paraxial 1.4.2 → 1.4.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/paraxial/cli.rb +7 -6
  3. data/lib/paraxial/version.rb +1 -1
  4. data/lib/paraxial.rb +1 -0
  5. data/lib/rubocop/cop/paraxial/csrf.rb +11 -10
  6. data/lib/rubocop/cop/paraxial/csrf_skip.rb +28 -0
  7. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 90acf2bb0c21441d420b6433f1b0d378108d3c4042d6fda40116892877d535bb
4
- data.tar.gz: 6edfae3d19b3e713ac41bcccf11c545ca479201f29da1fbe230bac4de8b796e5
3
+ metadata.gz: b3206160ed62f0ae982fa82322d02fb097be5261b245e889dc0e3252f1c60006
4
+ data.tar.gz: 2b2ba464bbfc69f37d680fe257cfa705827f222f126aab01eb0f5a49b9022162
5
5
  SHA512:
6
- metadata.gz: 66c9b8fbc397de4bb01c5f0afa46ecf5198e88f171342324211c5e5f1401dc7ee6a3b05b9e4dcb41731113f9985ea0edfc6b4ffc7e156efa8697e1b113b2178c
7
- data.tar.gz: e4c82f63baba03fcedd857ac7ac2dd6f16afff05f153982c26f3292077dc0f2879ff1266e46d2a8ad213e380178af521889293ad85cce10062574ec535e7b641
6
+ metadata.gz: 873b0f6c3d9347e02bac6aa040ed2343d2fec5ddb04eb1952a9fa9e4e94028dd8f4befa446bddc0dfba488c71a9db9a8d170f0510b6d91b24440168c144026f0
7
+ data.tar.gz: c14072cc7a5f02e6e6dfd1c8da1eb36fcc280d5aa5c65352ef12ff645762a93cdc6592ade346924a137233a91cae87fa43e0aac1abbddda49ffeb2ec2cbba002
data/lib/paraxial/cli.rb CHANGED
@@ -23,12 +23,13 @@ module Paraxial
23
23
 
24
24
  case check_rubocop_configuration
25
25
  when :does_not_exist
26
- puts '[Paraxial] .paraxial-rubocop.yml does not exist. This file is required for the scan to run, add:'
27
- puts '.paraxial-rubocop.yml'
28
- puts 'require:'
29
- puts '- rubocop-erb'
30
- puts ''
31
- exit(1)
26
+ puts '[Paraxial] .paraxial-rubocop.yml does not exist. Creating file...'
27
+ rubocop_file = File.join(Dir.pwd, '.paraxial-rubocop.yml')
28
+ File.open(rubocop_file, "w") do |file|
29
+ file.puts "require:"
30
+ file.puts "- rubocop-erb"
31
+ end
32
+ puts '[Paraxial] .paraxial-rubocop.yml created.'
32
33
  when :found_no_erb
33
34
  puts '[Paraxial] .paraxial-rubocop.yml is missing rubocop-erb. To scan embedded Ruby files for security problems, add:'
34
35
  puts '.paraxial-rubocop.yml'
data/lib/paraxial/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Paraxial
4
- VERSION = '1.4.2'
4
+ VERSION = '1.4.4'
5
5
  end
data/lib/paraxial.rb CHANGED
@@ -4,6 +4,7 @@ require 'thor'
4
4
  require 'paraxial/engine'
5
5
  require 'rubocop'
6
6
  require_relative 'rubocop/cop/paraxial/csrf'
7
+ require_relative 'rubocop/cop/paraxial/csrf_skip'
7
8
  require_relative 'rubocop/cop/paraxial/system'
8
9
  require_relative 'rubocop/cop/paraxial/send'
9
10
  require_relative 'rubocop/cop/paraxial/constantize'
data/lib/rubocop/cop/paraxial/csrf.rb CHANGED
@@ -2,21 +2,22 @@ module RuboCop
2
2
  module Cop
3
3
  module Paraxial
4
4
  class CSRF < Base
5
- MSG = 'CSRF, no protect_from_forgery in ApplicationController.'
5
+ include RangeHelp
6
6
 
7
- def_node_search :protect_from_forgery_call, <<~PATTERN
8
- (send nil? :protect_from_forgery ...)
9
- PATTERN
7
+ MSG = "CSRF, action_dispatch.cookies_same_site_protection set to `nil` or `:none`."
10
8
 
11
- def on_class(node)
12
- class_name = node.loc.name.source
9
+ def on_send(node)
10
+ return unless node.method_name == :cookies_same_site_protection=
13
11
 
14
- return unless class_name == 'ApplicationController'
12
+ argument = node.arguments.first
15
13
 
16
- protect_from_forgery = protect_from_forgery_call(node).first
17
-
18
- add_offense(node) unless protect_from_forgery
14
+ if !argument.respond_to?(:value)
15
+ add_offense(node)
16
+ elsif argument.value == :none
17
+ add_offense(node)
18
+ end
19
19
  end
20
+
20
21
  end
21
22
  end
22
23
  end
data/lib/rubocop/cop/paraxial/csrf_skip.rb ADDED
@@ -0,0 +1,28 @@
1
+ module RuboCop
2
+ module Cop
3
+ module Paraxial
4
+ class SkipAuthenticityToken < Base
5
+
6
+ MSG = "CSRF, skip_before_action :verify_authenticity_token in controller."
7
+
8
+ def on_send(node)
9
+ # Ensure that the cop only applies to controller files
10
+ return unless in_controller_file?
11
+
12
+ # Check if the node is `skip_before_action :verify_authenticity_token`
13
+ return unless node.method_name == :skip_before_action
14
+ return unless node.arguments.any? { |arg| arg.respond_to?(:value) && arg.value == :verify_authenticity_token }
15
+
16
+ add_offense(node)
17
+ end
18
+
19
+ private
20
+
21
+ def in_controller_file?
22
+ # Check the current file path to ensure it's a controller file
23
+ processed_source.file_path.include?('app/controllers')
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: paraxial
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.2
4
+ version: 1.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Lubas
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2025-01-14 00:00:00.000000000 Z
11
+ date: 2025-01-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -104,6 +104,7 @@ files:
104
104
  - lib/paraxial/version.rb
105
105
  - lib/rubocop/cop/paraxial/constantize.rb
106
106
  - lib/rubocop/cop/paraxial/csrf.rb
107
+ - lib/rubocop/cop/paraxial/csrf_skip.rb
107
108
  - lib/rubocop/cop/paraxial/html_safe.rb
108
109
  - lib/rubocop/cop/paraxial/raw.rb
109
110
  - lib/rubocop/cop/paraxial/send.rb