Class: Rails::Guarddog::Checkers::GraphqlChecker

Inherits:

BaseChecker

• Object
• BaseChecker
• Rails::Guarddog::Checkers::GraphqlChecker

Defined in:

lib/rails/guarddog/checkers/graphql_checker.rb

Instance Attribute Summary

Attributes inherited from BaseChecker

#findings

Instance Method Summary

• #run ⇒ Object

Methods inherited from BaseChecker

#initialize

Constructor Details

This class inherits a constructor from Rails::Guarddog::Checkers::BaseChecker

Instance Method Details

#run ⇒ Object

# File 'lib/rails/guarddog/checkers/graphql_checker.rb', line 5

def run
  glob_files('app/graphql/**/*.rb').each do |file|
    content = File.read(file)
    
    if content.include?('field') || content.include?('def resolve')
      unless content.include?('authorize') || content.include?('current_user')
        add_finding(
          severity: :high,
          message: "GraphQL field missing authorization check",
          file: file,
          line: 1,
          snippet: "GraphQL resolver without auth",
          remediation: "Add authorization: authorize @object or Pundit check"
        )
      end
    end
  end
  findings
end