Merge commit '8e0fd2d619dac93c193da6a762564244e5622498' into glitch-soc/merge-upstream

Conflicts: - `.github/workflows/build-image.yml`: Upstream changed how releases are tagged, we don't have releases. Ignored the changes
2023-07-12 15:54:58 +02:00
parent 15f6fa8d47 8e0fd2d619
commit 2aadebc769
10 changed files with 292 additions and 157 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -102,6 +102,30 @@
      ],
      "note": ""
    },
+    {
+      "warning_type": "Denial of Service",
+      "warning_code": 76,
+      "fingerprint": "7b6abba5699755348e7ee82a4694bfbf574b41c7cce2d0db0f7c11ae3f983c72",
+      "check_name": "RegexDoS",
+      "message": "Model attribute used in regular expression",
+      "file": "lib/mastodon/cli/domains.rb",
+      "line": 128,
+      "link": "https://brakemanscanner.org/docs/warning_types/denial_of_service/",
+      "code": "/\\.?(#{DomainBlock.where(:severity => 1).pluck(:domain).map do\n Regexp.escape(domain)\n end.join(\"|\")})$/",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Mastodon::CLI::Domains",
+        "method": "crawl"
+      },
+      "user_input": "DomainBlock.where(:severity => 1).pluck(:domain)",
+      "confidence": "Weak",
+      "cwe_id": [
+        20,
+        185
+      ],
+      "note": ""
+    },
    {
      "warning_type": "Mass Assignment",
      "warning_code": 105,
@@ -148,6 +172,29 @@
      ],
      "note": ""
    },
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 105,
+      "fingerprint": "b0dd0a26d24f5ede9713fe49210e9638be5f5548af9eee0b5a16fe9dbc80ffcd",
+      "check_name": "PermitAttributes",
+      "message": "Potentially dangerous key allowed for mass assignment",
+      "file": "app/controllers/api/v2/search_controller.rb",
+      "line": 42,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.permit(:type, :offset, :min_id, :max_id, :account_id, :following)",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Api::V2::SearchController",
+        "method": "search_params"
+      },
+      "user_input": ":account_id",
+      "confidence": "High",
+      "cwe_id": [
+        915
+      ],
+      "note": ""
+    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 4,
@@ -184,13 +231,13 @@
    {
      "warning_type": "Mass Assignment",
      "warning_code": 105,
-      "fingerprint": "f9de0ca4b04ae4b51b74d98db14dcbb6dae6809e627b58e711019cf9b4a47866",
+      "fingerprint": "d0511f0287aea4ed9511f5a744f880cb15af77a8ec88f81b7365b00b642cf427",
      "check_name": "PermitAttributes",
      "message": "Potentially dangerous key allowed for mass assignment",
      "file": "app/controllers/api/v1/reports_controller.rb",
      "line": 26,
      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
-      "code": "params.permit(:account_id, :comment, :category, :forward, :status_ids => ([]), :rule_ids => ([]))",
+      "code": "params.permit(:account_id, :comment, :category, :forward, :forward_to_domains => ([]), :status_ids => ([]), :rule_ids => ([]))",
      "render_path": null,
      "location": {
        "type": "method",
@@ -205,6 +252,6 @@
      "note": ""
    }
  ],
-  "updated": "2023-07-05 14:34:42 -0400",
-  "brakeman_version": "5.4.1"
+  "updated": "2023-07-11 16:08:58 +0200",
+  "brakeman_version": "6.0.0"
 }