-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoutput.json
116 lines (114 loc) · 2.94 KB
/
output.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
{
"scan_info": {
"app_path": "/home/david/workspace/splitwise",
"rails_version": "4.2.6",
"security_warnings": 2,
"start_time": "2016-08-23 00:37:26 +0530",
"end_time": "2016-08-23 00:37:27 +0530",
"duration": 0.529091777,
"checks_performed": [
"BasicAuth",
"BasicAuthTimingAttack",
"ContentTag",
"CreateWith",
"CrossSiteScripting",
"DefaultRoutes",
"Deserialize",
"DetailedExceptions",
"DigestDoS",
"DynamicFinders",
"EscapeFunction",
"Evaluation",
"Execute",
"FileAccess",
"FileDisclosure",
"FilterSkipping",
"ForgerySetting",
"HeaderDoS",
"I18nXSS",
"JRubyXML",
"JSONEncoding",
"JSONParsing",
"LinkTo",
"LinkToHref",
"MailTo",
"MassAssignment",
"MimeTypeDoS",
"ModelAttrAccessible",
"ModelAttributes",
"ModelSerialize",
"NestedAttributes",
"NestedAttributesBypass",
"NumberToCurrency",
"QuoteTableName",
"Redirect",
"RegexDoS",
"Render",
"RenderDoS",
"RenderInline",
"ResponseSplitting",
"RouteDoS",
"SQL",
"SQLCVEs",
"SSLVerify",
"SafeBufferManipulation",
"SanitizeMethods",
"SelectTag",
"SelectVulnerability",
"Send",
"SendFile",
"SessionManipulation",
"SessionSettings",
"SimpleFormat",
"SingleQuotes",
"SkipBeforeFilter",
"StripTags",
"SymbolDoSCVE",
"TranslateBug",
"UnsafeReflection",
"ValidationRegex",
"WithoutProtection",
"XMLDoS",
"YAMLParsing"
],
"number_of_controllers": 6,
"number_of_models": 8,
"number_of_templates": 31,
"ruby_version": "2.3.1",
"brakeman_version": "3.3.5"
},
"warnings": [
{
"warning_type": "Cross Site Scripting",
"warning_code": 102,
"fingerprint": "1a1b3368951a20d02976c9207e5981df37d1bfa7dbbdb925eecd9013ecfeaa0f",
"message": "Rails 4.2.6 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 4.2.7.1",
"file": "Gemfile.lock",
"line": 103,
"link": "https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ",
"code": null,
"render_path": null,
"location": null,
"user_input": null,
"confidence": "Medium"
},
{
"warning_type": "SQL Injection",
"warning_code": 103,
"fingerprint": "ccf453e2ed88ce4f2116f94c1c0b7e80b4ac2b985364cd2fe50a6016ce493a30",
"message": "Rails 4.2.6 contains a SQL injection vulnerability (CVE-2016-6317). Upgrade to 4.2.7.1",
"file": "Gemfile.lock",
"line": 103,
"link": "https://groups.google.com/d/msg/ruby-security-ann/WccgKSKiPZA/9DrsDVSoCgAJ",
"code": null,
"render_path": null,
"location": null,
"user_input": null,
"confidence": "High"
}
],
"ignored_warnings": [
],
"errors": [
]
}