Sha256: 339f0fe70570ecfc1536fe5f5e4c5348c31325a2b4b80e8811e4dc208ba3754d

Contents?: true

Size: 1.37 KB

Versions: 13

Compression:

Stored size: 1.37 KB

Contents

require 'checks/base_check'
require 'processors/lib/processor_helper'

#Checks for user input in methods which open or manipulate files
class CheckFileAccess < BaseCheck
  Checks.add self

  def run_check
    methods = tracker.find_call [:Dir, :File, :IO, :Kernel, :"Net::FTP", :"Net::HTTP", :PStore, :Pathname, :Shell, :YAML], [:[], :chdir, :chroot, :delete, :entries, :foreach, :glob, :install, :lchmod, :lchown, :link, :load, :load_file, :makedirs, :move, :new, :open, :read, :read_lines, :rename, :rmdir, :safe_unlink, :symlink, :syscopy, :sysopen, :truncate, :unlink]

    methods.concat tracker.find_call [], [:load]

    methods.concat tracker.find_call(:FileUtils, nil)

    methods.each do |call|
      process_result call
    end
  end

  def process_result result
    call = result[-1]

    file_name = call[3][1]

    if check = include_user_input?(file_name)
      unless duplicate? call, result[1]
        add_result call, result[1]

        if check == :params
          message = "Parameter"
        elsif check == :cookies
          message = "Cookie"
        else
          message = "User input"
        end

        message << " value used in file name"

        warn :result => result,
          :warning_type => "File Access",
          :message => message, 
          :confidence => CONFIDENCE[:high],
          :line => call.line,
          :code => call
      end
    end
  end
end

Version data entries

13 entries across 13 versions & 1 rubygems

Version Path
brakeman-0.9.2 lib/checks/check_file_access.rb
brakeman-0.9.1 lib/checks/check_file_access.rb
brakeman-0.9.0 lib/checks/check_file_access.rb
brakeman-0.8.4 lib/checks/check_file_access.rb
brakeman-0.8.3 lib/checks/check_file_access.rb
brakeman-0.8.2 lib/checks/check_file_access.rb
brakeman-0.8.1 lib/checks/check_file_access.rb
brakeman-0.8.0 lib/checks/check_file_access.rb
brakeman-0.7.2 lib/checks/check_file_access.rb
brakeman-0.7.1 lib/checks/check_file_access.rb
brakeman-0.7.0 lib/checks/check_file_access.rb
brakeman-0.6.1 lib/checks/check_file_access.rb
brakeman-0.6.0 lib/checks/check_file_access.rb