Sha256: 66bc91e949feae9af3a3eb201174e57cb400b55739acaa6d1aa62bb724cc5ec1

Contents?: true

Size: 1.28 KB

Versions: 21

Compression:

Stored size: 1.28 KB

Contents

require 'brakeman/checks/base_check'

#Checks if default routes are allowed in routes.rb
class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
  Brakeman::Checks.add self

  @description = "Checks for default routes"

  #Checks for :allow_all_actions globally and for individual routes
  #if it is not enabled globally.
  def run_check
    if tracker.routes[:allow_all_actions]
      #Default routes are enabled globally
      warn :warning_type => "Default Routes", 
        :message => "All public methods in controllers are available as actions in routes.rb",
        :line => tracker.routes[:allow_all_actions].line, 
        :confidence => CONFIDENCE[:high],
        :file => "#{tracker.options[:app_path]}/config/routes.rb"
    else #Report each controller separately
      Brakeman.debug "Checking each controller for default routes"

      tracker.routes.each do |name, actions|
        if actions.is_a? Array and actions[0] == :allow_all_actions
          warn :controller => name,
            :warning_type => "Default Routes", 
            :message => "Any public method in #{name} can be used as an action.",
            :line => actions[1],
            :confidence => CONFIDENCE[:med],
            :file => "#{tracker.options[:app_path]}/config/routes.rb"
        end
      end
    end
  end
end

Version data entries

21 entries across 21 versions & 1 rubygems

Version Path
brakeman-1.9.2 lib/brakeman/checks/check_default_routes.rb
brakeman-1.9.1 lib/brakeman/checks/check_default_routes.rb
brakeman-1.9.0 lib/brakeman/checks/check_default_routes.rb
brakeman-1.9.0.pre2 lib/brakeman/checks/check_default_routes.rb
brakeman-1.9.0.pre1 lib/brakeman/checks/check_default_routes.rb
brakeman-1.8.3 lib/brakeman/checks/check_default_routes.rb
brakeman-1.8.2 lib/brakeman/checks/check_default_routes.rb
brakeman-1.8.1 lib/brakeman/checks/check_default_routes.rb
brakeman-1.8.0 lib/brakeman/checks/check_default_routes.rb
brakeman-1.7.1 lib/brakeman/checks/check_default_routes.rb
brakeman-1.7.0 lib/brakeman/checks/check_default_routes.rb
brakeman-1.6.2 lib/brakeman/checks/check_default_routes.rb
brakeman-1.6.1 lib/brakeman/checks/check_default_routes.rb
brakeman-1.6.0 lib/brakeman/checks/check_default_routes.rb
brakeman-1.6.0.pre1 lib/brakeman/checks/check_default_routes.rb
brakeman-1.5.3 lib/brakeman/checks/check_default_routes.rb
brakeman-1.5.2 lib/brakeman/checks/check_default_routes.rb
brakeman-1.5.1 lib/brakeman/checks/check_default_routes.rb
brakeman-1.5.0 lib/brakeman/checks/check_default_routes.rb
brakeman-1.4.0 lib/brakeman/checks/check_default_routes.rb