Discovered 8 months ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Medium

Problem

Unsafe parameter value in link_to href

Location

app/views/sherlock/queries/_general.html.haml:19

link_to(Gitlab::Sherlock.collection.find_transaction(params[:transaction_id]).find_query(params[:id]).last_application_frame.path, BetterErrors.editor[Gitlab::Sherlock.collection.find_transaction(params[:transaction_id]).find_query(params[:id]).last_application_frame.path, Gitlab::Sherlock.collection.find_transaction(params[:transaction_id]).find_query(params[:id]).last_application_frame.line])

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/sherlock/queries/_general.html.haml or mark it as false positive.