Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evaluate brakeman identified security issues #2016

Closed
tas50 opened this issue Jul 5, 2021 · 2 comments · Fixed by #2095 or #2101
Closed

Evaluate brakeman identified security issues #2016

tas50 opened this issue Jul 5, 2021 · 2 comments · Fixed by #2095 or #2101
Assignees
@RajeshPaul38
Labels
Aspect: Security Can an unwanted third party affect the stability or look at privileged information?

Comments

@tas50
Copy link
Contributor

tas50 commented Jul 5, 2021

This repo is now being scanned by Brakeman for potential rails security vulnerabilities. We need to evaluate the issues raised by Brakeman and determine what needs to be resolved and what needs to be ignored via the scanner config.

See results here:
https://github.com/chef/supermarket/security/code-scanning
@tas50 tas50 added the Aspect: Security Can an unwanted third party affect the stability or look at privileged information? label Jul 5, 2021
@RajeshPaul38
Copy link
Contributor

Running brakeman gem in local and fixing the errors which are real vulnerabilities. Also added methods. to ignore list if not a real vulnerability.

@RajeshPaul38 RajeshPaul38 mentioned this issue Aug 3, 2021
Merged
5 tasks
@RajeshPaul38
Copy link
Contributor

PR: #2095

This was linked to pull requests Aug 11, 2021
Fixed redirection errors identified by Brakeman #2095
Merged
Changed cookie serializer from :hybrid to :json as hybrid serializer has security issues; Fixed collaboration_controller dynamic resource path brakeman issue; #2101
Merged
@RajeshPaul38 RajeshPaul38 mentioned this issue Sep 2, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RajeshPaul38 RajeshPaul38

Labels
Aspect: Security Can an unwanted third party affect the stability or look at privileged information?
Projects
None yet
Milestone
No milestone
4 participants
@tas50 @dheerajd-msys @saghoshprogress @RajeshPaul38