RubygemsResearch

Sha256: 5bbbf30d93fa8cee39a49d11812a65531c9df7c26d2c01d70307de1a138a2a9a

Contents?: true

Size: 1.79 KB

Versions: 24

Compression:

Stored size: 1.79 KB

require 'brakeman/checks/base_check'

class Brakeman::CheckVerbConfusion < Brakeman::BaseCheck
  Brakeman::Checks.add self

  @description = "Check for uses of `request.get?` that might have unintentional behavior"

  #Process calls
  def run_check
    calls = tracker.find_call(target: :request, methods: [:get?])

    calls.each do |call|
      process_result call
    end
  end

  def process_result result
    @current_result = result
    @matched_call = result[:call]
    klass = tracker.find_class(result[:location][:class])

    # TODO: abstract into tracker.find_location ?
    if klass.nil?
      Brakeman.debug "No class found: #{result[:location][:class]}"
      return
    end

    method = klass.get_method(result[:location][:method])

    if method.nil?
      Brakeman.debug "No method found: #{result[:location][:method]}"
      return
    end

    process method.src
  end

  def process_if exp
    if exp.condition == @matched_call
      # Found `if request.get?`

      # Do not warn if there is an `elsif` clause
      if node_type? exp.else_clause, :if
        return exp
      end

      warn_about_result @current_result, exp
    end

    exp
  end

  def warn_about_result result, code
    return unless original? result

    confidence = :weak
    message = msg('Potential HTTP verb confusion. ',
                  msg_code('HEAD'),
                  ' is routed like ',
                  msg_code('GET'),
                  ' but ',
                  msg_code('request.get?'),
                  ' will return ',
                  msg_code('false')
                 )

    warn :result => result,
      :warning_type => "HTTP Verb Confusion",
      :warning_code => :http_verb_confusion,
      :message => message,
      :code => code,
      :user_input => result[:call],
      :confidence => confidence
  end
end

Version data entries

24 entries across 24 versions & 3 rubygems

Version	Path
brakeman-5.2.3	lib/brakeman/checks/check_verb_confusion.rb
brakeman-lib-5.2.3	lib/brakeman/checks/check_verb_confusion.rb
brakeman-min-5.2.3	lib/brakeman/checks/check_verb_confusion.rb
brakeman-5.2.2	lib/brakeman/checks/check_verb_confusion.rb
brakeman-lib-5.2.2	lib/brakeman/checks/check_verb_confusion.rb
brakeman-min-5.2.2	lib/brakeman/checks/check_verb_confusion.rb
brakeman-5.2.1	lib/brakeman/checks/check_verb_confusion.rb
brakeman-lib-5.2.1	lib/brakeman/checks/check_verb_confusion.rb
brakeman-min-5.2.1	lib/brakeman/checks/check_verb_confusion.rb
brakeman-5.2.0	lib/brakeman/checks/check_verb_confusion.rb
brakeman-lib-5.2.0	lib/brakeman/checks/check_verb_confusion.rb
brakeman-min-5.2.0	lib/brakeman/checks/check_verb_confusion.rb
brakeman-5.1.2	lib/brakeman/checks/check_verb_confusion.rb
brakeman-lib-5.1.2	lib/brakeman/checks/check_verb_confusion.rb
brakeman-min-5.1.2	lib/brakeman/checks/check_verb_confusion.rb
brakeman-5.1.1	lib/brakeman/checks/check_verb_confusion.rb
brakeman-lib-5.1.1	lib/brakeman/checks/check_verb_confusion.rb
brakeman-min-5.1.1	lib/brakeman/checks/check_verb_confusion.rb
brakeman-5.1.0	lib/brakeman/checks/check_verb_confusion.rb
brakeman-lib-5.1.0	lib/brakeman/checks/check_verb_confusion.rb