From d179adde05a0140f424d1a4eebc1603200c4e8e1 Mon Sep 17 00:00:00 2001
From: Janell-Huyck <huyckjl@ucmail.uc.edu>
Date: Thu, 7 Sep 2023 10:32:19 -0400
Subject: [PATCH] remove brakeman file

---
 brakeman.html | 643 --------------------------------------------------
 1 file changed, 643 deletions(-)
 delete mode 100644 brakeman.html
diff --git a/brakeman.html b/brakeman.html
deleted file mode 100644
index a621d503..00000000
--- a/brakeman.html
+++ /dev/null
@@ -1,643 +0,0 @@
-<!DOCTYPE HTML SYSTEM>
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<title>Brakeman Report</title>
-  <script type="text/javascript" src="https://code.jquery.com/jquery-2.1.4.min.js"></script>
-  <script type="text/javascript" src="https://cdn.datatables.net/1.10.9/js/jquery.dataTables.min.js"></script>
-  <script type="text/javascript">
-    function toggle(context) {
-      var elem = document.getElementById(context);
-
-      if (elem.style.display != "block")
-        elem.style.display = "block";
-      else
-        elem.style.display = "none";
-
-      elem.parentNode.scrollIntoView();
-    }
-
-    $(document).ready(function() {
-      $('table').DataTable({
-        searching: false,
-        paging:    false,
-        info:      false
-      });
-    });
-  </script>
-  <style>
-    /* CSS style used for HTML reports */
-
-body {
-  font-family: sans-serif;
-  color: #161616;
-}
-
-a {
-  color: #161616;
-}
-
-p {
-  font-weight: bold;
-  font-size: 11pt;
-  color: #2D0200;
- }
-
- th {
-   background-color: #980905;
-   border-bottom: 5px solid #530200;
-   color: white;
-   font-size: 11pt;
-   padding: 1px 8px 1px 8px;
- }
-
- td {
-   border-bottom: 2px solid white;
-   font-family: monospace;
-   padding: 5px 8px 1px 8px;
- }
-
- table {
-   background-color: #FCF4D4;
-   border-collapse: collapse;
- }
-
- h1 {
-   color: #2D0200;
-   font-size: 14pt;
- }
-
- h2 {
-   color: #2D0200;
-   font-size: 12pt;
- }
-
- span.high-confidence {
-   font-weight:bold;
-   color: red;
- }
-
- span.med-confidence {
- }
-
- span.weak-confidence {
-   color:gray;
- }
-
- div.warning_message {
-   cursor: pointer;
- }
-
- div.warning_message:hover {
-   background-color: white;
- }
-
- table caption {
-   background-color: #FFE;
-   padding: 2px;
- }
-
- table.context {
-   margin-top: 5px;
-   margin-bottom: 5px;
-   border-left: 1px solid #90e960;
-   color: #212121;
- }
-
- tr.context {
-   background-color: white;
- }
-
- tr.first {
-   border-top: 1px solid #7ecc54;
-   padding-top: 2px;
- }
-
- tr.error {
-  background-color: #f4c1c1 !important
- }
-
- tr.near_error {
-  background-color: #f4d4d4 !important
- }
-
- tr.alt {
-   background-color: #e8f4d4;
- }
-
- td.context {
-   padding: 2px 10px 0px 6px;
-   border-bottom: none;
- }
-
- td.context_line {
-   padding: 2px 8px 0px 7px;
-   border-right: 1px solid #b3bda4;
-   border-bottom: none;
-   color: #6e7465;
- }
-
- pre.context {
-   margin-bottom: 1px;
- }
-
- .user_input {
-   background-color: #fcecab;
- }
-
- div.render_path {
-   display: none;
-   background-color: #ffe;
-   padding: 5px;
-   margin: 2px 0px 2px 0px;
- }
-
- div.template_name {
-   cursor: pointer;
- }
-
- div.template_name:hover {
-   background-color: white;
- }
-
- span.code {
-   font-family: monospace;
- }
-
- span.filename {
-   font-family: monospace;
- }
-
-  </style>
-</head>
-<body>
-
-<h1>Brakeman Report</h1>
-<table>
-  <thead>
-    <tr>
-      <th>Application Path</th>
-      <th>Rails Version</th>
-      <th>Brakeman Version</th>
-      <th>Report Time</th>
-      <th>Checks Performed</th>
-    </tr>
-  </thead>
-  <tbody>
-    <tr>
-      <td>/Users/huyckjl/Codebases/aaec</td>
-      <td>6.1.7.6</td>
-      <td>6.0.1
-      <td>
-        2023-09-07 10:18:36 -0400<br><br>
-        0.874537 seconds
-      </td>
-      <td>BasicAuth, BasicAuthTimingAttack, CSRFTokenForgeryCVE, ContentTag, CookieSerialization, CreateWith, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, DynamicFinders, EOLRails, EOLRuby, EscapeFunction, Evaluation, Execute, FileAccess, FileDisclosure, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONEncoding, JSONEntityEscape, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, MimeTypeDoS, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NestedAttributesBypass, NumberToCurrency, PageCachingCVE, Pathname, PermitAttributes, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, RenderInline, ResponseSplitting, RouteDoS, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeConfigCve, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionManipulation, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, SprocketsPathTraversal, StripTags, SymbolDoSCVE, TemplateInjection, TranslateBug, UnsafeReflection, UnsafeReflectionMethods, ValidationRegex, VerbConfusion, WeakRSAKey, WithoutProtection, XMLDoS, YAMLParsing</td>
-    </tr>
-  </tbody>
-</table>
-<br>
-<h2 id='summary'>Summary</h2>
-<table>
-  <thead>
-    <tr>
-      <th>Scanned/Reported</th>
-      <th>Total</th>
-    </tr>
-  </thead>
-  <tbody>
-    <tr>
-      <td>Controllers</td>
-      <td>19</td>
-    </tr>
-    <tr>
-      <td>Models</td>
-      <td>16</td>
-    </tr>
-    <tr>
-      <td>Templates</td>
-      <td>89</td>
-    </tr>
-    <tr>
-      <td>Errors</td>
-      <td>0</td>
-    </tr>
-    <tr>
-      <td>Security Warnings</td>
-      <td>4 <span class='high-confidence'>(3)</span></td>
-    </tr>
-  
-    <tr>
-      <td>Ignored Warnings</td>
-      <td>0</td>
-    </tr>
-  
-  </tbody>
-</table>
-<br>
-<table>
-  <thead>
-    <tr>
-      <th>Warning Type</th>
-      <th>Total</th>
-    </tr>
-  </thead>
-  <tbody>
-  
-    <tr>
-      <td>Dynamic Render Path</td>
-      <td>1</td>
-    </tr>
-  
-    <tr>
-      <td>File Access</td>
-      <td>1</td>
-    </tr>
-  
-    <tr>
-      <td>Format Validation</td>
-      <td>1</td>
-    </tr>
-  
-    <tr>
-      <td>Remote Code Execution</td>
-      <td>1</td>
-    </tr>
-  
-  </tbody>
-</table>
-<br>
-<h2>Security Warnings</h2>  
-<table>
-  <thead>
-    <tr>
-      <th>Confidence</th>
-      <th>Class</th>
-      <th>Method</th>
-      <th>Warning Type</th>
-      <th>CWE ID</th>
-      <th>Message</th>
-    </tr>
-  </thead>
-  <tbody>
-  
-    <tr>
-      <td><span class='high-confidence'>High</span></td>
-      <td>PagesController</td>
-      <td>valid_page?</td>
-      <td><a rel="noreferrer" href="https://brakemanscanner.org/docs/warning_types/file_access/">File Access</a></td>
-      <td>[22]</td>
-      <td><div class='warning_message' onClick="toggle('context1');toggle('message1');toggle('full_message1')" >Parameter value used in file name near line 17: <span class="code">Pathname.new((Rails.root + &quot;app/views/pages/#{<span class="user_input">params[:page]</span>}.html.erb&quot;))</span><table id='context1' class='context' style='display:none'><caption>app/controllers/pages_controller.rb</caption>      <thead style='display:none'>
-        <tr>
-          <th>line number</th>
-          <th>line content</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr class='context first'>
-          <td class='context_line'>
-            <pre class='context'>12</pre>
-          </td>
-          <td class='context'>
-            <pre class='context'>  end</pre>
-          </td>
-        </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>14</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  private</pre>
-            </td>
-          </tr>
-          <tr class='context near_error'>
-            <td class='context_line'>
-              <pre class='context'>16</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  def valid_page?</pre>
-            </td>
-          </tr>
-          <tr class='context alt error'>
-            <td class='context_line'>
-              <pre class='context'>17</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>    File.exist?(Pathname.new(Rails.root + &quot;app/views/pages/#{params[:page]}.html.erb&quot;))</pre>
-            </td>
-          </tr>
-          <tr class='context near_error'>
-            <td class='context_line'>
-              <pre class='context'>18</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  end</pre>
-            </td>
-          </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>19</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>end</pre>
-            </td>
-          </tr>
-</tbody></table></div></td>
-    </tr>
-  
-    <tr>
-      <td><span class='high-confidence'>High</span></td>
-      <td>AdminController</td>
-      <td>csv</td>
-      <td><a rel="noreferrer" href="https://brakemanscanner.org/docs/warning_types/remote_code_execution/">Remote Code Execution</a></td>
-      <td>[470]</td>
-      <td><div class='warning_message' onClick="toggle('context3');toggle('message3');toggle('full_message3')" >Unsafe reflection method <span class="code">const_get</span> called with parameter value near line 18: <span class="code">Object.const_get(<span class="user_input">params[:controller_name].classify</span>)</span><table id='context3' class='context' style='display:none'><caption>app/controllers/admin_controller.rb</caption>      <thead style='display:none'>
-        <tr>
-          <th>line number</th>
-          <th>line content</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr class='context first'>
-          <td class='context_line'>
-            <pre class='context'>13</pre>
-          </td>
-          <td class='context'>
-            <pre class='context'>    end</pre>
-          </td>
-        </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>14</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  end</pre>
-            </td>
-          </tr>
-          <tr class='context'>
-            <td class='context_line'>
-              <pre class='context'>16</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  def csv</pre>
-            </td>
-          </tr>
-          <tr class='context alt near_error'>
-            <td class='context_line'>
-              <pre class='context'>17</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>    if session[:admin] &amp;&amp; params[:id].nil?</pre>
-            </td>
-          </tr>
-          <tr class='context error'>
-            <td class='context_line'>
-              <pre class='context'>18</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>      instance_variable_set(&#39;@instance_variable&#39;, Object.const_get(params[:controller_name].classify).all)</pre>
-            </td>
-          </tr>
-          <tr class='context alt near_error'>
-            <td class='context_line'>
-              <pre class='context'>19</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>      respond_to do |format|</pre>
-            </td>
-          </tr>
-          <tr class='context'>
-            <td class='context_line'>
-              <pre class='context'>20</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>        format.html { redirect_to publications_path }</pre>
-            </td>
-          </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>21</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>        format.csv { send_data @instance_variable.to_csv }</pre>
-            </td>
-          </tr>
-          <tr class='context'>
-            <td class='context_line'>
-              <pre class='context'>22</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>      end</pre>
-            </td>
-          </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>23</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>    else</pre>
-            </td>
-          </tr>
-</tbody></table></div></td>
-    </tr>
-  
-    <tr>
-      <td><span class='med-confidence'>Medium</span></td>
-      <td>PagesController</td>
-      <td>show</td>
-      <td><a rel="noreferrer" href="https://brakemanscanner.org/docs/warning_types/dynamic_render_path/">Dynamic Render Path</a></td>
-      <td>[22]</td>
-      <td><div class='warning_message' onClick="toggle('context2');toggle('message2');toggle('full_message2')" >Render path contains parameter value near line 8: <span class="code">render(template =&gt; &quot;pages/#{<span class="user_input">params[:page]</span>}&quot;, {})</span><table id='context2' class='context' style='display:none'><caption>app/controllers/pages_controller.rb</caption>      <thead style='display:none'>
-        <tr>
-          <th>line number</th>
-          <th>line content</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr class='context first'>
-          <td class='context_line'>
-            <pre class='context'>3</pre>
-          </td>
-          <td class='context'>
-            <pre class='context'>class PagesController &lt; ApplicationController</pre>
-          </td>
-        </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>4</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  skip_before_action :check_date</pre>
-            </td>
-          </tr>
-          <tr class='context'>
-            <td class='context_line'>
-              <pre class='context'>6</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  def show</pre>
-            </td>
-          </tr>
-          <tr class='context alt near_error'>
-            <td class='context_line'>
-              <pre class='context'>7</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>    if valid_page?</pre>
-            </td>
-          </tr>
-          <tr class='context error'>
-            <td class='context_line'>
-              <pre class='context'>8</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>      render template: &quot;pages/#{params[:page]}&quot;</pre>
-            </td>
-          </tr>
-          <tr class='context alt near_error'>
-            <td class='context_line'>
-              <pre class='context'>9</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>    else</pre>
-            </td>
-          </tr>
-          <tr class='context'>
-            <td class='context_line'>
-              <pre class='context'>10</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>      render file: &#39;public/404.html&#39;, status: :not_found</pre>
-            </td>
-          </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>11</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>    end</pre>
-            </td>
-          </tr>
-          <tr class='context'>
-            <td class='context_line'>
-              <pre class='context'>12</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  end</pre>
-            </td>
-          </tr>
-</tbody></table></div></td>
-    </tr>
-  
-  </tbody>
-</table>
-<p>Model Warnings</p>
-<table>
-  <thead>
-    <tr>
-      <th>Confidence</th>
-      <th>Model</th>
-      <th>Warning Type</th>
-      <th>CWE ID</th>
-      <th>Message</th>
-    </tr>
-  </thead>
-  <tbody>
-  
-    <tr>
-      <td><span class='high-confidence'>High</span></td>
-      <td>Submitter</td>
-      <td><a rel="noreferrer" href="https://brakemanscanner.org/docs/warning_types/format_validation/">Format Validation</a></td>
-      <td>[777]</td>
-      <td><div class='warning_message' onClick="toggle('context4');toggle('message4');toggle('full_message4')" >Insufficient validation for <span class="code">phone_number</span> using <span class="code">/\d{3}-\d{3}-\d{4}/</span>. Use <span class="code">\A</span> and <span class="code">\z</span> as anchors near line 8<table id='context4' class='context' style='display:none'><caption>app/models/submitter.rb</caption>      <thead style='display:none'>
-        <tr>
-          <th>line number</th>
-          <th>line content</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr class='context first'>
-          <td class='context_line'>
-            <pre class='context'>3</pre>
-          </td>
-          <td class='context'>
-            <pre class='context'>class Submitter &lt; ApplicationRecord</pre>
-          </td>
-        </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>4</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  include Csv</pre>
-            </td>
-          </tr>
-          <tr class='context'>
-            <td class='context_line'>
-              <pre class='context'>5</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  validates :first_name, presence: true</pre>
-            </td>
-          </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>6</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  validates :last_name, presence: true</pre>
-            </td>
-          </tr>
-          <tr class='context near_error'>
-            <td class='context_line'>
-              <pre class='context'>7</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  validates :mailing_address, presence: true</pre>
-            </td>
-          </tr>
-          <tr class='context alt error'>
-            <td class='context_line'>
-              <pre class='context'>8</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  validates :phone_number, presence: true, format: { with: /\d{3}-\d{3}-\d{4}/, message: &#39;Please use the format 111-111-1111&#39; }</pre>
-            </td>
-          </tr>
-          <tr class='context near_error'>
-            <td class='context_line'>
-              <pre class='context'>9</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  validates :email_address, presence: true, format: { with: URI::MailTo::EMAIL_REGEXP, message: &#39;Please enter a valid email&#39; }</pre>
-            </td>
-          </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>11</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>  def self.to_csv</pre>
-            </td>
-          </tr>
-          <tr class='context'>
-            <td class='context_line'>
-              <pre class='context'>12</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>    attributes = %w[first_name last_name submitter_college department mailing_address phone_number email_address]</pre>
-            </td>
-          </tr>
-          <tr class='context alt'>
-            <td class='context_line'>
-              <pre class='context'>13</pre>
-            </td>
-            <td class='context'>
-              <pre class='context'>    CSV.generate(headers: true) do |csv|</pre>
-            </td>
-          </tr>
-</tbody></table></div></td>
-    </tr>
-  
-  </tbody>
-</table></body></html>
\ No newline at end of file

Scanned/Reported	Total
Controllers	19
Models	16
Templates	89
Errors	0
Security Warnings	4 (3)
Ignored Warnings	0
Warning Type	Total
Dynamic Render Path	1
File Access	1
Format Validation	1
Remote Code Execution	1