Class: Scanny::Checks::XssSendCheck
- Defined in:
- lib/scanny/checks/xss/xss_send_check.rb
Overview
Checks for send_* methods that are called with :disposition => ‘inline’. This can lead to download of private files from a server or to a XSS issue.
Instance Method Summary collapse
Methods inherited from Check
#compiled_pattern, #issue, #strict?, #visit
Instance Method Details
#check(node) ⇒ Object
13 14 15 16 17 18 19 |
# File 'lib/scanny/checks/xss/xss_send_check.rb', line 13 def check(node) if Machete.matches?(node, pattern_send) issue :medium, , :cwe => [79, 115, 200] elsif Machete.matches?(node, pattern_send_with_param) issue :high, , :cwe => 201 end end |
#pattern ⇒ Object
6 7 8 9 10 11 |
# File 'lib/scanny/checks/xss/xss_send_check.rb', line 6 def pattern [ pattern_send, pattern_send_with_param ].join("|") end |