Class: Spektr::Checks::DetailedExceptions

Inherits:

Base

• Object
• Base
• Spektr::Checks::DetailedExceptions

Defined in:

lib/spektr/checks/detailed_exceptions.rb

Instance Method Summary

• #initialize(app, target) ⇒ DetailedExceptions constructor

  A new instance of DetailedExceptions.

• #name ⇒ Object
• #run ⇒ Object

Methods inherited from Base

#app_version_between?, #dupe?, #model_attribute?, #should_run?, #target_affected?, #user_input?, #version_affected, #version_between?, #warn!

Constructor Details

#initialize(app, target) ⇒ DetailedExceptions

Returns a new instance of DetailedExceptions.

# File 'lib/spektr/checks/detailed_exceptions.rb', line 9

def initialize(app, target)
  super
  @name = "Information Disclosure"
  @type = "Information Disclosure"
  @targets = ["Spektr::Targets::Base", "Spektr::Targets::Controller"]
end

Instance Method Details

#name ⇒ Object

# File 'lib/spektr/checks/detailed_exceptions.rb', line 5

def name

end

#run ⇒ Object

# File 'lib/spektr/checks/detailed_exceptions.rb', line 16

def run
  return unless super
  call = @target.find_calls(:consider_all_requests_local=).last
  if call && call.arguments.first.type == :true
    warn! @target, self, call.location, "Detailed exceptions are enabled in production"
  end
  # TODO: make this better, by verifying that the method body is not empty, etc
  if method = @target.find_method(:show_detailed_exceptions?)
    warn! @target, self, method.location, "Detailed exceptions may be enabled in #{@target.name}"
  end
end