paraxial 1.4.2 → 1.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/paraxial/version.rb +1 -1
- data/lib/paraxial.rb +1 -0
- data/lib/rubocop/cop/paraxial/csrf.rb +11 -10
- data/lib/rubocop/cop/paraxial/csrf_skip.rb +28 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1ead60a9bfb6d11bc119e5ba5287ce722c2e41b4c61865840bd219a3e4fd4be1
|
|
4
|
+
data.tar.gz: af7a4ec6f5c52fd468a071fbe98edda8db847ca68e7d50a8fdf7343728e67bf5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 604c966182e021b459e5e0e5ed9604b310acb3f31ea2cba61229a2d82b5f2f98ef80500763cd9c724a13cc7327050cea5a83857b5e0a71f32a079666dbb8fc76
|
|
7
|
+
data.tar.gz: b9c0f345377e3493c2bf699b3f640b9fe3b89db5537dc922489dc5a3e8ce225580c7f582fd3ceca8a8d5e37369b20a1af7c0f45b0e481f9e75f8cac5d849ec44
|
data/lib/paraxial/version.rb
CHANGED
data/lib/paraxial.rb
CHANGED
|
@@ -4,6 +4,7 @@ require 'thor'
|
|
|
4
4
|
require 'paraxial/engine'
|
|
5
5
|
require 'rubocop'
|
|
6
6
|
require_relative 'rubocop/cop/paraxial/csrf'
|
|
7
|
+
require_relative 'rubocop/cop/paraxial/csrf_skip'
|
|
7
8
|
require_relative 'rubocop/cop/paraxial/system'
|
|
8
9
|
require_relative 'rubocop/cop/paraxial/send'
|
|
9
10
|
require_relative 'rubocop/cop/paraxial/constantize'
|
|
@@ -2,21 +2,22 @@ module RuboCop
|
|
|
2
2
|
module Cop
|
|
3
3
|
module Paraxial
|
|
4
4
|
class CSRF < Base
|
|
5
|
-
|
|
5
|
+
include RangeHelp
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
(send nil? :protect_from_forgery ...)
|
|
9
|
-
PATTERN
|
|
7
|
+
MSG = "CSRF, action_dispatch.cookies_same_site_protection set to `nil` or `:none`."
|
|
10
8
|
|
|
11
|
-
def
|
|
12
|
-
|
|
9
|
+
def on_send(node)
|
|
10
|
+
return unless node.method_name == :cookies_same_site_protection=
|
|
13
11
|
|
|
14
|
-
|
|
12
|
+
argument = node.arguments.first
|
|
15
13
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
14
|
+
if !argument.respond_to?(:value)
|
|
15
|
+
add_offense(node)
|
|
16
|
+
elsif argument.value == :none
|
|
17
|
+
add_offense(node)
|
|
18
|
+
end
|
|
19
19
|
end
|
|
20
|
+
|
|
20
21
|
end
|
|
21
22
|
end
|
|
22
23
|
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module RuboCop
|
|
2
|
+
module Cop
|
|
3
|
+
module Paraxial
|
|
4
|
+
class SkipAuthenticityToken < Base
|
|
5
|
+
|
|
6
|
+
MSG = "CSRF, skip_before_action :verify_authenticity_token in controller."
|
|
7
|
+
|
|
8
|
+
def on_send(node)
|
|
9
|
+
# Ensure that the cop only applies to controller files
|
|
10
|
+
return unless in_controller_file?
|
|
11
|
+
|
|
12
|
+
# Check if the node is `skip_before_action :verify_authenticity_token`
|
|
13
|
+
return unless node.method_name == :skip_before_action
|
|
14
|
+
return unless node.arguments.any? { |arg| arg.respond_to?(:value) && arg.value == :verify_authenticity_token }
|
|
15
|
+
|
|
16
|
+
add_offense(node)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
def in_controller_file?
|
|
22
|
+
# Check the current file path to ensure it's a controller file
|
|
23
|
+
processed_source.file_path.include?('app/controllers')
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: paraxial
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Lubas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -104,6 +104,7 @@ files:
|
|
|
104
104
|
- lib/paraxial/version.rb
|
|
105
105
|
- lib/rubocop/cop/paraxial/constantize.rb
|
|
106
106
|
- lib/rubocop/cop/paraxial/csrf.rb
|
|
107
|
+
- lib/rubocop/cop/paraxial/csrf_skip.rb
|
|
107
108
|
- lib/rubocop/cop/paraxial/html_safe.rb
|
|
108
109
|
- lib/rubocop/cop/paraxial/raw.rb
|
|
109
110
|
- lib/rubocop/cop/paraxial/send.rb
|