_form.html.haml
code Moderate
Dynamic Render Path
Discovered 7 months ago
Source: static code analysis
Category: Dynamic Render Path
Confidence level: Weak

Problem

Render path contains parameter value

Location

app/views/projects/services/_form.html.haml:2

render(action => "projects/services/#{find_routable!(Project, File.join(params[:namespace_id], (params[:project_id] or params[:id])), :extra_authorization_proc => (lambda do
 (not project.pending_delete?)
 end)).find_or_initialize_service(params[:id]).to_param}/top", {})

Category description: When a call to render uses a dynamically generated path, template name, file name, or action, there is the possibility that a user can access templates that should be restricted.

Solution: fix the issue in app/views/projects/services/_form.html.haml or mark it as false positive.

show.html.haml
code Moderate
Dynamic Render Path
Discovered 7 months ago
Source: static code analysis
Category: Dynamic Render Path
Confidence level: Weak

Problem

Render path contains parameter value

Location

app/views/projects/environments/show.html.haml:83

render(action => environment.deployments.order(:id => :desc).page(params[:page]), {})

Category description: When a call to render uses a dynamically generated path, template name, file name, or action, there is the possibility that a user can access templates that should be restricted.

Solution: fix the issue in app/views/projects/environments/show.html.haml or mark it as false positive.

index.html.haml
code Moderate
Dynamic Render Path
Discovered 7 months ago
Source: static code analysis
Category: Dynamic Render Path
Confidence level: Weak

Problem

Render path contains parameter value

Location

app/views/admin/groups/index.html.haml:16

render(action => groups.sort_by_attribute(@sort = params[:sort]).search(params[:name]).page(params[:page]), {})

Category description: When a call to render uses a dynamically generated path, template name, file name, or action, there is the possibility that a user can access templates that should be restricted.

Solution: fix the issue in app/views/admin/groups/index.html.haml or mark it as false positive.

show.html.haml
code Moderate
Dynamic Render Path
Discovered 7 months ago
Source: static code analysis
Category: Dynamic Render Path
Confidence level: Weak

Problem

Render path contains parameter value

Location

app/views/projects/settings/repository/show.html.haml:16

render(action => DeployKeysPresenter.new(find_routable!(Project, File.join(params[:namespace_id], (params[:project_id] or params[:id])), :extra_authorization_proc => (lambda do
 (not project.pending_delete?)
 end)), :current_user => current_user), {})

Category description: When a call to render uses a dynamically generated path, template name, file name, or action, there is the possibility that a user can access templates that should be restricted.

Solution: fix the issue in app/views/projects/settings/repository/show.html.haml or mark it as false positive.

show.html.haml
code Moderate
Dynamic Render Path
Discovered 7 months ago
Source: static code analysis
Category: Dynamic Render Path
Confidence level: Weak

Problem

Render path contains parameter value

Location

app/views/projects/show.html.haml:26

render(action => find_routable!(Project, File.join(params[:namespace_id], (params[:project_id] or params[:id])), :extra_authorization_proc => (lambda do
 (not project.pending_delete?)
 end)).default_view, { :is_project_overview => true })

Category description: When a call to render uses a dynamically generated path, template name, file name, or action, there is the possibility that a user can access templates that should be restricted.

Solution: fix the issue in app/views/projects/show.html.haml or mark it as false positive.

_form.html.haml
code Moderate
Dynamic Render Path
Discovered 7 months ago
Source: static code analysis
Category: Dynamic Render Path
Confidence level: Weak

Problem

Render path contains parameter value

Location

app/views/projects/services/_form.html.haml:22

render(action => "projects/services/#{find_routable!(Project, File.join(params[:namespace_id], (params[:project_id] or params[:id])), :extra_authorization_proc => (lambda do
 (not project.pending_delete?)
 end)).find_or_initialize_service(params[:id]).to_param}/show", {})

Category description: When a call to render uses a dynamically generated path, template name, file name, or action, there is the possibility that a user can access templates that should be restricted.

Solution: fix the issue in app/views/projects/services/_form.html.haml or mark it as false positive.

index.html.haml
code Moderate
Dynamic Render Path
Discovered 7 months ago
Source: static code analysis
Category: Dynamic Render Path
Confidence level: Weak

Problem

Render path contains parameter value

Location

app/views/admin/abuse_reports/index.html.haml:26

render(action => AbuseReportsFinder.new(params).execute, {})

Category description: When a call to render uses a dynamically generated path, template name, file name, or action, there is the possibility that a user can access templates that should be restricted.

Solution: fix the issue in app/views/admin/abuse_reports/index.html.haml or mark it as false positive.

index.html.haml
code Moderate
Dynamic Render Path
Discovered 7 months ago
Source: static code analysis
Category: Dynamic Render Path
Confidence level: Weak

Problem

Render path contains parameter value

Location

app/views/dashboard/todos/index.html.haml:90

render(action => TodosFinder.new(current_user, todo_params).execute.page(params[:page]).with_entity_associations, {})

Category description: When a call to render uses a dynamically generated path, template name, file name, or action, there is the possibility that a user can access templates that should be restricted.

Solution: fix the issue in app/views/dashboard/todos/index.html.haml or mark it as false positive.