Contents

require 'checks/base_check'

#This check looks for calls to +eval+, +instance_eval+, etc. which include
#user input.
class CheckEvaluation < BaseCheck
  Checks.add self

  #Process calls
  def run_check
    calls = tracker.find_call nil, [:eval, :instance_eval, :class_eval, :module_eval]

    calls.each do |call|
      process_result call
    end
  end

  #Warns if result includes user input
  def process_result result
    if include_user_input? result[-1]
      warn :result => result,
        :warning_type => "Dangerous Eval",
        :message => "User input in eval",
        :code => result[-1],
        :confidence => CONFIDENCE[:high]
    end
  end
end

Version data entries

38 entries across 38 versions & 2 rubygems

Version	Path
brakeman-0.9.2	lib/checks/check_evaluation.rb
brakeman-0.9.1	lib/checks/check_evaluation.rb
brakeman-0.9.0	lib/checks/check_evaluation.rb
brakeman-0.8.4	lib/checks/check_evaluation.rb
brakeman-0.8.3	lib/checks/check_evaluation.rb
brakeman-0.8.2	lib/checks/check_evaluation.rb
brakeman-0.8.1	lib/checks/check_evaluation.rb
brakeman-0.8.0	lib/checks/check_evaluation.rb
brakeman-0.7.2	lib/checks/check_evaluation.rb
brakeman-0.7.1	lib/checks/check_evaluation.rb
brakeman-0.7.0	lib/checks/check_evaluation.rb
brakeman-0.6.1	lib/checks/check_evaluation.rb
brakeman-0.6.0	lib/checks/check_evaluation.rb
brakeman-min-0.5.2	lib/checks/check_evaluation.rb
brakeman-0.5.2	lib/checks/check_evaluation.rb
brakeman-min-0.5.1	lib/checks/check_evaluation.rb
brakeman-0.5.1	lib/checks/check_evaluation.rb
brakeman-min-0.5.0	lib/checks/check_evaluation.rb
brakeman-0.5.0	lib/checks/check_evaluation.rb
brakeman-0.4.1	lib/checks/check_evaluation.rb