def process_skip_filter filter, controller
case skip_except_value filter
when :verify_authenticity_token
warn :class => controller.name,
:warning_type => "Cross-Site Request Forgery",
:warning_code => :csrf_blacklist,
:message => msg("Use whitelist (", msg_code(":only => [..]"), ") when skipping CSRF check"),
:code => filter,
:confidence => :medium,
:file => controller.file
when :login_required, :authenticate_user!, :require_user
warn :controller => controller.name,
:warning_code => :auth_blacklist,
:warning_type => "Authentication",
:message => msg("Use whitelist (", msg_code(":only => [..]"), ") when skipping authentication"),
:code => filter,
:confidence => :medium,
:link => "authentication_whitelist",
:file => controller.file
end
end