feat(stats#index): update Stat model to also query DossierDeleted in stats computation

tech(question): discard_and_keep_track! ; are we really keeping track with default_scope { kept } ? feat(stats): add DeletedDossier in Stat computations Revert "tech(question): discard_and_keep_track! ; are we really keeping track with default_scope { kept } ?" This reverts commit d1155b7eeaaf1a9f80189e59667e109541fcb089. feat(stats): support deleted_dossiers for last_four_months_hash and cumulative_hash. extract sanitize query & merge hashes in methdos clean(rubocop): lint with rubocop Update db/migrate/20211126080118_add_index_to_deleted_at_to_deleted_dossiers.rb Co-authored-by: LeSim <mail@simon.lehericey.net> fix(rubocop): avoid uneeded allocation fix(migration): add concurrent index with expected synthax fix(brakeman): add ignore message since group date_trunc evaluation is used by only ourself
2021-11-25 09:11:05 +01:00 · 2021-11-25 09:11:05 +01:00 · 970e43efb8
commit 970e43efb8
parent 783b0ed9f0
5 changed files with 225 additions and 37 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -46,7 +46,7 @@
          "type": "controller",
          "class": "Users::DossiersController",
          "method": "merci",
-          "line": 193,
+          "line": 195,
          "file": "app/controllers/users/dossiers_controller.rb",
          "rendered": {
            "name": "users/dossiers/merci",
@ -62,6 +62,26 @@
      "confidence": "Weak",
      "note": ""
    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "6c98e520dd368104bb0c81334875010711cd523afc28057ef86a10930f95c4b7",
+      "check_name": "SQL",
+      "message": "Possible SQL injection",
+      "file": "app/models/stat.rb",
+      "line": 83,
+      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "association.where(date_attribute => ((3.months.ago.beginning_of_month.to_date..max_date))).group(\"DATE_TRUNC('month', #{date_attribute})\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Stat",
+        "method": "last_four_months_hash"
+      },
+      "user_input": "date_attribute",
+      "confidence": "Weak",
+      "note": "no user input, fixed value"
+    },
    {
      "warning_type": "SQL Injection",
      "warning_code": 0,
@ -101,8 +121,28 @@
      "user_input": "Export.find_or_create_export(params[:export_format], (params[:time_span_type] or \"everything\"), current_instructeur.groupe_instructeurs.where(:procedure => procedure)).file.service_url",
      "confidence": "High",
      "note": ""
+    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "dc6d873aff3dc5e51e3349b17e1f35039b23d0bddbf04224b0f1bca3e4608c1e",
+      "check_name": "SQL",
+      "message": "Possible SQL injection",
+      "file": "app/models/stat.rb",
+      "line": 97,
+      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "association.where(\"#{date_attribute} < ?\", max_date).group(\"DATE_TRUNC('month', #{date_attribute})\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Stat",
+        "method": "cumulative_hash"
+      },
+      "user_input": "date_attribute",
+      "confidence": "Weak",
+      "note": "no user input, fixed value"
    }
  ],
-  "updated": "2021-11-23 14:09:21 +0100",
+  "updated": "2021-11-26 13:22:41 +0100",
  "brakeman_version": "5.1.1"
 }