chaos_controller.rb
code Critical
Cross-Site Request Forgery
Discovered 7 months ago
Source: static code analysis
Category: Cross-Site Request Forgery
Confidence level: High

Problem

'protect_from_forgery' should be called in ChaosController

Location

app/controllers/chaos_controller.rb:3


Category description: Failure to verify that the sender of a web request actually intended to do so.

Solution: fix the issue in app/controllers/chaos_controller.rb or mark it as false positive.

jwks_controller.rb
code Critical
Cross-Site Request Forgery
Discovered 7 months ago
Source: static code analysis
Category: Cross-Site Request Forgery
Confidence level: High

Problem

'protect_from_forgery' should be called in JwksController

Location

app/controllers/jwks_controller.rb:3


Category description: Failure to verify that the sender of a web request actually intended to do so.

Solution: fix the issue in app/controllers/jwks_controller.rb or mark it as false positive.

acme_challenges_controller.rb
code Critical
Cross-Site Request Forgery
Discovered 7 months ago
Source: static code analysis
Category: Cross-Site Request Forgery
Confidence level: High

Problem

'protect_from_forgery' should be called in AcmeChallengesController

Location

app/controllers/acme_challenges_controller.rb:3


Category description: Failure to verify that the sender of a web request actually intended to do so.

Solution: fix the issue in app/controllers/acme_challenges_controller.rb or mark it as false positive.