In my project,while using Brakeman gem, following security issues is raised:
1) In the following statement, Unescaped model attribute error is raised
CashTransaction.find(session[:transaction_id]).customer.address_1
I know Rails uses a cookie based session store. However, Rails 4 it's relatively safe to use cookies as you would need the Rails secret token in order to compromise it.
So, is this a false positive? If not how can I remove this vulnerability?
2) Secondly, I have a scenario where I need to check whether a record with a typical attribute exists or not. For that I have following code
def check_email
render json: ( is_available('email', params[:user][:email]) )
end
def is_email_available
is_email_taken = is_available('email', params[:user][:email])
render json: !is_email_taken
end
def is_username_available
is_username_taken = is_available('username', params[:user][:username])
render json: !is_username_taken
end
def is_available(type, value)
User.where("#{type}=?", value).exists?
end
And Brakeman raises the following warning
Possible SQL injection. User.where("#{(local type)}=?", (local value))
How can I remove this vulnerability and at the same time make my code DRY?
For the second part:
If type is not an user input, you can do
User.where(type.to_sym => value)
If it's a user-input you should be doing.
User.where("%s = %s" % [type, "'#{value}'"])