Check for signed_id/Global ID usage without specified purpose

[bdewater]

Is your feature request related to a problem? Please describe.
https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html generates a tamperproof ID (with optional expiry) that can be given to untrusted clients to use. For example Active Storage uses it to allow clients to upload files directly to the cloud and associate it back to the blob stored in the application database. find_signed and find_signed! are used to check the signature and retrieve the model.

Similarly, GlobalID (used by Active Job to identify models passed in as job argument) has a signed variant that identifies any record with an URI.

Without specifying a purpose (Active Record signed ID) or for (signed global ID), these identifiers can be reused in different contexts - eg current_used.signed_id sent in a password reset email used in the params for the email link login URL, aka the confused deputy problem.

Describe the solution you'd like

Detect usage without specifying purpose for signed ID methods:

• signed_id
• find_signed, find_signed!

Detect usage without specifying for for Global ID methods:

• to_gid / to_global_id / to_gid_param and to_sgid / to_signed_global_id / to_sgid_param
• GlobalID::Locator.locate / locate_many and locate_signed / locate_many_signed

It's debatable whether or not to cover the non-signed variants here, since they are not tamper proof?

Describe alternatives you've considered
N/A

[presidentbeef]

🤔 Seems interesting