Class: Rails::Guarddog::Checkers::DosChecker

Inherits:
BaseChecker
  • Object
show all
Defined in:
lib/rails/guarddog/checkers/dos_checker.rb

Instance Attribute Summary

Attributes inherited from BaseChecker

#findings

Instance Method Summary collapse

Methods inherited from BaseChecker

#initialize

Constructor Details

This class inherits a constructor from Rails::Guarddog::Checkers::BaseChecker

Instance Method Details

#runObject 



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/rails/guarddog/checkers/dos_checker.rb', line 5

def run
  glob_files('app/**/*.rb').each do |file|
    content = File.read(file)
    content.each_line.with_index do |line, idx|
      # Check for unbounded queries
      if line.match?(/\.where\(.*\)\.all/) || line.match?(/\.all\s*$/)
        add_finding(
          severity: :high,
          message: "Potential DoS: unbounded database query without limit",
          file: file,
          line: idx + 1,
          snippet: line.strip,
          remediation: "Add .limit() to control result size"
        )
      end
      # Check for regex vulnerabilities
      if line.match?(/\/.+\*\+.*\*\+.+\//) || line.match?(/match\?.*\(.+\*\+/)
        add_finding(
          severity: :high,
          message: "Potential ReDoS vulnerability: dangerous regex pattern",
          file: file,
          line: idx + 1,
          snippet: line.strip,
          remediation: "Simplify regex or use timeout mechanisms"
        )
      end
    end
  end
  findings
end