Skip to content

Instantly share code, notes, and snippets.

@markmichon

markmichon/txt Secret

Last active March 23, 2023 14:32
Show Gist options
  • Save markmichon/5129e0cdac1888f506586f7e9c95ced1 to your computer and use it in GitHub Desktop.
Save markmichon/5129e0cdac1888f506586f7e9c95ced1 to your computer and use it in GitHub Desktop.
bearer scan forem output
Loading rules
Scanning target .
└ 100% [===============] (5220/5220, 61 files/s) [1m26s]
Running Detectors
Generating dataflow
Evaluating rules
└ 100% [===============] (255/255, 185 rules/s) [1s]
Summary Report
=====================================
Rules:
- 107 default rules applied (https://docs.bearer.com/reference/rules)
HIGH: Open redirect detected. [CWE-601]
https://docs.bearer.com/reference/rules/javascript_lang_open_redirect
To skip this rule, use the flag --skip-rule=javascript_lang_open_redirect
File: app/javascript/runtimeBanner/RuntimeBanner.jsx:63
63 window.location.href = targetLink;
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/admin/controllers/modal_controller.js:34
34 dangerouslySetInnerHTML={{
35 __html: document.querySelector(this.contentSelectorValue).innerHTML,
36 }
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/article-form/components/Header.jsx:22
22 dangerouslySetInnerHTML={{ __html: siteLogo }}
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/article-form/components/Help/index.jsx:17
17 dangerouslySetInnerHTML={{ __html: helpHtml }}
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/article-form/components/Preview.jsx:121
121 dangerouslySetInnerHTML={{ __html: previewResponse.processed_html }}
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/articles/components/CommentListItem.jsx:53
53 dangerouslySetInnerHTML={{ __html: comment.safe_processed_html }}
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/articles/components/ContentTitle.jsx:19
19 <span dangerouslySetInnerHTML={{ __html: filterXSS(article.title) }} />
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/listings/singleListing/SingleListing.jsx:28
28 dangerouslySetInnerHTML={{ __html: listing.processed_html }} // eslint-disable-line react/no-danger
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/onboarding/components/IntroSlide.jsx:86
86 dangerouslySetInnerHTML={{ __html: text }}
HIGH: React's dangerously set inner HTML detected. [CWE-79]
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html
File: app/javascript/readingList/components/ItemListItem.jsx:36
36 dangerouslySetInnerHTML={{ __html: filterXSS(adaptedItem.title) }}
HIGH: HTTP communication with user-controlled destination detected. [CWE-918]
https://docs.bearer.com/reference/rules/ruby_lang_http_url_using_user_input
To skip this rule, use the flag --skip-rule=ruby_lang_http_url_using_user_input
File: app/controllers/registrations_controller.rb:7
7 if URI(request.referer || "").host == URI(request.base_url).host
HIGH: HTTP communication with user-controlled destination detected. [CWE-918]
https://docs.bearer.com/reference/rules/ruby_lang_http_url_using_user_input
To skip this rule, use the flag --skip-rule=ruby_lang_http_url_using_user_input
File: app/controllers/registrations_controller.rb:7
7 if URI(request.referer || "").host == URI(request.base_url).host
HIGH: Use of reflection influenced by user input detected. [CWE-94]
https://docs.bearer.com/reference/rules/ruby_lang_reflection_using_user_input
To skip this rule, use the flag --skip-rule=ruby_lang_reflection_using_user_input
File: app/controllers/admin/organizations_controller.rb:30
30 Credit.public_send(update_action, org, amount)
HIGH: Use of reflection influenced by user input detected. [CWE-94]
https://docs.bearer.com/reference/rules/ruby_lang_reflection_using_user_input
To skip this rule, use the flag --skip-rule=ruby_lang_reflection_using_user_input
File: app/controllers/dashboards_controller.rb:111
111 source = source_type.constantize.find_by(id: params[:source_id])
HIGH: Use of reflection influenced by user input detected. [CWE-94]
https://docs.bearer.com/reference/rules/ruby_lang_reflection_using_user_input
To skip this rule, use the flag --skip-rule=ruby_lang_reflection_using_user_input
File: app/controllers/follows_controller.rb:58
58 params[:followable_type].capitalize.constantize
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/articles_controller.rb:48
48 redirect_to admin_article_path(article.id)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/articles_controller.rb:59
59 redirect_to admin_article_path(article.id)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/articles_controller.rb:75
75 redirect_to admin_article_path(article.id)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/display_ads_controller.rb:42
42 redirect_to edit_admin_display_ad_path(params[:id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/organization_memberships_controller.rb:20
20 redirect_to admin_user_path(organization_membership.user_id)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/organization_memberships_controller.rb:94
94 redirect_to admin_user_path(organization_membership.user_id)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/organizations_controller.rb:34
34 redirect_to admin_organization_path(org)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/tags/moderators_controller.rb:18
18 return redirect_to edit_admin_tag_path(params[:tag_id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/tags/moderators_controller.rb:32
32 redirect_to edit_admin_tag_path(params[:tag_id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/tags/moderators_controller.rb:39
39 return redirect_to edit_admin_tag_path(params[:tag_id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/tags/moderators_controller.rb:55
55 redirect_to edit_admin_tag_path(tag.id)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/users_controller.rb:89
89 redirect_to admin_user_path(params[:id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/users_controller.rb:109
109 redirect_to admin_user_path(params[:id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/users_controller.rb:169
169 redirect_to admin_user_path(params[:id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/users_controller.rb:175
175 redirect_to admin_user_path(params[:id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/users_controller.rb:208
208 redirect_to admin_user_path(params[:id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/users_controller.rb:225
225 redirect_to admin_user_path(params[:id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/admin/users_controller.rb:248
248 redirect_to admin_user_path(params[:id])
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/application_controller.rb:278
278 redirect_to URL.url(request.fullpath)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/articles_controller.rb:173
173 redirect_to(Addressable::URI.parse(params[:destination]).path)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/discussion_locks_controller.rb:38
38 redirect_to "#{article.path}/manage"
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/notification_subscriptions_controller.rb:34
34 format.html { redirect_to request.referer }
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/organizations_controller.rb:87
87 redirect_to user_settings_path(:organization, id: organization.id)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/tag_adjustments_controller.rb:26
26 format.html { redirect_to "#{Addressable::URI.parse(article.path).path}/mod" }
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/tags_controller.rb:62
62 redirect_to edit_admin_tag_path(tag.id)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/users/settings_controller.rb:40
40 redirect_to user_settings_path(tab)
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/users_controller.rb:192
192 redirect_to "/settings/organization/#{org.id}"
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/users_controller.rb:203
203 redirect_to "/settings/organization/#{org.id}"
HIGH: Open redirect detected [CWE-601]
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to
File: app/controllers/users_controller.rb:215
215 redirect_to "/settings/organization/#{org.id}"
MEDIUM: Weak encryption library usage detected. [CWE-331, CWE-326]
https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption
To skip this rule, use the flag --skip-rule=ruby_lang_weak_encryption
File: app/services/mailchimp/bot.rb:153
153 Digest::MD5.hexdigest(email.downcase)
MEDIUM: Sensitive data sent to Honeybadger detected. [CWE-201]
https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger
To skip this rule, use the flag --skip-rule=ruby_third_parties_honeybadger
File: app/controllers/omniauth_callbacks_controller.rb:77
76 Honeybadger.context({
77 username: @user.username,
78 user_id: @user.id,
79 auth_data: request.env["omniauth.auth"],
80 auth_error: request.env["omniauth.error"].inspect,
...
82 })
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:91
82 create_table "articles", force: :cascade do |t|
...
88 t.text "cached_organization"
89 t.string "cached_tag_list"
90 t.text "cached_user"
91 t.string "cached_user_name"
92 t.string "cached_user_username"
93 t.string "canonical_url"
94 t.bigint "co_author_ids", default: [], array: true
...
171 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:92
82 create_table "articles", force: :cascade do |t|
...
89 t.string "cached_tag_list"
90 t.text "cached_user"
91 t.string "cached_user_name"
92 t.string "cached_user_username"
93 t.string "canonical_url"
94 t.bigint "co_author_ids", default: [], array: true
95 t.bigint "collection_id"
...
171 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:189
185 create_table "badge_achievements", force: :cascade do |t|
...
186 t.bigint "badge_id", null: false
187 t.datetime "created_at", precision: nil, null: false
188 t.bigint "rewarder_id"
189 t.text "rewarding_context_message"
190 t.text "rewarding_context_message_markdown"
191 t.datetime "updated_at", precision: nil, null: false
192 t.bigint "user_id", null: false
...
195 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:190
185 create_table "badge_achievements", force: :cascade do |t|
...
187 t.datetime "created_at", precision: nil, null: false
188 t.bigint "rewarder_id"
189 t.text "rewarding_context_message"
190 t.text "rewarding_context_message_markdown"
191 t.datetime "updated_at", precision: nil, null: false
192 t.bigint "user_id", null: false
193 t.index ["badge_id", "user_id"], name: "index_badge_achievements_on_badge_id_and_user_id", unique: true
...
195 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:213
209 create_table "banished_users", force: :cascade do |t|
...
210 t.bigint "banished_by_id"
211 t.datetime "created_at", precision: nil, null: false
212 t.datetime "updated_at", precision: nil, null: false
213 t.string "username"
214 t.index ["banished_by_id"], name: "index_banished_users_on_banished_by_id"
215 t.index ["username"], name: "index_banished_users_on_username", unique: true
216 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:699
688 create_table "organizations", force: :cascade do |t|
...
696 t.string "cta_button_url"
697 t.text "cta_processed_html"
698 t.string "dark_nav_image"
699 t.string "email"
700 t.string "github_username"
701 t.datetime "last_article_at", precision: nil, default: "2017-01-01 05:00:00"
702 t.datetime "latest_article_updated_at", precision: nil
...
725 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:700
688 create_table "organizations", force: :cascade do |t|
...
697 t.text "cta_processed_html"
698 t.string "dark_nav_image"
699 t.string "email"
700 t.string "github_username"
701 t.datetime "last_article_at", precision: nil, default: "2017-01-01 05:00:00"
702 t.datetime "latest_article_updated_at", precision: nil
703 t.string "location"
...
725 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:703
688 create_table "organizations", force: :cascade do |t|
...
700 t.string "github_username"
701 t.datetime "last_article_at", precision: nil, default: "2017-01-01 05:00:00"
702 t.datetime "latest_article_updated_at", precision: nil
703 t.string "location"
704 t.string "name"
705 t.string "nav_image"
706 t.string "old_old_slug"
...
725 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:704
688 create_table "organizations", force: :cascade do |t|
...
701 t.datetime "last_article_at", precision: nil, default: "2017-01-01 05:00:00"
702 t.datetime "latest_article_updated_at", precision: nil
703 t.string "location"
704 t.string "name"
705 t.string "nav_image"
706 t.string "old_old_slug"
707 t.string "old_slug"
...
725 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:719
688 create_table "organizations", force: :cascade do |t|
...
716 t.string "tag_line"
717 t.string "tech_stack"
718 t.string "text_color_hex"
719 t.string "twitter_username"
720 t.integer "unspent_credits_count", default: 0, null: false
721 t.datetime "updated_at", precision: nil, null: false
722 t.string "url"
...
725 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:840
822 create_table "podcasts", force: :cascade do |t|
...
837 t.string "soundcloud_url"
838 t.text "status_notice", default: ""
839 t.string "title", null: false
840 t.string "twitter_username"
841 t.boolean "unique_website_url?", default: true
842 t.datetime "updated_at", precision: nil, null: false
843 t.string "website_url"
...
849 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:892
889 create_table "profile_field_groups", force: :cascade do |t|
890 t.datetime "created_at", null: false
891 t.string "description"
892 t.string "name", null: false
893 t.datetime "updated_at", null: false
894 t.index ["name"], name: "index_profile_field_groups_on_name", unique: true
895 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:926
923 create_table "profiles", force: :cascade do |t|
924 t.datetime "created_at", null: false
925 t.jsonb "data", default: {}, null: false
926 t.string "location"
927 t.text "summary"
928 t.datetime "updated_at", null: false
929 t.bigint "user_id", null: false
...
932 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1113
1107 create_table "tweets", force: :cascade do |t|
...
1110 t.integer "favorite_count"
1111 t.text "full_fetched_object_serialized", default: "--- {}\n"
1112 t.string "hashtags_serialized", default: "--- []\n"
1113 t.string "in_reply_to_status_id_code"
1114 t.string "in_reply_to_user_id_code"
1115 t.string "in_reply_to_username"
1116 t.boolean "is_quote_status"
...
1136 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1114
1107 create_table "tweets", force: :cascade do |t|
...
1111 t.text "full_fetched_object_serialized", default: "--- {}\n"
1112 t.string "hashtags_serialized", default: "--- []\n"
1113 t.string "in_reply_to_status_id_code"
1114 t.string "in_reply_to_user_id_code"
1115 t.string "in_reply_to_username"
1116 t.boolean "is_quote_status"
1117 t.datetime "last_fetched_at", precision: nil
...
1136 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1115
1107 create_table "tweets", force: :cascade do |t|
...
1112 t.string "hashtags_serialized", default: "--- []\n"
1113 t.string "in_reply_to_status_id_code"
1114 t.string "in_reply_to_user_id_code"
1115 t.string "in_reply_to_username"
1116 t.boolean "is_quote_status"
1117 t.datetime "last_fetched_at", precision: nil
1118 t.text "media_serialized", default: "--- []\n"
...
1136 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1131
1107 create_table "tweets", force: :cascade do |t|
...
1128 t.string "twitter_uid"
1129 t.integer "twitter_user_followers_count"
1130 t.integer "twitter_user_following_count"
1131 t.string "twitter_username"
1132 t.datetime "updated_at", precision: nil, null: false
1133 t.text "urls_serialized", default: "--- []\n"
1134 t.bigint "user_id"
...
1136 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1150
1147 create_table "user_subscriptions", force: :cascade do |t|
1148 t.bigint "author_id", null: false
1149 t.datetime "created_at", null: false
1150 t.string "subscriber_email", null: false
1151 t.bigint "subscriber_id", null: false
1152 t.datetime "updated_at", null: false
1153 t.bigint "user_subscription_sourceable_id"
...
1159 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1162
1161 create_table "users", force: :cascade do |t|
1162 t.string "apple_username"
1163 t.integer "articles_count", default: 0, null: false
1164 t.integer "badge_achievements_count", default: 0, null: false
1165 t.bigint "blocked_by_count", default: 0, null: false
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1177
1161 create_table "users", force: :cascade do |t|
...
1174 t.integer "credits_count", default: 0, null: false
1175 t.datetime "current_sign_in_at", precision: nil
1176 t.inet "current_sign_in_ip"
1177 t.string "email"
1178 t.string "encrypted_password", default: "", null: false
1179 t.boolean "export_requested", default: false
1180 t.datetime "exported_at", precision: nil
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1181
1161 create_table "users", force: :cascade do |t|
...
1178 t.string "encrypted_password", default: "", null: false
1179 t.boolean "export_requested", default: false
1180 t.datetime "exported_at", precision: nil
1181 t.string "facebook_username"
1182 t.integer "failed_attempts", default: 0
1183 t.datetime "feed_fetched_at", precision: nil, default: "2017-01-01 05:00:00"
1184 t.integer "following_orgs_count", default: 0, null: false
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1187
1161 create_table "users", force: :cascade do |t|
...
1184 t.integer "following_orgs_count", default: 0, null: false
1185 t.integer "following_tags_count", default: 0, null: false
1186 t.integer "following_users_count", default: 0, null: false
1187 t.string "forem_username"
1188 t.datetime "github_repos_updated_at", precision: nil, default: "2017-01-01 05:00:00"
1189 t.string "github_username"
1190 t.datetime "google_oauth2_created_at", precision: nil
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1189
1161 create_table "users", force: :cascade do |t|
...
1186 t.integer "following_users_count", default: 0, null: false
1187 t.string "forem_username"
1188 t.datetime "github_repos_updated_at", precision: nil, default: "2017-01-01 05:00:00"
1189 t.string "github_username"
1190 t.datetime "google_oauth2_created_at", precision: nil
1191 t.string "google_oauth2_username"
1192 t.datetime "invitation_accepted_at", precision: nil
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1191
1161 create_table "users", force: :cascade do |t|
...
1188 t.datetime "github_repos_updated_at", precision: nil, default: "2017-01-01 05:00:00"
1189 t.string "github_username"
1190 t.datetime "google_oauth2_created_at", precision: nil
1191 t.string "google_oauth2_username"
1192 t.datetime "invitation_accepted_at", precision: nil
1193 t.datetime "invitation_created_at", precision: nil
1194 t.integer "invitation_limit"
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1211
1161 create_table "users", force: :cascade do |t|
...
1208 t.inet "last_sign_in_ip"
1209 t.datetime "latest_article_updated_at", precision: nil
1210 t.datetime "locked_at", precision: nil
1211 t.string "name"
1212 t.string "old_old_username"
1213 t.string "old_username"
1214 t.boolean "onboarding_package_requested", default: false
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1212
1161 create_table "users", force: :cascade do |t|
...
1209 t.datetime "latest_article_updated_at", precision: nil
1210 t.datetime "locked_at", precision: nil
1211 t.string "name"
1212 t.string "old_old_username"
1213 t.string "old_username"
1214 t.boolean "onboarding_package_requested", default: false
1215 t.datetime "organization_info_updated_at", precision: nil
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1213
1161 create_table "users", force: :cascade do |t|
...
1210 t.datetime "locked_at", precision: nil
1211 t.string "name"
1212 t.string "old_old_username"
1213 t.string "old_username"
1214 t.boolean "onboarding_package_requested", default: false
1215 t.datetime "organization_info_updated_at", precision: nil
1216 t.string "payment_pointer"
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1216
1161 create_table "users", force: :cascade do |t|
...
1213 t.string "old_username"
1214 t.boolean "onboarding_package_requested", default: false
1215 t.datetime "organization_info_updated_at", precision: nil
1216 t.string "payment_pointer"
1217 t.string "profile_image"
1218 t.datetime "profile_updated_at", precision: nil, default: "2017-01-01 05:00:00"
1219 t.integer "rating_votes_count", default: 0, null: false
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1225
1161 create_table "users", force: :cascade do |t|
...
1222 t.datetime "registered_at", precision: nil
1223 t.datetime "remember_created_at", precision: nil
1224 t.string "remember_token"
1225 t.float "reputation_modifier", default: 1.0
1226 t.datetime "reset_password_sent_at", precision: nil
1227 t.string "reset_password_token"
1228 t.boolean "saw_onboarding", default: false
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1236
1161 create_table "users", force: :cascade do |t|
...
1233 t.integer "spent_credits_count", default: 0, null: false
1234 t.string "stripe_id_code"
1235 t.integer "subscribed_to_user_subscriptions_count", default: 0, null: false
1236 t.string "twitter_username"
1237 t.string "unconfirmed_email"
1238 t.string "unlock_token"
1239 t.integer "unspent_credits_count", default: 0, null: false
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1237
1161 create_table "users", force: :cascade do |t|
...
1234 t.string "stripe_id_code"
1235 t.integer "subscribed_to_user_subscriptions_count", default: 0, null: false
1236 t.string "twitter_username"
1237 t.string "unconfirmed_email"
1238 t.string "unlock_token"
1239 t.integer "unspent_credits_count", default: 0, null: false
1240 t.datetime "updated_at", precision: nil, null: false
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1241
1161 create_table "users", force: :cascade do |t|
...
1238 t.string "unlock_token"
1239 t.integer "unspent_credits_count", default: 0, null: false
1240 t.datetime "updated_at", precision: nil, null: false
1241 t.string "username"
1242 t.datetime "workshop_expiration", precision: nil
1243 t.index "to_tsvector('simple'::regconfig, COALESCE((name)::text, ''::text))", name: "index_users_on_name_as_tsvector", using: :gin
1244 t.index "to_tsvector('simple'::regconfig, COALESCE((username)::text, ''::text))", name: "index_users_on_username_as_tsvector", using: :gin
...
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1262
1161 create_table "users", force: :cascade do |t|
...
1259 t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
1260 t.index ["twitter_username"], name: "index_users_on_twitter_username", unique: true
1261 t.index ["username"], name: "index_users_on_username", unique: true
1262 t.check_constraint "username IS NOT NULL", name: "users_username_not_null"
1263 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1267
1265 create_table "users_gdpr_delete_requests", force: :cascade do |t|
1266 t.datetime "created_at", null: false
1267 t.string "email", null: false
1268 t.string "name"
1269 t.datetime "updated_at", null: false
1270 t.integer "user_id", null: false
...
1272 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1268
1265 create_table "users_gdpr_delete_requests", force: :cascade do |t|
1266 t.datetime "created_at", null: false
1267 t.string "email", null: false
1268 t.string "name"
1269 t.datetime "updated_at", null: false
1270 t.integer "user_id", null: false
1271 t.string "username"
...
1272 end
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312]
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption
File: db/schema.rb:1271
1265 create_table "users_gdpr_delete_requests", force: :cascade do |t|
...
1268 t.string "name"
1269 t.datetime "updated_at", null: false
1270 t.integer "user_id", null: false
1271 t.string "username"
1272 end
=====================================
107 checks, 46 failures, 36 warnings
CRITICAL: 0
HIGH: 44 (CWE-601, CWE-79, CWE-918, CWE-94)
MEDIUM: 2 (CWE-201, CWE-326, CWE-331)
LOW: 0
WARNING: 36 (CWE-312)
Need help or want to discuss the output? Join the Community https://discord.gg/eaHZBJUXRF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment