class Dawn::Kb::OwaspRorCheatSheet::SensitiveFiles
Public Class Methods
new()
click to toggle source
Calls superclass method
Dawn::Kb::PatternMatchCheck::new
# File lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb, line 8 def initialize message = "Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed." super({ :name=>"Owasp Ror CheatSheet: Sensitive Files", :kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK, :applies=>["rails"], :glob=>".gitignore", :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"], :message=>message, :check_family=>:owasp_ror_cheatsheet, :severity=>:info, :attack_pattern => ["/config/database.yml", "/config/initializers/secret_token.rb", "/db/seeds.rb", "/db/*.sqlite3"], :mitigation=>"Put sensitive files in your repository gitignore file" }) # @debug = true end