From d0a99d336452628581b0d43431496045d452639e Mon Sep 17 00:00:00 2001
From: oleghasjanov <oleg.phenomenon@gmail.com>
Date: Thu, 14 Mar 2024 11:03:30 +0200
Subject: [PATCH] valnurable fixes

---
 Gemfile                |   2 +-
 Gemfile.lock           | 110 ++++++++++++++++++++---------------------
 config/brakeman.ignore |  16 +++---
 3 files changed, 64 insertions(+), 64 deletions(-)

diff --git a/Gemfile b/Gemfile
index aad64c2..bf18839 100644
--- a/Gemfile
+++ b/Gemfile
@@ -25,7 +25,7 @@ gem 'pg', '~> 1.1'
 gem 'phonelib'
 gem 'propshaft'
 gem 'puma', '>= 6.3.1'
-gem 'rails', '~> 7.0.5', '>= 7.0.7.1'
+gem 'rails', '~> 7.0.5', '>= 7.0.8.1'
 gem 'redis', '~> 4.0'
 gem 'redis-namespace'
 gem 'sidekiq', '>=7'
diff --git a/Gemfile.lock b/Gemfile.lock
index a98c41b..61a2424 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -29,67 +29,67 @@ GEM
   specs:
     aasm (5.5.0)
       concurrent-ruby (~> 1.0)
-    actioncable (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
+    actioncable (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.8)
-      actionpack (= 7.0.8)
-      activejob (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+    actionmailbox (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activejob (= 7.0.8.1)
+      activerecord (= 7.0.8.1)
+      activestorage (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.8)
-      actionpack (= 7.0.8)
-      actionview (= 7.0.8)
-      activejob (= 7.0.8)
-      activesupport (= 7.0.8)
+    actionmailer (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      actionview (= 7.0.8.1)
+      activejob (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.8)
-      actionview (= 7.0.8)
-      activesupport (= 7.0.8)
+    actionpack (7.0.8.1)
+      actionview (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.8)
-      actionpack (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+    actiontext (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activerecord (= 7.0.8.1)
+      activestorage (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.8)
-      activesupport (= 7.0.8)
+    actionview (7.0.8.1)
+      activesupport (= 7.0.8.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.8)
-      activesupport (= 7.0.8)
+    activejob (7.0.8.1)
+      activesupport (= 7.0.8.1)
       globalid (>= 0.3.6)
-    activemodel (7.0.8)
-      activesupport (= 7.0.8)
-    activerecord (7.0.8)
-      activemodel (= 7.0.8)
-      activesupport (= 7.0.8)
-    activestorage (7.0.8)
-      actionpack (= 7.0.8)
-      activejob (= 7.0.8)
-      activerecord (= 7.0.8)
-      activesupport (= 7.0.8)
+    activemodel (7.0.8.1)
+      activesupport (= 7.0.8.1)
+    activerecord (7.0.8.1)
+      activemodel (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
+    activestorage (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activejob (= 7.0.8.1)
+      activerecord (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.8)
+    activesupport (7.0.8.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -222,7 +222,7 @@ GEM
       net-imap
       net-pop
       net-smtp
-    marcel (1.0.2)
+    marcel (1.0.4)
     matrix (0.4.2)
     method_source (1.0.0)
     mini_mime (1.1.5)
@@ -295,20 +295,20 @@ GEM
       rack (~> 2.2, >= 2.2.4)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.8)
-      actioncable (= 7.0.8)
-      actionmailbox (= 7.0.8)
-      actionmailer (= 7.0.8)
-      actionpack (= 7.0.8)
-      actiontext (= 7.0.8)
-      actionview (= 7.0.8)
-      activejob (= 7.0.8)
-      activemodel (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+    rails (7.0.8.1)
+      actioncable (= 7.0.8.1)
+      actionmailbox (= 7.0.8.1)
+      actionmailer (= 7.0.8.1)
+      actionpack (= 7.0.8.1)
+      actiontext (= 7.0.8.1)
+      actionview (= 7.0.8.1)
+      activejob (= 7.0.8.1)
+      activemodel (= 7.0.8.1)
+      activerecord (= 7.0.8.1)
+      activestorage (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       bundler (>= 1.15.0)
-      railties (= 7.0.8)
+      railties (= 7.0.8.1)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
@@ -319,9 +319,9 @@ GEM
     rails-i18n (7.0.6)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    railties (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
+    railties (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -494,7 +494,7 @@ DEPENDENCIES
   propshaft
   pry
   puma (>= 6.3.1)
-  rails (~> 7.0.5, >= 7.0.7.1)
+  rails (~> 7.0.5, >= 7.0.8.1)
   redis (~> 4.0)
   redis-namespace
   rspec-rails
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index 01ba54e..bbb3755 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -3,18 +3,18 @@
     {
       "warning_type": "Mass Assignment",
       "warning_code": 105,
-      "fingerprint": "458e30dfa251915a965c9e7a38877df97dc540ffcce35a5f1d8aabe1432a97dd",
+      "fingerprint": "488a585e2c03fd0e68e34c696305012c5731c79785cabbf3efa500cae778a3c2",
       "check_name": "PermitAttributes",
       "message": "Potentially dangerous key allowed for mass assignment",
-      "file": "app/controllers/registrar/contacts_controller.rb",
-      "line": 61,
+      "file": "app/controllers/registrant/profiles_controller.rb",
+      "line": 19,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
-      "code": "params.require(:contact).permit(:code, :country_code, :ident, :role, :name, :email, :phone, :address_country_code, :city, :street, :state, :zip, :legal_document)",
+      "code": "params.require(:user).permit(:name, :email, :phone, :phone_code, :ident, :role, :country_code, :city, :street, :zip, :state, :legal_document, :code)",
       "render_path": null,
       "location": {
         "type": "method",
-        "class": "Registrar::ContactsController",
-        "method": "contact_params"
+        "class": "Registrant::ProfilesController",
+        "method": "user_params"
       },
       "user_input": ":role",
       "confidence": "Medium",
@@ -30,7 +30,7 @@
       "check_name": "PermitAttributes",
       "message": "Potentially dangerous key allowed for mass assignment",
       "file": "app/controllers/registrar/contacts_controller.rb",
-      "line": 61,
+      "line": 69,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.require(:contact).permit(:code, :country_code, :ident, :phone_code, :role, :name, :email, :phone, :address_country_code, :city, :street, :state, :zip, :legal_document)",
       "render_path": null,
@@ -47,6 +47,6 @@
       "note": ""
     }
   ],
-  "updated": "2023-10-25 11:42:50 +0000",
+  "updated": "2024-03-14 08:57:44 +0000",
   "brakeman_version": "6.0.0"
 }