brakeman 0.7.1 → 0.7.2

Sign up to get free protection for your applications and to get access to all the features.
@@ -56,9 +56,9 @@ class BaseCheck < SexpProcessor
56
56
  process exp[1] if sexp? exp[1]
57
57
  process exp[3]
58
58
 
59
- if ALL_PARAMETERS.include? exp[1] or ALL_PARAMETERS.include? exp or params? exp[1]
59
+ if params? exp[1]
60
60
  @has_user_input = :params
61
- elsif exp[1] == COOKIES or exp == COOKIES or cookies? exp[1]
61
+ elsif cookies? exp[1]
62
62
  @has_user_input = :cookies
63
63
  elsif sexp? exp[1] and model_name? exp[1][1]
64
64
  @has_user_input = :model
@@ -173,20 +173,16 @@ class BaseCheck < SexpProcessor
173
173
  #expression
174
174
  def has_immediate_user_input? exp
175
175
  if exp.nil?
176
- return false
176
+ false
177
177
  elsif params? exp
178
178
  return :params, exp
179
179
  elsif cookies? exp
180
180
  return :cookies, exp
181
181
  elsif call? exp
182
- if sexp? exp[1]
183
- if ALL_PARAMETERS.include? exp[1] or params? exp[1]
184
- return :params, exp
185
- elsif exp[1] == COOKIES or cookies? exp[1]
186
- return :cookies, exp
187
- else
188
- false
189
- end
182
+ if params? exp[1]
183
+ return :params, exp
184
+ elsif cookies? exp[1]
185
+ return :cookies, exp
190
186
  else
191
187
  false
192
188
  end
@@ -202,9 +202,9 @@ class CheckCrossSiteScripting < BaseCheck
202
202
  @matched = false
203
203
  elsif sexp? exp[1] and model_name? exp[1][1]
204
204
  @matched = :model
205
- elsif cookies? exp or cookies? target or COOKIES == exp or COOKIES == target
205
+ elsif cookies? exp
206
206
  @matched = :cookies
207
- elsif @inspect_arguments and (ALL_PARAMETERS.include?(exp) or params? exp)
207
+ elsif @inspect_arguments and params? exp
208
208
  @matched = :params
209
209
  elsif @inspect_arguments
210
210
  process args
@@ -10,7 +10,7 @@ class CheckEscapeFunction < BaseCheck
10
10
  if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0'
11
11
 
12
12
  warn :warning_type => 'Cross Site Scripting',
13
- :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8. Upgrade or apply patches as needed.',
13
+ :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2931',
14
14
  :confidence => CONFIDENCE[:high]
15
15
  end
16
16
  end
@@ -10,7 +10,7 @@ class CheckFilterSkipping < BaseCheck
10
10
  if version_between?('3.0.0', '3.0.9') and uses_arbitrary_actions?
11
11
 
12
12
  warn :warning_type => "Default Routes",
13
- :message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed. Upgrade or apply patches as needed.",
13
+ :message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed: CVE-2011-2929",
14
14
  :confidence => CONFIDENCE[:high]
15
15
  end
16
16
  end
@@ -17,9 +17,9 @@ class CheckQuoteTableName < BaseCheck
17
17
  end
18
18
 
19
19
  if tracker.config[:rails_version] =~ /^3/
20
- message = "Versions before 3.0.10 have a vulnerability in quote_table_name. Upgrade or apply patches as needed."
20
+ message = "Versions before 3.0.10 have a vulnerability in quote_table_name: CVE-2011-2930"
21
21
  else
22
- message = "Versions before 2.3.14 have a vulnerability in quote_table_name. Upgrade or apply patches as needed."
22
+ message = "Versions before 2.3.14 have a vulnerability in quote_table_name: CVE-2011-2930"
23
23
  end
24
24
 
25
25
  warn :warning_type => "SQL Injection",
@@ -10,7 +10,7 @@ class CheckResponseSplitting < BaseCheck
10
10
  if version_between?('2.3.0', '2.3.13')
11
11
 
12
12
  warn :warning_type => "Response Splitting",
13
- :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers. Upgrade or apply patches as needed.",
13
+ :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers: CVE-2011-3186",
14
14
  :confidence => CONFIDENCE[:med]
15
15
 
16
16
  end
@@ -11,9 +11,9 @@ class CheckStripTags < BaseCheck
11
11
  version_between?('3.0.0', '3.0.9')) and uses_strip_tags?
12
12
 
13
13
  if tracker.config[:rails_version] =~ /^3/
14
- message = "Versions before 3.0.10 have a vulnerability in strip_tags. Upgrade or apply patches as needed."
14
+ message = "Versions before 3.0.10 have a vulnerability in strip_tags: CVE-2011-2931"
15
15
  else
16
- message = "Versions before 2.3.13 have a vulnerability in strip_tags. Upgrade or apply patches as needed."
16
+ message = "Versions before 2.3.13 have a vulnerability in strip_tags: CVE-2011-2931"
17
17
  end
18
18
 
19
19
  warn :warning_type => "Cross Site Scripting",
@@ -127,11 +127,36 @@ module Util
127
127
 
128
128
  #Check if _exp_ is a params hash
129
129
  def params? exp
130
- exp.is_a? Sexp and exp.node_type == :params
130
+ if exp.is_a? Sexp
131
+ return true if exp.node_type == :params or ALL_PARAMETERS.include? exp
132
+
133
+ if exp.node_type == :call
134
+ if params? exp[1]
135
+ return true
136
+ elsif exp[2] == :[]
137
+ return params? exp[1]
138
+ end
139
+ end
140
+ end
141
+
142
+ false
131
143
  end
132
144
 
133
145
  def cookies? exp
134
- exp.is_a? Sexp and exp.node_type == :cookies
146
+ if exp.is_a? Sexp
147
+ return true if exp.node_type == :cookies or exp == COOKIES
148
+
149
+ if exp.node_type == :call
150
+ if cookies? exp[1]
151
+ return true
152
+ elsif exp[2] == :[]
153
+ return cookies? exp[1]
154
+ end
155
+ end
156
+ end
157
+
158
+ false
159
+
135
160
  end
136
161
 
137
162
  #Check if _exp_ is a Sexp.
@@ -1 +1 @@
1
- Version = "0.7.1"
1
+ Version = "0.7.2"
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 7
8
- - 1
9
- version: 0.7.1
8
+ - 2
9
+ version: 0.7.2
10
10
  platform: ruby
11
11
  authors:
12
12
  - Justin Collins
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2011-08-18 00:00:00 -07:00
17
+ date: 2011-08-27 00:00:00 -07:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency