Sha256: ea5ffce02d8dbeb398499592b3268fc01770063d6eeb8733eb9b121f6a33ed41

Contents?: true

Size: 1.53 KB

Versions: 12

Compression:

Stored size: 1.53 KB

Contents

require 'brakeman/checks/base_check'

#Check calls to +render()+ for dangerous values
class Brakeman::CheckRender < Brakeman::BaseCheck
  Brakeman::Checks.add self

  @description = "Finds calls to render that might allow file access"

  def run_check
    tracker.find_call(:target => nil, :method => :render).each do |result|
      process_render_result result
    end
  end

  def process_render_result result
    return unless node_type? result[:call], :render

    case result[:call].render_type
    when :partial, :template, :action, :file
      check_for_dynamic_path result
    when :inline
    when :js
    when :json
    when :text
    when :update
    when :xml
    end
  end

  #Check if path to action or file is determined dynamically
  def check_for_dynamic_path result
    view = result[:call][2]

    if sexp? view and not duplicate? result
      add_result result


      if input = has_immediate_user_input?(view)
        if node_type? view, :string_interp, :dstr
          confidence = CONFIDENCE[:med]
        else
          confidence = CONFIDENCE[:high]
        end
      elsif input = include_user_input?(view)
        confidence = CONFIDENCE[:low]
      else
        return
      end

      return if input.type == :model #skip models

      message = "Render path contains #{friendly_type_of input}"

      warn :result => result,
        :warning_type => "Dynamic Render Path",
        :warning_code => :dynamic_render_path,
        :message => message,
        :user_input => input.match,
        :confidence => confidence
    end
  end
end

Version data entries

12 entries across 12 versions & 2 rubygems

Version Path
brakeman-3.0.5 lib/brakeman/checks/check_render.rb
brakeman-min-3.0.5 lib/brakeman/checks/check_render.rb
brakeman-3.0.4 lib/brakeman/checks/check_render.rb
brakeman-min-3.0.4 lib/brakeman/checks/check_render.rb
brakeman-min-3.0.3 lib/brakeman/checks/check_render.rb
brakeman-3.0.3 lib/brakeman/checks/check_render.rb
brakeman-min-3.0.2 lib/brakeman/checks/check_render.rb
brakeman-3.0.2 lib/brakeman/checks/check_render.rb
brakeman-min-3.0.1 lib/brakeman/checks/check_render.rb
brakeman-3.0.1 lib/brakeman/checks/check_render.rb
brakeman-3.0.0 lib/brakeman/checks/check_render.rb
brakeman-min-3.0.0 lib/brakeman/checks/check_render.rb