class Railroader::CheckDetailedExceptions
Check for detailed exceptions enabled for production
Constants
- LOCAL_REQUEST
Public Instance Methods
check_detailed_exceptions()
click to toggle source
# File lib/railroader/checks/check_detailed_exceptions.rb, line 26 def check_detailed_exceptions tracker.controllers.each do |_name, controller| controller.methods_public.each do |method_name, definition| src = definition[:src] body = src.body.last next unless body if method_name == :show_detailed_exceptions? and not safe? body if true? body confidence = :high else confidence = :medium end warn :warning_type => "Information Disclosure", :warning_code => :detailed_exceptions, :message => "Detailed exceptions may be enabled in 'show_detailed_exceptions?'", :confidence => confidence, :code => src, :file => definition[:file] end end end end
check_local_request_config()
click to toggle source
# File lib/railroader/checks/check_detailed_exceptions.rb, line 16 def check_local_request_config if true? tracker.config.rails[:consider_all_requests_local] warn :warning_type => "Information Disclosure", :warning_code => :local_request_config, :message => "Detailed exceptions are enabled in production", :confidence => :high, :file => "config/environments/production.rb" end end
run_check()
click to toggle source
# File lib/railroader/checks/check_detailed_exceptions.rb, line 11 def run_check check_local_request_config check_detailed_exceptions end
safe?(body)
click to toggle source
# File lib/railroader/checks/check_detailed_exceptions.rb, line 51 def safe? body false? body or body == LOCAL_REQUEST end