Sha256: 43949be146f8467a6d5f87ff115d9a667d05af3f6fb9c63ae13a97551be4a588

Contents?: true

Size: 995 Bytes

Versions: 3

Compression:

Stored size: 995 Bytes

Contents

require 'simplabs/excellent/checks/base'

module Simplabs

  module Excellent

    module Checks

      module Rails

        # This check reports views (and partials) that access the +params+ hash. Accessing the +params+ hash directly in views can result in security
        # problems if the value is printed to the HTML output and in general is a bad habit because the controller, which is actually the part of the
        # application that is responsible for dealing with parameters, is circumvented.
        #
        # ==== Applies to
        #
        # * partials and regular views
        class ParamsHashInViewCheck < Base

          def initialize #:nodoc:
            super
            @interesting_nodes = [:call]
            @interesting_files = [/^.*\.(erb|rhtml)$/]
          end

          def evaluate(context) #:nodoc:
            add_warning(context, 'Params hash used in view.') if (context.full_name == 'params')
          end

        end

      end

    end

  end

end

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
simplabs-excellent-1.5.2 lib/simplabs/excellent/checks/rails/params_hash_in_view_check.rb
simplabs-excellent-1.5.3 lib/simplabs/excellent/checks/rails/params_hash_in_view_check.rb
excellent-1.5.4 lib/simplabs/excellent/checks/rails/params_hash_in_view_check.rb