haitzlm
commented
11 months ago - bundle exec bundle audit check --update
- bundle exec brakeman -q -w 2
- create issues for vulnerabilities
Closed haitzlm closed 11 months ago
haitzlm
commented
11 months ago haitzlm
commented
11 months ago 12/15/23
Bundler:Updated ruby-advisory-db ruby-advisory-db: advisories: 828 advisories last updated: 2023-12-07 06:16:19 -0800 commit: 53d9ff8e29decee750696acd74c2c33762983f2d No vulnerabilities found Brakeman onRegex
== Brakeman Report ==
Application Path: /Users/lisa/uclibs/staff-directory-23 Rails Version: 6.1.7.6 Brakeman Version: 6.0.1 Scan Date: 2023-12-15 13:48:11 -0500 Duration: 2.535293 seconds Checks Run: BasicAuth, BasicAuthTimingAttack, CSRFTokenForgeryCVE, ContentTag, CookieSerialization, CreateWith, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, DynamicFinders, EOLRails, EOLRuby, EscapeFunction, Evaluation, Execute, FileAccess, FileDisclosure, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONEncoding, JSONEntityEscape, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, MimeTypeDoS, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NestedAttributesBypass, NumberToCurrency, PageCachingCVE, Pathname, PermitAttributes, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, RenderInline, ResponseSplitting, RouteDoS, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeConfigCve, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionManipulation, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, SprocketsPathTraversal, StripTags, SymbolDoSCVE, TemplateInjection, TranslateBug, UnsafeReflection, UnsafeReflectionMethods, ValidationRegex, VerbConfusion, WeakRSAKey, WithoutProtection, XMLDoS, YAMLParsing
== Overview ==
Controllers: 4 Models: 5 Templates: 39 Errors: 0 Security Warnings: 0
== Warning Types ==
No warnings found
haitzlm
commented
11 months ago No vulnerabilities found, no warning running brakeman and bundler-audit. No files changed.