Skip to content

Commit 3422a00

Browse files
committed
force-ssl-false-ruby
1 parent 0d53f8e commit 3422a00

File tree

3 files changed

+58
-0
lines changed

3 files changed

+58
-0
lines changed
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
id: force-ssl-false-ruby
2+
language: ruby
3+
severity: warning
4+
message: >-
5+
Checks for configuration setting of force_ssl to false. Force_ssl
6+
forces usage of HTTPS, which could lead to network interception of
7+
unencrypted application traffic. To fix, set config.force_ssl = true.
8+
note: >-
9+
[CWE-311] Missing Encryption of Sensitive Data.
10+
[REFERENCES]
11+
- https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/checks/check_force_ssl.rb
12+
13+
ast-grep-essentials: true
14+
15+
utils:
16+
config.force_ssl = $FAL:
17+
kind: assignment
18+
all:
19+
- has:
20+
kind: call
21+
pattern: config.force_ssl
22+
- has:
23+
regex: ^\s*false$
24+
25+
rule:
26+
kind: assignment
27+
any:
28+
- matches: config.force_ssl = $FAL
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
id: force-ssl-false-ruby
2+
snapshots:
3+
? |
4+
def bad_ssl
5+
config.force_ssl = false
6+
end
7+
: labels:
8+
- source: config.force_ssl = false
9+
style: primary
10+
start: 12
11+
end: 36
12+
- source: config.force_ssl
13+
style: secondary
14+
start: 12
15+
end: 28
16+
- source: 'false'
17+
style: secondary
18+
start: 31
19+
end: 36
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
id: force-ssl-false-ruby
2+
valid:
3+
- |
4+
def bad_ssl
5+
config.force_ssl = true
6+
end
7+
invalid:
8+
- |
9+
def bad_ssl
10+
config.force_ssl = false
11+
end

0 commit comments

Comments
 (0)