Sha256: 7ea90c482eb2774f1a87944fb0cd71764d1ffb34bc650c353d314ad958019c8e

Contents?: true

Size: 1.23 KB

Versions: 5

Compression:

Stored size: 1.23 KB

Contents

require 'brakeman/checks/base_check'

#Checks if default routes are allowed in routes.rb
class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
  Brakeman::Checks.add self

  #Checks for :allow_all_actions globally and for individual routes
  #if it is not enabled globally.
  def run_check
    if tracker.routes[:allow_all_actions]
      #Default routes are enabled globally
      warn :warning_type => "Default Routes", 
        :message => "All public methods in controllers are available as actions in routes.rb",
        :line => tracker.routes[:allow_all_actions].line, 
        :confidence => CONFIDENCE[:high],
        :file => "#{tracker.options[:app_path]}/config/routes.rb"
    else #Report each controller separately
      debug_info "Checking each controller for default routes"

      tracker.routes.each do |name, actions|
        if actions.is_a? Array and actions[0] == :allow_all_actions
          warn :controller => name,
            :warning_type => "Default Routes", 
            :message => "Any public method in #{name} can be used as an action.",
            :line => actions[1],
            :confidence => CONFIDENCE[:med],
            :file => "#{tracker.options[:app_path]}/config/routes.rb"
        end
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
brakeman-1.2.0 lib/brakeman/checks/check_default_routes.rb
brakeman-1.1.0 lib/brakeman/checks/check_default_routes.rb
brakeman-1.1.pre lib/brakeman/checks/check_default_routes.rb
brakeman-1.0.0 lib/brakeman/checks/check_default_routes.rb
brakeman-1.0.rc1 lib/brakeman/checks/check_default_routes.rb