From 18d7ab18b1cb7df6fd09d8a338d39036adab0c10 Mon Sep 17 00:00:00 2001 From: sunil-lakshman <104969541+sunil-lakshman@users.noreply.github.com> Date: Wed, 17 Jul 2024 11:54:44 +0530 Subject: [PATCH 1/2] Fixed Semgrep issues --- Gemfile.lock | 120 ++++++++++++---------- app/controllers/application_controller.rb | 3 +- app/views/products/index.html.erb | 5 +- config/environments/development.rb | 2 +- config/environments/test.rb | 2 +- 5 files changed, 72 insertions(+), 60 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7dba161..329325a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -56,15 +56,16 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.8.4) - public_suffix (>= 2.0.2, < 6.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) + base64 (0.2.0) bindex (0.8.1) - bootsnap (1.16.0) + bootsnap (1.18.3) msgpack (~> 1.2) - builder (3.2.4) + builder (3.3.0) byebug (11.1.3) - capybara (3.39.0) + capybara (3.39.2) addressable matrix mini_mime (>= 0.1.3) @@ -73,70 +74,73 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - concurrent-ruby (1.2.2) + concurrent-ruby (1.3.3) crass (1.0.6) - date (3.3.3) - erubi (1.12.0) - faraday (2.7.4) + date (3.3.4) + erubi (1.13.0) + faraday (2.8.1) + base64 faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - ffi (1.15.5) + ffi (1.17.0) globalid (1.1.0) activesupport (>= 5.0) - graphlient (0.7.0) + graphlient (0.8.0) faraday (~> 2.0) graphql-client - graphql (2.0.21) - graphql-client (0.18.0) + graphql (2.3.9) + base64 + graphql-client (0.23.0) activesupport (>= 3.0) - graphql - i18n (1.12.0) + graphql (>= 1.13.0) + i18n (1.14.5) concurrent-ruby (~> 1.0) - jbuilder (2.11.5) + jbuilder (2.12.0) actionview (>= 5.0.0) activesupport (>= 5.0.0) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.20.0) + loofah (2.22.0) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) mail (2.8.1) mini_mime (>= 0.1.1) net-imap net-pop net-smtp - marcel (1.0.2) + marcel (1.0.4) matrix (0.4.2) - method_source (1.0.0) - mini_mime (1.1.2) - mini_portile2 (2.8.1) - minitest (5.18.0) - msgpack (1.7.0) - net-imap (0.3.4) + method_source (1.1.0) + mini_mime (1.1.5) + mini_portile2 (2.8.7) + minitest (5.24.1) + msgpack (1.7.2) + net-imap (0.4.14) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout - net-smtp (0.3.3) + net-smtp (0.5.0) net-protocol - nio4r (2.5.9) - nokogiri (1.14.3) - mini_portile2 (~> 2.8.0) + nio4r (2.7.3) + nokogiri (1.15.6) + mini_portile2 (~> 2.8.2) racc (~> 1.4) - parallel (1.22.1) - parser (3.2.2.0) + parallel (1.25.1) + parser (3.3.4.0) ast (~> 2.4.1) - public_suffix (5.0.1) + racc + public_suffix (5.1.1) puma (4.3.12) nio4r (~> 2.0) - racc (1.6.2) - rack (2.2.6.4) - rack-proxy (0.7.6) + racc (1.8.0) + rack (2.2.9) + rack-proxy (0.7.7) rack rack-test (2.1.0) rack (>= 1.3) @@ -155,11 +159,13 @@ GEM bundler (>= 1.3.0) railties (= 6.0.6.1) sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) railties (6.0.6.1) actionpack (= 6.0.6.1) activesupport (= 6.0.6.1) @@ -167,12 +173,13 @@ GEM rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) rainbow (3.1.1) - rake (13.0.6) + rake (13.2.1) rb-fsevent (0.11.2) - rb-inotify (0.10.1) + rb-inotify (0.11.1) ffi (~> 1.0) - regexp_parser (2.7.0) - rexml (3.2.5) + regexp_parser (2.9.2) + rexml (3.3.2) + strscan rubocop (0.89.1) parallel (~> 1.10) parser (>= 2.7.1.1) @@ -198,7 +205,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (4.8.6) + selenium-webdriver (4.9.0) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) @@ -207,46 +214,47 @@ GEM spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (4.2.0) + sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) sprockets-rails (3.4.2) actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) - sqlite3 (1.6.2) + sqlite3 (1.7.3) mini_portile2 (~> 2.8.0) - thor (1.2.1) + strscan (3.1.0) + thor (1.3.1) thread_safe (0.3.6) - tilt (2.1.0) - timeout (0.3.2) + tilt (2.4.0) + timeout (0.4.1) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) tzinfo (1.2.11) thread_safe (~> 0.1) unicode-display_width (1.8.0) - web-console (4.2.0) + web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) - webdrivers (5.2.0) + webdrivers (5.3.1) nokogiri (~> 1.6) rubyzip (>= 1.3.0) - selenium-webdriver (~> 4.0) + selenium-webdriver (~> 4.0, < 4.11) webpacker (5.4.4) activesupport (>= 5.2) rack-proxy (>= 0.6.1) railties (>= 5.2) semantic_range (>= 2.3.0) - websocket (1.2.9) - websocket-driver (0.7.5) + websocket (1.2.11) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.7) + zeitwerk (2.6.16) PLATFORMS ruby diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3f17284..a5d557c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,4 +1,5 @@ # Application controller file class ApplicationController < ActionController::Base - + # Enable CSRF protection + protect_from_forgery with: :exception end diff --git a/app/views/products/index.html.erb b/app/views/products/index.html.erb index e269c95..76e8de7 100644 --- a/app/views/products/index.html.erb +++ b/app/views/products/index.html.erb @@ -17,7 +17,10 @@