Sha256: 32b73d7b42a81fd0424127b52c7607f40ca7efe57aef0a2b149fbb9d24f7a897

Contents?: true

Size: 798 Bytes

Versions: 11

Compression:

Stored size: 798 Bytes

Contents

require 'brakeman/checks/base_check'

#Warn about response splitting in Rails versions before 2.3.13
#http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck
  Brakeman::Checks.add self

  @description = "Report response splitting in Rails 2.3.0 - 2.3.13"

  def run_check
    if version_between?('2.3.0', '2.3.13')

      warn :warning_type => "Response Splitting",
        :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers: CVE-2011-3186",
        :confidence => CONFIDENCE[:med],
        :file => gemfile_or_environment,
        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion"
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version Path
brakeman-1.9.2 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.9.1 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.9.0 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.9.0.pre2 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.9.0.pre1 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.8.3 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.8.2 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.8.1 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.8.0 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.7.1 lib/brakeman/checks/check_response_splitting.rb
brakeman-1.7.0 lib/brakeman/checks/check_response_splitting.rb