Sha256: 74b705b7536d4c6e9ed4d58961c0c7124f577b6140bb72e2b3a2689050d4b08b
Contents?: true
Size: 1.67 KB
Versions: 2
Compression:
Stored size: 1.67 KB
Contents
require 'railroader/checks/base_check'
# Checks for select() helper vulnerability in some versions of Rails 3
# http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
class Railroader::CheckSelectVulnerability < Railroader::BaseCheck
Railroader::Checks.add self
@description = "Looks for unsafe uses of select() helper"
def run_check
if lts_version? "2.3.18.7"
return
elsif version_between? "3.0.0", "3.0.11"
suggested_version = "3.0.12"
elsif version_between? "3.1.0", "3.1.3"
suggested_version = "3.1.4"
elsif version_between? "3.2.0", "3.2.1"
suggested_version = "3.2.2"
elsif version_between? "2.0.0", "2.3.14"
suggested_version = "3 or use options_for_select"
else
return
end
@message = "Upgrade to Rails #{suggested_version}, #{rails_version} select() helper is vulnerable"
calls = tracker.find_call(:target => nil, :method => :select).select do |result|
result[:location][:type] == :template
end
calls.each do |result|
process_result result
end
end
def process_result result
return if duplicate? result
third_arg = result[:call].third_arg
# Check for user input in options parameter
if sexp? third_arg and include_user_input? third_arg
add_result result
if string_interp? third_arg
confidence = :medium
else
confidence = :weak
end
warn :template => result[:location][:template],
:warning_type => "Cross-Site Scripting",
:warning_code => :select_options_vuln,
:result => result,
:message => @message,
:confidence => confidence
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| railroader-4.3.8 | lib/railroader/checks/check_select_vulnerability.rb |
| railroader-4.3.7 | lib/railroader/checks/check_select_vulnerability.rb |