Sha256: 0a0def5981af70700941eddee380e0d6a2e81c9f9472d9325d178407c980a6dd
Contents?: true
Size: 1.1 KB
Versions: 3
Compression:
Stored size: 1.1 KB
Contents
require 'brakeman/checks/base_check'
#Checks if password is stored in controller
#when using http_basic_authenticate_with
#
#Only for Rails >= 3.1
class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
Brakeman::Checks.add self
@description = "Checks for the use of http_basic_authenticate_with"
def run_check
return if version_between? "0.0.0", "3.0.99"
controllers = tracker.controllers.select do |name, c|
c[:options][:http_basic_authenticate_with]
end
Hash[controllers].each do |name, controller|
controller[:options][:http_basic_authenticate_with].each do |call|
if pass = get_password(call) and string? pass
warn :controller => name,
:warning_type => "Basic Auth",
:warning_code => :basic_auth_password,
:message => "Basic authentication password stored in source code",
:code => call,
:confidence => 0
break
end
end
end
end
def get_password call
arg = call.first_arg
return false if arg.nil? or not hash? arg
hash_access(arg, :password)
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| brakeman-1.9.5 | lib/brakeman/checks/check_basic_auth.rb |
| brakeman-1.9.4 | lib/brakeman/checks/check_basic_auth.rb |
| brakeman-1.9.3 | lib/brakeman/checks/check_basic_auth.rb |