Class: RuboCop::Cop::GitlabSecurity::DeepMunge
- Inherits:
-
Base
- Object
- Base
- RuboCop::Cop::GitlabSecurity::DeepMunge
- Defined in:
- lib/rubocop/cop/gitlab_security/deep_munge.rb
Overview
Checks for disabling the deep munge security control.
Disabling this security setting can leave the application open to unsafe query generation
See CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
Constant Summary collapse
- MSG =
'Never disable the deep munge security option.'
Instance Method Summary collapse
Instance Method Details
#disable_deep_munge?(node) ⇒ Object
21 22 23 24 25 26 |
# File 'lib/rubocop/cop/gitlab_security/deep_munge.rb', line 21 def_node_matcher :disable_deep_munge?, <<-PATTERN (send (send (send nil? :config) :action_dispatch) :perform_deep_munge= { (false) (send true :!) } ) PATTERN |
#on_send(node) ⇒ Object
28 29 30 31 32 |
# File 'lib/rubocop/cop/gitlab_security/deep_munge.rb', line 28 def on_send(node) return unless disable_deep_munge?(node) add_offense(node.loc.selector) end |