Sha256: 1231a510de74516766f9f24077f48c331074fea85de39f0e1c8427550ede6dc8
Contents?: true
Size: 1.68 KB
Versions: 25
Compression:
Stored size: 1.68 KB
Contents
require 'brakeman/checks/base_check'
class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
Brakeman::Checks.add self
@description = "Checks for simple_format XSS vulnerability (CVE-2013-6416) in certain versions"
def run_check
if version_between? "4.0.0", "4.0.1"
@inspect_arguments = true
@ignore_methods = Set[:h, :escapeHTML]
check_simple_format_usage
generic_warning unless @found_any
end
end
def generic_warning
message = "Rails #{rails_version} has a vulnerability in simple_format (CVE-2013-6416). Upgrade to Rails version 4.0.2"
warn :warning_type => "Cross-Site Scripting",
:warning_code => :CVE_2013_6416,
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
end
def check_simple_format_usage
tracker.find_call(:target => false, :method => :simple_format).each do |result|
@matched = false
process_call result[:call]
if @matched
warn_on_simple_format result, @matched
end
end
end
def process_call exp
@mark = true
actually_process_call exp
exp
end
def warn_on_simple_format result, match
return unless original? result
@found_any = true
warn :result => result,
:warning_type => "Cross-Site Scripting",
:warning_code => :CVE_2013_6416_call,
:message => "Values passed to simple_format are not safe in Rails #{rails_version}",
:confidence => :high,
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
:user_input => match
end
end
Version data entries
25 entries across 25 versions & 3 rubygems