Check for .gitignore secrets in subdirectories

fixes #519

Check for .gitignore secrets in subdirectories
fixes #519
02ab727a · Justin Collins · 468376e3 · 02ab727a · 02ab727a
隐藏空白更改
内联并排

Showing with 21 addition and 5 deletion

lib/brakeman/checks/check_session_settings.rb lib/brakeman/checks/check_session_settings.rb +8 -5

test/tests/rescanner.rb test/tests/rescanner.rb +13 -0

未找到文件。
--- a/lib/brakeman/checks/check_session_settings.rb
+++ b/lib/brakeman/checks/check_session_settings.rb
@@ -134,12 +134,15 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
  end

  def ignored? file
-    if @app_tree.exists? ".gitignore"
-      input = @app_tree.read(".gitignore")
+    [".", "config", "config/initializers"].each do |dir|
+      ignore_file = "#{dir}/.gitignore"
+      if @app_tree.exists? ignore_file
+        input = @app_tree.read(ignore_file)

-      input.include? file
-    else
-      false
+        return true if input.include? file
+      end
    end
+
+    false
  end
 end
--- a/test/tests/rescanner.rb
+++ b/test/tests/rescanner.rb
@@ -298,4 +298,17 @@ class RescannerTests < Test::Unit::TestCase
      assert_fixed 9
    end
  end
+
+  def test_gitignore_session_secret_subdir
+    gitignore = "config/initializers/.gitignore"
+
+    before_rescan_of gitignore do
+      append gitignore, "secret_token.rb"
+    end
+
+    assert_changes
+    assert_reindex :none
+    assert_fixed 1
+    assert_new 0
+  end
 end