RubyGems - brakeman - Versions diffs - 5.2.0 → 5.4.1 - Mend

brakeman 5.2.0 → 5.4.1

Files changed (538) hide show

data/lib/brakeman/checks/check_number_to_currency.rb CHANGED Viewed

@@ -36,7 +36,8 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
       :message => message,
       :confidence => :medium,
       :gem_info => gemfile_or_environment,
-      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"
+      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
+      :cwe_id => [79]
   end
   def check_number_helper_usage
@@ -69,6 +70,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
       :message => msg("Format options in ", msg_code(result[:call].method), " are not safe in ", msg_version(rails_version)),
       :confidence => :high,
       :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
-      :user_input => match
+      :user_input => match,
+      :cwe_id => [79]
   end
 end

data/lib/brakeman/checks/check_page_caching_cve.rb CHANGED Viewed

@@ -26,7 +26,8 @@ class Brakeman::CheckPageCachingCVE < Brakeman::BaseCheck
       :message => message,
       :confidence => confidence,
       :link_path => 'https://groups.google.com/d/msg/rubyonrails-security/CFRVkEytdP8/c5gmICECAgAJ',
-      :gem_info => gemfile_or_environment(gem_name)
+      :gem_info => gemfile_or_environment(gem_name),
+      :cwe_id => [22]
   end
   def uses_caches_page?

data/lib/brakeman/checks/check_pathname.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require 'brakeman/checks/base_check'
+class Brakeman::CheckPathname < Brakeman::BaseCheck
+  Brakeman::Checks.add self
+  @description = "Check for unexpected Pathname behavior"
+  def run_check
+    check_rails_root_join
+    check_pathname_join
+  end
+  def check_rails_root_join
+    tracker.find_call(target: :'Rails.root', method: :join, nested: true).each do |result|
+      check_result result
+    end
+  end
+  def check_pathname_join
+    pathname_methods = [
+      :'Pathname.new',
+      :'Pathname.getwd',
+      :'Pathname.glob',
+      :'Pathname.pwd',
+    ]
+    tracker.find_call(targets: pathname_methods, method: :join, nested: true).each do |result|
+      check_result result
+    end
+  end
+  def check_result result
+    return unless original? result
+    result[:call].each_arg do |arg|
+      if match = has_immediate_user_input?(arg)
+        warn :result => result,
+          :warning_type => "Path Traversal",
+          :warning_code => :pathname_traversal,
+          :message => "Absolute paths in `Pathname#join` cause the entire path to be relative to the absolute path, ignoring any prior values",
+          :user_input => match,
+          :confidence => :high,
+          :cwe_id => [22]
+      end
+    end
+  end
+end

data/lib/brakeman/checks/check_permit_attributes.rb CHANGED Viewed

@@ -38,6 +38,7 @@ class Brakeman::CheckPermitAttributes < Brakeman::BaseCheck
       :warning_code => :dangerous_permit_key,
       :message => "Potentially dangerous key allowed for mass assignment",
       :confidence => (confidence || SUSPICIOUS_KEYS[key.value]),
-      :user_input => key
+      :user_input => key,
+      :cwe_id => [915]
   end
 end

data/lib/brakeman/checks/check_quote_table_name.rb CHANGED Viewed

@@ -28,7 +28,8 @@ class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck
         :message => message,
         :confidence => confidence,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion",
+        :cwe_id => [89]
     end
   end

data/lib/brakeman/checks/check_redirect.rb CHANGED Viewed

@@ -11,9 +11,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
   @description = "Looks for calls to redirect_to with user input as arguments"
   def run_check
-    Brakeman.debug "Finding calls to redirect_to()"
-    @model_find_calls = Set[:all, :create, :create!, :find, :find_by_sql, :first, :last, :new]
+    @model_find_calls = Set[:all, :create, :create!, :find, :find_by_sql, :first, :first!, :last, :last!, :new, :sole]
     if tracker.options[:rails3]
       @model_find_calls.merge [:from, :group, :having, :joins, :lock, :order, :reorder, :select, :where]
@@ -23,7 +21,13 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
       @model_find_calls.merge [:find_by, :find_by!, :take]
     end
-    @tracker.find_call(:target => false, :method => :redirect_to).each do |res|
+    if version_between? "7.0.0", "9.9.9"
+      @model_find_calls << :find_sole_by
+    end
+    methods = [:redirect_to, :redirect_back, :redirect_back_or_to]
+    @tracker.find_call(:target => false, :methods => methods).each do |res|
       process_result res
     end
   end
@@ -32,18 +36,28 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
     return unless original? result
     call = result[:call]
-    method = call.method
     opt = call.first_arg
-    if method == :redirect_to and
+    # Location is specified with `fallback_location:`
+    # otherwise the arguments do not contain a location and
+    # the call can be ignored
+    if call.method == :redirect_back
+      if hash? opt and location = hash_access(opt, :fallback_location)
+        opt = location
+      else
+        return
+      end
+    end
+    if not protected_by_raise?(call) and
         not only_path?(call) and
         not explicit_host?(opt) and
         not slice_call?(opt) and
         not safe_permit?(opt) and
-        res = include_user_input?(call)
+        not disallow_other_host?(call) and
+        res = include_user_input?(opt)
-      if res.type == :immediate
+      if res.type == :immediate and not allow_other_host?(call)
         confidence = :high
       else
         confidence = :weak
@@ -55,7 +69,8 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
         :message => "Possible unprotected redirect",
         :code => call,
         :user_input => res,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [601]
     end
   end
@@ -63,42 +78,42 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
   #is being output directly. This is necessary because of tracker.options[:check_arguments]
   #which can be used to enable/disable reporting output of method calls which use
   #user input as arguments.
-  def include_user_input? call, immediate = :immediate
+  def include_user_input? opt, immediate = :immediate
     Brakeman.debug "Checking if call includes user input"
-    arg = call.first_arg
     # if the first argument is an array, rails assumes you are building a
     # polymorphic route, which will never jump off-host
-    return false if array? arg
+    return false if array? opt
     if tracker.options[:ignore_redirect_to_model]
-      if model_instance?(arg) or decorated_model?(arg)
+      if model_instance?(opt) or decorated_model?(opt)
         return false
       end
     end
-    if res = has_immediate_model?(arg)
-      unless call? arg and arg.method.to_s =~ /_path/
+    if res = has_immediate_model?(opt)
+      unless call? opt and opt.method.to_s =~ /_path/
         return Match.new(immediate, res)
       end
-    elsif call? arg
-      if request_value? arg
-        return Match.new(immediate, arg)
-      elsif request_value? arg.target
-        return Match.new(immediate, arg.target)
-      elsif arg.method == :url_for and include_user_input? arg
-        return Match.new(immediate, arg)
+    elsif call? opt
+      if request_value? opt
+        return Match.new(immediate, opt)
+      elsif opt.method == :url_for and include_user_input? opt.first_arg
+        return Match.new(immediate, opt)
         #Ignore helpers like some_model_url?
-      elsif arg.method.to_s =~ /_(url|path)\z/
+      elsif opt.method.to_s =~ /_(url|path)\z/
+        return false
+      elsif opt.method == :url_from
         return false
       end
-    elsif request_value? arg
-      return Match.new(immediate, arg)
+    elsif request_value? opt
+      return Match.new(immediate, opt)
+    elsif node_type? opt, :or
+      return (include_user_input?(opt.lhs) or include_user_input?(opt.rhs))
     end
-    if tracker.options[:check_arguments] and call? arg
-      include_user_input? arg, false  #I'm doubting if this is really necessary...
+    if tracker.options[:check_arguments] and call? opt
+      include_user_input? opt.first_arg, false  #I'm doubting if this is really necessary...
     else
       false
     end
@@ -203,7 +218,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
   def friendly_model? exp
     call? exp and model_name? exp.target and exp.method == :friendly
   end
   #Returns true if exp is (probably) a decorated model instance
   #using the Draper gem
   def decorated_model? exp
@@ -244,7 +259,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
     if call? exp and params? exp.target and exp.method == :permit
       exp.each_arg do |opt|
         if symbol? opt and DANGEROUS_KEYS.include? opt.value
-          return false
+          return false
         end
       end
@@ -253,4 +268,25 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
     false
   end
+  def protected_by_raise? call
+    raise_on_redirects? and
+      not allow_other_host? call
+  end
+  def raise_on_redirects?
+    @raise_on_redirects ||= true?(tracker.config.rails.dig(:action_controller, :raise_on_open_redirects))
+  end
+  def allow_other_host? call
+    opt = call.last_arg
+    hash? opt and true? hash_access(opt, :allow_other_host)
+  end
+  def disallow_other_host? call
+    opt = call.last_arg
+    hash? opt and false? hash_access(opt, :allow_other_host)
+  end
 end

data/lib/brakeman/checks/check_regex_dos.rb CHANGED Viewed

@@ -51,7 +51,8 @@ class Brakeman::CheckRegexDoS < Brakeman::BaseCheck
           :warning_code => :regex_dos,
           :message => message,
           :confidence => confidence,
-          :user_input => match
+          :user_input => match,
+          :cwe_id => [20, 185]
       end
     end
   end

data/lib/brakeman/checks/check_render.rb CHANGED Viewed

@@ -57,7 +57,8 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
         :warning_code => :dynamic_render_path,
         :message => message,
         :user_input => input,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [22]
     end
   end
@@ -78,7 +79,8 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
           :warning_code => :dynamic_render_path_rce,
           :message => msg("Passing query parameters to ", msg_code("render"), " is vulnerable in ", msg_version(rails_version), " ", msg_cve("CVE-2016-0752")),
           :user_input => view,
-          :confidence => :high
+          :confidence => :high,
+          :cwe_id => [22]
       end
     end
   end

data/lib/brakeman/checks/check_render_dos.rb CHANGED Viewed

@@ -32,6 +32,7 @@ class Brakeman::CheckRenderDoS < Brakeman::BaseCheck
       :message => message,
       :confidence => :high,
       :link_path => "https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ",
-      :gem_info => gemfile_or_environment
+      :gem_info => gemfile_or_environment,
+      :cwe_id => [20]
   end
 end

data/lib/brakeman/checks/check_render_inline.rb CHANGED Viewed

@@ -28,14 +28,16 @@ class Brakeman::CheckRenderInline < Brakeman::CheckCrossSiteScripting
             :warning_code => :cross_site_scripting_inline,
             :message => msg("Unescaped ", msg_input(input), " rendered inline"),
             :user_input => input,
-            :confidence => :high
+            :confidence => :high,
+            :cwe_id => [79]
         elsif input = has_immediate_model?(render_value)
           warn :result => result,
             :warning_type => "Cross-Site Scripting",
             :warning_code => :cross_site_scripting_inline,
             :message => "Unescaped model attribute rendered inline",
             :user_input => input,
-            :confidence => :medium
+            :confidence => :medium,
+            :cwe_id => [79]
         end
       end
     end

data/lib/brakeman/checks/check_response_splitting.rb CHANGED Viewed

@@ -15,7 +15,8 @@ class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck
         :message => msg("Rails versions before 2.3.14 have a vulnerability content type handling allowing injection of headers ", msg_cve("CVE-2011-3186")),
         :confidence => :medium,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion",
+        :cwe_id => [94]
     end
   end
 end

data/lib/brakeman/checks/check_reverse_tabnabbing.rb CHANGED Viewed

@@ -53,6 +53,7 @@ class Brakeman::CheckReverseTabnabbing < Brakeman::BaseCheck
       :message => msg("When opening a link in a new tab without setting ", msg_code('rel: "noopener noreferrer"'),
                       ", the new tab can control the parent tab's location. For example, an attacker could redirect to a phishing page."),
       :confidence => confidence,
-      :user_input => rel
+      :user_input => rel,
+      :cwe_id => [1022]
   end
 end

data/lib/brakeman/checks/check_route_dos.rb CHANGED Viewed

@@ -23,7 +23,8 @@ class Brakeman::CheckRouteDoS < Brakeman::BaseCheck
         :message => message,
         :confidence => :medium,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
+        :cwe_id => [399]
     end
   end

data/lib/brakeman/checks/check_safe_buffer_manipulation.rb CHANGED Viewed

@@ -26,6 +26,7 @@ class Brakeman::CheckSafeBufferManipulation < Brakeman::BaseCheck
       :warning_code => :safe_buffer_vuln,
       :message => message,
       :confidence => :medium,
-      :gem_info => gemfile_or_environment
+      :gem_info => gemfile_or_environment,
+      :cwe_id => [79]
   end
 end

data/lib/brakeman/checks/check_sanitize_config_cve.rb ADDED Viewed

@@ -0,0 +1,120 @@
+require 'brakeman/checks/base_check'
+class Brakeman::CheckSanitizeConfigCve < Brakeman::BaseCheck
+  Brakeman::Checks.add self
+  @description = "Checks for vunerable uses of sanitize (CVE-2022-32209)"
+  def run_check
+    @specific_warning = false
+    @gem_version = tracker.config.gem_version :'rails-html-sanitizer'
+    if version_between? "0.0.0", "1.4.2", @gem_version
+      check_config
+      check_sanitize_calls
+      check_safe_list_allowed_tags
+      unless @specific_warning
+        # General warning about the vulnerable version
+        cve_warning
+      end
+    end
+  end
+  def cve_warning confidence: :weak, result: nil
+    return if result and not original? result
+    message = msg(msg_version(@gem_version, 'rails-html-sanitizer'),
+                  " is vulnerable to cross-site scripting when ",
+                  msg_code('select'),
+                  " and ",
+                  msg_code("style"),
+                  " tags are allowed ",
+                  msg_cve("CVE-2022-32209")
+                 )
+    unless result
+      message << ". Upgrade to 1.4.3 or newer"
+    end
+    warn :warning_type => "Cross-Site Scripting",
+      :warning_code => :CVE_2022_32209,
+      :message => message,
+      :confidence => confidence,
+      :gem_info => gemfile_or_environment(:'rails-html-sanitizer'),
+      :link_path => "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s/m/S0fJfnkmBAAJ",
+      :cwe_id => [79],
+      :result => result
+  end
+  # Look for
+  #   config.action_view.sanitized_allowed_tags = ["select", "style"]
+  def check_config
+    sanitizer_config = tracker.config.rails.dig(:action_view, :sanitized_allowed_tags)
+    if sanitizer_config and include_both_tags? sanitizer_config
+      @specific_warning = true
+      cve_warning confidence: :high
+    end
+  end
+  # Look for
+  #   sanitize ..., tags: ["select", "style"]
+  # and
+  #   Rails::Html::SafeListSanitizer.new.sanitize(..., tags: ["select", "style"])
+  def check_sanitize_calls
+    tracker.find_call(method: :sanitize, target: nil).each do |result|
+      check_tags_option result
+    end
+    tracker.find_call(method: :sanitize, target: :'Rails::Html::SafeListSanitizer.new').each do |result|
+      check_tags_option result
+    end
+  end
+  # Look for
+  #   Rails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]
+  def check_safe_list_allowed_tags
+    tracker.find_call(target: :'Rails::Html::SafeListSanitizer', method: :allowed_tags=).each do |result|
+      check_result result, result[:call].first_arg
+    end
+  end
+  private
+  def check_tags_option result
+    options = result[:call].last_arg
+    if options
+      check_result result, hash_access(options, :tags)
+    end
+  end
+  def check_result result, arg
+    if include_both_tags? arg
+      @specific_warning = true
+      cve_warning confidence: :high, result: result
+    end
+  end
+  def include_both_tags? exp
+    return unless sexp? exp
+    has_tag? exp, 'select' and
+      has_tag? exp, 'style'
+  end
+  def has_tag? exp, tag
+    tag_sym = tag.to_sym
+    exp.each_sexp do |e|
+      if string? e and e.value == tag
+        return true
+      elsif symbol? e and e.value == tag_sym
+        return true
+      end
+    end
+    false
+  end
+end

data/lib/brakeman/checks/check_sanitize_methods.rb CHANGED Viewed

@@ -51,7 +51,8 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
         :warning_code => code,
         :message => message,
         :confidence => :high,
-        :link_path => link
+        :link_path => link,
+        :cwe_id => [79]
     end
   end
@@ -83,7 +84,8 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
         :message => message,
         :gem_info => gemfile_or_environment(:loofah),
         :confidence => confidence,
-        :link_path => "https://github.com/flavorjones/loofah/issues/144"
+        :link_path => "https://github.com/flavorjones/loofah/issues/144",
+        :cwe_id => [79]
     end
   end
@@ -108,6 +110,7 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
       :message => message,
       :gem_info => gemfile_or_environment(:'rails-html-sanitizer'),
       :confidence => confidence,
-      :link_path => link
+      :link_path => link,
+      :cwe_id => [79]
   end
 end

data/lib/brakeman/checks/check_secrets.rb CHANGED Viewed

@@ -27,7 +27,8 @@ class Brakeman::CheckSecrets < Brakeman::BaseCheck
             :message => msg("Hardcoded value for ", msg_code(name), " in source code"),
             :confidence => :medium,
             :file => constant.file,
-            :line => constant.line
+            :line => constant.line,
+            :cwe_id => [798]
         end
       end
     end

data/lib/brakeman/checks/check_select_tag.rb CHANGED Viewed

@@ -52,7 +52,8 @@ class Brakeman::CheckSelectTag < Brakeman::BaseCheck
           :message => @message,
           :confidence => :high,
           :user_input => input,
-          :link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion"
+          :link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion",
+          :cwe_id => [79]
       end
     end
   end

data/lib/brakeman/checks/check_select_vulnerability.rb CHANGED Viewed

@@ -54,7 +54,8 @@ class Brakeman::CheckSelectVulnerability < Brakeman::BaseCheck
           :warning_code => :select_options_vuln,
           :result => result,
           :message => @message,
-          :confidence => confidence
+          :confidence => confidence,
+          :cwe_id => [79]
     end
   end
 end

data/lib/brakeman/checks/check_send.rb CHANGED Viewed

@@ -29,7 +29,8 @@ class Brakeman::CheckSend < Brakeman::BaseCheck
         :warning_code => :dangerous_send,
         :message => "User controlled method execution",
         :user_input => input,
-        :confidence => :high
+        :confidence => :high,
+        :cwe_id => [77]
     end
   end

data/lib/brakeman/checks/check_session_manipulation.rb CHANGED Viewed

@@ -28,7 +28,8 @@ class Brakeman::CheckSessionManipulation < Brakeman::BaseCheck
         :warning_code => :session_key_manipulation,
         :message => msg(msg_input(input), " used as key in session hash"),
         :user_input => input,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [20] # TODO: what cwe should this be? it seems like it's looking for authz bypass
     end
   end
 end

data/lib/brakeman/checks/check_session_settings.rb CHANGED Viewed

@@ -142,7 +142,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
       :message => "Session cookies should be set to HTTP only",
       :confidence => :high,
       :line => line,
-      :file => file
+      :file => file,
+      :cwe_id => [1004]
   end
@@ -152,7 +153,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
       :message => "Session secret should not be included in version control",
       :confidence => :high,
       :line => line,
-      :file => file
+      :file => file,
+      :cwe_id => [798]
   end
   def warn_about_secure_only line, file
@@ -161,7 +163,8 @@ class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
       :message => "Session cookie should be set to secure only",
       :confidence => :high,
       :line => line,
-      :file => file
+      :file => file,
+      :cwe_id => [614]
   end
   def ignored? file

data/lib/brakeman/checks/check_simple_format.rb CHANGED Viewed

@@ -28,7 +28,8 @@ class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
       :message => message,
       :confidence => :medium,
       :gem_info => gemfile_or_environment,
-      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
+      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
+      :cwe_id => [79]
   end
   def check_simple_format_usage
@@ -58,6 +59,7 @@ class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
       :message => msg("Values passed to ", msg_code("simple_format"), " are not safe in ", msg_version(rails_version)),
       :confidence => :high,
       :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
-      :user_input => match
+      :user_input => match,
+      :cwe_id => [79]
   end
 end

data/lib/brakeman/checks/check_single_quotes.rb CHANGED Viewed

@@ -38,7 +38,8 @@ class Brakeman::CheckSingleQuotes < Brakeman::BaseCheck
       :message => message,
       :confidence => :medium,
       :gem_info => gemfile_or_environment,
-      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion"
+      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion",
+      :cwe_id => [79]
   end
   #Process initializers to see if they use workaround

data/lib/brakeman/checks/check_skip_before_filter.rb CHANGED Viewed

@@ -29,7 +29,8 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
         :message => msg("List specific actions (", msg_code(":only => [..]"), ") when skipping CSRF check"),
         :code => filter,
         :confidence => :medium,
-        :file => controller.file
+        :file => controller.file,
+        :cwe_id => [352]
     when :login_required, :authenticate_user!, :require_user
       warn :controller => controller.name,
@@ -39,7 +40,8 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
         :code => filter,
         :confidence => :medium,
         :link_path => "authentication_whitelist",
-        :file => controller.file
+        :file => controller.file,
+        :cwe_id => [287]
     end
   end