We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Brakeman version: 6.1.2 Rails version: 7.1.3.4 Ruby version: 3.3.2 ViewComponent version: 2.83.0
6.1.2
7.1.3.4
3.3.2
2.83.0
Confidence: Weak Category: Dynamic Render Path Check: Render Message: Render path contains parameter value Code: render(action => MyComponent.new(:total_records => Thing.where("things.name LIKE :query", :query => ("%#{params[:q]}%")).count), {}) File: app/views/my_component.html.slim Line: 1
Relevant code:
= render MyComponent.new(total_records: @total_count) do |component| = render "subcomponent", component: component
Why might this be a false positive? What is being rendered is a component.
Of note, moving @total_count to the partial subcomponent or any partial therein won't cause the reported brakeman error.
@total_count
subcomponent
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Background
Brakeman version:
6.1.2Rails version:
7.1.3.4Ruby version:
3.3.2ViewComponent version:
2.83.0False Positive
Relevant code:
Why might this be a false positive?
What is being rendered is a component.
Of note, moving
@total_countto the partialsubcomponentor any partial therein won't cause the reported brakeman error.The text was updated successfully, but these errors were encountered: