brakeman 1.9.5 → 2.0.0.pre2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES +27 -0
  3. data/README.md +5 -2
  4. data/bin/brakeman +20 -15
  5. data/lib/brakeman.rb +106 -80
  6. data/lib/brakeman/app_tree.rb +22 -11
  7. data/lib/brakeman/call_index.rb +4 -4
  8. data/lib/brakeman/checks/base_check.rb +33 -5
  9. data/lib/brakeman/checks/check_basic_auth.rb +2 -1
  10. data/lib/brakeman/checks/check_content_tag.rb +8 -29
  11. data/lib/brakeman/checks/check_cross_site_scripting.rb +10 -19
  12. data/lib/brakeman/checks/check_deserialize.rb +57 -0
  13. data/lib/brakeman/checks/check_execute.rb +3 -11
  14. data/lib/brakeman/checks/check_file_access.rb +1 -14
  15. data/lib/brakeman/checks/check_forgery_setting.rb +5 -4
  16. data/lib/brakeman/checks/check_link_to.rb +4 -15
  17. data/lib/brakeman/checks/check_link_to_href.rb +1 -8
  18. data/lib/brakeman/checks/check_mass_assignment.rb +6 -2
  19. data/lib/brakeman/checks/check_model_attributes.rb +1 -0
  20. data/lib/brakeman/checks/check_model_serialize.rb +2 -1
  21. data/lib/brakeman/checks/check_render.rb +2 -15
  22. data/lib/brakeman/checks/check_select_tag.rb +1 -1
  23. data/lib/brakeman/checks/check_select_vulnerability.rb +2 -2
  24. data/lib/brakeman/checks/check_send.rb +3 -0
  25. data/lib/brakeman/checks/check_session_settings.rb +2 -3
  26. data/lib/brakeman/checks/check_skip_before_filter.rb +5 -2
  27. data/lib/brakeman/checks/check_sql.rb +59 -50
  28. data/lib/brakeman/checks/check_symbol_dos.rb +5 -14
  29. data/lib/brakeman/checks/check_unsafe_reflection.rb +2 -15
  30. data/lib/brakeman/options.rb +14 -9
  31. data/lib/brakeman/processors/controller_alias_processor.rb +4 -10
  32. data/lib/brakeman/processors/controller_processor.rb +53 -14
  33. data/lib/brakeman/processors/lib/find_all_calls.rb +40 -40
  34. data/lib/brakeman/processors/lib/processor_helper.rb +5 -1
  35. data/lib/brakeman/processors/lib/rails3_config_processor.rb +8 -0
  36. data/lib/brakeman/processors/output_processor.rb +23 -1
  37. data/lib/brakeman/report.rb +28 -14
  38. data/lib/brakeman/scanner.rb +5 -3
  39. data/lib/brakeman/tracker.rb +7 -7
  40. data/lib/brakeman/util.rb +5 -3
  41. data/lib/brakeman/version.rb +1 -1
  42. data/lib/brakeman/warning.rb +12 -9
  43. data/lib/ruby_parser/bm_sexp.rb +5 -1
  44. data/lib/tasks/brakeman.rake +10 -0
  45. metadata +11 -9
  46. data/lib/brakeman/checks/check_yaml_load.rb +0 -55
data/lib/tasks/brakeman.rake ADDED
@@ -0,0 +1,10 @@
1
+ namespace :brakeman do
2
+
3
+ desc "Run Brakeman"
4
+ task :run, :output_files do |t, args|
5
+ require 'brakeman'
6
+
7
+ files = args[:output_files].split(' ') if args[:output_files]
8
+ Brakeman.run :app_path => ".", :output_files => files, :print_report => true
9
+ end
10
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.9.5
4
+ version: 2.0.0.pre2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2013-04-05 00:00:00 Z
12
+ date: 2013-05-16 00:00:00 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: ruby_parser
@@ -26,9 +26,9 @@ dependencies:
26
26
  prerelease: false
27
27
  requirement: &id002 !ruby/object:Gem::Requirement
28
28
  requirements:
29
- - - "="
29
+ - - ~>
30
30
  - !ruby/object:Gem::Version
31
- version: 2.0.3
31
+ version: 2.0.5
32
32
  type: :runtime
33
33
  version_requirements: *id002
34
34
  - !ruby/object:Gem::Dependency
@@ -58,7 +58,7 @@ dependencies:
58
58
  requirements:
59
59
  - - ~>
60
60
  - !ruby/object:Gem::Version
61
- version: "1.6"
61
+ version: 1.6.19
62
62
  type: :runtime
63
63
  version_requirements: *id005
64
64
  - !ruby/object:Gem::Dependency
@@ -177,6 +177,7 @@ files:
177
177
  - lib/brakeman/checks/check_symbol_dos.rb
178
178
  - lib/brakeman/checks/check_sanitize_methods.rb
179
179
  - lib/brakeman/checks/check_file_access.rb
180
+ - lib/brakeman/checks/check_deserialize.rb
180
181
  - lib/brakeman/checks/base_check.rb
181
182
  - lib/brakeman/checks/check_validation_regex.rb
182
183
  - lib/brakeman/checks/check_evaluation.rb
@@ -188,7 +189,6 @@ files:
188
189
  - lib/brakeman/checks/check_translate_bug.rb
189
190
  - lib/brakeman/checks/check_jruby_xml.rb
190
191
  - lib/brakeman/checks/check_default_routes.rb
191
- - lib/brakeman/checks/check_yaml_load.rb
192
192
  - lib/brakeman/checks/check_link_to.rb
193
193
  - lib/brakeman/checks/check_quote_table_name.rb
194
194
  - lib/brakeman/checks/check_send.rb
@@ -232,6 +232,7 @@ files:
232
232
  - lib/ruby_parser/bm_sexp.rb
233
233
  - lib/ruby_parser/bm_sexp_processor.rb
234
234
  - lib/brakeman.rb
235
+ - lib/tasks/brakeman.rake
235
236
  homepage: http://brakemanscanner.org
236
237
  licenses:
237
238
  - MIT
@@ -244,13 +245,14 @@ require_paths:
244
245
  - lib
245
246
  required_ruby_version: !ruby/object:Gem::Requirement
246
247
  requirements:
247
- - &id011
248
- - ">="
248
+ - - ">="
249
249
  - !ruby/object:Gem::Version
250
250
  version: "0"
251
251
  required_rubygems_version: !ruby/object:Gem::Requirement
252
252
  requirements:
253
- - *id011
253
+ - - ">"
254
+ - !ruby/object:Gem::Version
255
+ version: 1.3.1
254
256
  requirements: []
255
257
 
256
258
  rubyforge_project:
data/lib/brakeman/checks/check_yaml_load.rb DELETED
@@ -1,55 +0,0 @@
1
- require 'brakeman/checks/base_check'
2
-
3
- #YAML.load can be used for remote code execution
4
- class Brakeman::CheckYAMLLoad < Brakeman::BaseCheck
5
- Brakeman::Checks.add self
6
-
7
- @description = "Checks for uses of YAML.load"
8
-
9
- def run_check
10
- yaml_methods = [:load, :load_documents, :load_stream, :parse_documents, :parse_stream]
11
-
12
- tracker.find_call(:target => :YAML, :methods => yaml_methods ).each do |result|
13
- check_yaml_load result
14
- end
15
- end
16
-
17
- def check_yaml_load result
18
- return if duplicate? result
19
- add_result result
20
-
21
- arg = result[:call].first_arg
22
- method = result[:call].method
23
-
24
- if input = has_immediate_user_input?(arg)
25
- confidence = CONFIDENCE[:high]
26
- elsif input = include_user_input?(arg)
27
- confidence = CONFIDENCE[:med]
28
- end
29
-
30
- if confidence
31
- input_type = case input.type
32
- when :params
33
- "parameter value"
34
- when :cookies
35
- "cookies value"
36
- when :request
37
- "request value"
38
- when :model
39
- "model attribute"
40
- else
41
- "user input"
42
- end
43
-
44
- message = "YAML.#{method} called with #{input_type}"
45
-
46
- warn :result => result,
47
- :warning_type => "Remote Code Execution",
48
- :warning_code => :unsafe_deserialize,
49
- :message => message,
50
- :user_input => input.match,
51
- :confidence => confidence,
52
- :link_path => "remote_code_execution_yaml_load"
53
- end
54
- end
55
- end