Sha256: 796a0da825e4c135552d83819a6c0c1bcbb97ba489571f2b36754f87d934f106

Contents?: true

Size: 1.07 KB

Versions: 7

Compression:

Stored size: 1.07 KB

Contents

module Codesake
  module Dawn
    module Kb
      module OwaspRorCheatSheet

        class SessionStoredInDatabase
          include PatternMatchCheck

          def initialize
            message = "By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session."

            super({
              :name=>"Owasp Ror CheatSheet: Session management",
              :kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
              :applies=>["rails"],
              :glob=>"session_store.rb",
              :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
              :message=>message,
              :attack_pattern => ["Application.config.session_store :active_record_store"],
              :negative_search=>true
            })
            # @debug = true
          end 
        end
      end
    end
  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version Path
codesake-dawn-1.0.0 lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb
codesake-dawn-1.0.0.rc2 lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb
codesake-dawn-1.0.0.rc1 lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb
codesake-dawn-0.85 lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb
codesake-dawn-0.80.0 lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb
codesake-dawn-0.79.99 lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb
codesake-dawn-0.77 lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb