Sha256: a6db6ca7ae4ea09b48ada40e9be150fc08e2f6581a352383019a231fc253be67

Contents?: true

Size: 1.38 KB

Versions: 27

Compression:

Stored size: 1.38 KB

Contents

require 'brakeman/checks/base_check'

#Checks if default routes are allowed in routes.rb
class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
  Brakeman::Checks.add self

  @description = "Checks for default routes"

  #Checks for :allow_all_actions globally and for individual routes
  #if it is not enabled globally.
  def run_check
    if tracker.routes[:allow_all_actions]
      #Default routes are enabled globally
      warn :warning_type => "Default Routes", 
        :warning_code => :all_default_routes,
        :message => "All public methods in controllers are available as actions in routes.rb",
        :line => tracker.routes[:allow_all_actions].line, 
        :confidence => CONFIDENCE[:high],
        :file => "#{tracker.options[:app_path]}/config/routes.rb"
    else #Report each controller separately
      Brakeman.debug "Checking each controller for default routes"

      tracker.routes.each do |name, actions|
        if actions.is_a? Array and actions[0] == :allow_all_actions
          warn :controller => name,
            :warning_type => "Default Routes", 
            :warning_code => :controller_default_routes,
            :message => "Any public method in #{name} can be used as an action.",
            :line => actions[1],
            :confidence => CONFIDENCE[:med],
            :file => "#{tracker.options[:app_path]}/config/routes.rb"
        end
      end
    end
  end
end

Version data entries

27 entries across 27 versions & 2 rubygems

Version Path
brakeman-min-2.5.0 lib/brakeman/checks/check_default_routes.rb
brakeman-2.5.0 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.4.3 lib/brakeman/checks/check_default_routes.rb
brakeman-2.4.3 lib/brakeman/checks/check_default_routes.rb
brakeman-2.4.2 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.4.2 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.4.1 lib/brakeman/checks/check_default_routes.rb
brakeman-2.4.1 lib/brakeman/checks/check_default_routes.rb
brakeman-2.4.0 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.4.0 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.3.1 lib/brakeman/checks/check_default_routes.rb
brakeman-2.3.1 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.3.0 lib/brakeman/checks/check_default_routes.rb
brakeman-2.3.0 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.2.0 lib/brakeman/checks/check_default_routes.rb
brakeman-2.2.0 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.1.2 lib/brakeman/checks/check_default_routes.rb
brakeman-2.1.2 lib/brakeman/checks/check_default_routes.rb
brakeman-min-2.1.1 lib/brakeman/checks/check_default_routes.rb
brakeman-2.1.1 lib/brakeman/checks/check_default_routes.rb