RubygemsResearch

Sha256: dfca6dfde518588e5eb0a140c8271908f00cddec4f4f24420aa1b7133c10d2ef

Contents?: true

Size: 1.32 KB

Versions: 130

Compression:

Stored size: 1.32 KB

require 'brakeman/checks/base_check'

# Checks if verify_mode= is called with OpenSSL::SSL::VERIFY_NONE

class Brakeman::CheckSSLVerify < Brakeman::BaseCheck
  Brakeman::Checks.add self

  SSL_VERIFY_NONE = s(:colon2, s(:colon2, s(:const, :OpenSSL), :SSL), :VERIFY_NONE)

  @description = "Checks for OpenSSL::SSL::VERIFY_NONE"

  def run_check
    check_open_ssl_verify_none
    check_http_start
  end

  def check_open_ssl_verify_none
    tracker.find_call(:method => :verify_mode=).each {|call| process_verify_mode_result(call) }
  end

  def process_verify_mode_result result
    if result[:call].last_arg == SSL_VERIFY_NONE
      warn_about_ssl_verification_bypass result
    end
  end

  def check_http_start
    tracker.find_call(:target => :'Net::HTTP', :method => :start).each { |call| process_http_start_result call }
  end

  def process_http_start_result result
    arg = result[:call].last_arg

    if hash? arg and hash_access(arg, :verify_mode) == SSL_VERIFY_NONE
      warn_about_ssl_verification_bypass result
    end
  end

  def warn_about_ssl_verification_bypass result
    return unless original? result

    warn :result => result,
      :warning_type => "SSL Verification Bypass",
      :warning_code => :ssl_verification_bypass,
      :message => "SSL certificate verification was bypassed",
      :confidence => :high
  end
end

Version data entries

130 entries across 116 versions & 4 rubygems

Version	Path
zuora_connect_ui-0.8.3	vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.8.3	vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.8.2	vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.8.2	vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.8.1	vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.8.1	vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.8.0	vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.8.0	vendor/ruby/2.6.0/gems/brakeman-4.6.1/lib/brakeman/checks/check_ssl_verify.rb
brakeman-4.6.1	lib/brakeman/checks/check_ssl_verify.rb
brakeman-lib-4.6.1	lib/brakeman/checks/check_ssl_verify.rb
brakeman-min-4.6.1	lib/brakeman/checks/check_ssl_verify.rb
brakeman-4.6.0	lib/brakeman/checks/check_ssl_verify.rb
brakeman-min-4.6.0	lib/brakeman/checks/check_ssl_verify.rb
brakeman-lib-4.6.0	lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.7.1	vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_ssl_verify.rb
zuora_connect_ui-0.7.0	vendor/ruby/2.6.0/gems/brakeman-4.5.1/lib/brakeman/checks/check_ssl_verify.rb
brakeman-4.5.1	lib/brakeman/checks/check_ssl_verify.rb
brakeman-lib-4.5.1	lib/brakeman/checks/check_ssl_verify.rb
brakeman-min-4.5.1	lib/brakeman/checks/check_ssl_verify.rb
brakeman-4.5.0	lib/brakeman/checks/check_ssl_verify.rb