-
-
Save markmichon/5129e0cdac1888f506586f7e9c95ced1 to your computer and use it in GitHub Desktop.
bearer scan forem output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading rules | |
Scanning target . | |
└ 100% [===============] (5220/5220, 61 files/s) [1m26s] | |
Running Detectors | |
Generating dataflow | |
Evaluating rules | |
└ 100% [===============] (255/255, 185 rules/s) [1s] | |
Summary Report | |
===================================== | |
Rules: | |
- 107 default rules applied (https://docs.bearer.com/reference/rules) | |
HIGH: Open redirect detected. [CWE-601] | |
https://docs.bearer.com/reference/rules/javascript_lang_open_redirect | |
To skip this rule, use the flag --skip-rule=javascript_lang_open_redirect | |
File: app/javascript/runtimeBanner/RuntimeBanner.jsx:63 | |
63 window.location.href = targetLink; | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/admin/controllers/modal_controller.js:34 | |
34 dangerouslySetInnerHTML={{ | |
35 __html: document.querySelector(this.contentSelectorValue).innerHTML, | |
36 } | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/article-form/components/Header.jsx:22 | |
22 dangerouslySetInnerHTML={{ __html: siteLogo }} | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/article-form/components/Help/index.jsx:17 | |
17 dangerouslySetInnerHTML={{ __html: helpHtml }} | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/article-form/components/Preview.jsx:121 | |
121 dangerouslySetInnerHTML={{ __html: previewResponse.processed_html }} | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/articles/components/CommentListItem.jsx:53 | |
53 dangerouslySetInnerHTML={{ __html: comment.safe_processed_html }} | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/articles/components/ContentTitle.jsx:19 | |
19 <span dangerouslySetInnerHTML={{ __html: filterXSS(article.title) }} /> | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/listings/singleListing/SingleListing.jsx:28 | |
28 dangerouslySetInnerHTML={{ __html: listing.processed_html }} // eslint-disable-line react/no-danger | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/onboarding/components/IntroSlide.jsx:86 | |
86 dangerouslySetInnerHTML={{ __html: text }} | |
HIGH: React's dangerously set inner HTML detected. [CWE-79] | |
https://docs.bearer.com/reference/rules/javascript_react_dangerously_set_inner_html | |
To skip this rule, use the flag --skip-rule=javascript_react_dangerously_set_inner_html | |
File: app/javascript/readingList/components/ItemListItem.jsx:36 | |
36 dangerouslySetInnerHTML={{ __html: filterXSS(adaptedItem.title) }} | |
HIGH: HTTP communication with user-controlled destination detected. [CWE-918] | |
https://docs.bearer.com/reference/rules/ruby_lang_http_url_using_user_input | |
To skip this rule, use the flag --skip-rule=ruby_lang_http_url_using_user_input | |
File: app/controllers/registrations_controller.rb:7 | |
7 if URI(request.referer || "").host == URI(request.base_url).host | |
HIGH: HTTP communication with user-controlled destination detected. [CWE-918] | |
https://docs.bearer.com/reference/rules/ruby_lang_http_url_using_user_input | |
To skip this rule, use the flag --skip-rule=ruby_lang_http_url_using_user_input | |
File: app/controllers/registrations_controller.rb:7 | |
7 if URI(request.referer || "").host == URI(request.base_url).host | |
HIGH: Use of reflection influenced by user input detected. [CWE-94] | |
https://docs.bearer.com/reference/rules/ruby_lang_reflection_using_user_input | |
To skip this rule, use the flag --skip-rule=ruby_lang_reflection_using_user_input | |
File: app/controllers/admin/organizations_controller.rb:30 | |
30 Credit.public_send(update_action, org, amount) | |
HIGH: Use of reflection influenced by user input detected. [CWE-94] | |
https://docs.bearer.com/reference/rules/ruby_lang_reflection_using_user_input | |
To skip this rule, use the flag --skip-rule=ruby_lang_reflection_using_user_input | |
File: app/controllers/dashboards_controller.rb:111 | |
111 source = source_type.constantize.find_by(id: params[:source_id]) | |
HIGH: Use of reflection influenced by user input detected. [CWE-94] | |
https://docs.bearer.com/reference/rules/ruby_lang_reflection_using_user_input | |
To skip this rule, use the flag --skip-rule=ruby_lang_reflection_using_user_input | |
File: app/controllers/follows_controller.rb:58 | |
58 params[:followable_type].capitalize.constantize | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/articles_controller.rb:48 | |
48 redirect_to admin_article_path(article.id) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/articles_controller.rb:59 | |
59 redirect_to admin_article_path(article.id) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/articles_controller.rb:75 | |
75 redirect_to admin_article_path(article.id) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/display_ads_controller.rb:42 | |
42 redirect_to edit_admin_display_ad_path(params[:id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/organization_memberships_controller.rb:20 | |
20 redirect_to admin_user_path(organization_membership.user_id) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/organization_memberships_controller.rb:94 | |
94 redirect_to admin_user_path(organization_membership.user_id) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/organizations_controller.rb:34 | |
34 redirect_to admin_organization_path(org) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/tags/moderators_controller.rb:18 | |
18 return redirect_to edit_admin_tag_path(params[:tag_id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/tags/moderators_controller.rb:32 | |
32 redirect_to edit_admin_tag_path(params[:tag_id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/tags/moderators_controller.rb:39 | |
39 return redirect_to edit_admin_tag_path(params[:tag_id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/tags/moderators_controller.rb:55 | |
55 redirect_to edit_admin_tag_path(tag.id) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/users_controller.rb:89 | |
89 redirect_to admin_user_path(params[:id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/users_controller.rb:109 | |
109 redirect_to admin_user_path(params[:id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/users_controller.rb:169 | |
169 redirect_to admin_user_path(params[:id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/users_controller.rb:175 | |
175 redirect_to admin_user_path(params[:id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/users_controller.rb:208 | |
208 redirect_to admin_user_path(params[:id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/users_controller.rb:225 | |
225 redirect_to admin_user_path(params[:id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/admin/users_controller.rb:248 | |
248 redirect_to admin_user_path(params[:id]) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/application_controller.rb:278 | |
278 redirect_to URL.url(request.fullpath) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/articles_controller.rb:173 | |
173 redirect_to(Addressable::URI.parse(params[:destination]).path) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/discussion_locks_controller.rb:38 | |
38 redirect_to "#{article.path}/manage" | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/notification_subscriptions_controller.rb:34 | |
34 format.html { redirect_to request.referer } | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/organizations_controller.rb:87 | |
87 redirect_to user_settings_path(:organization, id: organization.id) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/tag_adjustments_controller.rb:26 | |
26 format.html { redirect_to "#{Addressable::URI.parse(article.path).path}/mod" } | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/tags_controller.rb:62 | |
62 redirect_to edit_admin_tag_path(tag.id) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/users/settings_controller.rb:40 | |
40 redirect_to user_settings_path(tab) | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/users_controller.rb:192 | |
192 redirect_to "/settings/organization/#{org.id}" | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/users_controller.rb:203 | |
203 redirect_to "/settings/organization/#{org.id}" | |
HIGH: Open redirect detected [CWE-601] | |
https://docs.bearer.com/reference/rules/ruby_rails_redirect_to | |
To skip this rule, use the flag --skip-rule=ruby_rails_redirect_to | |
File: app/controllers/users_controller.rb:215 | |
215 redirect_to "/settings/organization/#{org.id}" | |
MEDIUM: Weak encryption library usage detected. [CWE-331, CWE-326] | |
https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption | |
To skip this rule, use the flag --skip-rule=ruby_lang_weak_encryption | |
File: app/services/mailchimp/bot.rb:153 | |
153 Digest::MD5.hexdigest(email.downcase) | |
MEDIUM: Sensitive data sent to Honeybadger detected. [CWE-201] | |
https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger | |
To skip this rule, use the flag --skip-rule=ruby_third_parties_honeybadger | |
File: app/controllers/omniauth_callbacks_controller.rb:77 | |
76 Honeybadger.context({ | |
77 username: @user.username, | |
78 user_id: @user.id, | |
79 auth_data: request.env["omniauth.auth"], | |
80 auth_error: request.env["omniauth.error"].inspect, | |
... | |
82 }) | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:91 | |
82 create_table "articles", force: :cascade do |t| | |
... | |
88 t.text "cached_organization" | |
89 t.string "cached_tag_list" | |
90 t.text "cached_user" | |
91 t.string "cached_user_name" | |
92 t.string "cached_user_username" | |
93 t.string "canonical_url" | |
94 t.bigint "co_author_ids", default: [], array: true | |
... | |
171 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:92 | |
82 create_table "articles", force: :cascade do |t| | |
... | |
89 t.string "cached_tag_list" | |
90 t.text "cached_user" | |
91 t.string "cached_user_name" | |
92 t.string "cached_user_username" | |
93 t.string "canonical_url" | |
94 t.bigint "co_author_ids", default: [], array: true | |
95 t.bigint "collection_id" | |
... | |
171 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:189 | |
185 create_table "badge_achievements", force: :cascade do |t| | |
... | |
186 t.bigint "badge_id", null: false | |
187 t.datetime "created_at", precision: nil, null: false | |
188 t.bigint "rewarder_id" | |
189 t.text "rewarding_context_message" | |
190 t.text "rewarding_context_message_markdown" | |
191 t.datetime "updated_at", precision: nil, null: false | |
192 t.bigint "user_id", null: false | |
... | |
195 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:190 | |
185 create_table "badge_achievements", force: :cascade do |t| | |
... | |
187 t.datetime "created_at", precision: nil, null: false | |
188 t.bigint "rewarder_id" | |
189 t.text "rewarding_context_message" | |
190 t.text "rewarding_context_message_markdown" | |
191 t.datetime "updated_at", precision: nil, null: false | |
192 t.bigint "user_id", null: false | |
193 t.index ["badge_id", "user_id"], name: "index_badge_achievements_on_badge_id_and_user_id", unique: true | |
... | |
195 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:213 | |
209 create_table "banished_users", force: :cascade do |t| | |
... | |
210 t.bigint "banished_by_id" | |
211 t.datetime "created_at", precision: nil, null: false | |
212 t.datetime "updated_at", precision: nil, null: false | |
213 t.string "username" | |
214 t.index ["banished_by_id"], name: "index_banished_users_on_banished_by_id" | |
215 t.index ["username"], name: "index_banished_users_on_username", unique: true | |
216 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:699 | |
688 create_table "organizations", force: :cascade do |t| | |
... | |
696 t.string "cta_button_url" | |
697 t.text "cta_processed_html" | |
698 t.string "dark_nav_image" | |
699 t.string "email" | |
700 t.string "github_username" | |
701 t.datetime "last_article_at", precision: nil, default: "2017-01-01 05:00:00" | |
702 t.datetime "latest_article_updated_at", precision: nil | |
... | |
725 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:700 | |
688 create_table "organizations", force: :cascade do |t| | |
... | |
697 t.text "cta_processed_html" | |
698 t.string "dark_nav_image" | |
699 t.string "email" | |
700 t.string "github_username" | |
701 t.datetime "last_article_at", precision: nil, default: "2017-01-01 05:00:00" | |
702 t.datetime "latest_article_updated_at", precision: nil | |
703 t.string "location" | |
... | |
725 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:703 | |
688 create_table "organizations", force: :cascade do |t| | |
... | |
700 t.string "github_username" | |
701 t.datetime "last_article_at", precision: nil, default: "2017-01-01 05:00:00" | |
702 t.datetime "latest_article_updated_at", precision: nil | |
703 t.string "location" | |
704 t.string "name" | |
705 t.string "nav_image" | |
706 t.string "old_old_slug" | |
... | |
725 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:704 | |
688 create_table "organizations", force: :cascade do |t| | |
... | |
701 t.datetime "last_article_at", precision: nil, default: "2017-01-01 05:00:00" | |
702 t.datetime "latest_article_updated_at", precision: nil | |
703 t.string "location" | |
704 t.string "name" | |
705 t.string "nav_image" | |
706 t.string "old_old_slug" | |
707 t.string "old_slug" | |
... | |
725 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:719 | |
688 create_table "organizations", force: :cascade do |t| | |
... | |
716 t.string "tag_line" | |
717 t.string "tech_stack" | |
718 t.string "text_color_hex" | |
719 t.string "twitter_username" | |
720 t.integer "unspent_credits_count", default: 0, null: false | |
721 t.datetime "updated_at", precision: nil, null: false | |
722 t.string "url" | |
... | |
725 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:840 | |
822 create_table "podcasts", force: :cascade do |t| | |
... | |
837 t.string "soundcloud_url" | |
838 t.text "status_notice", default: "" | |
839 t.string "title", null: false | |
840 t.string "twitter_username" | |
841 t.boolean "unique_website_url?", default: true | |
842 t.datetime "updated_at", precision: nil, null: false | |
843 t.string "website_url" | |
... | |
849 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:892 | |
889 create_table "profile_field_groups", force: :cascade do |t| | |
890 t.datetime "created_at", null: false | |
891 t.string "description" | |
892 t.string "name", null: false | |
893 t.datetime "updated_at", null: false | |
894 t.index ["name"], name: "index_profile_field_groups_on_name", unique: true | |
895 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:926 | |
923 create_table "profiles", force: :cascade do |t| | |
924 t.datetime "created_at", null: false | |
925 t.jsonb "data", default: {}, null: false | |
926 t.string "location" | |
927 t.text "summary" | |
928 t.datetime "updated_at", null: false | |
929 t.bigint "user_id", null: false | |
... | |
932 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1113 | |
1107 create_table "tweets", force: :cascade do |t| | |
... | |
1110 t.integer "favorite_count" | |
1111 t.text "full_fetched_object_serialized", default: "--- {}\n" | |
1112 t.string "hashtags_serialized", default: "--- []\n" | |
1113 t.string "in_reply_to_status_id_code" | |
1114 t.string "in_reply_to_user_id_code" | |
1115 t.string "in_reply_to_username" | |
1116 t.boolean "is_quote_status" | |
... | |
1136 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1114 | |
1107 create_table "tweets", force: :cascade do |t| | |
... | |
1111 t.text "full_fetched_object_serialized", default: "--- {}\n" | |
1112 t.string "hashtags_serialized", default: "--- []\n" | |
1113 t.string "in_reply_to_status_id_code" | |
1114 t.string "in_reply_to_user_id_code" | |
1115 t.string "in_reply_to_username" | |
1116 t.boolean "is_quote_status" | |
1117 t.datetime "last_fetched_at", precision: nil | |
... | |
1136 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1115 | |
1107 create_table "tweets", force: :cascade do |t| | |
... | |
1112 t.string "hashtags_serialized", default: "--- []\n" | |
1113 t.string "in_reply_to_status_id_code" | |
1114 t.string "in_reply_to_user_id_code" | |
1115 t.string "in_reply_to_username" | |
1116 t.boolean "is_quote_status" | |
1117 t.datetime "last_fetched_at", precision: nil | |
1118 t.text "media_serialized", default: "--- []\n" | |
... | |
1136 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1131 | |
1107 create_table "tweets", force: :cascade do |t| | |
... | |
1128 t.string "twitter_uid" | |
1129 t.integer "twitter_user_followers_count" | |
1130 t.integer "twitter_user_following_count" | |
1131 t.string "twitter_username" | |
1132 t.datetime "updated_at", precision: nil, null: false | |
1133 t.text "urls_serialized", default: "--- []\n" | |
1134 t.bigint "user_id" | |
... | |
1136 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1150 | |
1147 create_table "user_subscriptions", force: :cascade do |t| | |
1148 t.bigint "author_id", null: false | |
1149 t.datetime "created_at", null: false | |
1150 t.string "subscriber_email", null: false | |
1151 t.bigint "subscriber_id", null: false | |
1152 t.datetime "updated_at", null: false | |
1153 t.bigint "user_subscription_sourceable_id" | |
... | |
1159 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1162 | |
1161 create_table "users", force: :cascade do |t| | |
1162 t.string "apple_username" | |
1163 t.integer "articles_count", default: 0, null: false | |
1164 t.integer "badge_achievements_count", default: 0, null: false | |
1165 t.bigint "blocked_by_count", default: 0, null: false | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1177 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1174 t.integer "credits_count", default: 0, null: false | |
1175 t.datetime "current_sign_in_at", precision: nil | |
1176 t.inet "current_sign_in_ip" | |
1177 t.string "email" | |
1178 t.string "encrypted_password", default: "", null: false | |
1179 t.boolean "export_requested", default: false | |
1180 t.datetime "exported_at", precision: nil | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1181 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1178 t.string "encrypted_password", default: "", null: false | |
1179 t.boolean "export_requested", default: false | |
1180 t.datetime "exported_at", precision: nil | |
1181 t.string "facebook_username" | |
1182 t.integer "failed_attempts", default: 0 | |
1183 t.datetime "feed_fetched_at", precision: nil, default: "2017-01-01 05:00:00" | |
1184 t.integer "following_orgs_count", default: 0, null: false | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1187 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1184 t.integer "following_orgs_count", default: 0, null: false | |
1185 t.integer "following_tags_count", default: 0, null: false | |
1186 t.integer "following_users_count", default: 0, null: false | |
1187 t.string "forem_username" | |
1188 t.datetime "github_repos_updated_at", precision: nil, default: "2017-01-01 05:00:00" | |
1189 t.string "github_username" | |
1190 t.datetime "google_oauth2_created_at", precision: nil | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1189 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1186 t.integer "following_users_count", default: 0, null: false | |
1187 t.string "forem_username" | |
1188 t.datetime "github_repos_updated_at", precision: nil, default: "2017-01-01 05:00:00" | |
1189 t.string "github_username" | |
1190 t.datetime "google_oauth2_created_at", precision: nil | |
1191 t.string "google_oauth2_username" | |
1192 t.datetime "invitation_accepted_at", precision: nil | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1191 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1188 t.datetime "github_repos_updated_at", precision: nil, default: "2017-01-01 05:00:00" | |
1189 t.string "github_username" | |
1190 t.datetime "google_oauth2_created_at", precision: nil | |
1191 t.string "google_oauth2_username" | |
1192 t.datetime "invitation_accepted_at", precision: nil | |
1193 t.datetime "invitation_created_at", precision: nil | |
1194 t.integer "invitation_limit" | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1211 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1208 t.inet "last_sign_in_ip" | |
1209 t.datetime "latest_article_updated_at", precision: nil | |
1210 t.datetime "locked_at", precision: nil | |
1211 t.string "name" | |
1212 t.string "old_old_username" | |
1213 t.string "old_username" | |
1214 t.boolean "onboarding_package_requested", default: false | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1212 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1209 t.datetime "latest_article_updated_at", precision: nil | |
1210 t.datetime "locked_at", precision: nil | |
1211 t.string "name" | |
1212 t.string "old_old_username" | |
1213 t.string "old_username" | |
1214 t.boolean "onboarding_package_requested", default: false | |
1215 t.datetime "organization_info_updated_at", precision: nil | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1213 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1210 t.datetime "locked_at", precision: nil | |
1211 t.string "name" | |
1212 t.string "old_old_username" | |
1213 t.string "old_username" | |
1214 t.boolean "onboarding_package_requested", default: false | |
1215 t.datetime "organization_info_updated_at", precision: nil | |
1216 t.string "payment_pointer" | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1216 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1213 t.string "old_username" | |
1214 t.boolean "onboarding_package_requested", default: false | |
1215 t.datetime "organization_info_updated_at", precision: nil | |
1216 t.string "payment_pointer" | |
1217 t.string "profile_image" | |
1218 t.datetime "profile_updated_at", precision: nil, default: "2017-01-01 05:00:00" | |
1219 t.integer "rating_votes_count", default: 0, null: false | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1225 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1222 t.datetime "registered_at", precision: nil | |
1223 t.datetime "remember_created_at", precision: nil | |
1224 t.string "remember_token" | |
1225 t.float "reputation_modifier", default: 1.0 | |
1226 t.datetime "reset_password_sent_at", precision: nil | |
1227 t.string "reset_password_token" | |
1228 t.boolean "saw_onboarding", default: false | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1236 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1233 t.integer "spent_credits_count", default: 0, null: false | |
1234 t.string "stripe_id_code" | |
1235 t.integer "subscribed_to_user_subscriptions_count", default: 0, null: false | |
1236 t.string "twitter_username" | |
1237 t.string "unconfirmed_email" | |
1238 t.string "unlock_token" | |
1239 t.integer "unspent_credits_count", default: 0, null: false | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1237 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1234 t.string "stripe_id_code" | |
1235 t.integer "subscribed_to_user_subscriptions_count", default: 0, null: false | |
1236 t.string "twitter_username" | |
1237 t.string "unconfirmed_email" | |
1238 t.string "unlock_token" | |
1239 t.integer "unspent_credits_count", default: 0, null: false | |
1240 t.datetime "updated_at", precision: nil, null: false | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1241 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1238 t.string "unlock_token" | |
1239 t.integer "unspent_credits_count", default: 0, null: false | |
1240 t.datetime "updated_at", precision: nil, null: false | |
1241 t.string "username" | |
1242 t.datetime "workshop_expiration", precision: nil | |
1243 t.index "to_tsvector('simple'::regconfig, COALESCE((name)::text, ''::text))", name: "index_users_on_name_as_tsvector", using: :gin | |
1244 t.index "to_tsvector('simple'::regconfig, COALESCE((username)::text, ''::text))", name: "index_users_on_username_as_tsvector", using: :gin | |
... | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1262 | |
1161 create_table "users", force: :cascade do |t| | |
... | |
1259 t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true | |
1260 t.index ["twitter_username"], name: "index_users_on_twitter_username", unique: true | |
1261 t.index ["username"], name: "index_users_on_username", unique: true | |
1262 t.check_constraint "username IS NOT NULL", name: "users_username_not_null" | |
1263 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1267 | |
1265 create_table "users_gdpr_delete_requests", force: :cascade do |t| | |
1266 t.datetime "created_at", null: false | |
1267 t.string "email", null: false | |
1268 t.string "name" | |
1269 t.datetime "updated_at", null: false | |
1270 t.integer "user_id", null: false | |
... | |
1272 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1268 | |
1265 create_table "users_gdpr_delete_requests", force: :cascade do |t| | |
1266 t.datetime "created_at", null: false | |
1267 t.string "email", null: false | |
1268 t.string "name" | |
1269 t.datetime "updated_at", null: false | |
1270 t.integer "user_id", null: false | |
1271 t.string "username" | |
... | |
1272 end | |
WARNING: Missing application-level encryption of sensitive data detected. [CWE-312] | |
https://docs.bearer.com/reference/rules/ruby_rails_default_encryption | |
To skip this rule, use the flag --skip-rule=ruby_rails_default_encryption | |
File: db/schema.rb:1271 | |
1265 create_table "users_gdpr_delete_requests", force: :cascade do |t| | |
... | |
1268 t.string "name" | |
1269 t.datetime "updated_at", null: false | |
1270 t.integer "user_id", null: false | |
1271 t.string "username" | |
1272 end | |
===================================== | |
107 checks, 46 failures, 36 warnings | |
CRITICAL: 0 | |
HIGH: 44 (CWE-601, CWE-79, CWE-918, CWE-94) | |
MEDIUM: 2 (CWE-201, CWE-326, CWE-331) | |
LOW: 0 | |
WARNING: 36 (CWE-312) | |
Need help or want to discuss the output? Join the Community https://discord.gg/eaHZBJUXRF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment