From 97186ef2224008e8dea1c6fe7f4143f5341ee28a Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Mon, 15 May 2023 15:43:30 -0700
Subject: [PATCH] Create missing-csrf.rb

---
 missing-csrf.rb | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 missing-csrf.rb

diff --git a/missing-csrf.rb b/missing-csrf.rb
new file mode 100644
index 0000000..c3fd0a4
--- /dev/null
+++ b/missing-csrf.rb
@@ -0,0 +1,24 @@
+# ruleid:missing-csrf-protection
+class DangerousController < ActionController::Base
+
+  puts "do more stuff"
+
+end
+
+# ok:missing-csrf-protection
+class OkController < ActionController::Base
+
+  protect_from_forgery :with => :exception
+
+  puts "do more stuff"
+
+end
+
+# ok:missing-csrf-protection
+class OkController < ActionController::Base
+
+  protect_from_forgery prepend: true, with: :exception
+
+  puts "do more stuff"
+
+end