Class: Brakeman::CheckDefaultRoutes
- Inherits:
-
BaseCheck
- Object
- SexpProcessor
- BaseCheck
- Brakeman::CheckDefaultRoutes
- Defined in:
- lib/brakeman/checks/check_default_routes.rb
Overview
Checks if default routes are allowed in routes.rb
Constant Summary
Constants inherited from BaseCheck
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::PARAMETERS, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseCheck
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#run_check ⇒ Object
Checks for :allow_all_actions globally and for individual routes if it is not enabled globally.
Methods inherited from BaseCheck
#add_result, #initialize, #process_call, #process_cookies, #process_default, #process_if, #process_params
Methods included from Util
#array?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #node_type?, #number?, #params?, #pluralize, #regexp?, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #initialize, #process, #process_dummy, #scope
Constructor Details
This class inherits a constructor from Brakeman::BaseCheck
Instance Method Details
#run_check ⇒ Object
Checks for :allow_all_actions globally and for individual routes if it is not enabled globally.
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/brakeman/checks/check_default_routes.rb', line 11 def run_check if tracker.routes[:allow_all_actions] #Default routes are enabled globally warn :warning_type => "Default Routes", :message => "All public methods in controllers are available as actions in routes.rb", :line => tracker.routes[:allow_all_actions].line, :confidence => CONFIDENCE[:high], :file => "#{tracker.[:app_path]}/config/routes.rb" else #Report each controller separately Brakeman.debug "Checking each controller for default routes" tracker.routes.each do |name, actions| if actions.is_a? Array and actions[0] == :allow_all_actions warn :controller => name, :warning_type => "Default Routes", :message => "Any public method in #{name} can be used as an action.", :line => actions[1], :confidence => CONFIDENCE[:med], :file => "#{tracker.[:app_path]}/config/routes.rb" end end end end |