Sha256: 103adf0af4662d261f7ada444e917e8469abce11cfd1e7056c86b2c4ff4843a5
Contents?: true
Size: 1.14 KB
Versions: 2
Compression:
Stored size: 1.14 KB
Contents
require 'brakeman/checks/base_check' #Checks if password is stored in controller #when using http_basic_authenticate_with # #Only for Rails >= 3.1 class Brakeman::CheckBasicAuth < Brakeman::BaseCheck Brakeman::Checks.add self @description = "Checks for the use of http_basic_authenticate_with" def run_check return if version_between? "0.0.0", "3.0.99" controllers = tracker.controllers.select do |name, c| c[:options][:http_basic_authenticate_with] end Hash[controllers].each do |name, controller| controller[:options][:http_basic_authenticate_with].each do |call| if pass = get_password(call) and string? pass warn :controller => name, :warning_type => "Basic Auth", :warning_code => :basic_auth_password, :message => "Basic authentication password stored in source code", :code => call, :confidence => 0, :file => controller[:file] break end end end end def get_password call arg = call.first_arg return false if arg.nil? or not hash? arg hash_access(arg, :password) end end
Version data entries
2 entries across 2 versions & 1 rubygems
Version | Path |
---|---|
brakeman-2.0.0 | lib/brakeman/checks/check_basic_auth.rb |
brakeman-2.0.0.pre2 | lib/brakeman/checks/check_basic_auth.rb |