class Railroader::CheckSecrets
Public Instance Methods
check_constants()
click to toggle source
# File lib/railroader/checks/check_secrets.rb, line 12 def check_constants @warned = Set.new @tracker.constants.each do |constant| name = constant.name_array.last value = constant.value if string? value and not value.value.empty? and looks_like_secret? name match = [name, value, value.line] unless @warned.include? match @warned << match warn :warning_code => :secret_in_source, :warning_type => "Authentication", :message => "Hardcoded value for #{name} in source code", :confidence => :medium, :file => constant.file, :line => constant.line end end end end
looks_like_secret?(name)
click to toggle source
# File lib/railroader/checks/check_secrets.rb, line 36 def looks_like_secret? name # REST_AUTH_SITE_KEY is the pepper in Devise name.match /password|secret|(rest_auth_site|api)_key$/i end
run_check()
click to toggle source
# File lib/railroader/checks/check_secrets.rb, line 8 def run_check check_constants end