Add a comment around the use of safe_constantize

It triggers a Brakeman error that can be safely ignored
2026-01-30 21:27:17 +00:00 · 2023-07-24 11:39:26 +10:00
parent 9c9a6234e1
commit a2def2424c
1 changed files with 2 additions and 0 deletions
--- a/app/controllers/admin/vouchers_controller.rb
+++ b/app/controllers/admin/vouchers_controller.rb
@@ -9,6 +9,8 @@ module Admin
    end

    def create
+      # The use of "safe_constantize" here will trigger a Brakeman error, it can safely be ignored
+      # as it's a false positive : https://github.com/openfoodfoundation/openfoodnetwork/pull/10821
      voucher_type = params[:vouchers_flat_rate][:voucher_type]
      if Voucher::TYPES.include?(voucher_type)
        @voucher = voucher_type.safe_constantize.create(