Sha256: 7ea90c482eb2774f1a87944fb0cd71764d1ffb34bc650c353d314ad958019c8e
Contents?: true
Size: 1.23 KB
Versions: 5
Compression:
Stored size: 1.23 KB
Contents
require 'brakeman/checks/base_check'
#Checks if default routes are allowed in routes.rb
class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
Brakeman::Checks.add self
#Checks for :allow_all_actions globally and for individual routes
#if it is not enabled globally.
def run_check
if tracker.routes[:allow_all_actions]
#Default routes are enabled globally
warn :warning_type => "Default Routes",
:message => "All public methods in controllers are available as actions in routes.rb",
:line => tracker.routes[:allow_all_actions].line,
:confidence => CONFIDENCE[:high],
:file => "#{tracker.options[:app_path]}/config/routes.rb"
else #Report each controller separately
debug_info "Checking each controller for default routes"
tracker.routes.each do |name, actions|
if actions.is_a? Array and actions[0] == :allow_all_actions
warn :controller => name,
:warning_type => "Default Routes",
:message => "Any public method in #{name} can be used as an action.",
:line => actions[1],
:confidence => CONFIDENCE[:med],
:file => "#{tracker.options[:app_path]}/config/routes.rb"
end
end
end
end
end
Version data entries
5 entries across 5 versions & 1 rubygems