Contents

module Security
  class CSRFTokenValidation < RuboCop::Cop::Base
    MSG = 'Do not disable authenticity token validation'
    def_node_matcher :skip_before_action, '(send _ :skip_before_action _)'

    def on_send(node)
      return unless skip_before_action(node)

      _, _, parts = *node
      method = parts.node_parts
      add_offense(node.loc.selector) if found_match(method[0])
    end

    def found_match(method)
      [:verify_authenticity_token, 'verify_authenticity_token'].include?(method)
    end
  end
end

Version data entries

10 entries across 10 versions & 1 rubygems

Version	Path
simplycop-2.12.0	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.11.1	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.11.0	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.10.0	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.9.1	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.9.0	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.8.0	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.7.2	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.7.1	lib/simplycop/security/csrf_token_validation.rb
simplycop-2.7.0	lib/simplycop/security/csrf_token_validation.rb