Sha256: c5cceb7b975408a02f2791ec564db2eb22590bba86deb726eceb49d6c5e8a18f

Contents?: true

Size: 979 Bytes

Versions: 105

Compression:

Stored size: 979 Bytes

Contents

require 'brakeman/checks/base_check'

class Brakeman::CheckSymbolDoSCVE < Brakeman::BaseCheck
  Brakeman::Checks.add self

  @description = "Checks for versions with ActiveRecord symbol denial of service vulnerability"

  def run_check
    fix_version = case
      when version_between?('2.0.0', '2.3.17')
        '2.3.18'
      when version_between?('3.1.0', '3.1.11')
        '3.1.12'
      when version_between?('3.2.0', '3.2.12')
        '3.2.13'
      else
        nil
      end

    if fix_version && active_record_models.any?
      warn :warning_type => "Denial of Service",
        :warning_code => :CVE_2013_1854,
        :message => msg(msg_version(rails_version), " has a denial of service vulnerability in ActiveRecord. Upgrade to ", msg_version(fix_version), " or patch"),
        :confidence => :medium,
        :gem_info => gemfile_or_environment,
        :link => "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ"
    end
  end
end

Version data entries

105 entries across 91 versions & 4 rubygems

Version Path
brakeman-lib-4.10.0 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-min-4.10.0 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-4.9.1 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-min-4.9.1 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-lib-4.9.1 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-4.9.0 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-min-4.9.0 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-lib-4.9.0 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-4.8.2 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-lib-4.8.2 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-min-4.8.2 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-4.8.1 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-lib-4.8.1 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-min-4.8.1 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-4.8.0 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-lib-4.8.0 lib/brakeman/checks/check_symbol_dos_cve.rb
brakeman-min-4.8.0 lib/brakeman/checks/check_symbol_dos_cve.rb
zuora_connect_ui-0.10.0 vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_symbol_dos_cve.rb
zuora_connect_ui-0.10.0 vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_symbol_dos_cve.rb
zuora_connect_ui-0.10.0 vendor/ruby/2.6.0/gems/brakeman-4.7.1/lib/brakeman/checks/check_symbol_dos_cve.rb