brakeman 5.2.3 → 5.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +8 -0
- data/bundle/load.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/COPYING +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/asciidoc.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/babel.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/bluecloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/builder.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/coffee.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/commonmarker.rb +11 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/creole.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/csv.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/dummy.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erb.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubi.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/erubis.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/etanni.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/haml.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/kramdown.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/less.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/liquid.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/livescript.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/mapping.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/markaby.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/maruku.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/nokogiri.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/pandoc.rb +23 -15
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/plain.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/prawn.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/radius.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdiscount.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/rdoc.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcarpet.rb +5 -2
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/redcloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +23 -0
- data/bundle/ruby/2.7.0/gems/tilt-2.0.11/lib/tilt/sass.rb +78 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/sigil.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/string.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/template.rb +12 -1
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/typescript.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/wikicloth.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt/yajl.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{tilt-2.0.10 → tilt-2.0.11}/lib/tilt.rb +2 -1
- data/lib/brakeman/app_tree.rb +9 -1
- data/lib/brakeman/checks/check_basic_auth.rb +4 -2
- data/lib/brakeman/checks/check_basic_auth_timing_attack.rb +2 -1
- data/lib/brakeman/checks/check_content_tag.rb +8 -4
- data/lib/brakeman/checks/check_cookie_serialization.rb +2 -1
- data/lib/brakeman/checks/check_create_with.rb +4 -2
- data/lib/brakeman/checks/check_cross_site_scripting.rb +6 -3
- data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb +2 -1
- data/lib/brakeman/checks/check_default_routes.rb +6 -3
- data/lib/brakeman/checks/check_deserialize.rb +2 -1
- data/lib/brakeman/checks/check_detailed_exceptions.rb +4 -2
- data/lib/brakeman/checks/check_digest_dos.rb +2 -1
- data/lib/brakeman/checks/check_divide_by_zero.rb +2 -1
- data/lib/brakeman/checks/check_dynamic_finders.rb +2 -1
- data/lib/brakeman/checks/check_escape_function.rb +2 -1
- data/lib/brakeman/checks/check_evaluation.rb +2 -1
- data/lib/brakeman/checks/check_execute.rb +6 -3
- data/lib/brakeman/checks/check_file_access.rb +2 -1
- data/lib/brakeman/checks/check_file_disclosure.rb +2 -1
- data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
- data/lib/brakeman/checks/check_force_ssl.rb +2 -1
- data/lib/brakeman/checks/check_forgery_setting.rb +4 -2
- data/lib/brakeman/checks/check_header_dos.rb +2 -1
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -1
- data/lib/brakeman/checks/check_jruby_xml.rb +2 -1
- data/lib/brakeman/checks/check_json_encoding.rb +2 -1
- data/lib/brakeman/checks/check_json_entity_escape.rb +4 -2
- data/lib/brakeman/checks/check_json_parsing.rb +4 -2
- data/lib/brakeman/checks/check_link_to.rb +2 -1
- data/lib/brakeman/checks/check_link_to_href.rb +4 -2
- data/lib/brakeman/checks/check_mail_to.rb +2 -1
- data/lib/brakeman/checks/check_mass_assignment.rb +6 -3
- data/lib/brakeman/checks/check_mime_type_dos.rb +2 -1
- data/lib/brakeman/checks/check_model_attr_accessible.rb +2 -1
- data/lib/brakeman/checks/check_model_attributes.rb +4 -2
- data/lib/brakeman/checks/check_model_serialize.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes.rb +2 -1
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +2 -1
- data/lib/brakeman/checks/check_number_to_currency.rb +4 -2
- data/lib/brakeman/checks/check_page_caching_cve.rb +2 -1
- data/lib/brakeman/checks/check_permit_attributes.rb +2 -1
- data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
- data/lib/brakeman/checks/check_redirect.rb +2 -1
- data/lib/brakeman/checks/check_regex_dos.rb +2 -1
- data/lib/brakeman/checks/check_render.rb +4 -2
- data/lib/brakeman/checks/check_render_dos.rb +2 -1
- data/lib/brakeman/checks/check_render_inline.rb +4 -2
- data/lib/brakeman/checks/check_response_splitting.rb +2 -1
- data/lib/brakeman/checks/check_reverse_tabnabbing.rb +2 -1
- data/lib/brakeman/checks/check_route_dos.rb +2 -1
- data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_sanitize_config_cve.rb +120 -0
- data/lib/brakeman/checks/check_sanitize_methods.rb +6 -3
- data/lib/brakeman/checks/check_secrets.rb +2 -1
- data/lib/brakeman/checks/check_select_tag.rb +2 -1
- data/lib/brakeman/checks/check_select_vulnerability.rb +2 -1
- data/lib/brakeman/checks/check_send.rb +2 -1
- data/lib/brakeman/checks/check_session_manipulation.rb +2 -1
- data/lib/brakeman/checks/check_session_settings.rb +6 -3
- data/lib/brakeman/checks/check_simple_format.rb +4 -2
- data/lib/brakeman/checks/check_single_quotes.rb +2 -1
- data/lib/brakeman/checks/check_skip_before_filter.rb +4 -2
- data/lib/brakeman/checks/check_sprockets_path_traversal.rb +2 -1
- data/lib/brakeman/checks/check_sql.rb +4 -2
- data/lib/brakeman/checks/check_sql_cves.rb +4 -2
- data/lib/brakeman/checks/check_ssl_verify.rb +2 -1
- data/lib/brakeman/checks/check_strip_tags.rb +6 -3
- data/lib/brakeman/checks/check_symbol_dos.rb +2 -1
- data/lib/brakeman/checks/check_symbol_dos_cve.rb +2 -1
- data/lib/brakeman/checks/check_template_injection.rb +2 -1
- data/lib/brakeman/checks/check_translate_bug.rb +2 -1
- data/lib/brakeman/checks/check_unsafe_reflection.rb +2 -1
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +2 -1
- data/lib/brakeman/checks/check_unscoped_find.rb +2 -1
- data/lib/brakeman/checks/check_validation_regex.rb +2 -1
- data/lib/brakeman/checks/check_verb_confusion.rb +2 -1
- data/lib/brakeman/checks/check_weak_hash.rb +6 -3
- data/lib/brakeman/checks/check_without_protection.rb +2 -1
- data/lib/brakeman/checks/check_xml_dos.rb +2 -1
- data/lib/brakeman/checks/check_yaml_parsing.rb +4 -2
- data/lib/brakeman/checks/eol_check.rb +4 -2
- data/lib/brakeman/options.rb +1 -1
- data/lib/brakeman/processors/lib/find_all_calls.rb +1 -0
- data/lib/brakeman/report/report_csv.rb +2 -0
- data/lib/brakeman/report/report_junit.rb +2 -2
- data/lib/brakeman/report/report_table.rb +5 -5
- data/lib/brakeman/report/report_text.rb +2 -0
- data/lib/brakeman/report/templates/controller_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/ignored_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/model_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/security_warnings.html.erb +2 -0
- data/lib/brakeman/report/templates/view_warnings.html.erb +2 -0
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +5 -2
- data/lib/brakeman/warning_codes.rb +1 -0
- metadata +43 -42
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/rst-pandoc.rb +0 -18
- data/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/sass.rb +0 -52
|
@@ -27,7 +27,8 @@ class Brakeman::CheckDynamicFinders < Brakeman::BaseCheck
|
|
|
27
27
|
:warning_code => :sql_injection_dynamic_finder,
|
|
28
28
|
:message => "MySQL integer conversion may cause 0 to match any string",
|
|
29
29
|
:confidence => :medium,
|
|
30
|
-
:user_input => arg
|
|
30
|
+
:user_input => arg,
|
|
31
|
+
:cwe_id => [89]
|
|
31
32
|
|
|
32
33
|
break
|
|
33
34
|
end
|
|
@@ -15,7 +15,8 @@ class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck
|
|
|
15
15
|
:message => msg("Rails versions before 2.3.14 have a vulnerability in the ", msg_code("escape"), " method when used with Ruby 1.8 ", msg_cve("CVE-2011-2932")),
|
|
16
16
|
:confidence => :high,
|
|
17
17
|
:gem_info => gemfile_or_environment,
|
|
18
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion"
|
|
18
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion",
|
|
19
|
+
:cwe_id => [79]
|
|
19
20
|
end
|
|
20
21
|
end
|
|
21
22
|
end
|
|
@@ -117,7 +117,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
|
117
117
|
:message => "Possible command injection",
|
|
118
118
|
:code => call,
|
|
119
119
|
:user_input => failure,
|
|
120
|
-
:confidence => confidence
|
|
120
|
+
:confidence => confidence,
|
|
121
|
+
:cwe_id => [77]
|
|
121
122
|
end
|
|
122
123
|
end
|
|
123
124
|
|
|
@@ -138,7 +139,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
|
138
139
|
:warning_code => :command_injection,
|
|
139
140
|
:message => msg("Possible command injection in ", msg_code("open")),
|
|
140
141
|
:user_input => match,
|
|
141
|
-
:confidence => :high
|
|
142
|
+
:confidence => :high,
|
|
143
|
+
:cwe_id => [77]
|
|
142
144
|
end
|
|
143
145
|
end
|
|
144
146
|
end
|
|
@@ -201,7 +203,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
|
201
203
|
:message => "Possible command injection",
|
|
202
204
|
:code => exp,
|
|
203
205
|
:user_input => input,
|
|
204
|
-
:confidence => confidence
|
|
206
|
+
:confidence => confidence,
|
|
207
|
+
:cwe_id => [77]
|
|
205
208
|
end
|
|
206
209
|
|
|
207
210
|
# This method expects a :dstr or :evstr node
|
|
@@ -25,7 +25,8 @@ class Brakeman::CheckFileDisclosure < Brakeman::BaseCheck
|
|
|
25
25
|
:message => msg(msg_version(rails_version), " has a file existence disclosure vulnerability. Upgrade to ", msg_version(fix_version), " or disable serving static assets"),
|
|
26
26
|
:confidence => :high,
|
|
27
27
|
:gem_info => gemfile_or_environment,
|
|
28
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ"
|
|
28
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ",
|
|
29
|
+
:cwe_id => [22]
|
|
29
30
|
end
|
|
30
31
|
end
|
|
31
32
|
|
|
@@ -15,7 +15,8 @@ class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck
|
|
|
15
15
|
:message => msg("Rails versions before 3.0.10 have a vulnerability which allows filters to be bypassed", msg_cve("CVE-2011-2929")),
|
|
16
16
|
:confidence => :high,
|
|
17
17
|
:gem_info => gemfile_or_environment,
|
|
18
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion"
|
|
18
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion",
|
|
19
|
+
:cwe_id => [20]
|
|
19
20
|
end
|
|
20
21
|
end
|
|
21
22
|
|
|
@@ -21,7 +21,8 @@ class Brakeman::CheckForceSSL < Brakeman::BaseCheck
|
|
|
21
21
|
:message => msg("The application does not force use of HTTPS: ", msg_code("config.force_ssl"), " is not enabled"),
|
|
22
22
|
:confidence => :high,
|
|
23
23
|
:file => "config/environments/production.rb",
|
|
24
|
-
:line => line
|
|
24
|
+
:line => line,
|
|
25
|
+
:cwe_id => [311]
|
|
25
26
|
end
|
|
26
27
|
end
|
|
27
28
|
end
|
|
@@ -52,7 +52,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
|
|
|
52
52
|
opts = {
|
|
53
53
|
:controller => :ApplicationController,
|
|
54
54
|
:warning_type => "Cross-Site Request Forgery",
|
|
55
|
-
:confidence => :high
|
|
55
|
+
:confidence => :high,
|
|
56
|
+
:cwe_id => [352]
|
|
56
57
|
}.merge opts
|
|
57
58
|
|
|
58
59
|
warn opts
|
|
@@ -76,6 +77,7 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
|
|
|
76
77
|
:message => msg("CSRF protection is flawed in unpatched versions of ", msg_version(rails_version), " ", msg_cve("CVE-2011-0447"), ". Upgrade to ", msg_version(new_version), " or apply patches as needed"),
|
|
77
78
|
:gem_info => gemfile_or_environment,
|
|
78
79
|
:file => nil,
|
|
79
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
|
|
80
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion",
|
|
81
|
+
:cwe_id => [352]
|
|
80
82
|
end
|
|
81
83
|
end
|
|
@@ -20,7 +20,8 @@ class Brakeman::CheckHeaderDoS < Brakeman::BaseCheck
|
|
|
20
20
|
:message => message,
|
|
21
21
|
:confidence => :medium,
|
|
22
22
|
:gem_info => gemfile_or_environment,
|
|
23
|
-
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"
|
|
23
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ",
|
|
24
|
+
:cwe_id => [20]
|
|
24
25
|
end
|
|
25
26
|
end
|
|
26
27
|
|
|
@@ -23,7 +23,8 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
|
|
|
23
23
|
:message => message,
|
|
24
24
|
:confidence => :medium,
|
|
25
25
|
:gem_info => gemfile_or_environment(:i18n),
|
|
26
|
-
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"
|
|
26
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ",
|
|
27
|
+
:cwe_id => [79]
|
|
27
28
|
end
|
|
28
29
|
end
|
|
29
30
|
|
|
@@ -31,6 +31,7 @@ class Brakeman::CheckJRubyXML < Brakeman::BaseCheck
|
|
|
31
31
|
:message => msg(msg_version(rails_version), " with JRuby has a vulnerability in XML parser. Upgrade to ", msg_version(fix_version), " or patch"),
|
|
32
32
|
:confidence => :high,
|
|
33
33
|
:gem_info => gemfile_or_environment,
|
|
34
|
-
:link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ"
|
|
34
|
+
:link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ",
|
|
35
|
+
:cwe_id => [20]
|
|
35
36
|
end
|
|
36
37
|
end
|
|
@@ -26,7 +26,8 @@ class Brakeman::CheckJSONEncoding < Brakeman::BaseCheck
|
|
|
26
26
|
:message => message,
|
|
27
27
|
:confidence => confidence,
|
|
28
28
|
:gem_info => gemfile_or_environment,
|
|
29
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"
|
|
29
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ",
|
|
30
|
+
:cwe_id => [79]
|
|
30
31
|
end
|
|
31
32
|
end
|
|
32
33
|
|
|
@@ -17,7 +17,8 @@ class Brakeman::CheckJSONEntityEscape < Brakeman::BaseCheck
|
|
|
17
17
|
:message => msg("HTML entities in JSON are not escaped by default"),
|
|
18
18
|
:confidence => :medium,
|
|
19
19
|
:file => "config/environments/production.rb",
|
|
20
|
-
:line => 1
|
|
20
|
+
:line => 1,
|
|
21
|
+
:cwe_id => [79]
|
|
21
22
|
end
|
|
22
23
|
end
|
|
23
24
|
|
|
@@ -31,7 +32,8 @@ class Brakeman::CheckJSONEntityEscape < Brakeman::BaseCheck
|
|
|
31
32
|
:warning_code => :json_html_escape_module,
|
|
32
33
|
:message => msg("HTML entities in JSON are not escaped by default"),
|
|
33
34
|
:confidence => :medium,
|
|
34
|
-
:file => "config/environments/production.rb"
|
|
35
|
+
:file => "config/environments/production.rb",
|
|
36
|
+
:cwe_id => [79]
|
|
35
37
|
end
|
|
36
38
|
end
|
|
37
39
|
end
|
|
@@ -33,7 +33,8 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
|
|
|
33
33
|
:message => message,
|
|
34
34
|
:confidence => :high,
|
|
35
35
|
:gem_info => gem_info,
|
|
36
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion"
|
|
36
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion",
|
|
37
|
+
:cwe_id => [74] # TODO: is this the best CWE for this?
|
|
37
38
|
end
|
|
38
39
|
end
|
|
39
40
|
|
|
@@ -98,7 +99,8 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
|
|
|
98
99
|
:message => message,
|
|
99
100
|
:confidence => confidence,
|
|
100
101
|
:gem_info => gemfile_or_environment(name),
|
|
101
|
-
:link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion"
|
|
102
|
+
:link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion",
|
|
103
|
+
:cwe_id => [74] # TODO: is this the best CWE for this?
|
|
102
104
|
end
|
|
103
105
|
|
|
104
106
|
def uses_json_parse?
|
|
@@ -56,7 +56,8 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
|
|
|
56
56
|
:message => message,
|
|
57
57
|
:user_input => input,
|
|
58
58
|
:confidence => :high,
|
|
59
|
-
:link_path => "link_to_href"
|
|
59
|
+
:link_path => "link_to_href",
|
|
60
|
+
:cwe_id => [79]
|
|
60
61
|
end
|
|
61
62
|
elsif not tracker.options[:ignore_model_output] and input = has_immediate_model?(url_arg)
|
|
62
63
|
return if ignore_model_call? url_arg, input or duplicate? result
|
|
@@ -70,7 +71,8 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
|
|
|
70
71
|
:message => message,
|
|
71
72
|
:user_input => input,
|
|
72
73
|
:confidence => :weak,
|
|
73
|
-
:link_path => "link_to_href"
|
|
74
|
+
:link_path => "link_to_href",
|
|
75
|
+
:cwe_id => [79]
|
|
74
76
|
end
|
|
75
77
|
end
|
|
76
78
|
|
|
@@ -25,7 +25,8 @@ class Brakeman::CheckMailTo < Brakeman::BaseCheck
|
|
|
25
25
|
:message => message,
|
|
26
26
|
:confidence => :high,
|
|
27
27
|
:gem_info => gemfile_or_environment, # Probably ignored now
|
|
28
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion"
|
|
28
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion",
|
|
29
|
+
:cwe_id => [79]
|
|
29
30
|
end
|
|
30
31
|
end
|
|
31
32
|
|
|
@@ -99,7 +99,8 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
|
|
|
99
99
|
:message => "Unprotected mass assignment",
|
|
100
100
|
:code => call,
|
|
101
101
|
:user_input => input,
|
|
102
|
-
:confidence => confidence
|
|
102
|
+
:confidence => confidence,
|
|
103
|
+
:cwe_id => [915]
|
|
103
104
|
end
|
|
104
105
|
|
|
105
106
|
res
|
|
@@ -205,7 +206,8 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
|
|
|
205
206
|
:warning_type => "Mass Assignment",
|
|
206
207
|
:warning_code => :mass_assign_permit!,
|
|
207
208
|
:message => msg('Specify exact keys allowed for mass assignment instead of using ', msg_code('permit!'), ' which allows any keys'),
|
|
208
|
-
:confidence => confidence
|
|
209
|
+
:confidence => confidence,
|
|
210
|
+
:cwe_id => [915]
|
|
209
211
|
end
|
|
210
212
|
|
|
211
213
|
def check_permit_all_parameters
|
|
@@ -217,7 +219,8 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
|
|
|
217
219
|
:warning_type => "Mass Assignment",
|
|
218
220
|
:warning_code => :mass_assign_permit_all,
|
|
219
221
|
:message => msg('Mass assignment is globally enabled. Disable and specify exact keys using ', msg_code('params.permit'), ' instead'),
|
|
220
|
-
:confidence => :high
|
|
222
|
+
:confidence => :high,
|
|
223
|
+
:cwe_id => [915]
|
|
221
224
|
end
|
|
222
225
|
end
|
|
223
226
|
end
|
|
@@ -26,7 +26,8 @@ class Brakeman::CheckMimeTypeDoS < Brakeman::BaseCheck
|
|
|
26
26
|
:message => message,
|
|
27
27
|
:confidence => :medium,
|
|
28
28
|
:gem_info => gemfile_or_environment,
|
|
29
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
|
|
29
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
|
|
30
|
+
:cwe_id => [399]
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
def has_workaround?
|
|
@@ -31,7 +31,8 @@ class Brakeman::CheckModelAttrAccessible < Brakeman::BaseCheck
|
|
|
31
31
|
:warning_code => :dangerous_attr_accessible,
|
|
32
32
|
:message => "Potentially dangerous attribute available for mass assignment",
|
|
33
33
|
:confidence => confidence,
|
|
34
|
-
:code => Sexp.new(:lit, attribute)
|
|
34
|
+
:code => Sexp.new(:lit, attribute),
|
|
35
|
+
:cwe_id => [915]
|
|
35
36
|
break # Prevent from matching single attr multiple times
|
|
36
37
|
end
|
|
37
38
|
end
|
|
@@ -23,7 +23,8 @@ class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
|
|
|
23
23
|
:warning_type => "Attribute Restriction",
|
|
24
24
|
:warning_code => :no_attr_accessible,
|
|
25
25
|
:message => msg("Mass assignment is not restricted using ", msg_code("attr_accessible")),
|
|
26
|
-
:confidence => :high
|
|
26
|
+
:confidence => :high,
|
|
27
|
+
:cwe_id => [915] # TODO: Should this be mass assignment?
|
|
27
28
|
elsif not tracker.options[:ignore_attr_protected]
|
|
28
29
|
message, confidence, link = check_for_attr_protected_bypass
|
|
29
30
|
|
|
@@ -39,7 +40,8 @@ class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
|
|
|
39
40
|
:warning_type => "Attribute Restriction",
|
|
40
41
|
:warning_code => warning_code,
|
|
41
42
|
:message => message,
|
|
42
|
-
:confidence => confidence
|
|
43
|
+
:confidence => confidence,
|
|
44
|
+
:cwe_id => [915] # TODO: Should this be mass assignment?
|
|
43
45
|
end
|
|
44
46
|
end
|
|
45
47
|
end
|
|
@@ -61,7 +61,8 @@ class Brakeman::CheckModelSerialize < Brakeman::BaseCheck
|
|
|
61
61
|
:confidence => confidence,
|
|
62
62
|
:link => "https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion",
|
|
63
63
|
:file => model.file,
|
|
64
|
-
:line => model.top_line
|
|
64
|
+
:line => model.top_line,
|
|
65
|
+
:cwe_id => [502]
|
|
65
66
|
end
|
|
66
67
|
end
|
|
67
68
|
end
|
|
@@ -24,7 +24,8 @@ class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck
|
|
|
24
24
|
:message => message,
|
|
25
25
|
:confidence => :high,
|
|
26
26
|
:gem_info => gemfile_or_environment,
|
|
27
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion"
|
|
27
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion",
|
|
28
|
+
:cwe_id => [20]
|
|
28
29
|
end
|
|
29
30
|
end
|
|
30
31
|
|
|
@@ -39,7 +39,8 @@ class Brakeman::CheckNestedAttributesBypass < Brakeman::BaseCheck
|
|
|
39
39
|
:file => model.file,
|
|
40
40
|
:line => args.line,
|
|
41
41
|
:confidence => :medium,
|
|
42
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
|
|
42
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
|
|
43
|
+
:cwe_id => [284]
|
|
43
44
|
end
|
|
44
45
|
|
|
45
46
|
def allow_destroy? arg
|
|
@@ -36,7 +36,8 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
|
|
|
36
36
|
:message => message,
|
|
37
37
|
:confidence => :medium,
|
|
38
38
|
:gem_info => gemfile_or_environment,
|
|
39
|
-
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"
|
|
39
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
|
|
40
|
+
:cwe_id => [79]
|
|
40
41
|
end
|
|
41
42
|
|
|
42
43
|
def check_number_helper_usage
|
|
@@ -69,6 +70,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
|
|
|
69
70
|
:message => msg("Format options in ", msg_code(result[:call].method), " are not safe in ", msg_version(rails_version)),
|
|
70
71
|
:confidence => :high,
|
|
71
72
|
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
|
|
72
|
-
:user_input => match
|
|
73
|
+
:user_input => match,
|
|
74
|
+
:cwe_id => [79]
|
|
73
75
|
end
|
|
74
76
|
end
|
|
@@ -26,7 +26,8 @@ class Brakeman::CheckPageCachingCVE < Brakeman::BaseCheck
|
|
|
26
26
|
:message => message,
|
|
27
27
|
:confidence => confidence,
|
|
28
28
|
:link_path => 'https://groups.google.com/d/msg/rubyonrails-security/CFRVkEytdP8/c5gmICECAgAJ',
|
|
29
|
-
:gem_info => gemfile_or_environment(gem_name)
|
|
29
|
+
:gem_info => gemfile_or_environment(gem_name),
|
|
30
|
+
:cwe_id => [22]
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
def uses_caches_page?
|
|
@@ -38,6 +38,7 @@ class Brakeman::CheckPermitAttributes < Brakeman::BaseCheck
|
|
|
38
38
|
:warning_code => :dangerous_permit_key,
|
|
39
39
|
:message => "Potentially dangerous key allowed for mass assignment",
|
|
40
40
|
:confidence => (confidence || SUSPICIOUS_KEYS[key.value]),
|
|
41
|
-
:user_input => key
|
|
41
|
+
:user_input => key,
|
|
42
|
+
:cwe_id => [915]
|
|
42
43
|
end
|
|
43
44
|
end
|
|
@@ -28,7 +28,8 @@ class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck
|
|
|
28
28
|
:message => message,
|
|
29
29
|
:confidence => confidence,
|
|
30
30
|
:gem_info => gemfile_or_environment,
|
|
31
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion"
|
|
31
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion",
|
|
32
|
+
:cwe_id => [89]
|
|
32
33
|
end
|
|
33
34
|
end
|
|
34
35
|
|
|
@@ -57,7 +57,8 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
|
|
|
57
57
|
:warning_code => :dynamic_render_path,
|
|
58
58
|
:message => message,
|
|
59
59
|
:user_input => input,
|
|
60
|
-
:confidence => confidence
|
|
60
|
+
:confidence => confidence,
|
|
61
|
+
:cwe_id => [22]
|
|
61
62
|
end
|
|
62
63
|
end
|
|
63
64
|
|
|
@@ -78,7 +79,8 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
|
|
|
78
79
|
:warning_code => :dynamic_render_path_rce,
|
|
79
80
|
:message => msg("Passing query parameters to ", msg_code("render"), " is vulnerable in ", msg_version(rails_version), " ", msg_cve("CVE-2016-0752")),
|
|
80
81
|
:user_input => view,
|
|
81
|
-
:confidence => :high
|
|
82
|
+
:confidence => :high,
|
|
83
|
+
:cwe_id => [22]
|
|
82
84
|
end
|
|
83
85
|
end
|
|
84
86
|
end
|
|
@@ -32,6 +32,7 @@ class Brakeman::CheckRenderDoS < Brakeman::BaseCheck
|
|
|
32
32
|
:message => message,
|
|
33
33
|
:confidence => :high,
|
|
34
34
|
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ",
|
|
35
|
-
:gem_info => gemfile_or_environment
|
|
35
|
+
:gem_info => gemfile_or_environment,
|
|
36
|
+
:cwe_id => [20]
|
|
36
37
|
end
|
|
37
38
|
end
|
|
@@ -28,14 +28,16 @@ class Brakeman::CheckRenderInline < Brakeman::CheckCrossSiteScripting
|
|
|
28
28
|
:warning_code => :cross_site_scripting_inline,
|
|
29
29
|
:message => msg("Unescaped ", msg_input(input), " rendered inline"),
|
|
30
30
|
:user_input => input,
|
|
31
|
-
:confidence => :high
|
|
31
|
+
:confidence => :high,
|
|
32
|
+
:cwe_id => [79]
|
|
32
33
|
elsif input = has_immediate_model?(render_value)
|
|
33
34
|
warn :result => result,
|
|
34
35
|
:warning_type => "Cross-Site Scripting",
|
|
35
36
|
:warning_code => :cross_site_scripting_inline,
|
|
36
37
|
:message => "Unescaped model attribute rendered inline",
|
|
37
38
|
:user_input => input,
|
|
38
|
-
:confidence => :medium
|
|
39
|
+
:confidence => :medium,
|
|
40
|
+
:cwe_id => [79]
|
|
39
41
|
end
|
|
40
42
|
end
|
|
41
43
|
end
|
|
@@ -15,7 +15,8 @@ class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck
|
|
|
15
15
|
:message => msg("Rails versions before 2.3.14 have a vulnerability content type handling allowing injection of headers ", msg_cve("CVE-2011-3186")),
|
|
16
16
|
:confidence => :medium,
|
|
17
17
|
:gem_info => gemfile_or_environment,
|
|
18
|
-
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion"
|
|
18
|
+
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion",
|
|
19
|
+
:cwe_id => [94]
|
|
19
20
|
end
|
|
20
21
|
end
|
|
21
22
|
end
|
|
@@ -53,6 +53,7 @@ class Brakeman::CheckReverseTabnabbing < Brakeman::BaseCheck
|
|
|
53
53
|
:message => msg("When opening a link in a new tab without setting ", msg_code('rel: "noopener noreferrer"'),
|
|
54
54
|
", the new tab can control the parent tab's location. For example, an attacker could redirect to a phishing page."),
|
|
55
55
|
:confidence => confidence,
|
|
56
|
-
:user_input => rel
|
|
56
|
+
:user_input => rel,
|
|
57
|
+
:cwe_id => [1022]
|
|
57
58
|
end
|
|
58
59
|
end
|
|
@@ -23,7 +23,8 @@ class Brakeman::CheckRouteDoS < Brakeman::BaseCheck
|
|
|
23
23
|
:message => message,
|
|
24
24
|
:confidence => :medium,
|
|
25
25
|
:gem_info => gemfile_or_environment,
|
|
26
|
-
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
|
|
26
|
+
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
|
|
27
|
+
:cwe_id => [399]
|
|
27
28
|
end
|
|
28
29
|
end
|
|
29
30
|
|
|
@@ -26,6 +26,7 @@ class Brakeman::CheckSafeBufferManipulation < Brakeman::BaseCheck
|
|
|
26
26
|
:warning_code => :safe_buffer_vuln,
|
|
27
27
|
:message => message,
|
|
28
28
|
:confidence => :medium,
|
|
29
|
-
:gem_info => gemfile_or_environment
|
|
29
|
+
:gem_info => gemfile_or_environment,
|
|
30
|
+
:cwe_id => [79]
|
|
30
31
|
end
|
|
31
32
|
end
|