Discovered 5 months ago
Source: static code analysis
Category: Dangerous Send
Confidence level: High

Problem

User controlled method execution

Location

app/controllers/admin/site_settings_controller.rb:37

SiteSetting.send((params[:id] or SiteSettings::DeprecatedSettings::SETTINGS.find do
 break new_name if (old_name == params[:id])
 end))

Category description: Using unfiltered user data to select a Class or Method to be dynamically sent is dangerous.

Solution: fix the issue in app/controllers/admin/site_settings_controller.rb or mark it as false positive.