Skip to content

Commit

Permalink
Merge branch 'feature/mixed-in-protect-from-forgery' of https://githu…
Browse files Browse the repository at this point in the history
…b.com/louim/brakeman into louim-feature/mixed-in-protect-from-forgery
presidentbeef committed Nov 27, 2016
2 parents 059d3ad + 8d6f92a commit 98d506f
Showing 3 changed files with 19 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module ForgeryProtection
extend ActiveSupport::Concern

included do
protect_from_forgery with: :exception
end
end
4 changes: 4 additions & 0 deletions test/apps/rails5/app/controllers/mixed_controller.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
class BaseController < ActionController::Base
# No protect_from_forgery call, but one mixed in
include ForgeryProtection
end
8 changes: 8 additions & 0 deletions test/tests/rails5.rb
Original file line number Diff line number Diff line change
@@ -410,4 +410,12 @@ def test_link_to_href_safe_interpolation
:code => s(:call, nil, :link_to, s(:str, "Email!"), s(:dstr, "mailto:", s(:evstr, s(:call, s(:params), :[], s(:lit, :x))))),
:user_input => s(:call, s(:params), :[], s(:lit, :x))
end

def test_mixed_in_csrf_protection
assert_no_warning :type => :controller,
:warning_type => "Cross-Site Request Forgery",
:line => 1,
:message => /^'protect_from_forgery'\ should\ be\ called\ /,
:relative_path => "app/controllers/mixed_controller.rb"
end
end

0 comments on commit 98d506f

Please sign in to comment.