brakeman-lib 5.2.1 → 5.3.0

data/lib/brakeman/checks/check_nested_attributes.rb

@@ -24,7 +24,8 @@ class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck
         :message => message,
         :confidence => :high,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion",
+        :cwe_id => [20]
     end
   end
 

data/lib/brakeman/checks/check_nested_attributes_bypass.rb

@@ -39,7 +39,8 @@ class Brakeman::CheckNestedAttributesBypass < Brakeman::BaseCheck
       :file => model.file,
       :line => args.line,
       :confidence => :medium,
-      :link_path => "https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
+      :link_path => "https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
+      :cwe_id => [284]
   end
 
   def allow_destroy? arg

data/lib/brakeman/checks/check_number_to_currency.rb

@@ -36,7 +36,8 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
       :message => message,
       :confidence => :medium,
       :gem_info => gemfile_or_environment,
-      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"
+      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
+      :cwe_id => [79]
   end
 
   def check_number_helper_usage
@@ -69,6 +70,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
       :message => msg("Format options in ", msg_code(result[:call].method), " are not safe in ", msg_version(rails_version)),
       :confidence => :high,
       :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
-      :user_input => match
+      :user_input => match,
+      :cwe_id => [79]
   end
 end

data/lib/brakeman/checks/check_page_caching_cve.rb

@@ -26,7 +26,8 @@ class Brakeman::CheckPageCachingCVE < Brakeman::BaseCheck
       :message => message,
       :confidence => confidence,
       :link_path => 'https://groups.google.com/d/msg/rubyonrails-security/CFRVkEytdP8/c5gmICECAgAJ',
-      :gem_info => gemfile_or_environment(gem_name)
+      :gem_info => gemfile_or_environment(gem_name),
+      :cwe_id => [22]
   end
 
   def uses_caches_page?

data/lib/brakeman/checks/check_permit_attributes.rb

@@ -38,6 +38,7 @@ class Brakeman::CheckPermitAttributes < Brakeman::BaseCheck
       :warning_code => :dangerous_permit_key,
       :message => "Potentially dangerous key allowed for mass assignment",
       :confidence => (confidence || SUSPICIOUS_KEYS[key.value]),
-      :user_input => key
+      :user_input => key,
+      :cwe_id => [915]
   end
 end

data/lib/brakeman/checks/check_quote_table_name.rb

@@ -28,7 +28,8 @@ class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck
         :message => message,
         :confidence => confidence,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion",
+        :cwe_id => [89]
     end
   end
 

data/lib/brakeman/checks/check_redirect.rb

@@ -55,7 +55,8 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
         :message => "Possible unprotected redirect",
         :code => call,
         :user_input => res,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [601]
     end
   end
 

data/lib/brakeman/checks/check_regex_dos.rb

@@ -51,7 +51,8 @@ class Brakeman::CheckRegexDoS < Brakeman::BaseCheck
           :warning_code => :regex_dos,
           :message => message,
           :confidence => confidence,
-          :user_input => match
+          :user_input => match,
+          :cwe_id => [20, 185]
       end
     end
   end

data/lib/brakeman/checks/check_render.rb

@@ -57,7 +57,8 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
         :warning_code => :dynamic_render_path,
         :message => message,
         :user_input => input,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [22]
     end
   end
 
@@ -78,7 +79,8 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
           :warning_code => :dynamic_render_path_rce,
           :message => msg("Passing query parameters to ", msg_code("render"), " is vulnerable in ", msg_version(rails_version), " ", msg_cve("CVE-2016-0752")),
           :user_input => view,
-          :confidence => :high
+          :confidence => :high,
+          :cwe_id => [22]
       end
     end
   end

data/lib/brakeman/checks/check_render_dos.rb

@@ -32,6 +32,7 @@ class Brakeman::CheckRenderDoS < Brakeman::BaseCheck
       :message => message,
       :confidence => :high,
       :link_path => "https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ",
-      :gem_info => gemfile_or_environment
+      :gem_info => gemfile_or_environment,
+      :cwe_id => [20]
   end
 end

data/lib/brakeman/checks/check_render_inline.rb

@@ -28,14 +28,16 @@ class Brakeman::CheckRenderInline < Brakeman::CheckCrossSiteScripting
             :warning_code => :cross_site_scripting_inline,
             :message => msg("Unescaped ", msg_input(input), " rendered inline"),
             :user_input => input,
-            :confidence => :high
+            :confidence => :high,
+            :cwe_id => [79]
         elsif input = has_immediate_model?(render_value)
           warn :result => result,
             :warning_type => "Cross-Site Scripting",
             :warning_code => :cross_site_scripting_inline,
             :message => "Unescaped model attribute rendered inline",
             :user_input => input,
-            :confidence => :medium
+            :confidence => :medium,
+            :cwe_id => [79]
         end
       end
     end

data/lib/brakeman/checks/check_response_splitting.rb

@@ -15,7 +15,8 @@ class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck
         :message => msg("Rails versions before 2.3.14 have a vulnerability content type handling allowing injection of headers ", msg_cve("CVE-2011-3186")),
         :confidence => :medium,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion",
+        :cwe_id => [94]
     end
   end
 end

data/lib/brakeman/checks/check_reverse_tabnabbing.rb

@@ -53,6 +53,7 @@ class Brakeman::CheckReverseTabnabbing < Brakeman::BaseCheck
       :message => msg("When opening a link in a new tab without setting ", msg_code('rel: "noopener noreferrer"'),
                       ", the new tab can control the parent tab's location. For example, an attacker could redirect to a phishing page."),
       :confidence => confidence,
-      :user_input => rel
+      :user_input => rel,
+      :cwe_id => [1022]
   end
 end

data/lib/brakeman/checks/check_route_dos.rb

@@ -23,7 +23,8 @@ class Brakeman::CheckRouteDoS < Brakeman::BaseCheck
         :message => message,
         :confidence => :medium,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
+        :cwe_id => [399]
     end
   end
 

data/lib/brakeman/checks/check_safe_buffer_manipulation.rb

@@ -26,6 +26,7 @@ class Brakeman::CheckSafeBufferManipulation < Brakeman::BaseCheck
       :warning_code => :safe_buffer_vuln, 
       :message => message,
       :confidence => :medium,
-      :gem_info => gemfile_or_environment
+      :gem_info => gemfile_or_environment,
+      :cwe_id => [79]
   end
 end

data/lib/brakeman/checks/check_sanitize_config_cve.rb

@@ -0,0 +1,120 @@
+require 'brakeman/checks/base_check'
+
+class Brakeman::CheckSanitizeConfigCve < Brakeman::BaseCheck
+  Brakeman::Checks.add self
+
+  @description = "Checks for vunerable uses of sanitize (CVE-2022-32209)"
+
+  def run_check
+    @specific_warning = false
+
+    @gem_version = tracker.config.gem_version :'rails-html-sanitizer'
+    if version_between? "0.0.0", "1.4.3", @gem_version
+      check_config
+      check_sanitize_calls
+      check_safe_list_allowed_tags
+
+      unless @specific_warning
+        # General warning about the vulnerable version
+        cve_warning
+      end
+    end
+  end
+
+  def cve_warning confidence: :weak, result: nil
+    return if result and not original? result
+
+    message = msg(msg_version(@gem_version, 'rails-html-sanitizer'),
+                  " is vulnerable to cross-site scripting when ",
+                  msg_code('select'),
+                  " and ",
+                  msg_code("style"),
+                  " tags are allowed ",
+                  msg_cve("CVE-2022-32209")
+                 )
+
+    unless result
+      message << ". Upgrade to 1.4.3 or newer"
+    end
+
+    warn :warning_type => "Cross-Site Scripting",
+      :warning_code => :CVE_2022_32209,
+      :message => message,
+      :confidence => confidence,
+      :gem_info => gemfile_or_environment(:'rails-html-sanitizer'),
+      :link_path => "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s/m/S0fJfnkmBAAJ",
+      :cwe_id => [79],
+      :result => result
+  end
+
+  # Look for
+  #   config.action_view.sanitized_allowed_tags = ["select", "style"]
+  def check_config
+    sanitizer_config = tracker.config.rails.dig(:action_view, :sanitized_allowed_tags)
+
+    if sanitizer_config and include_both_tags? sanitizer_config
+      @specific_warning = true
+      cve_warning confidence: :high
+    end
+  end
+
+  # Look for
+  #   sanitize ..., tags: ["select", "style"]
+  # and
+  #   Rails::Html::SafeListSanitizer.new.sanitize(..., tags: ["select", "style"])
+  def check_sanitize_calls
+    tracker.find_call(method: :sanitize, target: nil).each do |result|
+      check_tags_option result
+    end
+
+    tracker.find_call(method: :sanitize, target: :'Rails::Html::SafeListSanitizer.new').each do |result|
+      check_tags_option result
+    end
+  end
+
+  # Look for
+  #   Rails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]
+  def check_safe_list_allowed_tags
+    tracker.find_call(target: :'Rails::Html::SafeListSanitizer', method: :allowed_tags=).each do |result|
+      check_result result, result[:call].first_arg
+    end
+  end
+
+  private
+
+  def check_tags_option result
+    options = result[:call].last_arg
+
+    if options
+      check_result result, hash_access(options, :tags)
+    end
+  end
+
+  def check_result result, arg
+    if include_both_tags? arg
+      @specific_warning = true
+      cve_warning confidence: :high, result: result
+    end
+  end
+
+  def include_both_tags? exp
+    return unless sexp? exp
+
+    has_tag? exp, 'select' and
+      has_tag? exp, 'style'
+  end
+
+  def has_tag? exp, tag
+    tag_sym = tag.to_sym
+
+    exp.each_sexp do |e|
+      if string? e and e.value == tag
+        return true
+      elsif symbol? e and e.value == tag_sym
+        return true
+      end
+    end
+
+    false
+  end
+end

data/lib/brakeman/checks/check_sanitize_methods.rb

@@ -51,7 +51,8 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
         :warning_code => code,
         :message => message,
         :confidence => :high,
-        :link_path => link
+        :link_path => link,
+        :cwe_id => [79]
     end
   end
 
@@ -83,7 +84,8 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
         :message => message,
         :gem_info => gemfile_or_environment(:loofah),
         :confidence => confidence,
-        :link_path => "https://github.com/flavorjones/loofah/issues/144"
+        :link_path => "https://github.com/flavorjones/loofah/issues/144",
+        :cwe_id => [79]
     end
   end
 
@@ -108,6 +110,7 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
       :message => message,
       :gem_info => gemfile_or_environment(:'rails-html-sanitizer'),
       :confidence => confidence,
-      :link_path => link
+      :link_path => link,
+      :cwe_id => [79]
   end
 end

data/lib/brakeman/checks/check_secrets.rb

@@ -27,7 +27,8 @@ class Brakeman::CheckSecrets < Brakeman::BaseCheck
             :message => msg("Hardcoded value for ", msg_code(name), " in source code"),
             :confidence => :medium,
             :file => constant.file,
-            :line => constant.line
+            :line => constant.line,
+            :cwe_id => [798]
         end
       end
     end

data/lib/brakeman/checks/check_select_tag.rb

@@ -52,7 +52,8 @@ class Brakeman::CheckSelectTag < Brakeman::BaseCheck
           :message => @message,
           :confidence => :high,
           :user_input => input,
-          :link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion"
+          :link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion",
+          :cwe_id => [79]
       end
     end
   end

data/lib/brakeman/checks/check_select_vulnerability.rb

@@ -54,7 +54,8 @@ class Brakeman::CheckSelectVulnerability < Brakeman::BaseCheck
           :warning_code => :select_options_vuln,
           :result => result,
           :message => @message,
-          :confidence => confidence
+          :confidence => confidence,
+          :cwe_id => [79]
     end
   end
 end

data/lib/brakeman/checks/check_send.rb

@@ -29,7 +29,8 @@ class Brakeman::CheckSend < Brakeman::BaseCheck
         :warning_code => :dangerous_send,
         :message => "User controlled method execution",
         :user_input => input,
-        :confidence => :high
+        :confidence => :high,
+        :cwe_id => [77]
     end
   end
 

data/lib/brakeman/checks/check_session_manipulation.rb

@@ -28,7 +28,8 @@ class Brakeman::CheckSessionManipulation < Brakeman::BaseCheck
         :warning_code => :session_key_manipulation,
         :message => msg(msg_input(input), " used as key in session hash"),
         :user_input => input,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [20] # TODO: what cwe should this be? it seems like it's looking for authz bypass
     end
   end
 end

data/lib/brakeman/checks/check_session_settings.rb

@@ -142,7 +142,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
       :message => "Session cookies should be set to HTTP only",
       :confidence => :high,
       :line => line,
-      :file => file
+      :file => file,
+      :cwe_id => [1004]
 
   end
 
@@ -152,7 +153,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
       :message => "Session secret should not be included in version control",
       :confidence => :high,
       :line => line,
-      :file => file
+      :file => file,
+      :cwe_id => [798]
   end
 
   def warn_about_secure_only line, file
@@ -161,7 +163,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
       :message => "Session cookie should be set to secure only",
       :confidence => :high,
       :line => line,
-      :file => file
+      :file => file,
+      :cwe_id => [614]
   end
 
   def ignored? file

data/lib/brakeman/checks/check_simple_format.rb

@@ -28,7 +28,8 @@ class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
       :message => message,
       :confidence => :medium,
       :gem_info => gemfile_or_environment,
-      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
+      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
+      :cwe_id => [79]
   end
 
   def check_simple_format_usage
@@ -58,6 +59,7 @@ class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
       :message => msg("Values passed to ", msg_code("simple_format"), " are not safe in ", msg_version(rails_version)),
       :confidence => :high,
       :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
-      :user_input => match
+      :user_input => match,
+      :cwe_id => [79]
   end
 end

data/lib/brakeman/checks/check_single_quotes.rb

@@ -38,7 +38,8 @@ class Brakeman::CheckSingleQuotes < Brakeman::BaseCheck
       :message => message,
       :confidence => :medium,
       :gem_info => gemfile_or_environment,
-      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion"
+      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion",
+      :cwe_id => [79]
   end
 
   #Process initializers to see if they use workaround

data/lib/brakeman/checks/check_skip_before_filter.rb

@@ -29,7 +29,8 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
         :message => msg("List specific actions (", msg_code(":only => [..]"), ") when skipping CSRF check"),
         :code => filter,
         :confidence => :medium,
-        :file => controller.file
+        :file => controller.file,
+        :cwe_id => [352]
 
     when :login_required, :authenticate_user!, :require_user
       warn :controller => controller.name,
@@ -39,7 +40,8 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
         :code => filter,
         :confidence => :medium,
         :link_path => "authentication_whitelist",
-        :file => controller.file
+        :file => controller.file,
+        :cwe_id => [287]
     end
   end
 

data/lib/brakeman/checks/check_sprockets_path_traversal.rb

@@ -30,7 +30,8 @@ class Brakeman::CheckSprocketsPathTraversal < Brakeman::BaseCheck
       :message => message,
       :confidence => confidence,
       :gem_info => gemfile_or_environment(:sprockets),
-      :link_path => "https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ"
+      :link_path => "https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ",
+      :cwe_id => [22, 200]
   end
 
   def has_workaround?

data/lib/brakeman/checks/check_sql.rb

@@ -247,7 +247,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
         :warning_code => :sql_injection,
         :message => "Possible SQL injection",
         :user_input => user_input,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [89]
     end
 
     if check_for_limit_or_offset_vulnerability call.last_arg
@@ -261,7 +262,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
         :warning_type => "SQL Injection",
         :warning_code => :sql_injection_limit_offset,
         :message => msg("Upgrade to Rails >= 2.1.2 to escape ", msg_code(":limit"), " and ", msg_code("offset"), ". Possible SQL injection"),
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [89]
     end
   end
 
@@ -405,7 +407,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     nil
   end
 
-  TO_STRING_METHODS = [:chomp, :to_s, :squish, :strip, :strip_heredoc]
+  TO_STRING_METHODS = [:chomp, :chop, :lstrip, :rstrip, :scrub, :squish, :strip,
+                       :strip_heredoc, :to_s, :tr]
 
   #Returns value if interpolated value is not something safe
   def unsafe_string_interp? exp
@@ -744,6 +747,6 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
       date_target? exp.target
     else
      false
-    end 
+    end
   end
 end

data/lib/brakeman/checks/check_sql_cves.rb

@@ -81,7 +81,8 @@ class Brakeman::CheckSQLCVEs < Brakeman::BaseCheck
       :message => msg(msg_version(rails_version), " contains a SQL injection vulnerability ", msg_cve(cve), ". Upgrade to ", msg_version(upgrade_version)),
       :confidence => :high,
       :gem_info => gemfile_or_environment,
-      :link_path => link
+      :link_path => link,
+      :cwe_id => [89]
   end
 
   def upgrade_version? versions
@@ -101,6 +102,7 @@ class Brakeman::CheckSQLCVEs < Brakeman::BaseCheck
       :message => msg(msg_version(rails_version), " contains a SQL injection vulnerability ", msg_cve("CVE-2014-0080"), " with PostgreSQL. Upgrade to ", msg_version("4.0.3")),
       :confidence => :high,
       :gem_info => gemfile_or_environment(:pg),
-      :link_path => "https://groups.google.com/d/msg/rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ"
+      :link_path => "https://groups.google.com/d/msg/rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ",
+      :cwe_id => [89]
   end
 end

data/lib/brakeman/checks/check_ssl_verify.rb

@@ -43,6 +43,7 @@ class Brakeman::CheckSSLVerify < Brakeman::BaseCheck
       :warning_type => "SSL Verification Bypass",
       :warning_code => :ssl_verification_bypass,
       :message => "SSL certificate verification was bypassed",
-      :confidence => :high
+      :confidence => :high,
+      :cwe_id => [295]
   end
 end

data/lib/brakeman/checks/check_strip_tags.rb

@@ -35,7 +35,8 @@ class Brakeman::CheckStripTags < Brakeman::BaseCheck
         :message => message,
         :gem_info => gemfile_or_environment,
         :confidence => :high,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/K5EwdJt06hI/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/K5EwdJt06hI/discussion",
+        :cwe_id => [79]
     end
   end
 
@@ -60,7 +61,8 @@ class Brakeman::CheckStripTags < Brakeman::BaseCheck
       :message => message,
       :confidence => :high,
       :gem_info => gemfile_or_environment,
-      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/FgVEtBajcTY/discussion"
+      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/FgVEtBajcTY/discussion",
+      :cwe_id => [79]
   end
 
   def cve_2015_7579
@@ -78,7 +80,8 @@ class Brakeman::CheckStripTags < Brakeman::BaseCheck
         :message => message,
         :confidence => confidence,
         :gem_info => gemfile_or_environment(:"rails-html-sanitizer"),
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/OU9ugTZcbjc/PjEP46pbFQAJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/OU9ugTZcbjc/PjEP46pbFQAJ",
+        :cwe_id => [79]
 
     end
   end

data/lib/brakeman/checks/check_symbol_dos.rb

@@ -45,7 +45,8 @@ class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
         :warning_code => :unsafe_symbol_creation,
         :message => message,
         :user_input => input,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [20]
     end
   end
 

data/lib/brakeman/checks/check_symbol_dos_cve.rb

@@ -23,7 +23,8 @@ class Brakeman::CheckSymbolDoSCVE < Brakeman::BaseCheck
         :message => msg(msg_version(rails_version), " has a denial of service vulnerability in ActiveRecord. Upgrade to ", msg_version(fix_version), " or patch"),
         :confidence => :medium,
         :gem_info => gemfile_or_environment,
-        :link => "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ"
+        :link => "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ",
+        :cwe_id => [20]
     end
   end
 end

data/lib/brakeman/checks/check_template_injection.rb

@@ -26,7 +26,8 @@ class Brakeman::CheckTemplateInjection < Brakeman::BaseCheck
         :warning_code => :erb_template_injection,
         :message => msg(msg_input(input), " used directly in ", msg_code("ERB"), " template, which might enable remote code execution"),
         :user_input => input,
-        :confidence => :high
+        :confidence => :high,
+        :cwe_id => [1336]
     end
   end
 end

data/lib/brakeman/checks/check_translate_bug.rb

@@ -33,7 +33,8 @@ class Brakeman::CheckTranslateBug < Brakeman::BaseCheck
         :message => message,
         :confidence => confidence,
         :gem_info => gemfile_or_environment,
-        :link_path => "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5"
+        :link_path => "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5",
+        :cwe_id => [79]
     end
   end