Class: PlatformosCheck::FormAuthenticityToken

Inherits:

HtmlCheck

• Object
• Check
• HtmlCheck
• PlatformosCheck::FormAuthenticityToken

Defined in:

lib/platformos_check/checks/form_authenticity_token.rb

Constant Summary

AUTHENTICITY_TOKEN_VALUE =

/\A\s*{{\s*context\.authenticity_token\s*}}\s*\z/

Constants inherited from HtmlCheck

HtmlCheck::START_OR_END_QUOTE

Constants inherited from Check

Check::CATEGORIES, Check::SEVERITIES, Check::SEVERITY_VALUES

Instance Attribute Summary

Attributes inherited from Check

#ignored_patterns, #offenses, #options, #platformos_app

Instance Method Summary

• #on_form(node) ⇒ Object

Methods included from ChecksTracking

#inherited

Methods inherited from Check

#==, #add_offense, all, can_disable, #can_disable?, categories, #categories, category, #code_name, doc, #doc, docs_url, #ignore!, #ignored?, #severity, severity, #severity=, #severity_value, severity_value, single_file, #single_file?, #to_s, #whole_platformos_app?

Methods included from JsonHelpers

#format_json_parse_error, #pretty_json

Instance Method Details

#on_form(node) ⇒ Object

# File 'lib/platformos_check/checks/form_authenticity_token.rb', line 11

def on_form(node)
  return if method_is_get(node.attributes['method'])
  return unless action_is_relative_url(node.attributes['action'])

  authenticity_toke_inputs = node.children.select { |c| c.name == 'input' && c.attributes['name'] == 'authenticity_token' && c.attributes['value']&.match?(AUTHENTICITY_TOKEN_VALUE) }
  return if authenticity_toke_inputs.size == 1
  return add_offense('Duplicated authenticity_token inputs', node:) if authenticity_toke_inputs.size > 1

  add_offense('Missing authenticity_token input <input type="hidden" name="authenticity_token" value="{{ context.authenticity_token }}">', node:) do |corrector|
    corrector.insert_after(node, "\n<input type=\"hidden\" name=\"authenticity_token\" value=\"{{ context.authenticity_token }}\">")
  end
end