brakeman-lib 5.2.2 → 5.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (100) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +17 -0
  3. data/lib/brakeman/app_tree.rb +9 -1
  4. data/lib/brakeman/checks/check_basic_auth.rb +4 -2
  5. data/lib/brakeman/checks/check_basic_auth_timing_attack.rb +2 -1
  6. data/lib/brakeman/checks/check_content_tag.rb +8 -4
  7. data/lib/brakeman/checks/check_cookie_serialization.rb +2 -1
  8. data/lib/brakeman/checks/check_create_with.rb +4 -2
  9. data/lib/brakeman/checks/check_cross_site_scripting.rb +6 -3
  10. data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +2 -1
  11. data/lib/brakeman/checks/check_default_routes.rb +6 -3
  12. data/lib/brakeman/checks/check_deserialize.rb +2 -1
  13. data/lib/brakeman/checks/check_detailed_exceptions.rb +4 -2
  14. data/lib/brakeman/checks/check_digest_dos.rb +2 -1
  15. data/lib/brakeman/checks/check_divide_by_zero.rb +2 -1
  16. data/lib/brakeman/checks/check_dynamic_finders.rb +2 -1
  17. data/lib/brakeman/checks/check_escape_function.rb +2 -1
  18. data/lib/brakeman/checks/check_evaluation.rb +2 -1
  19. data/lib/brakeman/checks/check_execute.rb +6 -3
  20. data/lib/brakeman/checks/check_file_access.rb +2 -1
  21. data/lib/brakeman/checks/check_file_disclosure.rb +2 -1
  22. data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
  23. data/lib/brakeman/checks/check_force_ssl.rb +2 -1
  24. data/lib/brakeman/checks/check_forgery_setting.rb +4 -2
  25. data/lib/brakeman/checks/check_header_dos.rb +2 -1
  26. data/lib/brakeman/checks/check_i18n_xss.rb +2 -1
  27. data/lib/brakeman/checks/check_jruby_xml.rb +2 -1
  28. data/lib/brakeman/checks/check_json_encoding.rb +2 -1
  29. data/lib/brakeman/checks/check_json_entity_escape.rb +4 -2
  30. data/lib/brakeman/checks/check_json_parsing.rb +4 -2
  31. data/lib/brakeman/checks/check_link_to.rb +2 -1
  32. data/lib/brakeman/checks/check_link_to_href.rb +4 -2
  33. data/lib/brakeman/checks/check_mail_to.rb +2 -1
  34. data/lib/brakeman/checks/check_mass_assignment.rb +6 -3
  35. data/lib/brakeman/checks/check_mime_type_dos.rb +2 -1
  36. data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -1
  37. data/lib/brakeman/checks/check_model_attributes.rb +4 -2
  38. data/lib/brakeman/checks/check_model_serialize.rb +2 -1
  39. data/lib/brakeman/checks/check_nested_attributes.rb +2 -1
  40. data/lib/brakeman/checks/check_nested_attributes_bypass.rb +2 -1
  41. data/lib/brakeman/checks/check_number_to_currency.rb +4 -2
  42. data/lib/brakeman/checks/check_page_caching_cve.rb +2 -1
  43. data/lib/brakeman/checks/check_permit_attributes.rb +2 -1
  44. data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
  45. data/lib/brakeman/checks/check_redirect.rb +2 -1
  46. data/lib/brakeman/checks/check_regex_dos.rb +2 -1
  47. data/lib/brakeman/checks/check_render.rb +4 -2
  48. data/lib/brakeman/checks/check_render_dos.rb +2 -1
  49. data/lib/brakeman/checks/check_render_inline.rb +4 -2
  50. data/lib/brakeman/checks/check_response_splitting.rb +2 -1
  51. data/lib/brakeman/checks/check_reverse_tabnabbing.rb +2 -1
  52. data/lib/brakeman/checks/check_route_dos.rb +2 -1
  53. data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +2 -1
  54. data/lib/brakeman/checks/check_sanitize_config_cve.rb +120 -0
  55. data/lib/brakeman/checks/check_sanitize_methods.rb +6 -3
  56. data/lib/brakeman/checks/check_secrets.rb +2 -1
  57. data/lib/brakeman/checks/check_select_tag.rb +2 -1
  58. data/lib/brakeman/checks/check_select_vulnerability.rb +2 -1
  59. data/lib/brakeman/checks/check_send.rb +2 -1
  60. data/lib/brakeman/checks/check_session_manipulation.rb +2 -1
  61. data/lib/brakeman/checks/check_session_settings.rb +6 -3
  62. data/lib/brakeman/checks/check_simple_format.rb +4 -2
  63. data/lib/brakeman/checks/check_single_quotes.rb +2 -1
  64. data/lib/brakeman/checks/check_skip_before_filter.rb +4 -2
  65. data/lib/brakeman/checks/check_sprockets_path_traversal.rb +2 -1
  66. data/lib/brakeman/checks/check_sql.rb +4 -2
  67. data/lib/brakeman/checks/check_sql_cves.rb +4 -2
  68. data/lib/brakeman/checks/check_ssl_verify.rb +2 -1
  69. data/lib/brakeman/checks/check_strip_tags.rb +6 -3
  70. data/lib/brakeman/checks/check_symbol_dos.rb +2 -1
  71. data/lib/brakeman/checks/check_symbol_dos_cve.rb +2 -1
  72. data/lib/brakeman/checks/check_template_injection.rb +2 -1
  73. data/lib/brakeman/checks/check_translate_bug.rb +2 -1
  74. data/lib/brakeman/checks/check_unsafe_reflection.rb +2 -1
  75. data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +2 -1
  76. data/lib/brakeman/checks/check_unscoped_find.rb +2 -1
  77. data/lib/brakeman/checks/check_validation_regex.rb +2 -1
  78. data/lib/brakeman/checks/check_verb_confusion.rb +2 -1
  79. data/lib/brakeman/checks/check_weak_hash.rb +6 -3
  80. data/lib/brakeman/checks/check_without_protection.rb +2 -1
  81. data/lib/brakeman/checks/check_xml_dos.rb +2 -1
  82. data/lib/brakeman/checks/check_yaml_parsing.rb +4 -2
  83. data/lib/brakeman/checks/eol_check.rb +4 -2
  84. data/lib/brakeman/options.rb +1 -1
  85. data/lib/brakeman/processors/alias_processor.rb +24 -1
  86. data/lib/brakeman/processors/lib/find_all_calls.rb +1 -0
  87. data/lib/brakeman/report/ignore/interactive.rb +2 -2
  88. data/lib/brakeman/report/report_csv.rb +2 -0
  89. data/lib/brakeman/report/report_junit.rb +2 -2
  90. data/lib/brakeman/report/report_table.rb +5 -5
  91. data/lib/brakeman/report/report_text.rb +2 -0
  92. data/lib/brakeman/report/templates/controller_warnings.html.erb +2 -0
  93. data/lib/brakeman/report/templates/ignored_warnings.html.erb +2 -0
  94. data/lib/brakeman/report/templates/model_warnings.html.erb +2 -0
  95. data/lib/brakeman/report/templates/security_warnings.html.erb +2 -0
  96. data/lib/brakeman/report/templates/view_warnings.html.erb +2 -0
  97. data/lib/brakeman/version.rb +1 -1
  98. data/lib/brakeman/warning.rb +5 -2
  99. data/lib/brakeman/warning_codes.rb +1 -0
  100. metadata +3 -2
@@ -70,6 +70,7 @@ class Brakeman::CheckVerbConfusion < Brakeman::BaseCheck
70
70
  :message => message,
71
71
  :code => code,
72
72
  :user_input => result[:call],
73
- :confidence => confidence
73
+ :confidence => confidence,
74
+ :cwe_id => [352]
74
75
  end
75
76
  end
@@ -53,7 +53,8 @@ class Brakeman::CheckWeakHash < Brakeman::BaseCheck
53
53
  :warning_code => :weak_hash_digest,
54
54
  :message => message,
55
55
  :confidence => confidence,
56
- :user_input => input
56
+ :user_input => input,
57
+ :cwe_id => [328]
57
58
  end
58
59
 
59
60
  def process_hmac_result result
@@ -74,7 +75,8 @@ class Brakeman::CheckWeakHash < Brakeman::BaseCheck
74
75
  :warning_type => "Weak Hash",
75
76
  :warning_code => :weak_hash_hmac,
76
77
  :message => message,
77
- :confidence => :medium
78
+ :confidence => :medium,
79
+ :cwe_id => [328]
78
80
  end
79
81
 
80
82
  def process_openssl_result result
@@ -90,7 +92,8 @@ class Brakeman::CheckWeakHash < Brakeman::BaseCheck
90
92
  :warning_type => "Weak Hash",
91
93
  :warning_code => :weak_hash_digest,
92
94
  :message => msg("Weak hashing algorithm used: ", msg_lit(alg)),
93
- :confidence => :medium
95
+ :confidence => :medium,
96
+ :cwe_id => [328]
94
97
  end
95
98
  end
96
99
  end
@@ -55,7 +55,8 @@ class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck
55
55
  :message => "Unprotected mass assignment",
56
56
  :code => call,
57
57
  :user_input => input,
58
- :confidence => confidence
58
+ :confidence => confidence,
59
+ :cwe_id => [915]
59
60
 
60
61
  end
61
62
  end
@@ -30,7 +30,8 @@ class Brakeman::CheckXMLDoS < Brakeman::BaseCheck
30
30
  :message => message,
31
31
  :confidence => :medium,
32
32
  :gem_info => gemfile_or_environment,
33
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"
33
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J",
34
+ :cwe_id => [125]
34
35
  end
35
36
 
36
37
  def has_workaround?
@@ -29,7 +29,8 @@ class Brakeman::CheckYAMLParsing < Brakeman::BaseCheck
29
29
  :message => message,
30
30
  :confidence => :high,
31
31
  :gem_info => gemfile_or_environment,
32
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion"
32
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion",
33
+ :cwe_id => [20]
33
34
  end
34
35
 
35
36
  #Warn if app accepts YAML
@@ -41,7 +42,8 @@ class Brakeman::CheckYAMLParsing < Brakeman::BaseCheck
41
42
  :message => message,
42
43
  :confidence => :high,
43
44
  :gem_info => gemfile_or_environment,
44
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion"
45
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion",
46
+ :cwe_id => [20]
45
47
  end
46
48
  end
47
49
 
@@ -34,7 +34,8 @@ class Brakeman::EOLCheck < Brakeman::BaseCheck
34
34
  warning_code: :"pending_eol_#{library}",
35
35
  message: msg("Support for ", msg_version(version, library.capitalize), " ends on #{eol_date}"),
36
36
  confidence: confidence,
37
- gem_info: gemfile_or_environment
37
+ gem_info: gemfile_or_environment,
38
+ :cwe_id => [1104]
38
39
  end
39
40
 
40
41
  def warn_about_unsupported_version library, eol_date, version
@@ -42,6 +43,7 @@ class Brakeman::EOLCheck < Brakeman::BaseCheck
42
43
  warning_code: :"eol_#{library}",
43
44
  message: msg("Support for ", msg_version(version, library.capitalize), " ended on #{eol_date}"),
44
45
  confidence: :high,
45
- gem_info: gemfile_or_environment
46
+ gem_info: gemfile_or_environment,
47
+ :cwe_id => [1104]
46
48
  end
47
49
  end
@@ -323,7 +323,7 @@ module Brakeman::Options
323
323
  end
324
324
 
325
325
  opts.on "--text-fields field1,field2,etc.", Array, "Specify fields for text report format" do |format|
326
- valid_options = [:category, :category_id, :check, :code, :confidence, :file, :fingerprint, :line, :link, :message, :render_path]
326
+ valid_options = [:category, :category_id, :check, :code, :confidence, :cwe, :file, :fingerprint, :line, :link, :message, :render_path]
327
327
 
328
328
  options[:text_fields] = format.map(&:to_sym)
329
329
 
@@ -703,7 +703,30 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
703
703
  end
704
704
  end
705
705
 
706
- exp
706
+ # Return early unless there might be short-hand syntax,
707
+ # since handling it is kind of expensive.
708
+ return exp unless exp.any? { |e| e.nil? }
709
+
710
+ # Need to handle short-hand hash syntax
711
+ new_hash = [:hash]
712
+ hash_iterate(exp) do |key, value|
713
+ # e.g. { a: }
714
+ if value.nil? and symbol? key
715
+ # Only handling local variables for now, not calls
716
+ lvar = s(:lvar, key.value)
717
+ if var_value = env[lvar]
718
+ new_hash << key << var_value.deep_clone(key.line || 0)
719
+ else
720
+ # If the value is unknown, assume it was a call
721
+ # and set the value to a call
722
+ new_hash.concat << key << s(:call, nil, key.value).line(key.line || 0)
723
+ end
724
+ else
725
+ new_hash.concat << key << value
726
+ end
727
+ end
728
+
729
+ Sexp.from_array(new_hash).line(exp.line || 0)
707
730
  end
708
731
 
709
732
  #Merge values into hash when processing
@@ -233,6 +233,7 @@ class Brakeman::FindAllCalls < Brakeman::BasicProcessor
233
233
 
234
234
  unless @in_target
235
235
  @full_call = call_hash
236
+ call_hash[:full_call] = call_hash
236
237
  end
237
238
 
238
239
  # Process up the call chain
@@ -88,10 +88,10 @@ module Brakeman
88
88
 
89
89
  m.choice "i"
90
90
  m.choice "n"
91
- m.choice "k"
91
+ m.choice "s"
92
92
  m.choice "u"
93
93
  m.choice "a"
94
- m.choice "s"
94
+ m.choice "k"
95
95
  m.choice "q"
96
96
  m.choice "?" do
97
97
  show_help
@@ -5,6 +5,7 @@ class Brakeman::Report::CSV < Brakeman::Report::Base
5
5
  headers = [
6
6
  "Confidence",
7
7
  "Warning Type",
8
+ "CWE",
8
9
  "File",
9
10
  "Line",
10
11
  "Message",
@@ -35,6 +36,7 @@ class Brakeman::Report::CSV < Brakeman::Report::Base
35
36
  [
36
37
  warning.confidence_name,
37
38
  warning.warning_type,
39
+ warning.cwe_id.first,
38
40
  warning_file(warning),
39
41
  warning.line,
40
42
  warning.message,
@@ -1,6 +1,6 @@
1
1
  require 'time'
2
- require "stringio"
3
- require 'rexml/document'
2
+ require 'stringio'
3
+ Brakeman.load_brakeman_dependency 'rexml/document'
4
4
 
5
5
  class Brakeman::Report::JUnit < Brakeman::Report::Base
6
6
  def generate_report
@@ -98,7 +98,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
98
98
  render_warnings generic_warnings,
99
99
  :warning,
100
100
  'security_warnings',
101
- ["Confidence", "Class", "Method", "Warning Type", "Message"],
101
+ ["Confidence", "Class", "Method", "Warning Type", "CWE ID", "Message"],
102
102
  'Class'
103
103
  end
104
104
 
@@ -107,7 +107,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
107
107
  render_warnings template_warnings,
108
108
  :template,
109
109
  'view_warnings',
110
- ['Confidence', 'Template', 'Warning Type', 'Message'],
110
+ ['Confidence', 'Template', 'Warning Type', "CWE ID", 'Message'],
111
111
  'Template'
112
112
 
113
113
  end
@@ -117,7 +117,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
117
117
  render_warnings model_warnings,
118
118
  :model,
119
119
  'model_warnings',
120
- ['Confidence', 'Model', 'Warning Type', 'Message'],
120
+ ['Confidence', 'Model', 'Warning Type', "CWE ID", 'Message'],
121
121
  'Model'
122
122
  end
123
123
 
@@ -126,7 +126,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
126
126
  render_warnings controller_warnings,
127
127
  :controller,
128
128
  'controller_warnings',
129
- ['Confidence', 'Controller', 'Warning Type', 'Message'],
129
+ ['Confidence', 'Controller', 'Warning Type', "CWE ID", 'Message'],
130
130
  'Controller'
131
131
  end
132
132
 
@@ -134,7 +134,7 @@ class Brakeman::Report::Table < Brakeman::Report::Base
134
134
  render_warnings ignored_warnings,
135
135
  :ignored,
136
136
  'ignored_warnings',
137
- ['Confidence', 'Warning Type', 'File', 'Message'],
137
+ ['Confidence', 'Warning Type', "CWE ID", 'File', 'Message'],
138
138
  'Warning Type'
139
139
  end
140
140
 
@@ -159,6 +159,8 @@ class Brakeman::Report::Text < Brakeman::Report::Base
159
159
  label('Confidence', confidence(w.confidence))
160
160
  when :category
161
161
  label('Category', w.warning_type.to_s)
162
+ when :cwe
163
+ label('CWE', w.cwe_id.join(', '))
162
164
  when :check
163
165
  label('Check', w.check_name)
164
166
  when :message
@@ -5,6 +5,7 @@
5
5
  <th>Confidence</th>
6
6
  <th>Controller</th>
7
7
  <th>Warning Type</th>
8
+ <th>CWE ID</th>
8
9
  <th>Message</th>
9
10
  </tr>
10
11
  </thead>
@@ -14,6 +15,7 @@
14
15
  <td><%= warning['Confidence']%></td>
15
16
  <td><%= warning['Controller']%></td>
16
17
  <td><%= warning['Warning Type']%></td>
18
+ <td><%= warning['CWE ID']%></td>
17
19
  <td><%= warning['Message']%></td>
18
20
  </tr>
19
21
  <% end %>
@@ -6,6 +6,7 @@
6
6
  <th>Confidence</th>
7
7
  <th>File</th>
8
8
  <th>Warning Type</th>
9
+ <th>CWE ID</th>
9
10
  <th>Message</th>
10
11
  <th>Note</th>
11
12
  </tr>
@@ -16,6 +17,7 @@
16
17
  <td><%= warning['Confidence']%></td>
17
18
  <td><%= warning['File']%></td>
18
19
  <td><%= warning['Warning Type']%></td>
20
+ <td><%= warning['CWE ID']%></td>
19
21
  <td><%= warning['Message']%></td>
20
22
  <td><%= warning['Note']%></td>
21
23
  </tr>
@@ -5,6 +5,7 @@
5
5
  <th>Confidence</th>
6
6
  <th>Model</th>
7
7
  <th>Warning Type</th>
8
+ <th>CWE ID</th>
8
9
  <th>Message</th>
9
10
  </tr>
10
11
  </thead>
@@ -14,6 +15,7 @@
14
15
  <td><%= warning['Confidence']%></td>
15
16
  <td><%= warning['Model']%></td>
16
17
  <td><%= warning['Warning Type']%></td>
18
+ <td><%= warning['CWE ID']%></td>
17
19
  <td><%= warning['Message']%></td>
18
20
  </tr>
19
21
  <% end %>
@@ -6,6 +6,7 @@
6
6
  <th>Class</th>
7
7
  <th>Method</th>
8
8
  <th>Warning Type</th>
9
+ <th>CWE ID</th>
9
10
  <th>Message</th>
10
11
  </tr>
11
12
  </thead>
@@ -16,6 +17,7 @@
16
17
  <td><%= warning['Class']%></td>
17
18
  <td><%= warning['Method']%></td>
18
19
  <td><%= warning['Warning Type']%></td>
20
+ <td><%= warning['CWE ID']%></td>
19
21
  <td><%= warning['Message']%></td>
20
22
  </tr>
21
23
  <% end %>
@@ -5,6 +5,7 @@
5
5
  <th>Confidence</th>
6
6
  <th>Template</th>
7
7
  <th>Warning Type</th>
8
+ <th>CWE ID</th>
8
9
  <th>Message</th>
9
10
  </tr>
10
11
  </thead>
@@ -27,6 +28,7 @@
27
28
  <% end %>
28
29
  </td>
29
30
  <td><%= warning['Warning Type']%></td>
31
+ <td><%= warning['CWE ID']%></td>
30
32
  <td><%= warning['Message']%></td>
31
33
  </tr>
32
34
  <% end %>
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "5.2.2"
2
+ Version = "5.3.1"
3
3
  end
@@ -5,7 +5,7 @@ require 'brakeman/messages'
5
5
 
6
6
  #The Warning class stores information about warnings
7
7
  class Brakeman::Warning
8
- attr_reader :called_from, :check, :class, :confidence, :controller,
8
+ attr_reader :called_from, :check, :class, :confidence, :controller, :cwe_id,
9
9
  :line, :method, :model, :template, :user_input, :user_input_type,
10
10
  :warning_code, :warning_set, :warning_type
11
11
 
@@ -31,6 +31,7 @@ class Brakeman::Warning
31
31
  :class => :@class,
32
32
  :code => :@code,
33
33
  :controller => :@controller,
34
+ :cwe_id => :@cwe_id,
34
35
  :file => :@file,
35
36
  :gem_info => :@gem_info,
36
37
  :line => :@line,
@@ -219,6 +220,7 @@ class Brakeman::Warning
219
220
  def to_row type = :warning
220
221
  @row = { "Confidence" => TEXT_CONFIDENCE[self.confidence],
221
222
  "Warning Type" => self.warning_type.to_s,
223
+ "CWE ID" => self.cwe_id,
222
224
  "Message" => self.message }
223
225
 
224
226
  case type
@@ -302,7 +304,8 @@ class Brakeman::Warning
302
304
  :render_path => render_path,
303
305
  :location => self.location(false),
304
306
  :user_input => (@user_input && self.format_user_input(false)),
305
- :confidence => self.confidence_name
307
+ :confidence => self.confidence_name,
308
+ :cwe_id => cwe_id
306
309
  }
307
310
  end
308
311
 
@@ -125,6 +125,7 @@ module Brakeman::WarningCodes
125
125
  :eol_ruby => 121,
126
126
  :pending_eol_rails => 122,
127
127
  :pending_eol_ruby => 123,
128
+ :CVE_2022_32209 => 124,
128
129
 
129
130
  :custom_check => 9090,
130
131
  }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman-lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.2
4
+ version: 5.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-06 00:00:00.000000000 Z
11
+ date: 2022-08-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest
@@ -310,6 +310,7 @@ files:
310
310
  - lib/brakeman/checks/check_reverse_tabnabbing.rb
311
311
  - lib/brakeman/checks/check_route_dos.rb
312
312
  - lib/brakeman/checks/check_safe_buffer_manipulation.rb
313
+ - lib/brakeman/checks/check_sanitize_config_cve.rb
313
314
  - lib/brakeman/checks/check_sanitize_methods.rb
314
315
  - lib/brakeman/checks/check_secrets.rb
315
316
  - lib/brakeman/checks/check_select_tag.rb