Class: Scanny::Checks::SetRailsEnvCheck

Inherits:

Check

Object
Check
Scanny::Checks::SetRailsEnvCheck

show all

Defined in:: lib/scanny/checks/insecure_config/set_rails_env_check.rb

Overview

Checks for places where ENV is set.

Instance Method Summary collapse

#check(node) ⇒ Object
#pattern ⇒ Object

ENV = “test”.

Methods inherited from Check

#compiled_pattern, #issue, #strict?, #visit

Instance Method Details

#check(node) ⇒ `Object`

# File 'lib/scanny/checks/insecure_config/set_rails_env_check.rb', line 17

def check(node)
  issue :info,
    "Setting ENV[\"RAILS_ENV\"] can indicate insecure configuration.",
    :cwe => 209
end

#pattern ⇒ `Object`

ENV = “test”

# File 'lib/scanny/checks/insecure_config/set_rails_env_check.rb', line 6

def pattern
  <<-EOT
    ElementAssignment<
      receiver  = ConstantAccess<name = :ENV>,
      arguments = ActualArguments<
        array = [StringLiteral<string = "RAILS_ENV">, any]
      >
    >
  EOT
end

Class: Scanny::Checks::SetRailsEnvCheck

Overview

Instance Method Summary collapse

Methods inherited from Check

Instance Method Details

#check(node) ⇒ Object

#pattern ⇒ Object

#check(node) ⇒ `Object`

#pattern ⇒ `Object`