Class: Scanny::Checks::Sql::FindMethodWithParamsCheck

Inherits:

SqlCheck

Object
Check
SqlCheck
Scanny::Checks::Sql::FindMethodWithParamsCheck

show all

Defined in:: lib/scanny/checks/sql_injection/find_method_with_params_check.rb

Overview

Check for methods executing external parameters on database engine with params attribute

Instance Method Summary collapse

#check(node) ⇒ Object
#pattern ⇒ Object

Methods inherited from Check

#compiled_pattern, #issue, #strict?, #visit

Instance Method Details

#check(node) ⇒ `Object`



16
17
18

# File 'lib/scanny/checks/sql_injection/find_method_with_params_check.rb', line 16

def check(node)
  issue :high, warning_message, :cwe => 89
end

#pattern ⇒ `Object`

# File 'lib/scanny/checks/sql_injection/find_method_with_params_check.rb', line 9

def pattern
  [
    pattern_find_by_sql_and_execute_on_models_with_params,
    pattern_find_with_conditions_and_params_or_limit
  ].join("|")
end

Class: Scanny::Checks::Sql::FindMethodWithParamsCheck

Overview

Instance Method Summary collapse

Methods inherited from Check

Instance Method Details

#check(node) ⇒ Object

#pattern ⇒ Object

#check(node) ⇒ `Object`

#pattern ⇒ `Object`