Sha256: 757461397ae9470db3fab008e223837171e2263ac881acd7d41d5bddfeeb1f3f
Contents?: true
Size: 1.04 KB
Versions: 2
Compression:
Stored size: 1.04 KB
Contents
require 'simplabs/excellent/checks/base'
module Simplabs
module Excellent
module Checks
module Rails
# This check reports views (and partials) that access the +session+ hash. Accessing the +session+ hash directly in views can result in security
# problems if the value is printed to the HTML output and in general is a bad habit because the controller, which is actually the part of the
# application that is responsible for dealing with session data, is circumvented.
#
# ==== Applies to
#
# * partials and regular views
class SessionHashInViewCheck < Base
def initialize #:nodoc:
super
@interesting_contexts = [Parsing::CallContext]
@interesting_files = [/^.*\.(erb|rhtml|haml)$/]
end
def evaluate(context) #:nodoc:
add_warning(context, 'Session hash used in view.', {}, RUBY_VERSION =~ /1\.8/ ? 0 : -1) if (context.full_name == 'session')
end
end
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| excellent-1.7.2 | lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb |
| excellent-1.7.1 | lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb |