Sha256: 8c3a1524d34f70244a09f99a757993c63e15d09de991b6923c66c17ee7245332
Contents?: true
Size: 726 Bytes
Versions: 10
Compression:
Stored size: 726 Bytes
Contents
require 'brakeman/checks/base_check' #Check for versions with vulnerable html escape method #http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck Brakeman::Checks.add self @description = "Checks for versions before 2.3.14 which have a vulnerable escape method" def run_check if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0' warn :warning_type => 'Cross Site Scripting', :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2931', :confidence => CONFIDENCE[:high], :file => gemfile_or_environment end end end
Version data entries
10 entries across 10 versions & 1 rubygems