class Brakeman::CheckSessionManipulation
Public Instance Methods
process_result(result)
click to toggle source
# File lib/brakeman/checks/check_session_manipulation.rb, line 14 def process_result result return unless original? result index = result[:call].first_arg if input = has_immediate_user_input?(index) if params? index confidence = :high else confidence = :medium end warn :result => result, :warning_type => "Session Manipulation", :warning_code => :session_key_manipulation, :message => msg(msg_input(input), " used as key in session hash"), :user_input => input, :confidence => confidence end end
run_check()
click to toggle source
# File lib/brakeman/checks/check_session_manipulation.rb, line 8 def run_check tracker.find_call(:method => :[]=, :target => :session).each do |result| process_result result end end