Class Brakeman::CheckBasicAuth
In: lib/brakeman/checks/check_basic_auth.rb
Parent: Brakeman::BaseCheck

Checks if password is stored in controller when using http_basic_authenticate_with

Only for Rails >= 3.1

Methods

Public Instance methods

Look for

 authenticate_or_request_with_http_basic do |username, password|
   username == "foo" && password == "bar"
 end

Check if the block of a result contains a comparison of password to string

Looks for :== calls on password var

[Validate]