brakeman 2.2.0 → 2.3.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1 @@
1
+ enjQ��2EiC�k�S���ћ�5osl�Zÿ-����GW���p���Z�O)��.�,(���=��Rf�@'y��>ˢ':�Y��g&e��VW��TD[LO[W-J�g��Q`f�jq�%c
data/CHANGES CHANGED
@@ -1,3 +1,17 @@
1
+ # 2.3.0
2
+
3
+ * Add check for Parameters#permit!
4
+ * Add check for CVE-2013-4491 (i18n XSS)
5
+ * Add check for CVE-2013-6414 (header DoS)
6
+ * Add check for CVE-2013-6415 (number_to_currency)
7
+ * Add check for CVE-2013-6416 (simple_format XSS)
8
+ * Add check for CVE-2013-6417 (query generation)
9
+ * Fix typos in reflection and translate bug messages
10
+ * Collapse send/try calls
11
+ * Fix Slim XSS false positives (Noah Davis)
12
+ * Whitelist `Model#create` for redirects
13
+ * Fix scoping issues with instance variables and blocks
14
+
1
15
  # 2.2.0
2
16
 
3
17
  * Reduce command injection false positives
data/README.md CHANGED
@@ -163,6 +163,16 @@ The default config locations are `./config/brakeman.yml`, `~/.brakeman/config.ym
163
163
 
164
164
  The `-c` option can be used to specify a configuration file to use.
165
165
 
166
+ # Who is Using Brakeman?
167
+
168
+ * [Code Climate](https://codeclimate.com/)
169
+ * [GitHub](https://github.com/)
170
+ * [Groupon](http://www.groupon.com/)
171
+ * [New Relic](http://newrelic.com)
172
+ * [Twitter](https://twitter.com/)
173
+
174
+ [..and more!](http://brakeman.org/brakeman_users)
175
+
166
176
  # License
167
177
 
168
178
  see MIT-LICENSE
@@ -181,9 +181,30 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
181
181
  #May need to revisit dependng on what Rails 4 actually does/has
182
182
  @mass_assign_disabled = true
183
183
  else
184
- matches = tracker.check_initializers(:"ActiveRecord::Base", :send)
184
+ #Check for ActiveRecord::Base.send(:attr_accessible, nil)
185
+ tracker.check_initializers(:"ActiveRecord::Base", :attr_accessible).each do |result|
186
+ call = result.call
187
+ if call? call
188
+ if call.first_arg == Sexp.new(:nil)
189
+ @mass_assign_disabled = true
190
+ break
191
+ end
192
+ end
193
+ end
185
194
 
186
- if matches.empty?
195
+ unless @mass_assign_disabled
196
+ tracker.check_initializers(:"ActiveRecord::Base", :send).each do |result|
197
+ call = result.call
198
+ if call? call
199
+ if call.first_arg == Sexp.new(:lit, :attr_accessible) and call.second_arg == Sexp.new(:nil)
200
+ @mass_assign_disabled = true
201
+ break
202
+ end
203
+ end
204
+ end
205
+ end
206
+
207
+ unless @mass_assign_disabled
187
208
  #Check for
188
209
  # class ActiveRecord::Base
189
210
  # attr_accessible nil
@@ -200,17 +221,6 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
200
221
  end
201
222
  end
202
223
  end
203
- else
204
- #Check for ActiveRecord::Base.send(:attr_accessible, nil)
205
- matches.each do |result|
206
- call = result.call
207
- if call? call
208
- if call.first_arg == Sexp.new(:lit, :attr_accessible) and call.second_arg == Sexp.new(:nil)
209
- @mass_assign_disabled = true
210
- break
211
- end
212
- end
213
- end
214
224
  end
215
225
  end
216
226
 
@@ -229,10 +239,11 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
229
239
  end
230
240
 
231
241
  unless @mass_assign_disabled
232
- matches = tracker.check_initializers(:"ActiveRecord::Base", :send)
242
+ matches = tracker.check_initializers(:"ActiveRecord::Base", [:send, :include])
233
243
 
234
244
  matches.each do |result|
235
- if call? result.call and result.call.second_arg == forbidden_protection
245
+ call = result.call
246
+ if call? call and (call.first_arg == forbidden_protection or call.second_arg == forbidden_protection)
236
247
  @mass_assign_disabled = true
237
248
  end
238
249
  end
@@ -0,0 +1,31 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ class Brakeman::CheckHeaderDoS < Brakeman::BaseCheck
4
+ Brakeman::Checks.add self
5
+
6
+ @description = "Checks for header DoS (CVE-2013-6414)"
7
+
8
+ def run_check
9
+ if (version_between? "3.0.0", "3.2.15" or version_between? "4.0.0", "4.0.1") and not has_workaround?
10
+ message = "Rails #{tracker.config[:rails_version]} has a denial of service vulnerability (CVE-2013-6414). Upgrade to Rails version "
11
+
12
+ if version_between? "3.0.0", "3.2.15"
13
+ message << "3.2.16"
14
+ else
15
+ message << "4.0.2"
16
+ end
17
+
18
+ warn :warning_type => "Denial of Service",
19
+ :warning_code => :CVE_2013_6414,
20
+ :message => message,
21
+ :confidence => CONFIDENCE[:med],
22
+ :file => gemfile_or_environment,
23
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"
24
+ end
25
+ end
26
+
27
+ def has_workaround?
28
+ tracker.check_initializers(:ActiveSupport, :on_load).any? and
29
+ tracker.check_initializers(:"ActionView::LookupContext::DetailsKey", :class_eval).any?
30
+ end
31
+ end
@@ -0,0 +1,49 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
4
+ Brakeman::Checks.add self
5
+
6
+ @description = "Checks for i18n XSS (CVE-2013-4491)"
7
+
8
+ def run_check
9
+ if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1")# and not has_workaround?
10
+ message = "Rails #{tracker.config[:rails_version]} has an XSS vulnerability in i18n (CVE-2013-4491). Upgrade to Rails version "
11
+
12
+ i18n_gem = tracker.config[:gems] && tracker.config[:gems][:i18n]
13
+
14
+ if version_between? "3.0.6", "3.1.99" and version_before i18n_gem, "0.5.1"
15
+ message << "3.2.16 or i18n 0.5.1"
16
+ elsif version_between? "3.2.0", "4.0.1" and version_before i18n_gem, "0.6.6"
17
+ message << "4.0.2 or i18n 0.6.6"
18
+ else
19
+ return
20
+ end
21
+
22
+ warn :warning_type => "Cross Site Scripting",
23
+ :warning_code => :CVE_2013_4491,
24
+ :message => message,
25
+ :confidence => CONFIDENCE[:med],
26
+ :file => gemfile_or_environment,
27
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"
28
+ end
29
+ end
30
+
31
+ def version_before gem_version, target
32
+ return true unless gem_version
33
+ gem_version.split('.').map(&:to_i).zip(target.split('.').map(&:to_i)).each do |gv, t|
34
+ if gv < t
35
+ return true
36
+ elsif gv > t
37
+ return false
38
+ end
39
+ end
40
+
41
+ false
42
+ end
43
+
44
+ def has_workaround?
45
+ tracker.check_initializers(:I18n, :const_defined?).any? do |match|
46
+ match.last.first_arg == s(:lit, :MissingTranslation)
47
+ end
48
+ end
49
+ end
@@ -10,7 +10,12 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
10
10
  @description = "Finds instances of mass assignment"
11
11
 
12
12
  def run_check
13
- return if mass_assign_disabled?
13
+ check_mass_assignment
14
+ check_permit!
15
+ end
16
+
17
+ def find_mass_assign_calls
18
+ return @mass_assign_calls if @mass_assign_calls
14
19
 
15
20
  models = []
16
21
  tracker.models.each do |name, m|
@@ -19,13 +24,12 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
19
24
  end
20
25
  end
21
26
 
22
- return if models.empty?
23
-
27
+ return [] if models.empty?
24
28
 
25
29
  Brakeman.debug "Finding possible mass assignment calls on #{models.length} models"
26
- calls = tracker.find_call :chained => true, :targets => models, :methods => [:new,
27
- :attributes=,
28
- :update_attributes,
30
+ @mass_assign_calls = tracker.find_call :chained => true, :targets => models, :methods => [:new,
31
+ :attributes=,
32
+ :update_attributes,
29
33
  :update_attributes!,
30
34
  :create,
31
35
  :create!,
@@ -36,9 +40,13 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
36
40
  :assign_attributes,
37
41
  :update
38
42
  ]
43
+ end
44
+
45
+ def check_mass_assignment
46
+ return if mass_assign_disabled?
39
47
 
40
48
  Brakeman.debug "Processing possible mass assignment calls"
41
- calls.each do |result|
49
+ find_mass_assign_calls.each do |result|
42
50
  process_result result
43
51
  end
44
52
  end
@@ -78,12 +86,12 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
78
86
  confidence = CONFIDENCE[:low]
79
87
  user_input = nil
80
88
  end
81
-
82
- warn :result => res,
83
- :warning_type => "Mass Assignment",
89
+
90
+ warn :result => res,
91
+ :warning_type => "Mass Assignment",
84
92
  :warning_code => :mass_assign_call,
85
93
  :message => "Unprotected mass assignment",
86
- :code => call,
94
+ :code => call,
87
95
  :user_input => user_input,
88
96
  :confidence => confidence
89
97
  end
@@ -140,4 +148,43 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
140
148
  true
141
149
  end
142
150
  end
151
+
152
+ # Look for and warn about uses of Parameters#permit! for mass assignment
153
+ def check_permit!
154
+ tracker.find_call(:method => :permit!).each do |result|
155
+ if params? result[:target]
156
+ warn_on_permit! result
157
+ end
158
+ end
159
+ end
160
+
161
+ # Look for actual use of params in mass assignment to avoid
162
+ # warning about uses of Parameters#permit! without any mass assignment
163
+ # or when mass assignment is restricted by model instead.
164
+ def subsequent_mass_assignment? result
165
+ location = result[:location]
166
+ line = result[:call].line
167
+ find_mass_assign_calls.any? do |call|
168
+ call[:location] == location and
169
+ params? call[:call].first_arg and
170
+ call[:call].line >= line
171
+ end
172
+ end
173
+
174
+ def warn_on_permit! result
175
+ return if duplicate? result or result[:call].original_line
176
+ add_result result
177
+
178
+ confidence = if subsequent_mass_assignment? result
179
+ CONFIDENCE[:high]
180
+ else
181
+ CONFIDENCE[:med]
182
+ end
183
+
184
+ warn :result => result,
185
+ :warning_type => "Mass Assignment",
186
+ :warning_code => :mass_assign_permit!,
187
+ :message => "Parameters should be whitelisted for mass assignment",
188
+ :confidence => confidence
189
+ end
143
190
  end
@@ -0,0 +1,55 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
4
+ Brakeman::Checks.add self
5
+
6
+ @description = "Checks for number_to_currency XSS vulnerability in certain versions"
7
+
8
+ def run_check
9
+ if (version_between? "2.0.0", "3.2.15" or version_between? "4.0.0", "4.0.1")
10
+ check_number_to_currency_usage
11
+
12
+ generic_warning unless @found_any
13
+ end
14
+ end
15
+
16
+ def generic_warning
17
+ message = "Rails #{tracker.config[:rails_version]} has a vulnerability in number_to_currency (CVE-2013-6415). Upgrade to Rails version "
18
+
19
+ if version_between? "2.3.0", "3.2.15"
20
+ message << "3.2.16"
21
+ else
22
+ message << "4.0.2"
23
+ end
24
+
25
+ warn :warning_type => "Cross Site Scripting",
26
+ :warning_code => :CVE_2013_6415,
27
+ :message => message,
28
+ :confidence => CONFIDENCE[:med],
29
+ :file => gemfile_or_environment,
30
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion"
31
+ end
32
+
33
+ def check_number_to_currency_usage
34
+ tracker.find_call(:target => false, :method => :number_to_currency).each do |result|
35
+ arg = result[:call].second_arg
36
+ next unless arg
37
+
38
+ if match = (has_immediate_user_input? arg or has_immediate_model? arg)
39
+ match = match.match if match.is_a? Match
40
+ @found_any = true
41
+ warn_on_number_to_currency result, match
42
+ end
43
+ end
44
+ end
45
+
46
+ def warn_on_number_to_currency result, match
47
+ warn :result => result,
48
+ :warning_type => "Cross Site Scripting",
49
+ :warning_code => :CVE_2013_6415_call,
50
+ :message => "Currency value in number_to_currency is not safe in Rails #{@tracker.config[:rails_version]}",
51
+ :confidence => CONFIDENCE[:high],
52
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion",
53
+ :user_input => match
54
+ end
55
+ end
@@ -13,7 +13,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
13
13
  def run_check
14
14
  Brakeman.debug "Finding calls to redirect_to()"
15
15
 
16
- @model_find_calls = Set[:all, :find, :find_by_sql, :first, :last, :new]
16
+ @model_find_calls = Set[:all, :create, :create!, :find, :find_by_sql, :first, :last, :new]
17
17
 
18
18
  if tracker.options[:rails3]
19
19
  @model_find_calls.merge [:from, :group, :having, :joins, :lock, :order, :reorder, :select, :where]
@@ -0,0 +1,60 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
4
+ Brakeman::Checks.add self
5
+
6
+ @description = "Checks for simple_format XSS vulnerability (CVE-2013-6416) in certain versions"
7
+
8
+ def run_check
9
+ if version_between? "4.0.0", "4.0.1"
10
+ @inspect_arguments = true
11
+ @ignore_methods = Set[:h, :escapeHTML]
12
+
13
+ check_simple_format_usage
14
+ generic_warning unless @found_any
15
+ end
16
+ end
17
+
18
+ def generic_warning
19
+ message = "Rails #{tracker.config[:rails_version]} has a vulnerability in simple_format (CVE-2013-6416). Upgrade to Rails version 4.0.2"
20
+
21
+ warn :warning_type => "Cross Site Scripting",
22
+ :warning_code => :CVE_2013_6416,
23
+ :message => message,
24
+ :confidence => CONFIDENCE[:med],
25
+ :file => gemfile_or_environment,
26
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
27
+ end
28
+
29
+ def check_simple_format_usage
30
+ tracker.find_call(:target => false, :method => :simple_format).each do |result|
31
+ @matched = false
32
+ process_call result[:call]
33
+ if @matched
34
+ warn_on_simple_format result, @matched
35
+ end
36
+ end
37
+ end
38
+
39
+ def process_call exp
40
+ @mark = true
41
+ actually_process_call exp
42
+ exp
43
+ end
44
+
45
+ def warn_on_simple_format result, match
46
+ return if duplicate? result
47
+ add_result result
48
+
49
+ @found_any = true
50
+
51
+ warn :result => result,
52
+ :warning_type => "Cross Site Scripting",
53
+ :warning_code => :CVE_2013_6416_call,
54
+ :message => "Values passed to simple_format are not safe in Rails #{@tracker.config[:rails_version]}",
55
+ :confidence => CONFIDENCE[:high],
56
+ :file => gemfile_or_environment,
57
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
58
+ :user_input => match.match
59
+ end
60
+ end
@@ -556,6 +556,11 @@ def check_rails_versions_against_cve_issues
556
556
  :versions => [%w[2.0.0 2.3.15 2.3.16], %w[3.0.0 3.0.18 3.0.19], %w[3.1.0 3.1.9 3.1.10], %w[3.2.0 3.2.10 3.2.11]],
557
557
  :url => "https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion"
558
558
  },
559
+ {
560
+ :cve => "CVE-2013-6417",
561
+ :versions => [%w[2.0.0 3.2.15 3.2.16], %w[4.0.0 4.0.1 4.0.2]],
562
+ :url => "https://groups.google.com/d/msg/ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ"
563
+ },
559
564
  ].each do |cve_issue|
560
565
  cve_warning_for cve_issue[:versions], cve_issue[:cve], cve_issue[:url]
561
566
  end
@@ -25,7 +25,7 @@ class Brakeman::CheckTranslateBug < Brakeman::BaseCheck
25
25
  elsif version =~ /^3\.0/
26
26
  "Versions before 3.0.11 #{description}."
27
27
  else
28
- "Rails 2.3.x using the rails_xss plugin #{description}}."
28
+ "Rails 2.3.x using the rails_xss plugin #{description}."
29
29
  end
30
30
 
31
31
  warn :warning_type => "Cross Site Scripting",
@@ -7,7 +7,7 @@ require 'brakeman/checks/base_check'
7
7
  class Brakeman::CheckUnsafeReflection < Brakeman::BaseCheck
8
8
  Brakeman::Checks.add self
9
9
 
10
- @description = "Checks for Unsafe Reflection"
10
+ @description = "Checks for unsafe reflection"
11
11
 
12
12
  def run_check
13
13
  reflection_methods = [:constantize, :safe_constantize, :const_get, :qualified_const_get]
@@ -38,7 +38,7 @@ class Brakeman::CheckUnsafeReflection < Brakeman::BaseCheck
38
38
  end
39
39
 
40
40
  if confidence
41
- message = "Unsafe Reflection method #{method} called with #{friendly_type_of input}"
41
+ message = "Unsafe reflection method #{method} called with #{friendly_type_of input}"
42
42
 
43
43
  warn :result => result,
44
44
  :warning_type => "Remote Code Execution",
@@ -88,6 +88,10 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
88
88
  method = exp.method
89
89
  first_arg = exp.first_arg
90
90
 
91
+ if method == :send or method == :try
92
+ collapse_send_call exp, first_arg
93
+ end
94
+
91
95
  if node_type? target, :or and [:+, :-, :*, :/].include? method
92
96
  res = process_or_simple_operation(exp)
93
97
  return res if res
@@ -220,13 +224,24 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
220
224
 
221
225
  #Process a method definition.
222
226
  def process_methdef exp
223
- env.scope do
224
- set_env_defaults
227
+ meth_env do
225
228
  exp.body = process_all! exp.body
226
229
  end
227
230
  exp
228
231
  end
229
232
 
233
+ def meth_env
234
+ begin
235
+ env.scope do
236
+ set_env_defaults
237
+ @meth_env = env.current
238
+ yield
239
+ end
240
+ ensure
241
+ @meth_env = nil
242
+ end
243
+ end
244
+
230
245
  #Process a method definition on self.
231
246
  def process_selfdef exp
232
247
  env.scope do
@@ -437,9 +452,11 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
437
452
  branch_scopes = []
438
453
  exps.each_with_index do |branch, i|
439
454
  scope do
455
+ @branch_env = env.current
440
456
  branch_index = 2 + i # s(:if, condition, then_branch, else_branch)
441
457
  exp[branch_index] = process_if_branch branch
442
458
  branch_scopes << env.current
459
+ @branch_env = nil
443
460
  end
444
461
  end
445
462
 
@@ -530,6 +547,17 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
530
547
  end
531
548
  end
532
549
 
550
+ # Change x.send(:y, 1) to x.y(1)
551
+ def collapse_send_call exp, first_arg
552
+ return unless symbol? first_arg or string? first_arg
553
+ exp.method = first_arg.value.to_sym
554
+ args = exp.args
555
+ exp.pop # remove last arg
556
+ if args.length > 1
557
+ exp.arglist = args[1..-1]
558
+ end
559
+ end
560
+
533
561
  #Returns a new SexpProcessor::Environment containing only instance variables.
534
562
  #This is useful, for example, when processing views.
535
563
  def only_ivars include_request_vars = false, lenv = nil
@@ -731,7 +759,17 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
731
759
  end
732
760
 
733
761
  if @ignore_ifs or not @inside_if
734
- env[var] = value
762
+ if @meth_env and node_type? var, :ivar and env[var].nil?
763
+ @meth_env[var] = value
764
+ else
765
+ env[var] = value
766
+ end
767
+ elsif env.current[var]
768
+ env.current[var] = value
769
+ elsif @branch_env and @branch_env[var]
770
+ @branch_env[var] = value
771
+ elsif @branch_env and @meth_env and node_type? var, :ivar
772
+ @branch_env[var] = value
735
773
  else
736
774
  env.current[var] = value
737
775
  end
@@ -776,5 +814,4 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
776
814
  false
777
815
  end
778
816
  end
779
-
780
817
  end
@@ -84,9 +84,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
84
84
  @current_method = meth_name
85
85
  @rendered = false if is_route
86
86
 
87
- env.scope do
88
- set_env_defaults
89
-
87
+ meth_env do
90
88
  if is_route
91
89
  before_filter_list(@current_method, @current_class).each do |f|
92
90
  process_before_filter f
@@ -124,7 +122,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
124
122
 
125
123
  #Check for +respond_to+
126
124
  def process_call_with_block exp
127
- process_default exp
125
+ super
128
126
 
129
127
  if call? exp.block_call and exp.block_call.method == :respond_to
130
128
  @rendered = true
@@ -15,6 +15,7 @@ class Brakeman::GemProcessor < Brakeman::BaseProcessor
15
15
  if gem_lock
16
16
  get_rails_version gem_lock
17
17
  get_json_version gem_lock
18
+ get_i18n_version gem_lock
18
19
  elsif @tracker.config[:gems][:rails] =~ /(\d+.\d+.\d+)/
19
20
  @tracker.config[:rails_version] = $1
20
21
  end
@@ -61,4 +62,8 @@ class Brakeman::GemProcessor < Brakeman::BaseProcessor
61
62
  @tracker.config[:gems][:json] = get_version("json", gem_lock)
62
63
  @tracker.config[:gems][:json_pure] = get_version("json_pure", gem_lock)
63
64
  end
65
+
66
+ def get_i18n_version gem_lock
67
+ @tracker.config[:gems][:i18n] = get_version("i18n", gem_lock)
68
+ end
64
69
  end
@@ -96,7 +96,7 @@ class Brakeman::SlimTemplateProcessor < Brakeman::TemplateProcessor
96
96
  def is_escaped? exp
97
97
  call? exp and
98
98
  exp.target == TEMPLE_UTILS and
99
- exp.method == :escape_html
99
+ (exp.method == :escape_html or exp.method == :escape_html_safe)
100
100
  end
101
101
 
102
102
  def render? exp
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "2.2.0"
2
+ Version = "2.3.0"
3
3
  end
@@ -62,7 +62,15 @@ module Brakeman::WarningCodes
62
62
  :unsafe_symbol_creation => 59,
63
63
  :dangerous_attr_accessible => 60,
64
64
  :local_request_config => 61,
65
- :detailed_exceptions => 62
65
+ :detailed_exceptions => 62,
66
+ :CVE_2013_4491 => 63,
67
+ :CVE_2013_6414 => 64,
68
+ :CVE_2013_6415 => 65,
69
+ :CVE_2013_6415_call => 66,
70
+ :CVE_2013_6416 => 67,
71
+ :CVE_2013_6416_call => 68,
72
+ :CVE_2013_6417 => 69,
73
+ :mass_assign_permit! => 70,
66
74
  }
67
75
 
68
76
  def self.code name
@@ -163,6 +163,12 @@ class Sexp
163
163
  end
164
164
  end
165
165
 
166
+ def method= name
167
+ expect :call
168
+
169
+ self[2] = name
170
+ end
171
+
166
172
  #Sets the arglist in a method call.
167
173
  def arglist= exp
168
174
  expect :call, :attrasgn
metadata CHANGED
@@ -1,21 +1,42 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- hash: 7
4
+ hash: 3
5
5
  prerelease:
6
6
  segments:
7
7
  - 2
8
- - 2
8
+ - 3
9
9
  - 0
10
- version: 2.2.0
10
+ version: 2.3.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Justin Collins
14
14
  autorequire:
15
15
  bindir: bin
16
- cert_chain: []
16
+ cert_chain:
17
+ - |
18
+ -----BEGIN CERTIFICATE-----
19
+ MIIDLjCCAhagAwIBAgIBADANBgkqhkiG9w0BAQUFADA9MQwwCgYDVQQDDANnZW0x
20
+ GDAWBgoJkiaJk/IsZAEZFghicmFrZW1hbjETMBEGCgmSJomT8ixkARkWA29yZzAe
21
+ Fw0xMzEyMTIwMDMxNTdaFw0xNDEyMTIwMDMxNTdaMD0xDDAKBgNVBAMMA2dlbTEY
22
+ MBYGCgmSJomT8ixkARkWCGJyYWtlbWFuMRMwEQYKCZImiZPyLGQBGRYDb3JnMIIB
23
+ IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCHmXCaAcZ4bVjijKoyQFx4N
24
+ dyN7B7bqY8wOXy6f/UZ6mdC8IRAj82KaWQjNE2LT/ObFUWpCRyLdrwjkDjdFDyOT
25
+ mZCZkiOeEy2ZxYGfxXMI/xg24c8r5Xmh16ErsYuprRcg+/KZ6s4UjseBNTARmBK4
26
+ IHcqIdnoWbYa3BWHoflJPaJUIaU+/yTclzFQHpswU7ka8ftIAWeoDQo22gasP/4N
27
+ HtJvAIyg1DcWPLcn0qbZmdehg8HZv8C+2MuLKX/2qZG9eseegMqMlHHabwwEy9Vv
28
+ f/t/+ltLjC0CRa2TqZ2EuQ5EEzbOsqAftaZJFmwv9Ut1UhjmdvR5RfN6dWMQ5QID
29
+ AQABozkwNzALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFPyEKeRy09i8qSr+9KFbeTqw
30
+ kMCSMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBALEk8/Wnl2VAqchxWlbg
31
+ RN0MkVUWMf8L0xxUiVKo5QeL4NBViALMBrU6IS4y6zyn+FoULAMEawUjZlZf4Hcg
32
+ S9unev3p+RTWUyksAnA27wHZs/NRIkW34s1ZI5NNE/xyu4ULOQjfh1wOjlWzyHu9
33
+ 0t41/CtpgNPM2uAjG3RIqlp7QKXlby50cQqWJQCgTH3JNjMhmROEhTsI6COoApvd
34
+ Ce7Br39yjeoarvekq0wCXBYakUBw/DdZCG7mFZ6xgh01eqnZUsNd8vM+6V6v23Vu
35
+ jk2tMjFT4L1dA3MEsz3+MP144PDhPCh7tPe6yy81BOvyYTVkKzrAkgKwHD1CuvsH
36
+ bdw=
37
+ -----END CERTIFICATE-----
17
38
 
18
- date: 2013-10-28 00:00:00 Z
39
+ date: 2013-12-12 00:00:00 Z
19
40
  dependencies:
20
41
  - !ruby/object:Gem::Dependency
21
42
  name: ruby_parser
@@ -186,7 +207,7 @@ dependencies:
186
207
  type: :runtime
187
208
  version_requirements: *id010
188
209
  description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
189
- email:
210
+ email: gem@brakeman.org
190
211
  executables:
191
212
  - brakeman
192
213
  extensions: []
@@ -199,122 +220,126 @@ files:
199
220
  - WARNING_TYPES
200
221
  - FEATURES
201
222
  - README.md
202
- - lib/brakeman/version.rb
203
- - lib/brakeman/differ.rb
204
- - lib/brakeman/util.rb
223
+ - lib/brakeman/app_tree.rb
205
224
  - lib/brakeman/brakeman.rake
206
225
  - lib/brakeman/call_index.rb
207
- - lib/brakeman/report/report_json.rb
208
- - lib/brakeman/report/report_hash.rb
209
- - lib/brakeman/report/report_base.rb
210
- - lib/brakeman/report/report_tabs.rb
211
- - lib/brakeman/report/report_html.rb
212
- - lib/brakeman/report/report_table.rb
213
- - lib/brakeman/report/renderer.rb
214
- - lib/brakeman/report/templates/controller_overview.html.erb
215
- - lib/brakeman/report/templates/model_warnings.html.erb
216
- - lib/brakeman/report/templates/template_overview.html.erb
217
- - lib/brakeman/report/templates/view_warnings.html.erb
218
- - lib/brakeman/report/templates/overview.html.erb
219
- - lib/brakeman/report/templates/controller_warnings.html.erb
220
- - lib/brakeman/report/templates/header.html.erb
221
- - lib/brakeman/report/templates/error_overview.html.erb
222
- - lib/brakeman/report/templates/security_warnings.html.erb
223
- - lib/brakeman/report/templates/warning_overview.html.erb
224
- - lib/brakeman/report/templates/ignored_warnings.html.erb
225
- - lib/brakeman/report/report_csv.rb
226
- - lib/brakeman/report/initializers/faster_csv.rb
227
- - lib/brakeman/report/initializers/multi_json.rb
228
- - lib/brakeman/report/ignore/interactive.rb
229
- - lib/brakeman/report/ignore/config.rb
230
- - lib/brakeman/tracker.rb
231
- - lib/brakeman/report.rb
232
- - lib/brakeman/scanner.rb
233
- - lib/brakeman/processor.rb
234
- - lib/brakeman/format/style.css
235
- - lib/brakeman/warning_codes.rb
236
- - lib/brakeman/app_tree.rb
237
- - lib/brakeman/checks/check_select_vulnerability.rb
238
- - lib/brakeman/checks/check_detailed_exceptions.rb
239
- - lib/brakeman/checks/check_escape_function.rb
240
- - lib/brakeman/checks/check_single_quotes.rb
241
- - lib/brakeman/checks/check_model_serialize.rb
226
+ - lib/brakeman/checks/base_check.rb
242
227
  - lib/brakeman/checks/check_basic_auth.rb
243
- - lib/brakeman/checks/check_safe_buffer_manipulation.rb
244
- - lib/brakeman/checks/check_forgery_setting.rb
245
- - lib/brakeman/checks/check_session_settings.rb
246
- - lib/brakeman/checks/check_model_attributes.rb
247
- - lib/brakeman/checks/check_redirect.rb
248
- - lib/brakeman/checks/check_yaml_parsing.rb
249
- - lib/brakeman/checks/check_skip_before_filter.rb
250
- - lib/brakeman/checks/check_response_splitting.rb
251
- - lib/brakeman/checks/check_mail_to.rb
252
228
  - lib/brakeman/checks/check_content_tag.rb
253
- - lib/brakeman/checks/check_unsafe_reflection.rb
254
- - lib/brakeman/checks/check_sql.rb
255
- - lib/brakeman/checks/check_select_tag.rb
256
- - lib/brakeman/checks/check_model_attr_accessible.rb
257
- - lib/brakeman/checks/check_mass_assignment.rb
258
- - lib/brakeman/checks/check_link_to_href.rb
259
- - lib/brakeman/checks/check_filter_skipping.rb
260
- - lib/brakeman/checks/check_symbol_dos.rb
261
- - lib/brakeman/checks/check_sanitize_methods.rb
262
- - lib/brakeman/checks/check_file_access.rb
229
+ - lib/brakeman/checks/check_cross_site_scripting.rb
230
+ - lib/brakeman/checks/check_default_routes.rb
263
231
  - lib/brakeman/checks/check_deserialize.rb
264
- - lib/brakeman/checks/base_check.rb
265
- - lib/brakeman/checks/check_validation_regex.rb
266
- - lib/brakeman/checks/check_evaluation.rb
232
+ - lib/brakeman/checks/check_detailed_exceptions.rb
267
233
  - lib/brakeman/checks/check_digest_dos.rb
268
- - lib/brakeman/checks/check_render.rb
269
- - lib/brakeman/checks/check_send_file.rb
270
- - lib/brakeman/checks/check_json_parsing.rb
234
+ - lib/brakeman/checks/check_escape_function.rb
235
+ - lib/brakeman/checks/check_evaluation.rb
271
236
  - lib/brakeman/checks/check_execute.rb
272
- - lib/brakeman/checks/check_translate_bug.rb
237
+ - lib/brakeman/checks/check_file_access.rb
238
+ - lib/brakeman/checks/check_filter_skipping.rb
239
+ - lib/brakeman/checks/check_forgery_setting.rb
240
+ - lib/brakeman/checks/check_header_dos.rb
241
+ - lib/brakeman/checks/check_i18n_xss.rb
273
242
  - lib/brakeman/checks/check_jruby_xml.rb
274
- - lib/brakeman/checks/check_default_routes.rb
243
+ - lib/brakeman/checks/check_json_parsing.rb
275
244
  - lib/brakeman/checks/check_link_to.rb
245
+ - lib/brakeman/checks/check_link_to_href.rb
246
+ - lib/brakeman/checks/check_mail_to.rb
247
+ - lib/brakeman/checks/check_mass_assignment.rb
248
+ - lib/brakeman/checks/check_model_attr_accessible.rb
249
+ - lib/brakeman/checks/check_model_attributes.rb
250
+ - lib/brakeman/checks/check_model_serialize.rb
251
+ - lib/brakeman/checks/check_nested_attributes.rb
252
+ - lib/brakeman/checks/check_number_to_currency.rb
276
253
  - lib/brakeman/checks/check_quote_table_name.rb
254
+ - lib/brakeman/checks/check_redirect.rb
255
+ - lib/brakeman/checks/check_render.rb
256
+ - lib/brakeman/checks/check_response_splitting.rb
257
+ - lib/brakeman/checks/check_safe_buffer_manipulation.rb
258
+ - lib/brakeman/checks/check_sanitize_methods.rb
259
+ - lib/brakeman/checks/check_select_tag.rb
260
+ - lib/brakeman/checks/check_select_vulnerability.rb
277
261
  - lib/brakeman/checks/check_send.rb
278
- - lib/brakeman/checks/check_cross_site_scripting.rb
262
+ - lib/brakeman/checks/check_send_file.rb
263
+ - lib/brakeman/checks/check_session_settings.rb
264
+ - lib/brakeman/checks/check_simple_format.rb
265
+ - lib/brakeman/checks/check_single_quotes.rb
266
+ - lib/brakeman/checks/check_skip_before_filter.rb
267
+ - lib/brakeman/checks/check_sql.rb
279
268
  - lib/brakeman/checks/check_strip_tags.rb
280
- - lib/brakeman/checks/check_nested_attributes.rb
269
+ - lib/brakeman/checks/check_symbol_dos.rb
270
+ - lib/brakeman/checks/check_translate_bug.rb
271
+ - lib/brakeman/checks/check_unsafe_reflection.rb
272
+ - lib/brakeman/checks/check_validation_regex.rb
281
273
  - lib/brakeman/checks/check_without_protection.rb
274
+ - lib/brakeman/checks/check_yaml_parsing.rb
282
275
  - lib/brakeman/checks.rb
276
+ - lib/brakeman/differ.rb
277
+ - lib/brakeman/format/style.css
278
+ - lib/brakeman/options.rb
279
+ - lib/brakeman/parsers/rails2_erubis.rb
280
+ - lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
281
+ - lib/brakeman/parsers/rails3_erubis.rb
282
+ - lib/brakeman/processor.rb
283
+ - lib/brakeman/processors/alias_processor.rb
284
+ - lib/brakeman/processors/base_processor.rb
285
+ - lib/brakeman/processors/config_processor.rb
283
286
  - lib/brakeman/processors/controller_alias_processor.rb
287
+ - lib/brakeman/processors/controller_processor.rb
288
+ - lib/brakeman/processors/erb_template_processor.rb
289
+ - lib/brakeman/processors/erubis_template_processor.rb
290
+ - lib/brakeman/processors/gem_processor.rb
291
+ - lib/brakeman/processors/haml_template_processor.rb
292
+ - lib/brakeman/processors/lib/find_all_calls.rb
293
+ - lib/brakeman/processors/lib/find_call.rb
284
294
  - lib/brakeman/processors/lib/find_return_value.rb
285
- - lib/brakeman/processors/lib/route_helper.rb
286
- - lib/brakeman/processors/lib/rails2_route_processor.rb
287
- - lib/brakeman/processors/lib/render_helper.rb
288
- - lib/brakeman/processors/lib/rails2_config_processor.rb
289
- - lib/brakeman/processors/lib/rails3_route_processor.rb
290
295
  - lib/brakeman/processors/lib/processor_helper.rb
296
+ - lib/brakeman/processors/lib/rails2_config_processor.rb
297
+ - lib/brakeman/processors/lib/rails2_route_processor.rb
291
298
  - lib/brakeman/processors/lib/rails3_config_processor.rb
292
- - lib/brakeman/processors/lib/find_all_calls.rb
293
- - lib/brakeman/processors/lib/find_call.rb
294
- - lib/brakeman/processors/template_alias_processor.rb
299
+ - lib/brakeman/processors/lib/rails3_route_processor.rb
300
+ - lib/brakeman/processors/lib/render_helper.rb
301
+ - lib/brakeman/processors/lib/route_helper.rb
302
+ - lib/brakeman/processors/library_processor.rb
295
303
  - lib/brakeman/processors/model_processor.rb
296
304
  - lib/brakeman/processors/output_processor.rb
297
- - lib/brakeman/processors/library_processor.rb
298
- - lib/brakeman/processors/erb_template_processor.rb
299
- - lib/brakeman/processors/template_processor.rb
300
- - lib/brakeman/processors/alias_processor.rb
301
- - lib/brakeman/processors/config_processor.rb
302
- - lib/brakeman/processors/gem_processor.rb
303
- - lib/brakeman/processors/erubis_template_processor.rb
304
305
  - lib/brakeman/processors/route_processor.rb
305
- - lib/brakeman/processors/controller_processor.rb
306
306
  - lib/brakeman/processors/slim_template_processor.rb
307
- - lib/brakeman/processors/haml_template_processor.rb
308
- - lib/brakeman/processors/base_processor.rb
309
- - lib/brakeman/warning.rb
310
- - lib/brakeman/options.rb
307
+ - lib/brakeman/processors/template_alias_processor.rb
308
+ - lib/brakeman/processors/template_processor.rb
309
+ - lib/brakeman/report/ignore/config.rb
310
+ - lib/brakeman/report/ignore/interactive.rb
311
+ - lib/brakeman/report/initializers/faster_csv.rb
312
+ - lib/brakeman/report/initializers/multi_json.rb
313
+ - lib/brakeman/report/renderer.rb
314
+ - lib/brakeman/report/report_base.rb
315
+ - lib/brakeman/report/report_csv.rb
316
+ - lib/brakeman/report/report_hash.rb
317
+ - lib/brakeman/report/report_html.rb
318
+ - lib/brakeman/report/report_json.rb
319
+ - lib/brakeman/report/report_table.rb
320
+ - lib/brakeman/report/report_tabs.rb
321
+ - lib/brakeman/report/templates/controller_overview.html.erb
322
+ - lib/brakeman/report/templates/controller_warnings.html.erb
323
+ - lib/brakeman/report/templates/error_overview.html.erb
324
+ - lib/brakeman/report/templates/header.html.erb
325
+ - lib/brakeman/report/templates/ignored_warnings.html.erb
326
+ - lib/brakeman/report/templates/model_warnings.html.erb
327
+ - lib/brakeman/report/templates/overview.html.erb
328
+ - lib/brakeman/report/templates/security_warnings.html.erb
329
+ - lib/brakeman/report/templates/template_overview.html.erb
330
+ - lib/brakeman/report/templates/view_warnings.html.erb
331
+ - lib/brakeman/report/templates/warning_overview.html.erb
332
+ - lib/brakeman/report.rb
311
333
  - lib/brakeman/rescanner.rb
312
- - lib/brakeman/parsers/rails2_erubis.rb
313
- - lib/brakeman/parsers/rails3_erubis.rb
314
- - lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
334
+ - lib/brakeman/scanner.rb
335
+ - lib/brakeman/tracker.rb
336
+ - lib/brakeman/util.rb
337
+ - lib/brakeman/version.rb
338
+ - lib/brakeman/warning.rb
339
+ - lib/brakeman/warning_codes.rb
340
+ - lib/brakeman.rb
315
341
  - lib/ruby_parser/bm_sexp.rb
316
342
  - lib/ruby_parser/bm_sexp_processor.rb
317
- - lib/brakeman.rb
318
343
  homepage: http://brakemanscanner.org
319
344
  licenses:
320
345
  - MIT
@@ -0,0 +1 @@
1
+ G\�1mt����q%Uv��*u��>H�gj)C����$&���׸��U�0@U�囡聢.�7�0m�& �0�O��g��l 5v� Z:2�Q���v���<9L(]��N��N����T)� f�#(Tv,�;������m01y25��7��-��۠���玆�������I��3D�~-<�<=PT�zE2=o��q)j Q~ź]�p"d��ޒ� �m~ř�_�{3�γm�qGxc>�3�'��uK��i��w��j