Sha256: 6a82fd84f583a679ccecbecf2c6afe6556dd535659ab47eeeaf11662c3bfb691
Contents?: true
Size: 903 Bytes
Versions: 2
Compression:
Stored size: 903 Bytes
Contents
require 'brakeman/checks/base_check'
#Checks if user supplied data is passed to send
class Brakeman::CheckSend < Brakeman::BaseCheck
Brakeman::Checks.add self
@description = "Check for unsafe use of Object#send"
def run_check
Brakeman.debug("Finding instances of #send")
calls = tracker.find_call :methods => [:send, :try, :__send__, :public_send]
calls.each do |call|
process_result call
end
end
def process_result result
process_call_args result[:call]
target = process result[:call].target
if input = has_immediate_user_input?(result[:call].first_arg)
warn :result => result,
:warning_type => "Dangerous Send",
:warning_code => :dangerous_send,
:message => "User controlled method execution",
:code => result[:call],
:user_input => input.match,
:confidence => CONFIDENCE[:high]
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| brakeman-1.9.5 | lib/brakeman/checks/check_send.rb |
| brakeman-1.9.4 | lib/brakeman/checks/check_send.rb |