Fixes #3963 - Unable to add Microsoft 365 Account when admin consent for enterprise applications is enabled.

app/assets/javascripts/app/controllers/_channel/microsoft365.coffee

@@ -36,6 +36,7 @@ class ChannelAccountOverview extends App.ControllerSubContent
   requiredPermission: 'admin.channel_microsoft365'
   events:
     'click .js-new':                'new'
+    'click .js-admin-consent':      'adminConsent'
     'click .js-delete':             'delete'
     'click .js-reauthenticate':     'reauthenticate'
     'click .js-configApp':          'configApp'
@@ -126,6 +127,10 @@ class ChannelAccountOverview extends App.ControllerSubContent
         @editInbound(undefined, @channel_id, true)
         @channel_id = undefined
 
+    if @error_code is 'AADSTS65004'
+      @error_code = undefined
+      new AdminConsentInfo(container: @container)
+
   show: (params) =>
     for key, value of params
       if key isnt 'el' && key isnt 'shown' && key isnt 'match'
@@ -141,6 +146,9 @@ class ChannelAccountOverview extends App.ControllerSubContent
   new: (e) ->
     window.location.href = "#{@apiPath}/external_credentials/microsoft365/link_account"
 
+  adminConsent: (e) ->
+    window.location.href = "#{@apiPath}/external_credentials/microsoft365/link_account?prompt=consent"
+
   delete: (e) =>
     e.preventDefault()
     id   = $(e.target).closest('.action').data('id')
@@ -428,4 +436,16 @@ class AppConfig extends App.ControllerModal
         @el.find('.alert').removeClass('hidden').text(data.error || __('App could not be verified.'))
     )
 
+class AdminConsentInfo extends App.ControllerModal
+  buttonClose: true
+  small: true
+  buttonSubmit: __('Close')
+  head: __('Admin Consent')
+
+  content: ->
+    App.view('microsoft365/admin_consent')()
+
+  onSubmit: =>
+    @close()
+
 App.Config.set('microsoft365', { prio: 5000, name: __('Microsoft 365'), parent: '#channels', target: '#channels/microsoft365', controller: App.ChannelMicrosoft365, permission: ['admin.channel_microsoft365'] }, 'NavBarAdmin')

app/assets/javascripts/app/controllers/manage.coffee

@@ -24,6 +24,7 @@ App.Config.set('manage/:target', ManageRouter, 'Routes')
 App.Config.set('manage/:target/:page', ManageRouter, 'Routes')
 App.Config.set('settings/:target', ManageRouter, 'Routes')
 App.Config.set('channels/:target', ManageRouter, 'Routes')
+App.Config.set('channels/:target/error/:error_code', ManageRouter, 'Routes')
 App.Config.set('channels/:target/:channel_id', ManageRouter, 'Routes')
 App.Config.set('system/:target', ManageRouter, 'Routes')
 App.Config.set('system/:target/:integration', ManageRouter, 'Routes')

app/assets/javascripts/app/views/channel/email_account_overview.jst.eco

@@ -38,7 +38,9 @@
 <% end %>
 
 <% if _.isEmpty(@account_channels): %>
-  <p><%- @T('You have no configured account right now.') %></p>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
 <% else: %>
   <% for channel in @account_channels: %>
   <div class="action <% if channel.active isnt true: %>is-inactive<% end %>" data-id="<%- channel.id %>">

app/assets/javascripts/app/views/channel/sms_account_overview.jst.eco

@@ -1,7 +1,9 @@
 <h2><%- @T('SMS Accounts') %></h2>
 
 <% if _.isEmpty(@account_channels): %>
-  <p><%- @T('You have no configured account right now.') %></p>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
 <% else: %>
   <% for channel in @account_channels: %>
   <div class="action <% if channel.active isnt true: %>is-inactive<% end %>" data-id="<%- channel.id %>">
@@ -85,7 +87,9 @@
 
 <h2><%- @T('SMS Notification') %></h2>
 <% if _.isEmpty(@notification_channels): %>
-  <p><%- @T('You have no configured account right now.') %></p>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
   <a class="btn btn--success js-editNotification"><%- @T('New') %></a>
 <% else: %>
   <% for channel in @notification_channels: %>

app/assets/javascripts/app/views/google/list.jst.eco

@@ -31,6 +31,11 @@
 <% end %>
 
 <div class="page-content">
+<% if _.isEmpty(@channels): %>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
+<% end %>
 <% for channel in @channels: %>
   <div class="action <% if channel.active isnt true: %>is-inactive<% end %>" data-id="<%= channel.id %>">
     <div class="action-flow" style="width: 100%;">

app/assets/javascripts/app/views/microsoft365/admin_consent.jst.eco

@@ -0,0 +1,5 @@
+<p>
+  <%- @T('The admin consent request was sent to your administrator.') %><br>
+  <%- @T('Please wait until you received the notification email of the approval.') %><br><br>
+  <%- @T('After approval, please re-connect your Microsoft365 mailbox.') %><br>
+</p>

app/assets/javascripts/app/views/microsoft365/list.jst.eco

@@ -6,6 +6,7 @@
   <div class="page-header-meta">
     <a class="btn js-configApp"><%- @T('Configure App') %></a>
     <a class="btn btn--success js-new"><%- @T('Add Account') %></a>
+    <a class="btn btn--success js-admin-consent"><%- @T('Request Admin Consent') %></a>
   </div>
 </div>
 
@@ -31,6 +32,11 @@
 <% end %>
 
 <div class="page-content">
+<% if _.isEmpty(@channels): %>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
+<% end %>
 <% for channel in @channels: %>
   <div class="action <% if channel.active isnt true: %>is-inactive<% end %>" data-id="<%= channel.id %>">
     <div class="action-flow" style="width: 100%;">

app/controllers/external_credentials_controller.rb

@@ -32,7 +32,7 @@ class ExternalCredentialsController < ApplicationController
 
   def link_account
     provider = params[:provider].downcase
-    attributes = ExternalCredential.request_account_to_link(provider)
+    attributes = ExternalCredential.request_account_to_link(provider, params)
     session[:request_token] = attributes[:request_token]
     session[:channel_id] = params[:channel_id]
     redirect_to attributes[:authorize_url]
@@ -41,6 +41,8 @@ class ExternalCredentialsController < ApplicationController
   def callback
     provider = params[:provider].downcase
     channel = ExternalCredential.link_account(provider, session[:request_token], link_params)
+    return redirect_to(channel) if channel.instance_of?(String)
+
     session[:request_token] = nil
     session[:channel_id] = nil
     redirect_to app_url(provider, channel.id)

app/models/external_credential.rb

@@ -11,9 +11,9 @@ class ExternalCredential < ApplicationModel
     backend.app_verify(params)
   end
 
-  def self.request_account_to_link(provider)
+  def self.request_account_to_link(provider, params = {})
     backend = load_backend(provider)
-    backend.request_account_to_link
+    backend.request_account_to_link(params)
   end
 
   def self.link_account(provider, request_token, params)

config/brakeman.ignore

@@ -18,14 +18,37 @@
       },
       "user_input": "ExternalCredential.request_account_to_link(params[:provider].downcase)[:authorize_url]",
       "confidence": "High",
-      "note": ""
+      "note": "https://brakemanscanner.org/docs/warning_types/redirect/"
+    },
+    {
+      "warning_type": "Redirect",
+      "warning_code": 18,
+      "fingerprint": "0af1d7942bf73ecd1eb5141ea3a80c32297d9e9f24e411eb2b346af686eef938",
+      "check_name": "Redirect",
+      "message": "Possible unprotected redirect",
+      "file": "app/controllers/external_credentials_controller.rb",
+      "line": 44,
+      "link": "https://brakemanscanner.org/docs/warning_types/redirect/",
+      "code": "redirect_to(ExternalCredential.link_account(params[:provider].downcase, session[:request_token], link_params))",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "ExternalCredentialsController",
+        "method": "callback"
+      },
+      "user_input": "ExternalCredential.link_account(params[:provider].downcase, session[:request_token], link_params)",
+      "confidence": "High",
+      "cwe_id": [
+        601
+      ],
+      "note": "https://brakemanscanner.org/docs/warning_types/redirect/"
     },
     {
       "warning_type": "Remote Code Execution",
       "warning_code": 24,
       "fingerprint": "0fcd117fd53301f531142fc075ee8d30219c1239affce9322f9939ac0572ba3b",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "app/models/ticket/number.rb",
       "line": 45,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
@@ -38,6 +61,9 @@
       },
       "user_input": "Setting.get(\"ticket_number\")",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "Setting.get(\"ticket_number\") returns defined ticket number backend class names"
     },
     {
@@ -58,6 +84,10 @@
       },
       "user_input": "Setting.get(\"#{integration_name}_recovery_match\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -78,6 +108,10 @@
       },
       "user_input": "Setting.get(\"#{integration_name}_recovery_match\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -85,9 +119,9 @@
       "warning_code": 24,
       "fingerprint": "176994cedb6a57bc52f7a98b0fd93caad211f8f3b48fd010a5db164b37992e1f",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "app/models/avatar.rb",
-      "line": 405,
+      "line": 425,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
       "code": "ObjectLookup.by_id(object_id).constantize",
       "render_path": null,
@@ -98,6 +132,9 @@
       },
       "user_input": "ObjectLookup.by_id(object_id)",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "ObjectLookup.by_id works as designed"
     },
     {
@@ -118,6 +155,10 @@
       },
       "user_input": "Setting.get(\"ticket_hook\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -138,6 +179,10 @@
       },
       "user_input": "Setting.get(\"ticket_hook\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -158,6 +203,9 @@
       },
       "user_input": "Rails.application.config.db_like",
       "confidence": "Weak",
+      "cwe_id": [
+        89
+      ],
       "note": "The db_like config setting is safe to use in an SQL string."
     },
     {
@@ -178,6 +226,10 @@
       },
       "user_input": "Setting.get(\"system_id\").to_s",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -198,6 +250,10 @@
       },
       "user_input": "Setting.get(\"#{integration_name}_ignore_match\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -205,7 +261,7 @@
       "warning_code": 24,
       "fingerprint": "55248822583e32826f88a68e27568416fe1f101d83b02791c10296d2393b83a5",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "app/models/store/file.rb",
       "line": 32,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
@@ -218,6 +274,9 @@
       },
       "user_input": "Setting.get(\"storage_provider\")",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "Setting.get('storage_provider') returns defined Store::Provider backend class names"
     },
     {
@@ -225,9 +284,9 @@
       "warning_code": 24,
       "fingerprint": "582df3b442a09879f0c035b50f6c4fce9aa8285c907737476f16004246c67bc6",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `safe_constantize` called with parameter value",
+      "message": "Unsafe reflection method `safe_constantize` called on parameter value",
       "file": "app/controllers/tests_controller.rb",
-      "line": 19,
+      "line": 33,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
       "code": "params.fetch(:exception, \"StandardError\").safe_constantize",
       "render_path": null,
@@ -238,6 +297,9 @@
       },
       "user_input": "params.fetch(:exception, \"StandardError\")",
       "confidence": "High",
+      "cwe_id": [
+        470
+      ],
       "note": "Only for testing purposes"
     },
     {
@@ -258,6 +320,10 @@
       },
       "user_input": "Setting.get(\"ticket_hook\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -265,7 +331,7 @@
       "warning_code": 24,
       "fingerprint": "73999042c4866cd2effe286fdd6a74c51659bc4a5fc760d1b96d35bd11b2bcda",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "lib/transaction_dispatcher.rb",
       "line": 37,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
@@ -278,6 +344,9 @@
       },
       "user_input": "Setting.get(setting.name)",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "Setting.where(area: 'Transaction::Backend::Sync').order(:name) returns defined Transaction backend class names"
     },
     {
@@ -298,6 +367,9 @@
       },
       "user_input": "params[:options]",
       "confidence": "High",
+      "cwe_id": [
+        77
+      ],
       "note": "Channel#send is a custom implementation"
     },
     {
@@ -305,7 +377,7 @@
       "warning_code": 24,
       "fingerprint": "7541faf8d3249dc4ac24f9c354024614ae79b0d6cd4c057f034ea88be1154bf7",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "lib/application_lib.rb",
       "line": 26,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
@@ -318,6 +390,9 @@
       },
       "user_input": "Setting.get(setting)",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "ApplicationLib.load_adapter_by_setting works as designed"
     },
     {
@@ -338,6 +413,10 @@
       },
       "user_input": "Setting.get(\"system_id\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -347,7 +426,7 @@
       "check_name": "SSLVerify",
       "message": "SSL certificate verification was bypassed",
       "file": "lib/user_agent.rb",
-      "line": 335,
+      "line": 333,
       "link": "https://brakemanscanner.org/docs/warning_types/ssl_verification_bypass/",
       "code": "(Net::HTTP.Proxy($1, $2, ((options[\"proxy_username\"] or Setting.get(\"proxy_username\")) or nil), ((options[\"proxy_password\"] or Setting.get(\"proxy_password\")) or nil)).new(uri.host, uri.port) or Net::HTTP.new(uri.host, uri.port)).verify_mode = OpenSSL::SSL::VERIFY_NONE",
       "render_path": null,
@@ -358,6 +437,9 @@
       },
       "user_input": null,
       "confidence": "High",
+      "cwe_id": [
+        295
+      ],
       "note": "SSL Verification can already be requested from callers. The default value should be switched to true at some point."
     },
     {
@@ -365,7 +447,7 @@
       "warning_code": 24,
       "fingerprint": "8db3b4731daa1ef96c53729b2fca4cc91b47af058564f61cba24833aacaa55ae",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "app/jobs/transaction_job.rb",
       "line": 25,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
@@ -378,6 +460,9 @@
       },
       "user_input": "Setting.get(setting.name)",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "Setting.where(area: 'Transaction::Backend::Async').order(:name) returns defined Transaction  backend class names"
     },
     {
@@ -398,6 +483,10 @@
       },
       "user_input": "Setting.get(\"system_id\").to_s",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -418,6 +507,10 @@
       },
       "user_input": "Setting.get(\"ticket_hook\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -427,7 +520,7 @@
       "check_name": "SQL",
       "message": "Possible SQL injection",
       "file": "app/models/organization/search.rb",
-      "line": 116,
+      "line": 133,
       "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
       "code": "Organization.select(\"DISTINCT(organizations.id), #{::SqlHelper.new(:object => (self)).get_order_select(::SqlHelper.new(:object => (self)).get_sort_by(params, [\"active\", \"updated_at\"]), ::SqlHelper.new(:object => (self)).get_order_by(params, [\"desc\", \"desc\"]), \"organizations.updated_at\")}\")",
       "render_path": null,
@@ -438,6 +531,9 @@
       },
       "user_input": "::SqlHelper.new(:object => (self)).get_order_select(::SqlHelper.new(:object => (self)).get_sort_by(params, [\"active\", \"updated_at\"]), ::SqlHelper.new(:object => (self)).get_order_by(params, [\"desc\", \"desc\"]), \"organizations.updated_at\")",
       "confidence": "Medium",
+      "cwe_id": [
+        89
+      ],
       "note": "SqlHelper does properly escape table and column names."
     },
     {
@@ -458,16 +554,43 @@
       },
       "user_input": "Setting.get(\"ticket_hook\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
+    {
+      "warning_type": "Redirect",
+      "warning_code": 18,
+      "fingerprint": "a50e32b9e4436adca6c2f789c9fd6371f3e752366821d5b49480f8b004ce5ab7",
+      "check_name": "Redirect",
+      "message": "Possible unprotected redirect",
+      "file": "app/controllers/external_credentials_controller.rb",
+      "line": 38,
+      "link": "https://brakemanscanner.org/docs/warning_types/redirect/",
+      "code": "redirect_to(ExternalCredential.request_account_to_link(params[:provider].downcase, params)[:authorize_url])",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "ExternalCredentialsController",
+        "method": "link_account"
+      },
+      "user_input": "ExternalCredential.request_account_to_link(params[:provider].downcase, params)[:authorize_url]",
+      "confidence": "High",
+      "cwe_id": [
+        601
+      ],
+      "note": "https://brakemanscanner.org/docs/warning_types/redirect/"
+    },
     {
       "warning_type": "Remote Code Execution",
       "warning_code": 24,
       "fingerprint": "b4e5b1ad22930f849b12cbdf519dced6ec46b6cc653504f0a8e910c0a9590d61",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "app/models/object_manager/attribute.rb",
-      "line": 806,
+      "line": 898,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
       "code": "ObjectLookup.by_id(object_lookup_id).constantize",
       "render_path": null,
@@ -478,6 +601,9 @@
       },
       "user_input": "ObjectLookup.by_id(object_lookup_id)",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "ObjectLookup.by_id works as designed"
     },
     {
@@ -498,6 +624,9 @@
       },
       "user_input": "mysql_arguments",
       "confidence": "Medium",
+      "cwe_id": [
+        77
+      ],
       "note": "Mysql arguments are internal / from config."
     },
     {
@@ -518,6 +647,10 @@
       },
       "user_input": "Setting.get(\"ticket_hook\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -538,6 +671,9 @@
       },
       "user_input": "params[:name]",
       "confidence": "High",
+      "cwe_id": [
+        22
+      ],
       "note": "Running QUnit tests"
     },
     {
@@ -558,6 +694,9 @@
       },
       "user_input": null,
       "confidence": "High",
+      "cwe_id": [
+        295
+      ],
       "note": "Only if requester sends `:disable_ssl_verify` param"
     },
     {
@@ -565,9 +704,9 @@
       "warning_code": 24,
       "fingerprint": "d48809837203098f7be4803f19b4f180f93361030bcf145560c65582d44f8edc",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "app/models/channel/email_parser.rb",
-      "line": 154,
+      "line": 155,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
       "code": "Setting.get(setting.name).constantize",
       "render_path": null,
@@ -578,6 +717,9 @@
       },
       "user_input": "Setting.get(setting.name)",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "Setting.where(area: 'Postmaster::PreFilter').order(:name) returns defined postmaster backend class names"
     },
     {
@@ -585,9 +727,9 @@
       "warning_code": 24,
       "fingerprint": "d48809837203098f7be4803f19b4f180f93361030bcf145560c65582d44f8edc",
       "check_name": "UnsafeReflection",
-      "message": "Unsafe reflection method `constantize` called with model attribute",
+      "message": "Unsafe reflection method `constantize` called on model attribute",
       "file": "app/models/channel/email_parser.rb",
-      "line": 318,
+      "line": 319,
       "link": "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
       "code": "Setting.get(setting.name).constantize",
       "render_path": null,
@@ -598,6 +740,9 @@
       },
       "user_input": "Setting.get(setting.name)",
       "confidence": "Medium",
+      "cwe_id": [
+        470
+      ],
       "note": "Setting.where(area: 'Postmaster::PreFilter').order(:name) returns defined postmaster backend class names"
     },
     {
@@ -638,6 +783,10 @@
       },
       "user_input": "Setting.get(\"system_id\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     },
     {
@@ -654,6 +803,9 @@
       "location": null,
       "user_input": null,
       "confidence": "High",
+      "cwe_id": [
+        798
+      ],
       "note": "Since Sessions are stored in the database and not in cookies, the session secret is not used / not relevant.\""
     },
     {
@@ -674,6 +826,9 @@
       },
       "user_input": "reflection_value.name",
       "confidence": "Weak",
+      "cwe_id": [
+        89
+      ],
       "note": "Reflections come from the models themselves and are thus safe to use."
     },
     {
@@ -694,6 +849,9 @@
       },
       "user_input": "reflection_value.name",
       "confidence": "Weak",
+      "cwe_id": [
+        89
+      ],
       "note": "Reflections come from the models themselves and are thus safe to use."
     },
     {
@@ -714,6 +872,9 @@
       },
       "user_input": "mysql_arguments",
       "confidence": "Medium",
+      "cwe_id": [
+        77
+      ],
       "note": "Mysql arguments are internal / from config."
     },
     {
@@ -723,7 +884,7 @@
       "check_name": "RegexDoS",
       "message": "Model attribute used in regular expression",
       "file": "app/models/ticket.rb",
-      "line": 1577,
+      "line": 1549,
       "link": "https://brakemanscanner.org/docs/warning_types/denial_of_service/",
       "code": "/#{Setting.get(\"send_no_auto_response_reg_exp\")}/i",
       "render_path": null,
@@ -734,9 +895,13 @@
       },
       "user_input": "Setting.get(\"send_no_auto_response_reg_exp\")",
       "confidence": "Medium",
+      "cwe_id": [
+        20,
+        185
+      ],
       "note": "Admin configured RegExp"
     }
   ],
-  "updated": "2021-07-23 08:25:01 +0200",
-  "brakeman_version": "5.1.1"
+  "updated": "2022-09-22 13:19:49 +0100",
+  "brakeman_version": "5.3.1"
 }