Sha256: 340dc72021f616f763f6f3f22a6a304de4a4698ae2cb72eb042547a3a7ac862b
Contents?: true
Size: 851 Bytes
Versions: 72
Compression:
Stored size: 851 Bytes
Contents
require 'brakeman/checks/base_check'
class Brakeman::CheckCookieSerialization < Brakeman::BaseCheck
Brakeman::Checks.add self
@description = "Check for use of Marshal for cookie serialization"
def run_check
tracker.find_call(target: :'Rails.application.config.action_dispatch', method: :cookies_serializer=).each do |result|
setting = result[:call].first_arg
if symbol? setting and [:marshal, :hybrid].include? setting.value
warn :result => result,
:warning_type => "Remote Code Execution",
:warning_code => :unsafe_cookie_serialization,
:message => msg("Use of unsafe cookie serialization strategy ", msg_code(setting.value.inspect), " might lead to remote code execution"),
:confidence => :medium,
:link_path => "unsafe_deserialization"
end
end
end
end
Version data entries
72 entries across 69 versions & 4 rubygems