check_yaml_parsing.rb in railroader-4.3.7

- old
+ new

@@ -30,11 +30,11 @@
         :confidence => :high,
         :gem_info => gemfile_or_environment,
         :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion"
     end
 
-    #Warn if app accepts YAML
+    # Warn if app accepts YAML
     if version_between?("0.0.0", "2.3.14") and enabled_yaml_parser?
       message = "Parsing YAML request parameters enables remote code execution: disable YAML parser"
 
       warn :warning_type => "Remote Code Execution",
         :warning_code => :CVE_2013_0156,
@@ -45,18 +45,18 @@
     end
   end
 
   def disabled_xml_parser?
     if version_between? "0.0.0", "2.3.14"
-      #Look for ActionController::Base.param_parsers.delete(Mime::XML)
+      # Look for ActionController::Base.param_parsers.delete(Mime::XML)
       params_parser = s(:call,
                         s(:colon2, s(:const, :ActionController), :Base),
                         :param_parsers)
 
       matches = tracker.check_initializers(params_parser, :delete)
     else
-      #Look for ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
+      # Look for ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
       matches = tracker.check_initializers(:"ActionDispatch::ParamsParser::DEFAULT_PARSERS", :delete)
     end
 
     unless matches.empty?
       mime_xml = s(:colon2, s(:const, :Mime), :XML)
@@ -69,11 +69,11 @@
     end
 
     false
   end
 
-  #Look for ActionController::Base.param_parsers[Mime::YAML] = :yaml
-  #in Rails 2.x apps
+  # Look for ActionController::Base.param_parsers[Mime::YAML] = :yaml
+  # in Rails 2.x apps
   def enabled_yaml_parser?
     param_parsers = s(:call,
                       s(:colon2, s(:const, :ActionController), :Base),
                       :param_parsers)
 