Class: Contrast::Framework::Rack::Patch::SessionCookie
- Extended by:
- Components::Logger::InstanceMethods, Components::Scope::InstanceMethods, Utils::InvalidConfigurationUtil
- Defined in:
- lib/contrast/framework/rack/patch/session_cookie.rb
Overview
Our patch into the Rack::Session::Cookie Class, allowing for the runtime detection of insecure configurations on individual cookies within the application
Direct Known Subclasses
Constant Summary collapse
- CS__SECURE_RULE_NAME =
'secure-flag-missing'- CS__HTTPONLY_NAME =
'rails-http-only-disabled'- CS__SESSION_TIMEOUT_NAME =
'session-timeout'- SAFE_SESSION_TIMEOUT =
(30 * 60 * 60)
Constants included from Utils::InvalidConfigurationUtil
Utils::InvalidConfigurationUtil::CS__PATH, Utils::InvalidConfigurationUtil::CS__SESSION_ID, Utils::InvalidConfigurationUtil::CS__SNIPPET
Class Method Summary collapse
Methods included from Utils::InvalidConfigurationUtil
Methods included from Components::Scope::InstanceMethods
contrast_enter_method_scopes!, contrast_exit_method_scopes!, with_app_scope, with_contrast_scope, with_deserialization_scope, with_split_scope
Methods included from Components::Logger::InstanceMethods
Class Method Details
.analyze(options) ⇒ Object
38 39 40 41 42 43 44 45 |
# File 'lib/contrast/framework/rack/patch/session_cookie.rb', line 38 def analyze return unless ::Contrast::AGENT.enabled? return if ::Contrast::ASSESS.forcibly_disabled? apply_session_timeout() apply_httponly() apply_secure_session() end |
.instrument ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/contrast/framework/rack/patch/session_cookie.rb', line 25 def instrument @_instrument ||= begin ::Rack::Session::Cookie.class_eval do alias_method(:cs__patched_initialize, :initialize) def initialize app, = {} # rubocop:disable Style/OptionHash Contrast::Framework::Rack::Patch::SessionCookie.analyze() cs__patched_initialize(app, ) end end true end end |