Skip to content

Commit

Permalink
feat: add sanitized patterns (#87)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cfabianski
cfabianski authored Jun 5, 2023
1 parent ad579fd commit c4ddcc5
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
2 changes: 2 additions & 0 deletions ruby/rails/open_redirect.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ languages:
auxiliary:
- id: ruby_rails_open_redirect_sanitized
patterns:
- $<_>.to_i
- $<_>.to_f
- pattern: $<...>$<METHOD>($<...>$<!>$<_>$<...>)
filters:
- variable: METHOD
Expand Down
6 changes: 6 additions & 0 deletions ruby/rails/open_redirect/testdata/ok.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,10 @@ def notify
def orders
redirect_to Rails.application.routes.url_helpers.orders_path(shop_id: params[:shop_id])
end

def show
id = params[:user_id].to_i

redirect_to organization.users.where(id: id)
end
end

0 comments on commit c4ddcc5

Please sign in to comment.