{
  "scan_info": {
    "app_path": "/test_app",
    "rails_version": "4.2.7.1",
    "security_warnings": 5,
    "start_time": "2018-10-23 19:32:28 +0300",
    "end_time": "2018-10-23 19:32:42 +0300",
    "duration": 3.723474664,
    "checks_performed": [
      "BasicAuth",
      "BasicAuthTimingAttack",
      "ContentTag",
      "CreateWith",
      "CrossSiteScripting",
      "DefaultRoutes",
      "Deserialize",
      "DetailedExceptions",
      "DigestDoS",
      "DynamicFinders",
      "EscapeFunction",
      "Evaluation",
      "Execute",
      "FileAccess",
      "FileDisclosure",
      "FilterSkipping",
      "ForgerySetting",
      "HeaderDoS",
      "I18nXSS",
      "JRubyXML",
      "JSONEncoding",
      "JSONParsing",
      "LinkTo",
      "LinkToHref",
      "MailTo",
      "MassAssignment",
      "MimeTypeDoS",
      "ModelAttrAccessible",
      "ModelAttributes",
      "ModelSerialize",
      "NestedAttributes",
      "NestedAttributesBypass",
      "NumberToCurrency",
      "PermitAttributes",
      "QuoteTableName",
      "Redirect",
      "RegexDoS",
      "Render",
      "RenderDoS",
      "RenderInline",
      "ResponseSplitting",
      "RouteDoS",
      "SQL",
      "SQLCVEs",
      "SSLVerify",
      "SafeBufferManipulation",
      "SanitizeMethods",
      "SelectTag",
      "SelectVulnerability",
      "Send",
      "SendFile",
      "SessionManipulation",
      "SessionSettings",
      "SimpleFormat",
      "SingleQuotes",
      "SkipBeforeFilter",
      "StripTags",
      "SymbolDoSCVE",
      "TranslateBug",
      "UnsafeReflection",
      "ValidationRegex",
      "WithoutProtection",
      "XMLDoS",
      "YAMLParsing"
    ],
    "number_of_controllers": 5,
    "number_of_models": 12,
    "number_of_templates": 25,
    "ruby_version": "2.5.1",
    "brakeman_version": "4.3.1"
  },
  "warnings": [
    {
      "warning_type": "Mass Assignment",
      "warning_code": 60,
      "fingerprint": "00a38ca07fd6d6058d0b8664aae5b0ec1e2fd89c59d8d74ee95babab02f6fbdf",
      "check_name": "ModelAttrAccessible",
      "message": "Potentially dangerous attribute available for mass assignment",
      "file": "app/models/test1.rb",
      "line": null,
      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
      "code": ":test_id",
      "render_path": null,
      "location": {
        "type": "model",
        "model": "Test1"
      },
      "user_input": null,
      "confidence": "Weak"
    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 2,
      "fingerprint": "00ac2b92111049e24c28fa4f315d962c4e81c21a7bb28d7b205c8a32e99f643d",
      "check_name": "CrossSiteScripting",
      "message": "Unescaped model attribute",
      "file": "app/views/test1.html.erb",
      "line": 88,
      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
      "code": "Test::Test.find(params[:id]).name(:test)",
      "render_path": [{"type":"controller","class":"TestController","method":"test_access","line":6,"file":"app/controllers/test1.rb"}],
      "location": {
        "type": "template",
        "template": "test1"
      },
      "user_input": null,
      "confidence": "High"
    },
    {
      "warning_type": "SQL Injection",
      "warning_code": 0,
      "fingerprint": "0c8be6f7618c44181ab46aa9108a3e3624df7f89146349e4de884f5ae2d35a77",
      "check_name": "SQL",
      "message": "Possible SQL injection",
      "file": "app/models/test2.rb",
      "line": 260,
      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
      "code": "where(\"#{column_name} IS NOT NULL\")",
      "render_path": null,
      "location": {
        "type": "method",
        "class": "Test",
        "method": "Test.test_retrieve"
      },
      "user_input": "column_name",
      "confidence": "Medium"
    },
    {
      "warning_type": "SQL Injection",
      "warning_code": 0,
      "fingerprint": "0c8be6f7618c44181ab46aa9108a3e3624df7f89146349e4de884f5ae2d35a77",
      "check_name": "SQL",
      "message": "SQL injection",
      "file": "app/models/test2.rb",
      "line": 260,
      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
      "code": "where(\"#{column_name} IS NOT NULL\")",
      "render_path": null,
      "location": {
        "type": "method",
        "class": "Test",
        "method": "Test.test_retrieve"
      },
      "user_input": "column_name",
      "confidence": "Critical"
    },
    {
      "warning_type": "Dynamic Render Path",
      "warning_code": 15,
      "fingerprint": "1c1e1a42a8b8bb0ad2b74bd3b91db2dd48f21062b3fe7e96e45be3ea1faa7c43",
      "check_name": "Render",
      "message": "Render path contains parameter value",
      "file": "app/controllers/test_controller.rb",
      "line": 5,
      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
      "code": "render(action => { :json => (...)})",
      "render_path": null,
      "location": {
        "type": "method",
        "class": "TestController",
        "method": "index"
      },
      "user_input": "params[:fields].split(\",\")",
      "confidence": "Weak"
    },
    {
      "warning_type": "Attribute Restriction",
      "warning_code": 19,
      "fingerprint": "29e2c701f167599ce572ead7c3ff377aac1bc0e71834fe5867f10660e9a42de7",
      "check_name": "ModelAttributes",
      "message": "Mass assignment is not restricted using attr_accessible",
      "file": "app/models/test2.rb",
      "line": 2,
      "link": "https://brakemanscanner.org/docs/warning_types/attribute_restriction/",
      "code": null,
      "render_path": null,
      "location": {
        "type": "method",
        "model": "Test2::TestParameter"
      },
      "user_input": null,
      "confidence": "High"
    }
  ],
  "ignored_warnings": [

  ],
  "errors": [

  ],
  "obsolete": [

  ]
}