False positive of protect_from_forgery

thesp0nge / dawnscanner

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

MIT License

735 stars 88 forks source link

Open riffraff opened 8 years ago

riffraff commented 8 years ago

this code

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
end

results in a warning Owasp Ror CheatSheet: Cross Site Request Forgery check failed but unless I'm missing something, this is perfectly fine.

thesp0nge commented 8 years ago

True to be told Owasp RoR Cheatsheet is pretty unmaintained. I think I'll remove either the checks or to make a new cheatsheet version