Class | Brakeman::CheckValidationRegex |
In: |
lib/brakeman/checks/check_validation_regex.rb
|
Parent: | Brakeman::BaseCheck |
Reports any calls to validates_format_of which do not use +\A+ and +\z+ as anchors in the given regular expression.
For example:
#Allows anything after new line validates_format_of :user_name, :with => /^\w+$/
WITH | = | Sexp.new(:lit, :with) | ||
FORMAT | = | Sexp.new(:lit, :format) | ||
SECURE_REGEXP_PATTERN | = | %r{ \A \\A .* \\[zZ] \z }x | Match secure regexp without extended option | |
EXTENDED_SECURE_REGEXP_PATTERN | = | %r{ \A \s* \\A .* \\[zZ] \s* \z }mx | Match secure of regexp with extended option |