Class: Scanny::Checks::SetSecretCheck

Inherits:

Check

• Object
• Check
• Scanny::Checks::SetSecretCheck

Defined in:

lib/scanny/checks/insecure_config/set_secret_check.rb

Overview

Checks for places where :secret hash key is set.

Instance Method Summary

• #check(node) ⇒ Object
• #pattern ⇒ Object

  :secret.

• #strict? ⇒ Boolean

Methods inherited from Check

#compiled_pattern, #issue, #visit

Instance Method Details

#check(node) ⇒ Object

# File 'lib/scanny/checks/insecure_config/set_secret_check.rb', line 14

def check(node)
  issue :info,
    "Setting :secret can indicate using hard-coded cryptographic key.",
    :cwe => 321
end

#pattern ⇒ Object

:secret

# File 'lib/scanny/checks/insecure_config/set_secret_check.rb', line 6

def pattern
  "    HashLiteral<\n      array = [any{even}, SymbolLiteral<value = :secret>, any{odd}]\n    >\n  EOT\nend\n"

#strict? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/scanny/checks/insecure_config/set_secret_check.rb', line 20

def strict?
  true
end