Class: Spektr::Checks::BasicAuth

Inherits:

Base

• Object
• Base
• Spektr::Checks::BasicAuth

Defined in:

lib/spektr/checks/basic_auth.rb

Instance Attribute Summary

Attributes inherited from Base

#name

Instance Method Summary

• #check_filter ⇒ Object
• #initialize(app, target) ⇒ BasicAuth constructor

  A new instance of BasicAuth.

• #run ⇒ Object

Methods inherited from Base

#app_version_between?, #dupe?, #model_attribute?, #should_run?, #target_affected?, #user_input?, #version_affected, #version_between?, #warn!

Constructor Details

#initialize(app, target) ⇒ BasicAuth

Returns a new instance of BasicAuth.

# File 'lib/spektr/checks/basic_auth.rb', line 5

def initialize(app, target)
  super
  @name = "Basic Authentication"
  @type = "Password Plaintext Storage"
  @targets = ["Spektr::Targets::Controller"]
end

Instance Method Details

#check_filter ⇒ Object

# File 'lib/spektr/checks/basic_auth.rb', line 17

def check_filter
  calls = @target.find_calls(:http_basic_authenticate_with)
  calls.each do |call|
    if call.options[:password] && call.options[:password].value_type == :str
      warn! @target, self, call.location, "Basic authentication password stored in source code"
    end
  end
end

#run ⇒ Object

# File 'lib/spektr/checks/basic_auth.rb', line 12

def run
  return unless super
  check_filter
end