From b3912209453dc6705290e54d10e3e6882564adcb Mon Sep 17 00:00:00 2001
From: nacchan <spring.moon.0421@gmail.com>
Date: Tue, 12 Aug 2025 10:44:05 +0900
Subject: [PATCH 1/2] =?UTF-8?q?security:=20Book.exist=3F=20=E3=82=92?=
 =?UTF-8?q?=E6=8B=A1=E5=BC=B5=E3=81=97=E3=81=A6Dynamic=20Render=20Path?=
 =?UTF-8?q?=E8=84=86=E5=BC=B1=E6=80=A7=E3=82=92=E8=A7=A3=E6=B6=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Book.exist? メソッドで対象ディレクトリ内のファイル存在確認を行うよう修正
- 不要となった SotechshaPagesController / Sotechsha2PagesController を削除
---
 app/controllers/sotechsha2_pages_controller.rb |  7 -------
 app/controllers/sotechsha_pages_controller.rb  |  7 -------
 app/models/book.rb                             | 11 ++++++++---
 3 files changed, 8 insertions(+), 17 deletions(-)
 delete mode 100644 app/controllers/sotechsha2_pages_controller.rb
 delete mode 100644 app/controllers/sotechsha_pages_controller.rb

diff --git a/app/controllers/sotechsha2_pages_controller.rb b/app/controllers/sotechsha2_pages_controller.rb
deleted file mode 100644
index fe3c7a07b..000000000
--- a/app/controllers/sotechsha2_pages_controller.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-class Sotechsha2PagesController < ApplicationController
-  def index; end
-
-  def show
-    render "sotechsha2_pages/#{params[:page]}"
-  end
-end
diff --git a/app/controllers/sotechsha_pages_controller.rb b/app/controllers/sotechsha_pages_controller.rb
deleted file mode 100644
index bb5ccfbd5..000000000
--- a/app/controllers/sotechsha_pages_controller.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-class SotechshaPagesController < ApplicationController
-  def index; end
-
-  def show
-    render "sotechsha_pages/#{params[:page]}"
-  end
-end
diff --git a/app/models/book.rb b/app/models/book.rb
index ff28872ae..7148b0068 100644
--- a/app/models/book.rb
+++ b/app/models/book.rb
@@ -19,9 +19,14 @@ def find(title)
     end
 
     def exist?(title, page)
-      page.nil? ?
-        self.find(title).any? :
-        self.find(title).map(&:filename).include?(page + ".html")
+      return false unless page.present?
+  
+      view_paths = [
+        Rails.root.join("app/views/books/#{title}/#{page}.html.erb"),
+        Rails.root.join("app/views/#{title}/#{page}.html.erb")
+      ]
+  
+      view_paths.any? { |path| File.exist?(path) }
     end
   end
 

From 9bcc9e6bbb687e8c8a712da158b13b34ade7c314 Mon Sep 17 00:00:00 2001
From: nacchan <spring.moon.0421@gmail.com>
Date: Tue, 12 Aug 2025 10:59:06 +0900
Subject: [PATCH 2/2] =?UTF-8?q?chore:=20Dynamic=20Render=20Path=E5=AF=BE?=
 =?UTF-8?q?=E5=BF=9C=E5=AE=8C=E4=BA=86=E3=81=AB=E4=BC=B4=E3=81=84=E8=A9=B2?=
 =?UTF-8?q?=E5=BD=93=E3=81=AEBrakeman=20ignore=E3=82=92=E5=89=8A=E9=99=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/brakeman.ignore | 46 ------------------------------------------
 1 file changed, 46 deletions(-)

diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index 4b3ac0252..057f44d0d 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -1,28 +1,5 @@
 {
   "ignored_warnings": [
-    {
-      "warning_type": "Dynamic Render Path",
-      "warning_code": 15,
-      "fingerprint": "69b5a133fab8ea617d2581423cefaf077b9366e683c5fac715647bddeec7f50a",
-      "check_name": "Render",
-      "message": "Render path contains parameter value",
-      "file": "app/controllers/sotechsha_pages_controller.rb",
-      "line": 5,
-      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
-      "code": "render(action => \"sotechsha_pages/#{params[:page]}\", {})",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "SotechshaPagesController",
-        "method": "show"
-      },
-      "user_input": "params[:page]",
-      "confidence": "Medium",
-      "cwe_id": [
-        22
-      ],
-      "note": ""
-    },
     {
       "warning_type": "Command Injection",
       "warning_code": 14,
@@ -188,29 +165,6 @@
       ],
       "note": ""
     },
-    {
-      "warning_type": "Dynamic Render Path",
-      "warning_code": 15,
-      "fingerprint": "c54623ebce2c2053b95088b9da8112aee962e7cadd79bd9b4b9afdedaddc15b1",
-      "check_name": "Render",
-      "message": "Render path contains parameter value",
-      "file": "app/controllers/sotechsha2_pages_controller.rb",
-      "line": 5,
-      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
-      "code": "render(action => \"sotechsha2_pages/#{params[:page]}\", {})",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Sotechsha2PagesController",
-        "method": "show"
-      },
-      "user_input": "params[:page]",
-      "confidence": "Medium",
-      "cwe_id": [
-        22
-      ],
-      "note": ""
-    },
     {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 2,