Merge pull request #1478 from hugocorbucci/fix/basic_auth_error_for_r…

…eferenced_blocks Fix authenticate_or_request_with_http_basic check for passed blocks
presidentbeef · May 12, 2020 · 12fadf1 · 12fadf1
2 parents d2b1b95 + db4bb50
commit 12fadf1
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/lib/brakeman/checks/check_basic_auth.rb b/lib/brakeman/checks/check_basic_auth.rb
@@ -57,6 +57,8 @@ def check_basic_auth_request
 
   # Check if the block of a result contains a comparison of password to string
   def include_password_literal? result
+    return false if result[:block_args].nil?
+
     @password_var = result[:block_args].last
     @include_password = false
     process result[:block]

diff --git a/test/apps/rails3.1/app/controllers/admin_controller.rb b/test/apps/rails3.1/app/controllers/admin_controller.rb
@@ -52,4 +52,14 @@ def make_system_calls
   def use_lambda_filter
     eval @thing
   end
+
+  def authenticate_token!
+    authenticate_token_or_basic do |username, password|
+      username == "foo"
+    end
+  end
+
+  def authenticate_token_or_basic(&block)
+    authenticate_or_request_with_http_basic(&block)
+  end
 end