Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

module Rails
  class Application
    # Our patch into the Rails::Application::Configuration Class, allowing
    # for the runtime detection of insecure configurations on individual
    # ActionDispatch::Session::AbstractStore instances within the
    # application.
    class Configuration
      include Contrast::Utils::InvalidConfigurationUtil
      include Contrast::Components::Interface

      # Note to self / PR reviewers / wizard people dear reader,
      # including the components into Rails here may be unnecessary
      # if we're not calling anything besides #analyze_session_store?
      access_component :analysis, :scope

      alias_method :cs__patched_session_store, :session_store
      def session_store *args
        ret = cs__patched_session_store(*args)
        Contrast::Utils::RailsAssessConfiguration.analyze_session_store(*args)
        ret
      end
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version	Path
contrast-agent-3.11.0	lib/contrast/extensions/framework/rails/configuration.rb
contrast-agent-3.10.2	lib/contrast/extensions/framework/rails/configuration.rb
contrast-agent-3.10.1	lib/contrast/extensions/framework/rails/configuration.rb
contrast-agent-3.10.0	lib/contrast/extensions/framework/rails/configuration.rb
contrast-agent-3.9.1	lib/contrast/extensions/framework/rails/configuration.rb
contrast-agent-3.9.0	lib/contrast/extensions/framework/rails/configuration.rb