Sha256: 39895df93622db541cea11502ccd0c701a22a2b5ab202db0ba6096ad7a2a08f7

Contents?: true

Size: 1 KB

Versions: 8

Compression:

Stored size: 1 KB

Contents

module Codesake
  module Dawn
    module Kb
      module OwaspRorCheatSheet
        class Csrf
          include PatternMatchCheck

          def initialize
            message = "Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request."

            super({
              :name=>"Owasp Ror CheatSheet: Cross Site Request Forgery",
              :kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
              :applies=>["rails"],
              :glob=>"application_controller.rb",
              :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
              :message=>message,
              :attack_pattern => ["protect_from_forgery"],
              :negative_search=>true
            })
            # @debug = true
          end

        end
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version Path
codesake-dawn-1.0.0 lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
codesake-dawn-1.0.0.rc2 lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
codesake-dawn-1.0.0.rc1 lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
codesake-dawn-0.85 lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
codesake-dawn-0.80.0 lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
codesake-dawn-0.79.99 lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
codesake-dawn-0.77 lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
codesake-dawn-0.75 lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb