Sha256: 037b1e8ed535c4222847fcefe955473e8529d3c31ae8a7a51b08d2e26b65529c

Contents?: true

Size: 1.95 KB

Versions: 22

Compression:

Stored size: 1.95 KB

Contents

require 'brakeman/checks/base_check'

class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
  Brakeman::Checks.add self

  @description = "Checks for versions with ActiveRecord symbol denial of service, or code with a similar vulnerability"

  def run_check
    fix_version = case
      when version_between?('2.0.0', '2.3.17')
        '2.3.18'
      when version_between?('3.1.0', '3.1.11')
        '3.1.12'
      when version_between?('3.2.0', '3.2.12')
        '3.2.13'
      else
        nil
      end

    if fix_version && active_record_models.any?
      warn :warning_type => "Denial of Service",
        :warning_code => :CVE_2013_1854,
        :message => "Rails #{tracker.config[:rails_version]} has a denial of service vulnerability in ActiveRecord: upgrade to #{fix_version} or patch",
        :confidence => CONFIDENCE[:med],
        :file => gemfile_or_environment,
        :link => "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ"
    end

    tracker.find_call(:methods => [:to_sym, :literal_to_sym], :nested => true).each do |result|
      check_unsafe_symbol_creation(result)
    end

  end

  def check_unsafe_symbol_creation result
    return if duplicate? result or result[:call].original_line

    add_result result

    call = result[:call]

    if result[:method] == :to_sym
      args = [call.target]
    else
      args = call.select { |e| sexp? e }
    end

    if input = args.map{ |arg| has_immediate_user_input?(arg) }.compact.first
      confidence = CONFIDENCE[:high]
    elsif input = args.map{ |arg| include_user_input?(arg) }.compact.first
      confidence = CONFIDENCE[:med]
    end

    if confidence
      message = "Symbol conversion from unsafe string (#{friendly_type_of input})"

      warn :result => result,
        :warning_type => "Denial of Service",
        :warning_code => :unsafe_symbol_creation,
        :message => message,
        :user_input => input.match,
        :confidence => confidence
    end

  end

end

Version data entries

22 entries across 22 versions & 2 rubygems

Version Path
brakeman-min-2.4.3 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.4.3 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.4.2 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.4.2 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.4.1 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.4.1 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.4.0 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.4.0 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.3.1 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.3.1 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.3.0 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.3.0 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.2.0 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.2.0 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.1.2 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.1.2 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.1.1 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.1.1 lib/brakeman/checks/check_symbol_dos.rb
brakeman-min-2.1.0 lib/brakeman/checks/check_symbol_dos.rb
brakeman-2.1.0 lib/brakeman/checks/check_symbol_dos.rb