From 1b0f068d358890565c4a11cba3ba144d5ee32302 Mon Sep 17 00:00:00 2001
From: lorenzo farnararo <lorenzo.farnararo@suse.com>
Date: Tue, 14 Jan 2025 10:44:24 +0100
Subject: [PATCH] update brakeman and readme

---
 README.md              | 19 +++-------------
 config/brakeman.ignore | 51 +++++++++++++++++++++++++++++++++++++++---
 2 files changed, 51 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 82c5604..7e197e0 100644
--- a/README.md
+++ b/README.md
@@ -9,14 +9,7 @@ The software is still a work in progress. Expect huge variations.
 
 ## Develop
 
-I suggest you to use [asdf](https://asdf-vm.com/)
-Install ruby 3.3.5
-
-Start the needed services with docker compose:
-
-```
-docker compose up -d
-```
+I suggest you to use [mise](https://asdf-vm.com/)
 
 Create the database and seeds:
 
@@ -24,10 +17,10 @@ Create the database and seeds:
 bin/rails db:create db:migrate db:seed
 ```
 
-To run the server:
+To develop:
 
 ```
-bin/rails s
+bin/dev
 ```
 
 You an reach the app at https://localhost:3000
@@ -76,12 +69,6 @@ The first time (after having configured you server), run:
 bundle exec kamal setup
 ```
 
-For pushing envs or changing those, run:
-
-```
-bundle exec kamal env push
-```
-
 Then:
 
 ```
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index 3e86226..3ad4d16 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -7,7 +7,7 @@
       "check_name": "PermitAttributes",
       "message": "Potentially dangerous key allowed for mass assignment",
       "file": "app/controllers/users_controller.rb",
-      "line": 62,
+      "line": 51,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.require(:user).permit(:first_name, :last_name, :email, :picture, :role, :blsd_expires_at, :group_ids => ([]))",
       "render_path": null,
@@ -22,8 +22,53 @@
         915
       ],
       "note": ""
+    },
+    {
+      "warning_type": "File Access",
+      "warning_code": 16,
+      "fingerprint": "60c473ab9fa9ddcc77c2aca546fa5feaf2ce461809d221ac3d1d326d7df7f059",
+      "check_name": "FileAccess",
+      "message": "Parameter value used in file name",
+      "file": "app/mailers/receipt_mailer.rb",
+      "line": 20,
+      "link": "https://brakemanscanner.org/docs/warning_types/file_access/",
+      "code": "File.read(Pdf::MembersReceiptGenerator.new(:payment => params[:payment]).call)",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "ReceiptMailer",
+        "method": "member_receipt_email"
+      },
+      "user_input": "params[:payment]",
+      "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
+      "note": ""
+    },
+    {
+      "warning_type": "File Access",
+      "warning_code": 16,
+      "fingerprint": "6a69ac1d1cc2537a1260b61d185a12ffd51645bc690946dbbbaee357ddbff93f",
+      "check_name": "FileAccess",
+      "message": "Parameter value used in file name",
+      "file": "app/mailers/receipt_mailer.rb",
+      "line": 10,
+      "link": "https://brakemanscanner.org/docs/warning_types/file_access/",
+      "code": "File.read(Pdf::CollaboratorsReceiptGenerator.new(:expense => params[:expense]).call)",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "ReceiptMailer",
+        "method": "collaborator_receipt_email"
+      },
+      "user_input": "params[:expense]",
+      "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
+      "note": ""
     }
   ],
-  "updated": "2024-08-20 10:50:17 +0200",
-  "brakeman_version": "6.1.2"
+  "brakeman_version": "7.0.0"
 }