# File lib/brakeman/checks/check_skip_before_filter.rb, line 23
  def process_skip_filter filter, controller
    case skip_except_value filter
    when :verify_authenticity_token
      warn :class => controller.name, #ugh this should be a controller warning, too
        :warning_type => "Cross-Site Request Forgery",
        :warning_code => :csrf_blacklist,
        :message => msg("Use whitelist (", msg_code(":only => [..]"), ") when skipping CSRF check"),
        :code => filter,
        :confidence => :medium,
        :file => controller.file

    when :login_required, :authenticate_user!, :require_user
      warn :controller => controller.name,
        :warning_code => :auth_blacklist,
        :warning_type => "Authentication",
        :message => msg("Use whitelist (", msg_code(":only => [..]"), ") when skipping authentication"),
        :code => filter,
        :confidence => :medium,
        :link => "authentication_whitelist",
        :file => controller.file
    end
  end