Fix brakeman warnings

app/models/rule/condition.rb

@@ -18,9 +18,9 @@ class Rule::Condition < ApplicationRecord
     when "compound"
       filtered_scope = build_compound_scope(filtered_scope)
     when "transaction_name"
-      filtered_scope = filtered_scope.where("account_entries.name #{Arel.sql(sanitize_operator(operator))} ?", value)
+      filtered_scope = filtered_scope.where(build_sanitized_comparison_sql("account_entries.name", operator), value)
     when "transaction_amount"
-      filtered_scope = filtered_scope.where("account_entries.amount #{Arel.sql(sanitize_operator(operator))} ?", value.to_d)
+      filtered_scope = filtered_scope.where(build_sanitized_comparison_sql("account_entries.amount", operator), value.to_d)
     when "transaction_merchant"
       filtered_scope = filtered_scope.left_joins(:merchant).where(merchant: { name: value })
     else
@@ -31,6 +31,10 @@ class Rule::Condition < ApplicationRecord
   end
 
   private
+    def build_sanitized_comparison_sql(field, operator)
+      "#{field} #{sanitize_operator(operator)} ?"
+    end
+
     def sanitize_operator(operator)
       raise UnsupportedOperatorError, "Unsupported operator: #{operator}" unless OPERATORS.include?(operator)
       operator

app/views/layouts/application.html.erb

@@ -1,8 +1,8 @@
 <%= render "layouts/shared/htmldoc" do %>
   <% sidebar_config = app_sidebar_config(Current.user) %>
 
-  <div class="flex h-full bg-gray-50" 
-       data-controller="sidebar" 
+  <div class="flex h-full bg-gray-50"
+       data-controller="sidebar"
        data-sidebar-user-id-value="<%= Current.user.id %>"
        data-sidebar-config-value="<%= sidebar_config.to_json %>">
     <button hidden data-controller="hotkey" data-hotkey="b" data-action="sidebar#toggleLeftPanel">Toggle accounts</button>
@@ -34,7 +34,7 @@
       </div>
     </nav>
 
-    <%= tag.div class: class_names("py-4 shrink-0 h-full overflow-y-auto transition-all duration-300"), 
+    <%= tag.div class: class_names("py-4 shrink-0 h-full overflow-y-auto transition-all duration-300"),
                 style: "width: #{sidebar_config.dig(:left_panel, :initial_width)}px",
                 data: { sidebar_target: "leftPanel" } do %>
       <% if content_for?(:sidebar) %>

app/views/rules/_form.html.erb

@@ -1,2 +1 @@
 <p>Placeholder: rules/_form partial</p>
- 

app/views/rules/edit.html.erb

@@ -1,2 +1 @@
 <p>Placeholder: rules#edit</p>
- 

app/views/rules/index.html.erb

@@ -1,3 +1,3 @@
 <% content_for :page_title, "Rules" %>
 
-<p>Placeholder: rules#index</p>
+<p>Placeholder: rules#index</p>

app/views/rules/new.html.erb

@@ -1,2 +1 @@
 <p>Placeholder: rules#new</p>
- 

app/views/rules/show.html.erb

@@ -1,2 +1 @@
 <p>Placeholder: rules#show</p>
- 

config/brakeman.ignore

@@ -46,40 +46,6 @@
       ],
       "note": ""
     },
-    {
-      "warning_type": "Cross-Site Scripting",
-      "warning_code": 2,
-      "fingerprint": "b1f821a5c03b8aa348fb21b9297081a3bf9e954244290e7e511c67213d35f3dc",
-      "check_name": "CrossSiteScripting",
-      "message": "Unescaped model attribute",
-      "file": "app/views/pages/changelog.html.erb",
-      "line": 18,
-      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
-      "code": "Provider::Github.new.fetch_latest_release_notes[:body]",
-      "render_path": [
-        {
-          "type": "controller",
-          "class": "PagesController",
-          "method": "changelog",
-          "line": 15,
-          "file": "app/controllers/pages_controller.rb",
-          "rendered": {
-            "name": "pages/changelog",
-            "file": "app/views/pages/changelog.html.erb"
-          }
-        }
-      ],
-      "location": {
-        "type": "template",
-        "template": "pages/changelog"
-      },
-      "user_input": null,
-      "confidence": "High",
-      "cwe_id": [
-        79
-      ],
-      "note": ""
-    },
     {
       "warning_type": "Dangerous Eval",
       "warning_code": 13,