Sha256: c512c89ad26148df642af5caaaa5309d6f2b9b19501be4a9a6b72daf74623cf2
Contents?: true
Size: 1.33 KB
Versions: 1
Compression:
Stored size: 1.33 KB
Contents
require 'brakeman/checks/base_check'
#YAML.load can be used for remote code execution
class Brakeman::CheckYAMLLoad < Brakeman::BaseCheck
Brakeman::Checks.add self
@description = "Checks for uses of YAML.load"
def run_check
tracker.find_call(:target => :YAML, :method => :load).each do |result|
check_yaml_load result
end
end
def check_yaml_load result
return if duplicate? result
add_result result
arg = result[:call].first_arg
if input = has_immediate_user_input?(arg)
confidence = CONFIDENCE[:high]
elsif input = include_user_input?(arg)
confidence = CONFIDENCE[:med]
end
if confidence
input_type = case input.type
when :params
"parameter value"
when :cookies
"cookies value"
when :request
"request value"
when :model
"model attribute"
else
"user input"
end
message = "YAML.load called with #{input_type}"
warn :result => result,
:warning_type => "Remote Code Execution",
:message => message,
:user_input => input.match,
:confidence => confidence,
:link_path => "remote_code_execution_yaml_load"
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| brakeman-1.9.1 | lib/brakeman/checks/check_yaml_load.rb |