Contents

require 'simplabs/excellent/checks/base'

module Simplabs

  module Excellent

    module Checks

      module Rails

        # This check reports views (and partials) that access the +session+ hash. Accessing the +session+ hash directly in views can result in security
        # problems if the value is printed to the HTML output and in general is a bad habit because the controller, which is actually the part of the
        # application that is responsible for dealing with session data, is circumvented.
        #
        # ==== Applies to
        #
        # * partials and regular views
        class SessionHashInViewCheck < Base

          def initialize(options = {}) #:nodoc:
            super
            @interesting_contexts = [Parsing::CallContext]
            @interesting_files = [/^.*\.(erb|rhtml|haml)$/]
          end

          def evaluate(context) #:nodoc:
            add_warning(context, 'Session hash used in view.', {}, RUBY_VERSION =~ /1\.8/ ? 0 : -1) if (context.full_name == 'session')
          end

        end

      end

    end

  end

end

Version data entries

4 entries across 4 versions & 1 rubygems

Version	Path
excellent-2.1.1	lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb
excellent-2.1.0	lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb
excellent-2.0.1	lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb
excellent-2.0.0	lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb