metamaps--metamaps/config/brakeman.ignore

{
  "ignored_warnings": [
    {
      "warning_type": "Cross-Site Request Forgery",
      "warning_code": 7,
      "fingerprint": "59d73ce0b791aa7ed532510c780235a8b23f7cd1246dbf9da258e36f5d1e2b0a",
      "message": "'protect_from_forgery' should be called in Api::V2::RestfulController",
      "file": "app/controllers/api/v2/restful_controller.rb",
      "line": 4,
      "link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
      "code": null,
      "render_path": null,
      "location": {
        "type": "controller",
        "controller": "Api::V2::RestfulController"
      },
      "user_input": null,
      "confidence": "High",
      "note": "Cookie-based auth is disabled for the API except for the tokens endpoint. We're hoping this is sufficiently secure, because CSRF-forged links might get clicked on another site, but the generated tokens won't go back to the attacker. Also, an attacker would need a token to delete it, which means they've got access at that point anyways. - Devin, Feb 2017"
    }
  ],
  "updated": "2017-02-11 20:00:09 -0800",
  "brakeman_version": "3.4.1"
}
more style tweaks + brakeman fix 2016-11-29 16:15:14 +00:00			`{`
			`"ignored_warnings": [`
			`{`
fix travis (#1071) * fix topic spec * fix synapse/mapping spec * brakeman csrf warning suppressed :\| 2017-02-12 17:53:04 +00:00			`"warning_type": "Cross-Site Request Forgery",`
			`"warning_code": 7,`
			`"fingerprint": "59d73ce0b791aa7ed532510c780235a8b23f7cd1246dbf9da258e36f5d1e2b0a",`
			`"message": "'protect_from_forgery' should be called in Api::V2::RestfulController",`
			`"file": "app/controllers/api/v2/restful_controller.rb",`
			`"line": 4,`
			`"link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",`
			`"code": null,`
			`"render_path": null,`
more style tweaks + brakeman fix 2016-11-29 16:15:14 +00:00			`"location": {`
fix travis (#1071) * fix topic spec * fix synapse/mapping spec * brakeman csrf warning suppressed :\| 2017-02-12 17:53:04 +00:00			`"type": "controller",`
			`"controller": "Api::V2::RestfulController"`
more style tweaks + brakeman fix 2016-11-29 16:15:14 +00:00			`},`
fix travis (#1071) * fix topic spec * fix synapse/mapping spec * brakeman csrf warning suppressed :\| 2017-02-12 17:53:04 +00:00			`"user_input": null,`
			`"confidence": "High",`
			`"note": "Cookie-based auth is disabled for the API except for the tokens endpoint. We're hoping this is sufficiently secure, because CSRF-forged links might get clicked on another site, but the generated tokens won't go back to the attacker. Also, an attacker would need a token to delete it, which means they've got access at that point anyways. - Devin, Feb 2017"`
more style tweaks + brakeman fix 2016-11-29 16:15:14 +00:00			`}`
			`],`
fix travis (#1071) * fix topic spec * fix synapse/mapping spec * brakeman csrf warning suppressed :\| 2017-02-12 17:53:04 +00:00			`"updated": "2017-02-11 20:00:09 -0800",`
			`"brakeman_version": "3.4.1"`
more style tweaks + brakeman fix 2016-11-29 16:15:14 +00:00			`}`