webhooks_controller.rb
code Critical
Cross-Site Request Forgery
Discovered 3 months ago
Source: static code analysis
Category: Cross-Site Request Forgery
Confidence level: High

Problem

'protect_from_forgery' should be called in WebhooksController

Location

app/controllers/webhooks_controller.rb:5


Category description: Failure to verify that the sender of a web request actually intended to do so.

Solution: fix the issue in app/controllers/webhooks_controller.rb or mark it as false positive.

forums_controller.rb
code Critical
Cross-Site Request Forgery
Discovered 3 months ago
Source: static code analysis
Category: Cross-Site Request Forgery
Confidence level: High

Problem

'protect_from_forgery' should be called in ForumsController

Location

app/controllers/forums_controller.rb:5


Category description: Failure to verify that the sender of a web request actually intended to do so.

Solution: fix the issue in app/controllers/forums_controller.rb or mark it as false positive.

application_controller.rb
code Severe
Cross-Site Request Forgery
Discovered 3 months ago
Source: static code analysis
Category: Cross-Site Request Forgery
Confidence level: Medium

Problem

protect_from_forgery should be configured with 'with: :exception'

Location

app/controllers/application_controller.rb


Category description: Failure to verify that the sender of a web request actually intended to do so.

Solution: fix the issue in app/controllers/application_controller.rb or mark it as false positive.