Sha256: 537a6d53e08e044c00992186f3eeb7de8c8c38990b93dd6f82870877b3385d8b
Contents?: true
Size: 997 Bytes
Versions: 2
Compression:
Stored size: 997 Bytes
Contents
require 'railroader/checks/base_check'
#Check for unsafe manipulation of strings
#Right now this is just a version check for
#https://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1
class Railroader::CheckSafeBufferManipulation < Railroader::BaseCheck
Railroader::Checks.add self
@description = "Check for Rails versions with SafeBuffer bug"
def run_check
if version_between? "3.0.0", "3.0.11"
suggested_version = "3.0.12"
elsif version_between? "3.1.0", "3.1.3"
suggested_version = "3.1.4"
elsif version_between? "3.2.0", "3.2.1"
suggested_version = "3.2.2"
else
return
end
message = "Rails #{rails_version} has a vulnerabilty in SafeBuffer. Upgrade to #{suggested_version} or apply patches."
warn :warning_type => "Cross-Site Scripting",
:warning_code => :safe_buffer_vuln,
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| railroader-4.3.5 | lib/railroader/checks/check_safe_buffer_manipulation.rb |
| railroader-4.3.4 | lib/railroader/checks/check_safe_buffer_manipulation.rb |