Sha256: 103adf0af4662d261f7ada444e917e8469abce11cfd1e7056c86b2c4ff4843a5
Contents?: true
Size: 1.14 KB
Versions: 2
Compression:
Stored size: 1.14 KB
Contents
require 'brakeman/checks/base_check'
#Checks if password is stored in controller
#when using http_basic_authenticate_with
#
#Only for Rails >= 3.1
class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
Brakeman::Checks.add self
@description = "Checks for the use of http_basic_authenticate_with"
def run_check
return if version_between? "0.0.0", "3.0.99"
controllers = tracker.controllers.select do |name, c|
c[:options][:http_basic_authenticate_with]
end
Hash[controllers].each do |name, controller|
controller[:options][:http_basic_authenticate_with].each do |call|
if pass = get_password(call) and string? pass
warn :controller => name,
:warning_type => "Basic Auth",
:warning_code => :basic_auth_password,
:message => "Basic authentication password stored in source code",
:code => call,
:confidence => 0,
:file => controller[:file]
break
end
end
end
end
def get_password call
arg = call.first_arg
return false if arg.nil? or not hash? arg
hash_access(arg, :password)
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| brakeman-2.0.0 | lib/brakeman/checks/check_basic_auth.rb |
| brakeman-2.0.0.pre2 | lib/brakeman/checks/check_basic_auth.rb |