Module: Contrast::Framework::Rails::Patch::AssessConfiguration

Extended by:: Utils::InvalidConfigurationUtil

Includes:: Components::Logger::InstanceMethods

Defined in:: lib/contrast/framework/rails/patch/assess_configuration.rb

Overview

This module is used to analyze rails session storage configuration for assess vulnerabilities

Constant Summary collapse

CS__SESSION_TIMEOUT_NAME =

'session-timeout'

SAFE_SESSION_TIMEOUT =

(30 * 60 * 1000)

CS__SECURE_RULE_NAME =

'secure-flag-missing'

CS__HTTPONLY_RULE_NAME =

'rails-http-only-disabled'

Constants included from Utils::InvalidConfigurationUtil

Utils::InvalidConfigurationUtil::CS__PATH, Utils::InvalidConfigurationUtil::CS__SESSION_ID, Utils::InvalidConfigurationUtil::CS__SNIPPET

Class Method Summary collapse

.analyze_session_store(*args) ⇒ Object

Methods included from Utils::InvalidConfigurationUtil

cs__report_finding

Methods included from Components::Scope::InstanceMethods

#contrast_enter_method_scopes!, #contrast_exit_method_scopes!, #with_app_scope, #with_contrast_scope, #with_deserialization_scope, #with_split_scope

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Class Method Details

.analyze_session_store(*args) ⇒ `Object`

# File 'lib/contrast/framework/rails/patch/assess_configuration.rb', line 22

def analyze_session_store *args
  return if ::Contrast::ASSESS.forcibly_disabled?

  apply_httponly_disabled(*args)
  apply_secure_cookie_disabled(*args)
  apply_session_timeout(*args)
end