brakeman 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. data/lib/checks/base_check.rb +7 -11
  2. data/lib/checks/check_cross_site_scripting.rb +2 -2
  3. data/lib/checks/check_escape_function.rb +1 -1
  4. data/lib/checks/check_filter_skipping.rb +1 -1
  5. data/lib/checks/check_quote_table_name.rb +2 -2
  6. data/lib/checks/check_response_splitting.rb +1 -1
  7. data/lib/checks/check_strip_tags.rb +2 -2
  8. data/lib/util.rb +27 -2
  9. data/lib/version.rb +1 -1
  10. metadata +3 -3
data/lib/checks/base_check.rb CHANGED
@@ -56,9 +56,9 @@ class BaseCheck < SexpProcessor
56
56
  process exp[1] if sexp? exp[1]
57
57
  process exp[3]
58
58
 
59
- if ALL_PARAMETERS.include? exp[1] or ALL_PARAMETERS.include? exp or params? exp[1]
59
+ if params? exp[1]
60
60
  @has_user_input = :params
61
- elsif exp[1] == COOKIES or exp == COOKIES or cookies? exp[1]
61
+ elsif cookies? exp[1]
62
62
  @has_user_input = :cookies
63
63
  elsif sexp? exp[1] and model_name? exp[1][1]
64
64
  @has_user_input = :model
@@ -173,20 +173,16 @@ class BaseCheck < SexpProcessor
173
173
  #expression
174
174
  def has_immediate_user_input? exp
175
175
  if exp.nil?
176
- return false
176
+ false
177
177
  elsif params? exp
178
178
  return :params, exp
179
179
  elsif cookies? exp
180
180
  return :cookies, exp
181
181
  elsif call? exp
182
- if sexp? exp[1]
183
- if ALL_PARAMETERS.include? exp[1] or params? exp[1]
184
- return :params, exp
185
- elsif exp[1] == COOKIES or cookies? exp[1]
186
- return :cookies, exp
187
- else
188
- false
189
- end
182
+ if params? exp[1]
183
+ return :params, exp
184
+ elsif cookies? exp[1]
185
+ return :cookies, exp
190
186
  else
191
187
  false
192
188
  end
data/lib/checks/check_cross_site_scripting.rb CHANGED
@@ -202,9 +202,9 @@ class CheckCrossSiteScripting < BaseCheck
202
202
  @matched = false
203
203
  elsif sexp? exp[1] and model_name? exp[1][1]
204
204
  @matched = :model
205
- elsif cookies? exp or cookies? target or COOKIES == exp or COOKIES == target
205
+ elsif cookies? exp
206
206
  @matched = :cookies
207
- elsif @inspect_arguments and (ALL_PARAMETERS.include?(exp) or params? exp)
207
+ elsif @inspect_arguments and params? exp
208
208
  @matched = :params
209
209
  elsif @inspect_arguments
210
210
  process args
data/lib/checks/check_escape_function.rb CHANGED
@@ -10,7 +10,7 @@ class CheckEscapeFunction < BaseCheck
10
10
  if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0'
11
11
 
12
12
  warn :warning_type => 'Cross Site Scripting',
13
- :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8. Upgrade or apply patches as needed.',
13
+ :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2931',
14
14
  :confidence => CONFIDENCE[:high]
15
15
  end
16
16
  end
data/lib/checks/check_filter_skipping.rb CHANGED
@@ -10,7 +10,7 @@ class CheckFilterSkipping < BaseCheck
10
10
  if version_between?('3.0.0', '3.0.9') and uses_arbitrary_actions?
11
11
 
12
12
  warn :warning_type => "Default Routes",
13
- :message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed. Upgrade or apply patches as needed.",
13
+ :message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed: CVE-2011-2929",
14
14
  :confidence => CONFIDENCE[:high]
15
15
  end
16
16
  end
data/lib/checks/check_quote_table_name.rb CHANGED
@@ -17,9 +17,9 @@ class CheckQuoteTableName < BaseCheck
17
17
  end
18
18
 
19
19
  if tracker.config[:rails_version] =~ /^3/
20
- message = "Versions before 3.0.10 have a vulnerability in quote_table_name. Upgrade or apply patches as needed."
20
+ message = "Versions before 3.0.10 have a vulnerability in quote_table_name: CVE-2011-2930"
21
21
  else
22
- message = "Versions before 2.3.14 have a vulnerability in quote_table_name. Upgrade or apply patches as needed."
22
+ message = "Versions before 2.3.14 have a vulnerability in quote_table_name: CVE-2011-2930"
23
23
  end
24
24
 
25
25
  warn :warning_type => "SQL Injection",
data/lib/checks/check_response_splitting.rb CHANGED
@@ -10,7 +10,7 @@ class CheckResponseSplitting < BaseCheck
10
10
  if version_between?('2.3.0', '2.3.13')
11
11
 
12
12
  warn :warning_type => "Response Splitting",
13
- :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers. Upgrade or apply patches as needed.",
13
+ :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers: CVE-2011-3186",
14
14
  :confidence => CONFIDENCE[:med]
15
15
 
16
16
  end
data/lib/checks/check_strip_tags.rb CHANGED
@@ -11,9 +11,9 @@ class CheckStripTags < BaseCheck
11
11
  version_between?('3.0.0', '3.0.9')) and uses_strip_tags?
12
12
 
13
13
  if tracker.config[:rails_version] =~ /^3/
14
- message = "Versions before 3.0.10 have a vulnerability in strip_tags. Upgrade or apply patches as needed."
14
+ message = "Versions before 3.0.10 have a vulnerability in strip_tags: CVE-2011-2931"
15
15
  else
16
- message = "Versions before 2.3.13 have a vulnerability in strip_tags. Upgrade or apply patches as needed."
16
+ message = "Versions before 2.3.13 have a vulnerability in strip_tags: CVE-2011-2931"
17
17
  end
18
18
 
19
19
  warn :warning_type => "Cross Site Scripting",
data/lib/util.rb CHANGED
@@ -127,11 +127,36 @@ module Util
127
127
 
128
128
  #Check if _exp_ is a params hash
129
129
  def params? exp
130
- exp.is_a? Sexp and exp.node_type == :params
130
+ if exp.is_a? Sexp
131
+ return true if exp.node_type == :params or ALL_PARAMETERS.include? exp
132
+
133
+ if exp.node_type == :call
134
+ if params? exp[1]
135
+ return true
136
+ elsif exp[2] == :[]
137
+ return params? exp[1]
138
+ end
139
+ end
140
+ end
141
+
142
+ false
131
143
  end
132
144
 
133
145
  def cookies? exp
134
- exp.is_a? Sexp and exp.node_type == :cookies
146
+ if exp.is_a? Sexp
147
+ return true if exp.node_type == :cookies or exp == COOKIES
148
+
149
+ if exp.node_type == :call
150
+ if cookies? exp[1]
151
+ return true
152
+ elsif exp[2] == :[]
153
+ return cookies? exp[1]
154
+ end
155
+ end
156
+ end
157
+
158
+ false
159
+
135
160
  end
136
161
 
137
162
  #Check if _exp_ is a Sexp.
data/lib/version.rb CHANGED
@@ -1 +1 @@
1
- Version = "0.7.1"
1
+ Version = "0.7.2"
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 7
8
- - 1
9
- version: 0.7.1
8
+ - 2
9
+ version: 0.7.2
10
10
  platform: ruby
11
11
  authors:
12
12
  - Justin Collins
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2011-08-18 00:00:00 -07:00
17
+ date: 2011-08-27 00:00:00 -07:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency