Sha256: d2cff5b19d38d8d8e7727403c36da534884227aa47dc934979de232939c22446

Contents?: true

Size: 1.1 KB

Versions: 105

Compression:

Stored size: 1.1 KB

Contents

require 'brakeman/checks/base_check'

class Brakeman::CheckFileDisclosure < Brakeman::BaseCheck
  Brakeman::Checks.add self

  @description = 'Checks for versions with file existence disclosure vulnerability'

  def run_check
    fix_version = case
      when version_between?('2.0.0', '2.3.18')
        '3.2.21'
      when version_between?('3.0.0', '3.2.20')
        '3.2.21'
      when version_between?('4.0.0', '4.0.11')
        '4.0.12'
      when version_between?('4.1.0', '4.1.7')
        '4.1.8'
      else
        nil
      end

    if fix_version and serves_static_assets?
      warn :warning_type => "File Access",
        :warning_code => :CVE_2014_7829,
        :message => msg(msg_version(rails_version), " has a file existence disclosure vulnerability. Upgrade to ", msg_version(fix_version), " or disable serving static assets"),
        :confidence => :high,
        :gem_info => gemfile_or_environment,
        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ"
    end
  end

  def serves_static_assets?
    true? tracker.config.rails[:serve_static_assets]
  end
end

Version data entries

105 entries across 91 versions & 4 rubygems

Version Path
zuora_connect_ui-0.8.3 vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.8.3 vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.8.2 vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.8.2 vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.8.1 vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.8.1 vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.8.0 vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.8.0 vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_file_disclosure.rb
brakeman-4.6.1 lib/brakeman/checks/check_file_disclosure.rb
brakeman-lib-4.6.1 lib/brakeman/checks/check_file_disclosure.rb
brakeman-min-4.6.1 lib/brakeman/checks/check_file_disclosure.rb
brakeman-4.6.0 lib/brakeman/checks/check_file_disclosure.rb
brakeman-min-4.6.0 lib/brakeman/checks/check_file_disclosure.rb
brakeman-lib-4.6.0 lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.7.1 vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_file_disclosure.rb
zuora_connect_ui-0.7.0 vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_file_disclosure.rb
brakeman-4.5.1 lib/brakeman/checks/check_file_disclosure.rb
brakeman-lib-4.5.1 lib/brakeman/checks/check_file_disclosure.rb
brakeman-min-4.5.1 lib/brakeman/checks/check_file_disclosure.rb
brakeman-4.5.0 lib/brakeman/checks/check_file_disclosure.rb