Skip to content

Commit d7f07f4

Browse files
ESS-ENNESS-ENN
committed
hardcoded-http-auth-in-controller-ruby
1 parent 4afc0df commit d7f07f4

File tree

2 files changed

+49
-51
lines changed

2 files changed

+49
-51
lines changed

rules/ruby/security/hardcoded-http-auth-in-controller-ruby.yml

Lines changed: 37 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -10,50 +10,50 @@ note: >-
1010
[CWE-798] Use of Hard-coded Credentials.
1111
[REFERENCES]
1212
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
13+
1314
utils:
1415
MATCH_PASSWORD_STRING:
15-
kind: string
16-
inside:
17-
stopBy: end
18-
kind: pair
19-
all:
20-
- has:
21-
stopBy: neighbor
22-
kind: simple_symbol
23-
regex: '^:password$'
24-
- has:
25-
stopBy: neighbor
26-
kind: string
27-
- inside:
28-
stopBy: neighbor
29-
kind: argument_list
30-
inside:
16+
kind: string
17+
inside:
18+
stopBy: end
19+
kind: pair
20+
all:
21+
- has:
22+
stopBy: neighbor
23+
kind: simple_symbol
24+
regex: "^:password$"
25+
- has:
26+
stopBy: neighbor
27+
kind: string
28+
has:
29+
stopBy: neighbor
30+
kind: string_content
31+
- inside:
32+
stopBy: neighbor
33+
kind: argument_list
34+
inside:
35+
stopBy: end
36+
kind: call
37+
all:
38+
- has:
39+
stopBy: neighbor
40+
kind: identifier
41+
regex: "^http_basic_authenticate_with$"
42+
- inside:
3143
stopBy: end
32-
kind: call
44+
kind: class
3345
all:
3446
- has:
3547
stopBy: neighbor
36-
kind: identifier
37-
regex: '^http_basic_authenticate_with$'
38-
- inside:
39-
stopBy: neighbor
40-
kind: body_statement
41-
inside:
42-
stopBy: end
43-
kind: class
44-
all:
45-
- has:
46-
stopBy: neighbor
47-
kind: constant
48-
- has:
49-
stopBy: end
50-
kind: superclass
51-
has:
52-
stopBy: neighbor
53-
kind: constant
54-
regex: '^ApplicationController$'
48+
kind: constant
49+
- has:
50+
stopBy: end
51+
kind: superclass
52+
has:
53+
stopBy: neighbor
54+
kind: constant
55+
regex: "^ApplicationController$"
5556

5657
rule:
5758
kind: string
5859
matches: MATCH_PASSWORD_STRING
59-

tests/__snapshots__/hardcoded-http-auth-in-controller-ruby-snapshot.yml

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,10 @@ snapshots:
1414
style: secondary
1515
start: 95
1616
end: 104
17+
- source: secret
18+
style: secondary
19+
start: 109
20+
end: 115
1721
- source: '"secret"'
1822
style: secondary
1923
start: 108
@@ -22,6 +26,14 @@ snapshots:
2226
style: secondary
2327
start: 50
2428
end: 78
29+
- source: http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
30+
style: secondary
31+
start: 50
32+
end: 135
33+
- source: :name => "dhh", :password => "secret", :except => :index
34+
style: secondary
35+
start: 79
36+
end: 135
2537
- source: DangerousController
2638
style: secondary
2739
start: 6
@@ -42,20 +54,6 @@ snapshots:
4254
style: secondary
4355
start: 0
4456
end: 160
45-
- source: |-
46-
http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
47-
puts "do more stuff"
48-
style: secondary
49-
start: 50
50-
end: 156
51-
- source: http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
52-
style: secondary
53-
start: 50
54-
end: 135
55-
- source: :name => "dhh", :password => "secret", :except => :index
56-
style: secondary
57-
start: 79
58-
end: 135
5957
- source: :password => "secret"
6058
style: secondary
6159
start: 95

0 commit comments

Comments
 (0)