Sha256: 6def040b3cf32a42a983f36707802aceec42ca49a5d9a7ef24c442aa3617a717
Contents?: true
Size: 1.91 KB
Versions: 3
Compression:
Stored size: 1.91 KB
Contents
require 'brakeman/checks/base_check' #Checks for CVE-2012-3463, unescaped input in :prompt option of select_tag: #https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion class Brakeman::CheckSelectTag < Brakeman::BaseCheck Brakeman::Checks.add self @description = "Looks for unsafe uses of select_tag() in some versions of Rails 3.x" def run_check if version_between? "3.0.0", "3.0.16" suggested_version = "3.0.17" elsif version_between? "3.1.0", "3.1.7" suggested_version = "3.1.8" elsif version_between? "3.2.0", "3.2.7" suggested_version = "3.2.8" else return end @ignore_methods = Set[:escapeHTML, :escape_once, :h].merge tracker.options[:safe_methods] @message = "Upgrade to Rails #{suggested_version}, #{tracker.config[:rails_version]} select_tag is vulnerable (CVE-2012-3463)" calls = tracker.find_call(:target => nil, :method => :select_tag).select do |result| result[:location][0] == :template end calls.each do |result| process_result result end end #Check if select_tag is called with user input in :prompt option def process_result result return if duplicate? result add_result result #Only concerned if user input is supplied for :prompt option last_arg = result[:call].last_arg if hash? last_arg prompt_option = hash_access last_arg, :prompt if call? prompt_option and @ignore_methods.include? prompt_option.method return elsif sexp? prompt_option and input = include_user_input?(prompt_option) warn :warning_type => "Cross Site Scripting", :warning_code => :CVE_2012_3463, :result => result, :message => @message, :confidence => CONFIDENCE[:high], :user_input => input.match, :link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion" end end end end
Version data entries
3 entries across 3 versions & 1 rubygems
Version | Path |
---|---|
brakeman-1.9.5 | lib/brakeman/checks/check_select_tag.rb |
brakeman-1.9.4 | lib/brakeman/checks/check_select_tag.rb |
brakeman-1.9.3 | lib/brakeman/checks/check_select_tag.rb |