Class: Scanny::Checks::SkipBeforeFiltersCheck

Inherits:
Check
  • Object
show all
Defined in:
lib/scanny/checks/skip_before_filters_check.rb

Overview

Checks for use of the “before_filter” method with certain filters.

Constant Summary collapse

FILTERS =
[
  :login_required,
  :admin_required,
  :verify_authenticity_token,
  :authenticate
]

Instance Method Summary collapse

Methods inherited from Check

#compiled_pattern, #issue, #strict?, #visit

Instance Method Details

#check(node) ⇒ Object



29
30
31
32
33
34
35
36
37
38
# File 'lib/scanny/checks/skip_before_filters_check.rb', line 29

def check(node)
  filter_node = node.arguments.array.find do |argument|
    argument.is_a?(Rubinius::AST::SymbolLiteral) &&
      FILTERS.include?(argument.value)
  end

  issue :info,
    "The \"skip_before_filter\" method with :#{filter_node.value} filter is used.",
    :cwe => [285, 288, 425]
end

#patternObject

skip_before_filer :login_required



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'lib/scanny/checks/skip_before_filters_check.rb', line 13

def pattern
  <<-EOT
    SendWithArguments<
      receiver  = Self,
      name      = :skip_before_filter,
      arguments = ActualArguments<
        array = [
          any*,
          SymbolLiteral<value = #{FILTERS.map(&:inspect).join(' | ')}>,
          any*
        ]
      >
    >
  EOT
end