Sha256: a518ae1958919e8c7d344566accb0e0d9c192612fc071f51184f9ea0c1cc22ab
Contents?: true
Size: 1.01 KB
Versions: 1
Compression:
Stored size: 1.01 KB
Contents
require 'simplabs/excellent/checks/base'
module Simplabs
module Excellent
module Checks
module Rails
# This check reports views (and partials) that access the +session+ hash. Accessing the +session+ hash directly in views can result in security
# problems if the value is printed to the HTML output and in general is a bad habit because the controller, which is actually the part of the
# application that is responsible for dealing with session data, is circumvented.
#
# ==== Applies to
#
# * partials and regular views
class SessionHashInViewCheck < Base
def initialize #:nodoc:
super
@interesting_contexts = [Parsing::CallContext]
@interesting_files = [/^.*\.(erb|rhtml|haml)$/]
end
def evaluate(context) #:nodoc:
add_warning(context, 'Session hash used in view.', {}, -1) if (context.full_name == 'session')
end
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| excellent-1.6.0 | lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb |