Skip to content

Commit 91fec18

Browse files
author
Sakshis
committed
force-ssl-false-ruby
1 parent 65b807d commit 91fec18

File tree

3 files changed

+35
-0
lines changed

3 files changed

+35
-0
lines changed

rules/ruby/security/force-ssl-false-ruby.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
id: force-ssl-false-ruby
2+
language: ruby
3+
severity: warning
4+
message: >-
5+
Checks for configuration setting of force_ssl to false. Force_ssl
6+
forces usage of HTTPS, which could lead to network interception of
7+
unencrypted application traffic. To fix, set config.force_ssl = true.
8+
note: >-
9+
[CWE-311] Missing Encryption of Sensitive Data.
10+
[REFERENCES]
11+
- https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/checks/check_force_ssl.rb
12+
rule:
13+
pattern: config.force_ssl = false

tests/__snapshots__/force-ssl-false-ruby-snapshot.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
id: force-ssl-false-ruby
2+
snapshots:
3+
? |
4+
def bad_ssl
5+
config.force_ssl = false
6+
end
7+
: labels:
8+
- source: config.force_ssl = false
9+
style: primary
10+
start: 12
11+
end: 36

tests/ruby/force-ssl-false-ruby-test.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
id: force-ssl-false-ruby
2+
valid:
3+
- |
4+
def bad_ssl
5+
config.force_ssl = true
6+
end
7+
invalid:
8+
- |
9+
def bad_ssl
10+
config.force_ssl = false
11+
end

0 commit comments

Comments
 (0)