Class: Scanny::Checks::SkipBeforeFiltersCheck
- Defined in:
- lib/scanny/checks/skip_before_filters_check.rb
Overview
Checks for use of the “before_filter” method with certain filters.
Constant Summary collapse
- FILTERS =
[ :login_required, :admin_required, :verify_authenticity_token, :authenticate ]
Instance Method Summary collapse
- #check(node) ⇒ Object
-
#pattern ⇒ Object
skip_before_filer :login_required.
Methods inherited from Check
#compiled_pattern, #issue, #strict?, #visit
Instance Method Details
#check(node) ⇒ Object
29 30 31 32 33 34 35 36 37 38 |
# File 'lib/scanny/checks/skip_before_filters_check.rb', line 29 def check(node) filter_node = node.arguments.array.find do |argument| argument.is_a?(Rubinius::AST::SymbolLiteral) && FILTERS.include?(argument.value) end issue :info, "The \"skip_before_filter\" method with :#{filter_node.value} filter is used.", :cwe => [285, 288, 425] end |
#pattern ⇒ Object
skip_before_filer :login_required
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/scanny/checks/skip_before_filters_check.rb', line 13 def pattern <<-EOT SendWithArguments< receiver = Self, name = :skip_before_filter, arguments = ActualArguments< array = [ any*, SymbolLiteral<value = #{FILTERS.map(&:inspect).join(' | ')}>, any* ] > > EOT end |