Sha256: e6f6deef9ab7ab19cf2c87b03f67f1f7329a3461d516cacefbe523dfae28ba69

Contents?: true

Size: 630 Bytes

Versions: 4

Compression:

Stored size: 630 Bytes

Contents

require 'checks/base_check'
require 'processors/lib/find_call'

#Check for versions with vulnerable html escape method
#http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
class CheckEscapeFunction < BaseCheck
  Checks.add self

  def run_check
    if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0' 

      warn :warning_type => 'Cross Site Scripting',
        :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2931',
        :confidence => CONFIDENCE[:high],
        :file => gemfile_or_environment
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
brakeman-0.9.2 lib/checks/check_escape_function.rb
brakeman-0.9.1 lib/checks/check_escape_function.rb
brakeman-0.9.0 lib/checks/check_escape_function.rb
brakeman-0.8.4 lib/checks/check_escape_function.rb