Sha256: dcab2eeb0f80b0c5ccaf5b94e082cafb06598670545bf51fc9c1598429654fa9

Contents?: true

Size: 1.27 KB

Versions: 59

Compression:

Stored size: 1.27 KB

Contents

require 'brakeman/checks/base_check'

# Checks for unscoped calls to models' #find and #find_by_id methods.
class Brakeman::CheckUnscopedFind < Brakeman::BaseCheck
  Brakeman::Checks.add_optional self

  @description = "Check for unscoped ActiveRecord queries"

  def run_check
    Brakeman.debug("Finding instances of #find on models with associations")

    associated_model_names = active_record_models.keys.select do |name|
      active_record_models[name].associations[:belongs_to]
    end

    calls = tracker.find_call :method => [:find, :find_by_id, :find_by_id!],
                              :targets => associated_model_names

    calls.each do |call|
      process_result call
    end
  end

  def process_result result
    return if duplicate? result or result[:call].original_line

    # Not interested unless argument is user controlled.
    inputs = result[:call].args.map { |arg| include_user_input?(arg) }
    return unless input = inputs.compact.first

    add_result result

    warn :result => result,
      :warning_type => "Unscoped Find",
      :warning_code => :unscoped_find,
      :message      => "Unscoped call to #{result[:target]}##{result[:method]}",
      :code         => result[:call],
      :confidence   => CONFIDENCE[:low],
      :user_input   => input
  end
end

Version data entries

59 entries across 59 versions & 3 rubygems

Version Path
brakeman-min-3.7.2 lib/brakeman/checks/check_unscoped_find.rb
brakeman-lib-3.7.2 lib/brakeman/checks/check_unscoped_find.rb
brakeman-3.7.2 lib/brakeman/checks/check_unscoped_find.rb
brakeman-lib-3.7.1 lib/brakeman/checks/check_unscoped_find.rb
brakeman-min-3.7.1 lib/brakeman/checks/check_unscoped_find.rb
brakeman-3.7.1 lib/brakeman/checks/check_unscoped_find.rb
brakeman-lib-3.7.0 lib/brakeman/checks/check_unscoped_find.rb
brakeman-min-3.7.0 lib/brakeman/checks/check_unscoped_find.rb
brakeman-3.7.0 lib/brakeman/checks/check_unscoped_find.rb
brakeman-min-3.6.2 lib/brakeman/checks/check_unscoped_find.rb
brakeman-lib-3.6.2 lib/brakeman/checks/check_unscoped_find.rb
brakeman-3.6.2 lib/brakeman/checks/check_unscoped_find.rb
brakeman-3.6.1 lib/brakeman/checks/check_unscoped_find.rb
brakeman-min-3.6.1 lib/brakeman/checks/check_unscoped_find.rb
brakeman-lib-3.6.1 lib/brakeman/checks/check_unscoped_find.rb
brakeman-lib-3.6.0 lib/brakeman/checks/check_unscoped_find.rb
brakeman-min-3.6.0 lib/brakeman/checks/check_unscoped_find.rb
brakeman-3.6.0 lib/brakeman/checks/check_unscoped_find.rb
brakeman-min-3.5.0 lib/brakeman/checks/check_unscoped_find.rb
brakeman-lib-3.5.0 lib/brakeman/checks/check_unscoped_find.rb