class FrameworkTagger
- FrameworkTagger
- Tagger
- Reference
- Object
Included Modules
Direct Known Subclasses
- AspnetAuthTagger
- CrystalAuthTagger
- DjangoAuthTagger
- ElixirAuthTagger
- ExpressAuthTagger
- FastAPIAuthTagger
- FastEndpointsAuthTagger
- FlaskAuthTagger
- GoAuthTagger
- GoSecurityTagger
- HonoAuthTagger
- JavaMiscAuthTagger
- JsMiscAuthTagger
- KtorAuthTagger
- NestjsAuthTagger
- PerlAuthTagger
- PhpAuthTagger
- PythonMiscAuthTagger
- RailsSecurityTagger
- RubyAuthTagger
- RustAuthTagger
- RustSecurityTagger
- ScalaAuthTagger
- SpringAuthTagger
- SpringSecurityTagger
- SwiftAuthTagger
Defined in:
models/framework_tagger.crConstant Summary
-
STATIC_ASSET_EXTENSIONS =
[".html", ".htm", ".js", ".mjs", ".cjs", ".css", ".map", ".ico", ".png", ".jpg", ".jpeg", ".gif", ".svg", ".webp", ".avif", ".bmp", ".woff", ".woff2", ".ttf", ".otf", ".eot", ".wasm"] of ::String -
Static-asset file extensions. A route ending in one of these serves a static file off the web server, not a guarded API route.
-
STATIC_PUBLIC_FILES =
Set {"favicon.ico", "robots.txt", "manifest.json", "asset-manifest.json", "sitemap.xml", "service-worker.js", "sw.js", "browserconfig.xml"} -
Well-known public files served at the web root.
Constructors
Class Method Summary
Instance Method Summary
-
#collect_files_by_extension(extension : String) : Array(String)
Collect files with the given extension across every configured base path, so a multi-root scan sees auth config under all of them.
- #read_file(path : String) : String | Nil
- #read_source_context(endpoint : Endpoint) : Array(SourceContext)
-
#static_asset_route?(url : String) : Bool
A static-file / SPA-shell route, recognized conservatively: the SPA root, a catch-all wildcard mount (
/static/*filepath,/*any), a well-known public file, or a static-asset extension.
Instance methods inherited from module FileHelper
all_files : Array(String)
all_files,
get_files_by_extension(extension : String) : Array(String)
get_files_by_extension,
get_files_by_prefix(prefix : String) : Array(String)
get_files_by_prefix,
get_files_by_prefix_and_extension(prefix : String, extension : String) : Array(String)
get_files_by_prefix_and_extension,
get_public_dir_files(base_path : String, folder : String) : Array(String)
get_public_dir_files,
get_public_files(base_path : String, anchors : Array(String) = ["shard.yml", "Gemfile"]) : Array(String)
get_public_files
Instance methods inherited from class Tagger
name : String
name,
perform(endpoints : Array(Endpoint)) : Array(Endpoint)
perform
Constructor methods inherited from class Tagger
new(options : Hash(String, YAML::Any))
new
Constructor Detail
Class Method Detail
Instance Method Detail
Collect files with the given extension across every configured base path, so a multi-root scan sees auth config under all of them.
A static-file / SPA-shell route, recognized conservatively: the SPA
root, a catch-all wildcard mount (/static/*filepath, /*any), a
well-known public file, or a static-asset extension. Taggers use this to
exempt such routes from broad root/global middleware scopes, where the
signal is noise (or a false positive for assets registered outside the
middleware chain) rather than a meaningful per-endpoint review target.