Sha256: bd25bcac46b47f627cce40598e393289e0a4593cb30b79e5f07c61b1956e7709
Contents?: true
Size: 1.21 KB
Versions: 13
Compression:
Stored size: 1.21 KB
Contents
module Dawn
module Kb
module OwaspRorCheatSheet
class Csrf
include PatternMatchCheck
def initialize
message = "Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request."
super({
:name=>"Owasp Ror CheatSheet: Cross Site Request Forgery",
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
:applies=>["rails"],
:glob=>"application_controller.rb",
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
:message=>message,
:attack_pattern => ["protect_from_forgery"],
:negative_search=>true,
:mitigation=>"Make sure you are using Rails protect_from_forgery facilities in application_controller.rMake sure you are using Rails protect_from_forgery facilities in application_controller.rb",
:severity=>:info,
:check_family=>:owasp_ror_cheatsheet
})
# @debug = true
end
end
end
end
end
Version data entries
13 entries across 13 versions & 1 rubygems