Discovered 5 months ago
Source: static code analysis
Category: Dangerous Send
Confidence level: High

Problem

User controlled method execution

Location

app/controllers/admin/site_settings_controller.rb:132

SiteSetting.send(params[:site_setting_id])

Category description: Using unfiltered user data to select a Class or Method to be dynamically sent is dangerous.

Solution: fix the issue in app/controllers/admin/site_settings_controller.rb or mark it as false positive.