Sha256: 1a8b779ed6668dcc4c60839792cd286d461fb92ba7e25eac27cd14068ac19988
Contents?: true
Size: 1.53 KB
Versions: 9
Compression:
Stored size: 1.53 KB
Contents
require 'brakeman/checks/base_check'
#Checks for select() helper vulnerability in some versions of Rails 3
#http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
class Brakeman::CheckSelectVulnerability < Brakeman::BaseCheck
Brakeman::Checks.add self
@description = "Looks for unsafe uses of select() helper in some versions of Rails 3.x"
def run_check
if version_between? "3.0.0", "3.0.11"
suggested_version = "3.0.12"
elsif version_between? "3.1.0", "3.1.3"
suggested_version = "3.1.4"
elsif version_between? "3.2.0", "3.2.1"
suggested_version = "3.2.2"
else
return
end
@message = "Upgrade to Rails #{suggested_version}, #{tracker.config[:rails_version]} select() helper is vulnerable"
calls = tracker.find_call(:target => nil, :method => :select).select do |result|
result[:location][0] == :template
end
calls.each do |result|
process_result result
end
end
def process_result result
return if duplicate? result
args = result[:call][3]
#Check for user input in options parameter
if sexp? args[3] and include_user_input? args[3]
add_result result
if node_type? args[3], :string_interp, :dstr
confidence = CONFIDENCE[:med]
else
confidence = CONFIDENCE[:low]
end
warn :template => result[:location][1],
:warning_type => "Cross Site Scripting",
:result => result,
:message => @message,
:confidence => confidence
end
end
end
Version data entries
9 entries across 9 versions & 1 rubygems