Sha256: 1799c0bbf9db8421d1c3bc4a2923d8fc14c2df4a52dcec5b6296972d80feedc8
Contents?: true
Size: 1.06 KB
Versions: 8
Compression:
Stored size: 1.06 KB
Contents
require 'checks/base_check'
#Checks if password is stored in controller
#when using http_basic_authenticate_with
#
#Only for Rails >= 3.1
class CheckBasicAuth < BaseCheck
Checks.add self
def run_check
return if version_between? "0.0.0", "3.0.99"
controllers = tracker.controllers.select do |name, c|
c[:options][:http_basic_authenticate_with]
end
Hash[controllers].each do |name, controller|
controller[:options][:http_basic_authenticate_with].each do |call|
if pass = get_password(call) and string? pass
warn :controller => name,
:warning_type => "Basic Auth",
:message => "Basic authentication password stored in source code",
:line => call.line,
:code => call,
:confidence => 0
break
end
end
end
end
def get_password call
args = call[3][1]
return false if args.nil? or not hash? args
hash_iterate(args) do |k, v|
if symbol? k and k[1] == :password
return v
end
end
nil
end
end
Version data entries
8 entries across 8 versions & 1 rubygems