method `constantize` called on parameter value
Code: params["resource_class"].constantize
File: gems/devise_token_auth/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb
Line: 135

ryanfox1985 commented 1 year ago

related with this PR #1569

MaicolBen commented 1 year ago

thank you!