brakeman 0.7.1 → 0.7.2
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/checks/base_check.rb +7 -11
- data/lib/checks/check_cross_site_scripting.rb +2 -2
- data/lib/checks/check_escape_function.rb +1 -1
- data/lib/checks/check_filter_skipping.rb +1 -1
- data/lib/checks/check_quote_table_name.rb +2 -2
- data/lib/checks/check_response_splitting.rb +1 -1
- data/lib/checks/check_strip_tags.rb +2 -2
- data/lib/util.rb +27 -2
- data/lib/version.rb +1 -1
- metadata +3 -3
data/lib/checks/base_check.rb
CHANGED
@@ -56,9 +56,9 @@ class BaseCheck < SexpProcessor
|
|
56
56
|
process exp[1] if sexp? exp[1]
|
57
57
|
process exp[3]
|
58
58
|
|
59
|
-
if
|
59
|
+
if params? exp[1]
|
60
60
|
@has_user_input = :params
|
61
|
-
elsif
|
61
|
+
elsif cookies? exp[1]
|
62
62
|
@has_user_input = :cookies
|
63
63
|
elsif sexp? exp[1] and model_name? exp[1][1]
|
64
64
|
@has_user_input = :model
|
@@ -173,20 +173,16 @@ class BaseCheck < SexpProcessor
|
|
173
173
|
#expression
|
174
174
|
def has_immediate_user_input? exp
|
175
175
|
if exp.nil?
|
176
|
-
|
176
|
+
false
|
177
177
|
elsif params? exp
|
178
178
|
return :params, exp
|
179
179
|
elsif cookies? exp
|
180
180
|
return :cookies, exp
|
181
181
|
elsif call? exp
|
182
|
-
if
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
return :cookies, exp
|
187
|
-
else
|
188
|
-
false
|
189
|
-
end
|
182
|
+
if params? exp[1]
|
183
|
+
return :params, exp
|
184
|
+
elsif cookies? exp[1]
|
185
|
+
return :cookies, exp
|
190
186
|
else
|
191
187
|
false
|
192
188
|
end
|
@@ -202,9 +202,9 @@ class CheckCrossSiteScripting < BaseCheck
|
|
202
202
|
@matched = false
|
203
203
|
elsif sexp? exp[1] and model_name? exp[1][1]
|
204
204
|
@matched = :model
|
205
|
-
elsif cookies? exp
|
205
|
+
elsif cookies? exp
|
206
206
|
@matched = :cookies
|
207
|
-
elsif @inspect_arguments and
|
207
|
+
elsif @inspect_arguments and params? exp
|
208
208
|
@matched = :params
|
209
209
|
elsif @inspect_arguments
|
210
210
|
process args
|
@@ -10,7 +10,7 @@ class CheckEscapeFunction < BaseCheck
|
|
10
10
|
if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0'
|
11
11
|
|
12
12
|
warn :warning_type => 'Cross Site Scripting',
|
13
|
-
:message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8
|
13
|
+
:message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2931',
|
14
14
|
:confidence => CONFIDENCE[:high]
|
15
15
|
end
|
16
16
|
end
|
@@ -10,7 +10,7 @@ class CheckFilterSkipping < BaseCheck
|
|
10
10
|
if version_between?('3.0.0', '3.0.9') and uses_arbitrary_actions?
|
11
11
|
|
12
12
|
warn :warning_type => "Default Routes",
|
13
|
-
:message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed
|
13
|
+
:message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed: CVE-2011-2929",
|
14
14
|
:confidence => CONFIDENCE[:high]
|
15
15
|
end
|
16
16
|
end
|
@@ -17,9 +17,9 @@ class CheckQuoteTableName < BaseCheck
|
|
17
17
|
end
|
18
18
|
|
19
19
|
if tracker.config[:rails_version] =~ /^3/
|
20
|
-
message = "Versions before 3.0.10 have a vulnerability in quote_table_name
|
20
|
+
message = "Versions before 3.0.10 have a vulnerability in quote_table_name: CVE-2011-2930"
|
21
21
|
else
|
22
|
-
message = "Versions before 2.3.14 have a vulnerability in quote_table_name
|
22
|
+
message = "Versions before 2.3.14 have a vulnerability in quote_table_name: CVE-2011-2930"
|
23
23
|
end
|
24
24
|
|
25
25
|
warn :warning_type => "SQL Injection",
|
@@ -10,7 +10,7 @@ class CheckResponseSplitting < BaseCheck
|
|
10
10
|
if version_between?('2.3.0', '2.3.13')
|
11
11
|
|
12
12
|
warn :warning_type => "Response Splitting",
|
13
|
-
:message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers
|
13
|
+
:message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers: CVE-2011-3186",
|
14
14
|
:confidence => CONFIDENCE[:med]
|
15
15
|
|
16
16
|
end
|
@@ -11,9 +11,9 @@ class CheckStripTags < BaseCheck
|
|
11
11
|
version_between?('3.0.0', '3.0.9')) and uses_strip_tags?
|
12
12
|
|
13
13
|
if tracker.config[:rails_version] =~ /^3/
|
14
|
-
message = "Versions before 3.0.10 have a vulnerability in strip_tags
|
14
|
+
message = "Versions before 3.0.10 have a vulnerability in strip_tags: CVE-2011-2931"
|
15
15
|
else
|
16
|
-
message = "Versions before 2.3.13 have a vulnerability in strip_tags
|
16
|
+
message = "Versions before 2.3.13 have a vulnerability in strip_tags: CVE-2011-2931"
|
17
17
|
end
|
18
18
|
|
19
19
|
warn :warning_type => "Cross Site Scripting",
|
data/lib/util.rb
CHANGED
@@ -127,11 +127,36 @@ module Util
|
|
127
127
|
|
128
128
|
#Check if _exp_ is a params hash
|
129
129
|
def params? exp
|
130
|
-
exp.is_a? Sexp
|
130
|
+
if exp.is_a? Sexp
|
131
|
+
return true if exp.node_type == :params or ALL_PARAMETERS.include? exp
|
132
|
+
|
133
|
+
if exp.node_type == :call
|
134
|
+
if params? exp[1]
|
135
|
+
return true
|
136
|
+
elsif exp[2] == :[]
|
137
|
+
return params? exp[1]
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
|
+
false
|
131
143
|
end
|
132
144
|
|
133
145
|
def cookies? exp
|
134
|
-
exp.is_a? Sexp
|
146
|
+
if exp.is_a? Sexp
|
147
|
+
return true if exp.node_type == :cookies or exp == COOKIES
|
148
|
+
|
149
|
+
if exp.node_type == :call
|
150
|
+
if cookies? exp[1]
|
151
|
+
return true
|
152
|
+
elsif exp[2] == :[]
|
153
|
+
return cookies? exp[1]
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
false
|
159
|
+
|
135
160
|
end
|
136
161
|
|
137
162
|
#Check if _exp_ is a Sexp.
|
data/lib/version.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Version = "0.7.
|
1
|
+
Version = "0.7.2"
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 7
|
8
|
-
-
|
9
|
-
version: 0.7.
|
8
|
+
- 2
|
9
|
+
version: 0.7.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Justin Collins
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-08-
|
17
|
+
date: 2011-08-27 00:00:00 -07:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|