Permalink
Browse files

Add check for reset_session

  • Loading branch information...
1 parent 31af3f5 commit d6689964e3862ea425d84955b4e977d235ee7253 @LTe committed Jul 2, 2012
Showing with 38 additions and 0 deletions.
  1. +23 −0 lib/scanny/checks/reset_session_check.rb
  2. +15 −0 spec/scanny/checks/reset_session_check_spec.rb
@@ -0,0 +1,23 @@
+module Scanny
+ module Checks
+ class ResetSessionCheck < Check
+ def pattern
+ pattern_reset_session
+ end
+
+ def check(node)
+ issue :info, warning_message, :cwe => 384
+ end
+
+ private
+
+ def warning_message
+ "Improper resetting the session may lead to security problems"
+ end
+
+ def pattern_reset_session
+ "Send<name = :reset_session>"
+ end
+ end
+ end
+end
@@ -0,0 +1,15 @@
+require "spec_helper"
+
+module Scanny::Checks
+ describe ResetSessionCheck do
+ before do
+ @runner = Scanny::Runner.new(ResetSessionCheck.new)
+ @message = "Improper resetting the session may lead to security problems"
+ @issue = issue(:info, @message, 384)
+ end
+
+ it "reports \"reset_session\" correctly" do
+ @runner.should check("reset_session").with_issue(@issue)
+ end
+ end
+end

0 comments on commit d668996

Please sign in to comment.