ruby-on-rails - Brakeman 警告动态渲染路径

Question

我有代码。users_controller.rb

  def show
    @user = User.find_by id: params[:id]
    @microposts = @user.microposts.order_micropost.paginate(page: params[:page], per_page: 5)
  end

并查看/用户/show.html.erb

<% provide :title, @user.name %>
<div class="row">
  <aside class="col-md-4">
    <section class="user-info">
      <h1>
        <%= gravatar_for @user %>
        <%= @user.name %>
      </h1>
    </section>
  </aside>
  <div class="col-md-8">
    <% if @user.microposts.any? %>
      <h3><%= t ".count_microposts", count:  @user.microposts.count %></h3>
      <ol class="microposts">
        <%= render @microposts %>
      </ol>
      <%= will_paginate @microposts %>
    <% end %>
  </div>
</div>

在 micropost/_micropost.html.erb

<li id="micropost-<%= micropost.id %>">
  <span class="user">
    <%= link_to micropost.user.name, micropost.user %>
  </span>
  <span class="content">
    <%= micropost.content %>
    <%= image_tag micropost.picture.url if micropost.picture? %>
  </span>
  <span class="timestamp">
    <span class="timeago" title=<%= micropost.created_at %>></span>
  <% if current_user.current_user?(micropost.user) %>
    <%= link_to t(".delete"), micropost, method: :delete,
      data: { confirm: t(".confirm") } %>
  <% end %>
  </span>
</li>

并且我警告动态渲染路径，并突出显示 <%= render @microposts %> .我怎样才能修复它以通过brakenman？

这是确切的错误:

Render path contains parameter value near line 15: render(action => User.find_by(:id => params[:id]).microposts.order_micropost.paginate(:page => params[:page]), {})

Answer 1

这是brakeman的一个已知问题，如果你只是想让代码通过brakeman，你可以更改<%= render @microposts %>至 <%= render partial: 'micropost', :collection => @microposts %> .
来源:https://github.com/presidentbeef/brakeman/pull/529