Class: Scanny::Checks::XssSendCheck

Inherits:

Check

Object
Check
Scanny::Checks::XssSendCheck

show all

Defined in:: lib/scanny/checks/xss/xss_send_check.rb

Overview

Checks for send_* methods that are called with :disposition => ‘inline’. This can lead to download of private files from a server or to a XSS issue.

Instance Method Summary collapse

#check(node) ⇒ Object
#pattern ⇒ Object

Methods inherited from Check

#compiled_pattern, #issue, #strict?, #visit

Instance Method Details

#check(node) ⇒ `Object`

# File 'lib/scanny/checks/xss/xss_send_check.rb', line 13

def check(node)
  if Machete.matches?(node, pattern_send)
    issue :medium, warning_message, :cwe => [79, 115, 200]
  elsif Machete.matches?(node, pattern_send_with_param)
    issue :high, warning_message, :cwe => 201
  end
end

#pattern ⇒ `Object`

# File 'lib/scanny/checks/xss/xss_send_check.rb', line 6

def pattern
  [
    pattern_send,
    pattern_send_with_param
  ].join("|")
end

Class: Scanny::Checks::XssSendCheck

Overview

Instance Method Summary collapse

Methods inherited from Check

Instance Method Details

#check(node) ⇒ Object

#pattern ⇒ Object

#check(node) ⇒ `Object`

#pattern ⇒ `Object`