crisr15 commented 1 year ago

Summary

After Rails upgrade run Bundler Audit to see if any gems need to be updated.

Acceptance Criteria

aprilrieger commented 1 year ago

aprilrieger commented 1 year ago

== Errors ==

[x] Error: app/views/full_text/_previous_next_doc.html.erb:14 :: parse error on value "$" ($end) Could not parse app/views/full_text/_previous_next_doc.html.erb Location: Could not parse /Users/aprilrieger/softserv/oral-history/app/views/full_text/_previous_next_doc.html.erb
[x] Error: app/views/interviewee/_previous_next_doc.html.erb:14 :: parse error on value "$" ($end) Could not parse app/views/interviewee/_previous_next_doc.html.erb Location: Could not parse /Users/aprilrieger/softserv/oral-history/app/views/interviewee/_previous_next_doc.html.erb
[x] Error: app/views/interviewee/_show.html.erb:10 :: parse error on value "," (tCOMMA:

== Warnings ==

[x] Confidence: High Category: Basic Auth Check: BasicAuth Message: Basic authentication password stored in source code Code: (password == "oralhistory") File: app/controllers/application_controller.rb Line: 15
[x] Confidence: Medium Category: Command Injection Check: Execute Message: Possible command injection Code: curl -o #{Tempfile.new.path} #{pdf_text} File: app/jobs/index_pdf_transcript_job.rb Line: 12
[x] Confidence: Medium Category: Command Injection Check: Execute Message: Possible command injection Code: spawn(sprintf("ffmpeg -loglevel panic -i %s -acodec pcm_s16le -ar 44100 %s", src, "#{Dir.mktmpdir((tmp_path or "ffmpeg-"), nil)}/audio.wav")) File: app/services/peaks/converter.rb Line: 19
[x] Confidence: Medium Category: Command Injection Check: Execute Message: Possible command injection Code: system("rm -rf #{raw_path.gsub("/audio.wave", "")}") File: app/services/peaks/processor.rb Line: 29

aprilrieger commented 1 year ago