class Brakeman::CheckForceSSL
Public Instance Methods
run_check()
click to toggle source
# File lib/brakeman/checks/check_force_ssl.rb, line 6 def run_check return if tracker.config.rails.empty? or tracker.config.rails_version.nil? return if tracker.config.rails_version < "3.1.0" force_ssl = tracker.config.rails[:force_ssl] if false? force_ssl or force_ssl.nil? line = if sexp? force_ssl force_ssl.line else 1 end warn :warning_type => "Missing Encryption", :warning_code => :force_ssl_disabled, :message => msg("The application does not force use of HTTPS: ", msg_code("config.force_ssl"), " is not enabled"), :confidence => :high, :file => "config/environments/production.rb", :line => line end end