Merge pull request #23322 from Fryguy/brakeman_ignores

Add brakeman ignores for Ruby 3.1 and Rails 7.0
ManageIQ · Feb 3, 2025 · f6aa990 · f6aa990
2 parents 50bd91d + 1c18a57
commit f6aa990
Showing 1 changed file with 41 additions and 3 deletions.
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
@@ -1,5 +1,43 @@
 {
   "ignored_warnings": [
+    {
+      "warning_type": "Unmaintained Dependency",
+      "warning_code": 122,
+      "fingerprint": "21ab0fe00fdd5899ffc405cff75aadb91b805ee996a614f7e27b08a287e9062d",
+      "check_name": "EOLRails",
+      "message": "Support for Rails 7.0.8.7 ends on 2025-04-01",
+      "file": "Gemfile.lock",
+      "line": 1048,
+      "link": "https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/",
+      "code": null,
+      "render_path": null,
+      "location": null,
+      "user_input": null,
+      "confidence": "Weak",
+      "cwe_id": [
+        1104
+      ],
+      "note": "Work is in progress to upgrade to Rails 7.1"
+    },
+    {
+      "warning_type": "Unmaintained Dependency",
+      "warning_code": 123,
+      "fingerprint": "425dcb3af9624f11f12d777d6f9fe05995719975a155c30012baa6b9dc3487df",
+      "check_name": "EOLRuby",
+      "message": "Support for Ruby 3.1.6 ends on 2025-03-31",
+      "file": "Gemfile.lock",
+      "line": 1471,
+      "link": "https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/",
+      "code": null,
+      "render_path": null,
+      "location": null,
+      "user_input": null,
+      "confidence": "Weak",
+      "cwe_id": [
+        1104
+      ],
+      "note": "Ruby 3.1 is only in place as a backup. Ruby 3.3 is the shipped version."
+    },
     {
       "warning_type": "Cross-Site Request Forgery",
       "warning_code": 86,
@@ -29,7 +67,7 @@
       "check_name": "Execute",
       "message": "Possible command injection",
       "file": "lib/ansible/runner.rb",
-      "line": 422,
+      "line": 430,
       "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
       "code": "`python#{version} -c 'import site; print(\":\".join(site.getsitepackages()))'`",
       "render_path": null,
@@ -46,6 +84,6 @@
       "note": "This method is safe because it verifies that the version is in the form #.#."
     }
   ],
-  "updated": "2024-09-11 16:34:41 -0400",
-  "brakeman_version": "6.2.1"
+  "updated": "2025-02-03 15:35:46 -0500",
+  "brakeman_version": "6.2.2"
 }