Sha256: ca2ac743e6775a3ac57fc8480ae88328546479e9cd530d478f68649d4b9e1dfe
Contents?: true
Size: 808 Bytes
Versions: 2
Compression:
Stored size: 808 Bytes
Contents
require 'brakeman/checks/base_check'
#This check looks for calls to +eval+, +instance_eval+, etc. which include
#user input.
class Brakeman::CheckEvaluation < Brakeman::BaseCheck
Brakeman::Checks.add self
#Process calls
def run_check
Brakeman.debug "Finding eval-like calls"
calls = tracker.find_call :method => [:eval, :instance_eval, :class_eval, :module_eval]
Brakeman.debug "Processing eval-like calls"
calls.each do |call|
process_result call
end
end
#Warns if result includes user input
def process_result result
if include_user_input? result[:call]
warn :result => result,
:warning_type => "Dangerous Eval",
:message => "User input in eval",
:code => result[:call],
:confidence => CONFIDENCE[:high]
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| brakeman-1.2.2 | lib/brakeman/checks/check_evaluation.rb |
| brakeman-1.2.1 | lib/brakeman/checks/check_evaluation.rb |