brakeman 0.4.1 → 0.5.0

data/bin/brakeman

@@ -12,6 +12,14 @@ trap("INT") do
   exit!
 end
 
+def list_checks
+  require 'scanner'
+  $stderr.puts "Available Checks:"
+  $stderr.puts "-" * 30
+  $stderr.puts Checks.checks.map { |c| c.to_s }.sort.join "\n"
+  exit
+end
+
 #Parse command line options
 options = {}
 
@@ -130,6 +138,10 @@ OptionParser.new do |opts|
 
   opts.separator ""
 
+  opts.on "-k", "--checks", "List all available vulnerability checks" do
+    options[:list_checks] = true
+  end
+
   opts.on_tail "-h", "--help", "Display this message" do
     puts opts
     exit
@@ -158,6 +170,9 @@ end
   
 OPTIONS = options unless defined? OPTIONS
 
+#List available checks and exits
+list_checks if OPTIONS[:list_checks]
+
 #Set defaults just in case
 { :skip_checks => Set.new, 
   :check_arguments => true, 

data/lib/checks.rb

@@ -13,6 +13,10 @@ class Checks
     @checks << klass
   end
 
+  def self.checks
+    @checks
+  end
+
   #No need to use this directly.
   def initialize
     @warnings = []

data/lib/checks/check_session_settings.rb

@@ -1,13 +1,52 @@
 require 'checks/base_check'
 
+#Checks for session key length and http_only settings
 class CheckSessionSettings < BaseCheck
   Checks.add self
 
+  if OPTIONS[:rails3]
+    SessionSettings = Sexp.new(:call, Sexp.new(:colon2, Sexp.new(:const, :Rails3), :Application), :config, Sexp.new(:arglist))
+  else
+    SessionSettings = Sexp.new(:colon2, Sexp.new(:const, :ActionController), :Base)
+  end
+
   def run_check
     settings = tracker.config[:rails] and
                 tracker.config[:rails][:action_controller] and
                 tracker.config[:rails][:action_controller][:session]
 
+    check_for_issues settings, "#{OPTIONS[:app_path]}/config/environment.rb"
+
+    if tracker.initializers["session_store.rb"]
+      process tracker.initializers["session_store.rb"]
+    end
+  end
+
+  #Looks for ActionController::Base.session = { ... }
+  #in Rails 2.x apps
+  def process_attrasgn exp
+    if not OPTIONS[:rails3] and exp[1] == SessionSettings and exp[2] == :session=
+      check_for_issues exp[3][1], "#{OPTIONS[:app_path]}/config/initializers/session_store.rb"
+      exp
+    else
+      super
+    end
+  end
+
+  #Looks for Rails3::Application.config.session_store :cookie_store, { ... }
+  #in Rails 3.x apps
+  def process_call exp
+    if OPTIONS[:rails3] and exp[1] == SessionSettings and exp[2] == :session_store
+        check_for_issues exp[3][2], "#{OPTIONS[:app_path]}/config/initializers/session_store.rb"
+      exp
+    else
+      super
+    end
+  end
+
+  private
+
+  def check_for_issues settings, file
     if settings and hash? settings
       hash_iterate settings do |key, value|
         if symbol? key
@@ -18,7 +57,9 @@ class CheckSessionSettings < BaseCheck
 
             warn :warning_type => "Session Setting",
               :message => "Session cookies should be set to HTTP only",
-              :confidence => CONFIDENCE[:high]
+              :confidence => CONFIDENCE[:high],
+              :line => key.line,
+              :file => file
 
           elsif key[1] == :secret and 
             string? value and
@@ -26,7 +67,9 @@ class CheckSessionSettings < BaseCheck
 
             warn :warning_type => "Session Setting",
               :message => "Session secret should be at least 30 characters long",
-              :confidence => CONFIDENCE[:high]
+              :confidence => CONFIDENCE[:high],
+              :line => key.line,
+              :file => file
 
           end
         end

data/lib/processor.rb

@@ -75,7 +75,7 @@ class Processor
   def process_initializer name, src
     res = BaseProcessor.new(@tracker).process src
     res = AliasProcessor.new.process res
-    @tracker.initializers[name] = res
+    @tracker.initializers[Pathname.new(name).basename.to_s] = res
   end
 
   #Process source for a library file

data/lib/processors/lib/rails3_route_processor.rb

@@ -106,6 +106,15 @@ class RoutesProcessor < BaseProcessor
 
     if symbol? args[0]
       @tracker.routes[@current_controller] << args[0][1]
+    elsif hash? args[1]
+      hash_iterate args[1] do |k, v|
+        if symbol? k and k[1] == :to and string? v
+          controller, action = extract_action v[1]
+
+          self.current_controller = controller
+          @tracker.routes[@current_controller] << action.to_sym
+        end
+      end
     elsif string? args[0]
       route = args[0][1].split "/"
       if route.length != 2
@@ -154,16 +163,19 @@ class RoutesProcessor < BaseProcessor
   def process_resources_block exp
     process_resources exp[1]
     process exp[3]
+    exp
   end
 
   def process_resource_block exp
     process_resource exp[1]
     process exp[3]
+    exp
   end
 
   def process_scope_block exp
     #How to deal with options?
     process exp[3]
+    exp
   end
 
   def extract_action str

data/lib/version.rb

@@ -1 +1 @@
-Version = "0.4.1"
+Version = "0.5.0"

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
-  - 4
-  - 1
-  version: 0.4.1
+  - 5
+  - 0
+  version: 0.5.0
 platform: ruby
 authors: 
 - Justin Collins
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-23 00:00:00 -07:00
+date: 2011-06-08 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency