users_controller.rb
code Severe
Other
Discovered almost 5 years ago
Source: static code analysis
Category: Other
Confidence level: Medium

Problem

Parameter value used as key in session hash

Location

app/controllers/users_controller.rb:386

session["password-#{params[:token]}"] = (EmailToken.confirm(params[:token]) or EmailToken.confirmable(params[:token]).user).id

Category description: Hakiri couldn't classify this issue.

Solution: fix the issue in app/controllers/users_controller.rb or mark it as false positive.