Sha256: a5886ea43763acce760e66932adf0ae1cec6ff74de98e8e0f64928303a56ceff

Contents?: true

Size: 621 Bytes

Versions: 4

Compression:

Stored size: 621 Bytes

Contents

require 'checks/base_check'
require 'processors/lib/find_call'

#Warn about response splitting in Rails versions before 2.3.13
#http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
class CheckResponseSplitting < BaseCheck
  Checks.add self

  def run_check
    if version_between?('2.3.0', '2.3.13')

      warn :warning_type => "Response Splitting",
        :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers: CVE-2011-3186",
        :confidence => CONFIDENCE[:med],
        :file => gemfile_or_environment
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
brakeman-0.9.2 lib/checks/check_response_splitting.rb
brakeman-0.9.1 lib/checks/check_response_splitting.rb
brakeman-0.9.0 lib/checks/check_response_splitting.rb
brakeman-0.8.4 lib/checks/check_response_splitting.rb