Closed scherztc closed 3 years ago
Results of Running brakeman
command:
== Warning Types ==
Command Injection: 1 Cross-Site Request Forgery: 1 Mass Assignment: 1 SQL Injection: 3
== Warnings ==
Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: curl "https://www.google.com/recaptcha/api/siteverify?secret=#{key}&response=#{response}"
File: app/controllers/hyrax/contact_form_controller.rb
Line: 39
Confidence: Medium Category: Cross-Site Request Forgery Check: CSRFTokenForgeryCVE Message: Rails 5.1.7 has a vulnerability that may allow CSRF token forgery. Upgrade to Rails 5.2.4.3 or patch File: Gemfile.lock Line: 804
Confidence: Medium
Category: Mass Assignment
Check: MassAssignment
Message: Specify exact keys allowed for mass assignment instead of using permit!
which allows any keys
Code: params[:title].permit!
File: app/controllers/hyrax/batch_uploads_controller.rb
Line: 16
Confidence: Weak Category: SQL Injection Check: SQL Message: Possible SQL injection Code: ::User.where(*base_query).where("#{Devise.authentication_keys.first} like lower(?)\n OR display_name like lower(?)\n OR first_name like lower(?)\n OR last_name like lower(?)", (nil or (("%" + query.downcase.strip) + "%")), (nil or (("%" + query.downcase.strip) + "%")), (nil or (("%" + query.downcase.strip) + "%")), (nil or (("%" + query.downcase.strip) + "%"))) File: app/controllers/display_users_controller.rb Line: 14
Confidence: Weak Category: SQL Injection Check: SQL Message: Possible SQL injection Code: ::User.where(*base_query).where("#{Devise.authentication_keys.first} like lower(?)\n OR display_name like lower(?)\n OR first_name like lower(?)\n OR last_name like lower(?)", (nil or (("%" + query.downcase.strip) + "%")), (nil or (("%" + query.downcase.strip) + "%")), (nil or (("%" + query.downcase.strip) + "%")), (nil or (("%" + query.downcase.strip) + "%"))).where("#{Devise.authentication_keys.first} not in (?)", [::User.batch_user_key, ::User.audit_user_key]) File: app/controllers/display_users_controller.rb Line: 19
Confidence: Weak Category: SQL Injection Check: SQL Message: Possible SQL injection Code: type_class.where("embargo_release_date_dtsi:[* TO #{RSolr.solr_escape(expiration_date)}]") File: app/services/expiration_service.rb Line: 41
@bsp3ars : Good work. Make separate issues for the Medium issues. Thanks.
Descriptive summary
Include a concise description of the issue and any relevant tracebacks if you're reporting a bug.
Expected behavior
Actual behavior
Steps to reproduce the behavior
Related work
Link to related issues or prior related work here.