RubyGems - brakeman - Versions diffs - 5.2.3 → 7.0.0 - Mend

brakeman 5.2.3 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (637) hide show

data/lib/brakeman/app_tree.rb CHANGED Viewed

@@ -22,6 +22,8 @@ module Brakeman
       init_options[:additional_libs_path] = options[:additional_libs_path]
       init_options[:engine_paths] = options[:engine_paths]
       init_options[:skip_vendor] = options[:skip_vendor]
+      init_options[:follow_symlinks] = options[:follow_symlinks]
       new(root, init_options)
     end
@@ -50,7 +52,7 @@ module Brakeman
           "#{Regexp.escape f}\\z"
         end
       end
-      Regexp.new("(?:" << path_regexes.join("|") << ")")
+      Regexp.new("(?:#{path_regexes.join("|")})")
     end
     private_class_method(:regex_for_paths)
@@ -64,6 +66,7 @@ module Brakeman
       @absolute_engine_paths = @engine_paths.select { |path| path.start_with?(File::SEPARATOR) }
       @relative_engine_paths = @engine_paths - @absolute_engine_paths
       @skip_vendor = init_options[:skip_vendor]
+      @follow_symlinks = init_options[:follow_symlinks]
       @gemspec = nil
       @root_search_pattern = nil
     end
@@ -161,9 +164,26 @@ module Brakeman
     end
     def glob_files(directory, name, extensions = ".rb")
-      pattern = "#{root_search_pattern}#{directory}/**/#{name}#{extensions}"
+      if @follow_symlinks
+        root_directory = "#{root_search_pattern}#{directory}"
+        patterns = ["#{root_directory}/**/#{name}#{extensions}"]
+        Dir.glob("#{root_directory}/**/*", File::FNM_DOTMATCH).each do |path|
+          if File.symlink?(path) && File.directory?(path)
+            symlink_target = File.readlink(path)
+            if Pathname.new(symlink_target).relative?
+              symlink_target = File.join(File.dirname(path), symlink_target)
+            end
+            patterns << "#{search_pattern(symlink_target)}/**/#{name}#{extensions}"
+          end
+        end
-      Dir.glob(pattern)
+        files = patterns.flat_map { |pattern| Dir.glob(pattern) }
+        files.uniq
+      else
+        pattern = "#{root_search_pattern}#{directory}/**/#{name}#{extensions}"
+        Dir.glob(pattern)
+      end
     end
     def select_files(paths)
@@ -189,32 +209,36 @@ module Brakeman
       end
     end
-    EXCLUDED_PATHS = %w[
-      /generators/
+    EXCLUDED_PATHS = regex_for_paths %w[
+      generators/
       lib/tasks/
       lib/templates/
       db/
       spec/
       test/
       tmp/
-      public/
-      log/
     ]
     def reject_global_excludes(paths)
       paths.reject do |path|
         relative_path = path.relative
-        if @skip_vendor and relative_path.include? 'vendor/'
+        if @skip_vendor and relative_path.include? 'vendor/' and !in_engine_paths?(path) and !in_add_libs_paths?(path)
           true
         else
-          EXCLUDED_PATHS.any? do |excluded|
-            relative_path.include? excluded
-          end
+          match_path EXCLUDED_PATHS, path
         end
       end
     end
+    def in_engine_paths?(path)
+      @engine_paths.any? { |p| path.absolute.include?(p) }
+    end
+    def in_add_libs_paths?(path)
+      @additional_libs_path.any? { |p| path.absolute.include?(p) }
+    end
     def match_path files, path
       absolute_path = Pathname.new(path)
       # relative root never has a leading separator. But, we use a leading
@@ -230,13 +254,16 @@ module Brakeman
     def root_search_pattern
       return @root_search_pattern if @root_search_pattern
+      @root_search_pattern = search_pattern(@root)
+    end
+    def search_pattern(root_dir)
       abs = @absolute_engine_paths.to_a.map { |path| path.gsub(/#{File::SEPARATOR}+$/, '') }
       rel = @relative_engine_paths.to_a.map { |path| path.gsub(/#{File::SEPARATOR}+$/, '') }
-      roots = ([@root] + abs).join(",")
+      roots = ([root_dir] + abs).join(",")
       rel_engines = (rel + [""]).join("/,")
-      @root_search_pattern = "{#{roots}}/{#{rel_engines}}"
+      "{#{roots}}/{#{rel_engines}}"
     end
     def prioritize_concerns paths

data/lib/brakeman/checks/base_check.rb CHANGED Viewed

@@ -76,7 +76,7 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
         @has_user_input = Match.new(:params, exp)
       elsif cookies? target
         @has_user_input = Match.new(:cookies, exp)
-      elsif request_env? target
+      elsif request_headers? target
         @has_user_input = Match.new(:request, exp)
       elsif sexp? target and model_name? target[1] #TODO: Can this be target.target?
         @has_user_input = Match.new(:model, exp)
@@ -313,7 +313,7 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
         return Match.new(:params, exp)
       elsif cookies? exp
         return Match.new(:cookies, exp)
-      elsif request_env? exp
+      elsif request_headers? exp
         return Match.new(:request, exp)
       else
         has_immediate_user_input? exp.target
@@ -467,7 +467,6 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
     version_between? version, "2.3.18.99", tracker.config.gem_version(:'railslts-version')
   end
   def version_between? low_version, high_version, current_version = nil
     tracker.config.version_between? low_version, high_version, current_version
   end

data/lib/brakeman/checks/check_basic_auth.rb CHANGED Viewed

@@ -31,7 +31,8 @@ class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
               :message => "Basic authentication password stored in source code",
               :code => call,
               :confidence => :high,
-              :file => controller.file
+              :file => controller.file,
+              :cwe_id => [259]
           break
         end
       end
@@ -50,7 +51,8 @@ class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
               :warning_type => "Basic Auth",
               :warning_code => :basic_auth_password,
               :message => "Basic authentication password stored in source code",
-              :confidence => :high
+              :confidence => :high,
+              :cwe_id => [259]
       end
     end
   end

data/lib/brakeman/checks/check_basic_auth_timing_attack.rb CHANGED Viewed

@@ -27,7 +27,8 @@ class Brakeman::CheckBasicAuthTimingAttack < Brakeman::BaseCheck
         :warning_code => :CVE_2015_7576,
         :message => msg("Basic authentication in ", msg_version(rails_version), " is vulnerable to timing attacks. Upgrade to ", msg_version(@upgrade)),
         :confidence => :high,
-        :link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
+        :link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
+        :cwe_id => [1254]
     end
   end
 end

data/lib/brakeman/checks/check_content_tag.rb CHANGED Viewed

@@ -73,11 +73,14 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
       check_argument result, content
     end
-    #Attribute keys are never escaped, so check them for user input
-    if not @matched and hash? attributes and not request_value? attributes
-      hash_iterate(attributes) do |k, _v|
-        check_argument result, k
-        return if @matched
+    # This changed in Rails 6.1.6
+    if version_between? '0.0.0', '6.1.5'
+      #Attribute keys are never escaped, so check them for user input
+      if not @matched and hash? attributes and not request_value? attributes
+        hash_iterate(attributes) do |k, _v|
+          check_argument result, k
+          return if @matched
+        end
       end
     end
@@ -117,7 +120,8 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
         :message => message,
         :user_input => input,
         :confidence => :high,
-        :link_path => "content_tag"
+        :link_path => "content_tag",
+        :cwe_id => [79]
     elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(arg)
       unless IGNORE_MODEL_METHODS.include? match.method
@@ -135,7 +139,8 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
           :message => msg("Unescaped model attribute in ", msg_code("content_tag")),
           :user_input => match,
           :confidence => confidence,
-          :link_path => "content_tag"
+          :link_path => "content_tag",
+          :cwe_id => [79]
       end
     elsif @matched
@@ -151,7 +156,8 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
         :message => message,
         :user_input => @matched,
         :confidence => :medium,
-        :link_path => "content_tag"
+        :link_path => "content_tag",
+        :cwe_id => [79]
     end
   end
@@ -195,7 +201,8 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
         :message => msg(msg_version(rails_version), " ", msg_code("content_tag"), " does not escape double quotes in attribute values ", msg_cve("CVE-2016-6316"), ". Upgrade to ", msg_version(fix_version)),
         :confidence => confidence,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ"
+        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ",
+        :cwe_id => [79]
     end
   end

data/lib/brakeman/checks/check_cookie_serialization.rb CHANGED Viewed

@@ -15,7 +15,8 @@ class Brakeman::CheckCookieSerialization < Brakeman::BaseCheck
           :warning_code => :unsafe_cookie_serialization,
           :message => msg("Use of unsafe cookie serialization strategy ", msg_code(setting.value.inspect), " might lead to remote code execution"),
           :confidence => :medium,
-          :link_path => "unsafe_deserialization"
+          :link_path => "unsafe_deserialization",
+          :cwe_id => [565, 502]
       end
     end
   end

data/lib/brakeman/checks/check_create_with.rb CHANGED Viewed

@@ -39,7 +39,8 @@ class Brakeman::CheckCreateWith < Brakeman::BaseCheck
         :result => result,
         :message => @message,
         :confidence => confidence,
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ",
+        :cwe_id => [915]
     end
   end
@@ -69,6 +70,7 @@ class Brakeman::CheckCreateWith < Brakeman::BaseCheck
         :message => @message,
         :gem_info => gemfile_or_environment,
         :confidence => :medium,
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ",
+        :cwe_id => [915]
   end
 end

data/lib/brakeman/checks/check_cross_site_scripting.rb CHANGED Viewed

@@ -82,7 +82,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
         :warning_code => :cross_site_scripting,
         :message => message,
         :code => input.match,
-        :confidence => :high
+        :confidence => :high,
+        :cwe_id => [79]
     elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(out)
       method = if call? match
@@ -116,7 +117,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
           :message => message,
           :code => match,
           :confidence => confidence,
-          :link_path => link_path
+          :link_path => link_path,
+          :cwe_id => [79]
       end
     else
@@ -200,7 +202,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
             :code => exp,
             :user_input => @matched,
             :confidence => confidence,
-            :link_path => link_path
+            :link_path => link_path,
+            :cwe_id => [79]
         end
       end

data/lib/brakeman/checks/check_csrf_token_forgery_cve.rb CHANGED Viewed

@@ -21,7 +21,8 @@ class Brakeman::CheckCSRFTokenForgeryCVE < Brakeman::BaseCheck
         :message => msg(msg_version(rails_version), " has a vulnerability that may allow CSRF token forgery. Upgrade to ", msg_version(fix_version), " or patch"),
         :confidence => :medium,
         :gem_info => gemfile_or_environment,
-        :link => "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
+        :link => "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
+        :cwe_id => [352]
     end
   end
 end

data/lib/brakeman/checks/check_default_routes.rb CHANGED Viewed

@@ -27,7 +27,8 @@ class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
         :message => msg("All public methods in controllers are available as actions in ", msg_file("routes.rb")),
         :line => tracker.routes[:allow_all_actions].line,
         :confidence => :high,
-        :file => "#{tracker.app_path}/config/routes.rb"
+        :file => "#{tracker.app_path}/config/routes.rb",
+        :cwe_id => [22]
     end
   end
@@ -49,7 +50,8 @@ class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
           :message => msg("Any public method in ", msg_code(name), " can be used as an action for ", msg_code(verb), " requests."),
           :line => actions[2],
           :confidence => :medium,
-          :file => "#{tracker.app_path}/config/routes.rb"
+          :file => "#{tracker.app_path}/config/routes.rb",
+          :cwe_id => [22]
       end
     end
   end
@@ -82,7 +84,8 @@ class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
       :message => msg(msg_version(rails_version), " with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to ", msg_version(upgrade)),
       :confidence => confidence,
       :file => "#{tracker.app_path}/config/routes.rb",
-      :link => "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
+      :link => "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf",
+      :cwe_id => [22]
   end
   def allow_all_actions?

data/lib/brakeman/checks/check_deserialize.rb CHANGED Viewed

@@ -76,10 +76,13 @@ class Brakeman::CheckDeserialize < Brakeman::BaseCheck
       confidence = :high
     elsif input = include_user_input?(arg)
       confidence = :medium
+    elsif target == :Marshal
+      confidence = :low
+      message = msg("Use of ", msg_code("#{target}.#{method}"), " may be dangerous")
     end
     if confidence
-      message = msg(msg_code("#{target}.#{method}"), " called with ", msg_input(input))
+      message ||= msg(msg_code("#{target}.#{method}"), " called with ", msg_input(input))
       warn :result => result,
         :warning_type => "Remote Code Execution",
@@ -87,7 +90,8 @@ class Brakeman::CheckDeserialize < Brakeman::BaseCheck
         :message => message,
         :user_input => input,
         :confidence => confidence,
-        :link_path => "unsafe_deserialization"
+        :link_path => "unsafe_deserialization",
+        :cwe_id => [502]
     end
   end

data/lib/brakeman/checks/check_detailed_exceptions.rb CHANGED Viewed

@@ -19,7 +19,8 @@ class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck
            :warning_code => :local_request_config,
            :message => "Detailed exceptions are enabled in production",
            :confidence => :high,
-           :file => "config/environments/production.rb"
+           :file => "config/environments/production.rb",
+           :cwe_id => [200]
     end
   end
@@ -42,7 +43,8 @@ class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck
                :message => msg("Detailed exceptions may be enabled in ", msg_code("show_detailed_exceptions?")),
                :confidence => confidence,
                :code => src,
-               :file => definition[:file]
+               :file => definition[:file],
+               :cwe_id => [200]
         end
       end
     end

data/lib/brakeman/checks/check_digest_dos.rb CHANGED Viewed

@@ -29,7 +29,8 @@ class Brakeman::CheckDigestDoS < Brakeman::BaseCheck
       :message => message,
       :confidence => confidence,
       :link_path => "https://groups.google.com/d/topic/rubyonrails-security/vxJjrc15qYM/discussion",
-      :gem_info => gemfile_or_environment
+      :gem_info => gemfile_or_environment,
+      :cwe_id => [287]
   end
   def with_http_digest?

data/lib/brakeman/checks/check_divide_by_zero.rb CHANGED Viewed

@@ -36,7 +36,8 @@ class Brakeman::CheckDivideByZero < Brakeman::BaseCheck
         :warning_code => :divide_by_zero,
         :message => "Potential division by zero",
         :confidence => confidence,
-        :user_input => denominator
+        :user_input => denominator,
+        :cwe_id => [369]
     end
   end
 end

data/lib/brakeman/checks/check_dynamic_finders.rb CHANGED Viewed

@@ -27,7 +27,8 @@ class Brakeman::CheckDynamicFinders < Brakeman::BaseCheck
             :warning_code => :sql_injection_dynamic_finder,
             :message => "MySQL integer conversion may cause 0 to match any string",
             :confidence => :medium,
-            :user_input => arg
+            :user_input => arg,
+            :cwe_id => [89]
           break
         end

data/lib/brakeman/checks/check_eol_rails.rb CHANGED Viewed

@@ -11,6 +11,8 @@ class Brakeman::CheckEOLRails < Brakeman::EOLCheck
     check_eol_version :rails, RAILS_EOL_DATES
   end
+  # https://rubyonrails.org/maintenance
+  # https://endoflife.date/rails
   RAILS_EOL_DATES = {
     ['2.0.0', '2.3.99'] => Date.new(2013, 6, 25),
     ['3.0.0', '3.2.99'] => Date.new(2016, 6, 30),
@@ -19,5 +21,9 @@ class Brakeman::CheckEOLRails < Brakeman::EOLCheck
     ['5.1.0', '5.1.99'] => Date.new(2019, 8, 25),
     ['5.2.0', '5.2.99'] => Date.new(2022, 6, 1),
     ['6.0.0', '6.0.99'] => Date.new(2023, 6, 1),
+    ['6.1.0', '6.1.99'] => Date.new(2024, 10, 1),
+    ['7.0.0', '7.0.99'] => Date.new(2025, 4, 1),
+    ['7.1.0', '7.1.99'] => Date.new(2025, 10, 1),
+    ['7.2.0', '7.2.99'] => Date.new(2026, 8, 9),
   }
 end

data/lib/brakeman/checks/check_eol_ruby.rb CHANGED Viewed

@@ -21,6 +21,9 @@ class Brakeman::CheckEOLRuby < Brakeman::EOLCheck
     ['2.5.0', '2.5.99'] => Date.new(2021, 3, 31),
     ['2.6.0', '2.6.99'] => Date.new(2022, 3, 31),
     ['2.7.0', '2.7.99'] => Date.new(2023, 3, 31),
-    ['3.0.0', '2.8.99'] => Date.new(2024, 3, 31),
+    ['3.0.0', '3.0.99'] => Date.new(2024, 3, 31),
+    ['3.1.0', '3.1.99'] => Date.new(2025, 3, 31),
+    ['3.2.0', '3.2.99'] => Date.new(2026, 3, 31),
+    ['3.3.0', '3.3.99'] => Date.new(2027, 3, 31),
   }
 end

data/lib/brakeman/checks/check_escape_function.rb CHANGED Viewed

@@ -15,7 +15,8 @@ class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck
         :message => msg("Rails versions before 2.3.14 have a vulnerability in the ", msg_code("escape"), " method when used with Ruby 1.8 ", msg_cve("CVE-2011-2932")),
         :confidence => :high,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion",
+        :cwe_id => [79]
     end
   end
 end

data/lib/brakeman/checks/check_evaluation.rb CHANGED Viewed

@@ -23,12 +23,31 @@ class Brakeman::CheckEvaluation < Brakeman::BaseCheck
     return unless original? result
     if input = include_user_input?(result[:call].arglist)
+      confidence = :high
+      message = msg(msg_input(input), " evaluated as code")
+    elsif string_evaluation? result[:call].first_arg
+      confidence = :low
+      message = "Dynamic string evaluated as code"
+    elsif safe_literal? result[:call].first_arg
+      # don't warn
+    elsif result[:call].method == :eval
+      confidence = :low
+      message = "Dynamic code evaluation"
+    end
+    if confidence
       warn :result => result,
         :warning_type => "Dangerous Eval",
         :warning_code => :code_eval,
-        :message => "User input in eval",
+        :message => message,
         :user_input => input,
-        :confidence => :high
+        :confidence => confidence,
+        :cwe_id => [913, 95]
     end
   end
+  def string_evaluation? exp
+    string_interp? exp or
+      (call? exp and string? exp.target)
+  end
 end

data/lib/brakeman/checks/check_execute.rb CHANGED Viewed

@@ -53,6 +53,7 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
     call = result[:call]
     args = call.arglist
     first_arg = call.first_arg
+    failure = nil
     case call.method
     when :popen
@@ -71,6 +72,33 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
                   dangerous_interp?(first_arg[3]) ||
                   dangerous_string_building?(first_arg[3])
       end
+    when :pipeline, :pipline_r, :pipeline_rw, :pipeline_w, :pipeline_start
+      # Since these pipeline commands pipe together several commands,
+      # need to check each argument. If it's an array, check first argument
+      # (the command) and also check for `bash -c`. Otherwise check the argument
+      # as a unit.
+      args.each do |arg|
+        next unless sexp? arg
+        if array?(arg)
+          # Check first element of array
+          failure = include_user_input?(arg[1]) ||
+            dangerous_interp?(arg[1]) ||
+            dangerous_string_building?(arg[1])
+          # Check for ['bash', '-c', user_input]
+          if dash_c_shell_command?(arg[1], arg[2])
+            failure = include_user_input?(arg[3]) ||
+              dangerous_interp?(arg[3]) ||
+              dangerous_string_building?(arg[3])
+          end
+        else
+          failure = include_user_input?(arg)
+        end
+        break if failure
+      end
     when :system, :exec
       # Normally, if we're in a `system` or `exec` call, we only are worried
       # about shell injection when there's a single argument, because comma-
@@ -117,7 +145,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
         :message => "Possible command injection",
         :code => call,
         :user_input => failure,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe_id => [77]
     end
   end
@@ -138,7 +167,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
           :warning_code => :command_injection,
           :message => msg("Possible command injection in ", msg_code("open")),
           :user_input => match,
-          :confidence => :high
+          :confidence => :high,
+          :cwe_id => [77]
       end
     end
   end
@@ -201,7 +231,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
       :message => "Possible command injection",
       :code => exp,
       :user_input => input,
-      :confidence => confidence
+      :confidence => confidence,
+      :cwe_id => [77]
   end
   # This method expects a :dstr or :evstr node

data/lib/brakeman/checks/check_file_access.rb CHANGED Viewed

@@ -60,7 +60,8 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
         :message => message,
         :confidence => confidence,
         :code => call,
-        :user_input => match
+        :user_input => match,
+        :cwe_id => [22]
     end
   end

data/lib/brakeman/checks/check_file_disclosure.rb CHANGED Viewed

@@ -25,7 +25,8 @@ class Brakeman::CheckFileDisclosure < Brakeman::BaseCheck
         :message => msg(msg_version(rails_version), " has a file existence disclosure vulnerability. Upgrade to ", msg_version(fix_version), " or disable serving static assets"),
         :confidence => :high,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ",
+        :cwe_id => [22]
     end
   end

data/lib/brakeman/checks/check_filter_skipping.rb CHANGED Viewed

@@ -15,7 +15,8 @@ class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck
         :message => msg("Rails versions before 3.0.10 have a vulnerability which allows filters to be bypassed", msg_cve("CVE-2011-2929")),
         :confidence => :high,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion",
+        :cwe_id => [20]
     end
   end

data/lib/brakeman/checks/check_force_ssl.rb CHANGED Viewed

@@ -21,7 +21,8 @@ class Brakeman::CheckForceSSL < Brakeman::BaseCheck
         :message => msg("The application does not force use of HTTPS: ", msg_code("config.force_ssl"), " is not enabled"),
         :confidence => :high,
         :file => "config/environments/production.rb",
-        :line => line
+        :line => line,
+        :cwe_id => [311]
     end
   end
 end

data/lib/brakeman/checks/check_forgery_setting.rb CHANGED Viewed

@@ -52,7 +52,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
     opts = {
       :controller => :ApplicationController,
       :warning_type => "Cross-Site Request Forgery",
-      :confidence => :high
+      :confidence => :high,
+      :cwe_id => [352]
     }.merge opts
     warn opts
@@ -76,6 +77,7 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
       :message => msg("CSRF protection is flawed in unpatched versions of ", msg_version(rails_version), " ", msg_cve("CVE-2011-0447"), ". Upgrade to ", msg_version(new_version), " or apply patches as needed"),
       :gem_info => gemfile_or_environment,
       :file => nil,
-      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
+      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion",
+      :cwe_id => [352]
   end
 end

data/lib/brakeman/checks/check_header_dos.rb CHANGED Viewed

@@ -20,7 +20,8 @@ class Brakeman::CheckHeaderDoS < Brakeman::BaseCheck
         :message => message,
         :confidence => :medium,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"
+        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ",
+        :cwe_id => [20]
     end
   end

data/lib/brakeman/checks/check_i18n_xss.rb CHANGED Viewed

@@ -23,7 +23,8 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
         :message => message,
         :confidence => :medium,
         :gem_info => gemfile_or_environment(:i18n),
-        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"
+        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ",
+        :cwe_id => [79]
     end
   end