Sha256: 1a8b779ed6668dcc4c60839792cd286d461fb92ba7e25eac27cd14068ac19988
Contents?: true
Size: 1.53 KB
Versions: 9
Compression:
Stored size: 1.53 KB
Contents
require 'brakeman/checks/base_check' #Checks for select() helper vulnerability in some versions of Rails 3 #http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664 class Brakeman::CheckSelectVulnerability < Brakeman::BaseCheck Brakeman::Checks.add self @description = "Looks for unsafe uses of select() helper in some versions of Rails 3.x" def run_check if version_between? "3.0.0", "3.0.11" suggested_version = "3.0.12" elsif version_between? "3.1.0", "3.1.3" suggested_version = "3.1.4" elsif version_between? "3.2.0", "3.2.1" suggested_version = "3.2.2" else return end @message = "Upgrade to Rails #{suggested_version}, #{tracker.config[:rails_version]} select() helper is vulnerable" calls = tracker.find_call(:target => nil, :method => :select).select do |result| result[:location][0] == :template end calls.each do |result| process_result result end end def process_result result return if duplicate? result args = result[:call][3] #Check for user input in options parameter if sexp? args[3] and include_user_input? args[3] add_result result if node_type? args[3], :string_interp, :dstr confidence = CONFIDENCE[:med] else confidence = CONFIDENCE[:low] end warn :template => result[:location][1], :warning_type => "Cross Site Scripting", :result => result, :message => @message, :confidence => confidence end end end
Version data entries
9 entries across 9 versions & 1 rubygems