prostaff-api/.brakeman.ignore at master · Bulletdev/prostaff-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
{
  "ignored_warnings": [
    {
      "warning_type": "Mass Assignment",
      "warning_code": 105,
      "fingerprint": "f2fd7351c85e531b66f6444ab8a89071e039b96befcdd5a6f897d3f55bb2d9dd",
      "check_name": "PermitAttributes",
      "message": "Potentially dangerous key allowed for mass assignment",
      "file": "app/modules/players/controllers/players_controller.rb",
      "line": 368,
      "note": "':role' is a player in-game position (top/jungle/mid/adc/support), not a user access role. riot_puuid and riot_summoner_id were intentionally removed from this permit list."
    },
    {
      "warning_type": "Mass Assignment",
      "warning_code": 105,
      "fingerprint": "a53e36aea1309fb0af3b08b9d5403838087ed98264a2a158a98adde5f6d496d3",
      "check_name": "PermitAttributes",
      "message": "Potentially dangerous key allowed for mass assignment",
      "file": "app/modules/meta_intelligence/controllers/builds_controller.rb",
      "line": 128,
      "note": "Explicit permit list — items/runes/item_build_order are game data arrays, not auth/role fields"
    },
    {
      "warning_type": "Mass Assignment",
      "warning_code": 105,
      "fingerprint": "0439d7819e41e304c9092860b9e8e5948407871a10e850a1d4b7d92193efb608",
      "check_name": "PermitAttributes",
      "message": "Potentially dangerous key allowed for mass assignment",
      "file": "app/controllers/api/v1/scouting/players_controller.rb",
      "line": 144,
      "note": "':role' is a legitimate player field, not a Rails role bypass"
    },
    {
      "warning_type": "Mass Assignment",
      "warning_code": 105,
      "fingerprint": "8996a8248ab0c60c8b3ac5cd3c5bae5bebe167ab3ef9ee13316b5b4881f5d724",
      "check_name": "PermitAttributes",
      "message": "Potentially dangerous key allowed for mass assignment",
      "file": "app/controllers/api/v1/players_controller.rb",
      "line": 261,
      "note": "':role' is a legitimate player field (position in game), not a Rails role bypass"
    },
    {
      "warning_type": "Unmaintained Dependency",
      "warning_code": 120,
      "fingerprint": "d84924377155b41e094acae7404ec2e521629d86f97b0ff628e3d1b263f8101c",
      "check_name": "EOLRails",
      "message": "Support for Rails 7.1.5.2 ended on 2025-10-01",
      "file": "Gemfile.lock",
      "line": 224,
      "note": "Rails 7.1.x is still secure, will upgrade to 7.2/8.0 in next sprint"
    },
    {
      "warning_type": "SQL Injection",
      "warning_code": 0,
      "fingerprint": "82553a8da70acefb77b22bab7fb95616b808a9604a23dff455508e0ad77e3107",
      "check_name": "SQL",
      "message": "Possible SQL injection",
      "file": "app/modules/analytics/services/database_metadata_cache_service.rb",
      "line": 213,
      "note": "False positive — uses parameterized query with $1/$2 placeholders and a separate bindings array"
    },
    {
      "warning_type": "SQL Injection",
      "warning_code": 0,
      "fingerprint": "8bf697cde545723f2f3d339a8fc87f1cbb80dccb7cc50ea42243ebde2c0d7883",
      "check_name": "SQL",
      "message": "Possible SQL injection",
      "file": "app/modules/search/services/search_service.rb",
      "line": 53,
      "note": "False positive — IDs from Meilisearch are individually escaped with connection.quote() before interpolation"
    },
    {
      "warning_type": "Mass Assignment",
      "warning_code": 105,
      "fingerprint": "8273a221da2916071e72130e8e4a184b37aa96df641daff5c11d7069740e2c81",
      "check_name": "PermitAttributes",
      "message": "Potentially dangerous key allowed for mass assignment",
      "file": "app/modules/scouting/controllers/players_controller.rb",
      "line": 295,
      "note": "':role' is a player in-game position (Top/Mid/ADC/etc), not a user access role"
    },
    {
      "warning_type": "Mass Assignment",
      "warning_code": 105,
      "fingerprint": "88173572797556fd8d8d2da622fdb463673c0793a9ec10126b1803fc39f04f06",
      "check_name": "PermitAttributes",
      "message": "Potentially dangerous key allowed for mass assignment",
      "file": "app/modules/scouting/controllers/players_controller.rb",
      "line": 322,
      "note": "':role' is a player in-game position (Top/Mid/ADC/etc), not a user access role"
    }
  ],
  "updated": "2026-03-23 00:00:00 +0000",
  "brakeman_version": "8.0.4"
}