brakeman: add a bunch of ignores

Change-Id: I937f65227c49c6605ddae350e150a965f2665123 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/274431 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Simon Williams <simon@instructure.com> QA-Review: Cody Cutrer <cody@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com>
2021-09-24 14:50:19 -06:00 · 2021-09-24 14:50:19 -06:00 · 2d51e8e7fe
parent 58d528037e
commit 2d51e8e7fe
3 changed files with 1464 additions and 27 deletions
--- a/app/models/speed_grader/assignment.rb
+++ b/app/models/speed_grader/assignment.rb
@ -261,7 +261,7 @@ module SpeedGrader
          json['submission_history'] = qs_versions[sub.quiz_submission.id].map do |v|
            # don't use v.model, because these are huge objects, and can be significantly expensive
            # to instantiate an actual AR object deserializing and reserializing the inner YAML
-            qs = YAML.load(v.yaml)
+            qs = YAML.safe_load(v.yaml)

            # Returns the id of the Submission, but this may be too ambiguous.
            # In the future, we may want to return both a quiz_id and a
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
--- a/script/brakeman
+++ b/script/brakeman
@ -7,7 +7,7 @@ linter_options = {
  linter_name: "brakeman",
  file_regex: /\.rb$/,
  format: 'brakeman',
-  command: 'bundle exec brakeman --rails6 --quiet --format json --confidence-level 2',
+  command: 'bundle exec brakeman --rails6 --quiet --format json --confidence-level 2 -i config/brakeman.ignore',
  append_files_to_command: false,
  severe_anywhere: false
 }