class Railroader::CheckSessionManipulation
Public Instance Methods
process_result(result)
click to toggle source
# File lib/railroader/checks/check_session_manipulation.rb, line 14 def process_result result return unless original? result index = result[:call].first_arg if input = has_immediate_user_input?(index) if params? index confidence = :high else confidence = :medium end warn :result => result, :warning_type => "Session Manipulation", :warning_code => :session_key_manipulation, :message => "#{friendly_type_of(input).capitalize} used as key in session hash", :code => result[:call], :user_input => input, :confidence => confidence end end
run_check()
click to toggle source
# File lib/railroader/checks/check_session_manipulation.rb, line 8 def run_check tracker.find_call(:method => :[]=, :target => :session).each do |result| process_result result end end