brakeman 2.6.3 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (61) hide show
  1. checksums.yaml +5 -13
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/CHANGES +19 -0
  5. data/bin/brakeman +1 -1
  6. data/lib/brakeman.rb +4 -2
  7. data/lib/brakeman/app_tree.rb +1 -1
  8. data/lib/brakeman/checks/base_check.rb +9 -7
  9. data/lib/brakeman/checks/check_create_with.rb +1 -1
  10. data/lib/brakeman/checks/check_cross_site_scripting.rb +46 -42
  11. data/lib/brakeman/checks/check_digest_dos.rb +1 -1
  12. data/lib/brakeman/checks/check_escape_function.rb +3 -3
  13. data/lib/brakeman/checks/check_file_disclosure.rb +35 -0
  14. data/lib/brakeman/checks/check_filter_skipping.rb +1 -1
  15. data/lib/brakeman/checks/check_forgery_setting.rb +2 -2
  16. data/lib/brakeman/checks/check_header_dos.rb +1 -1
  17. data/lib/brakeman/checks/check_i18n_xss.rb +2 -3
  18. data/lib/brakeman/checks/check_jruby_xml.rb +1 -1
  19. data/lib/brakeman/checks/check_json_parsing.rb +9 -4
  20. data/lib/brakeman/checks/check_mail_to.rb +1 -1
  21. data/lib/brakeman/checks/check_nested_attributes.rb +1 -1
  22. data/lib/brakeman/checks/check_number_to_currency.rb +1 -1
  23. data/lib/brakeman/checks/check_quote_table_name.rb +1 -1
  24. data/lib/brakeman/checks/check_render.rb +3 -3
  25. data/lib/brakeman/checks/check_render_dos.rb +1 -1
  26. data/lib/brakeman/checks/check_render_inline.rb +42 -0
  27. data/lib/brakeman/checks/check_response_splitting.rb +1 -1
  28. data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +1 -1
  29. data/lib/brakeman/checks/check_simple_format.rb +2 -2
  30. data/lib/brakeman/checks/check_single_quotes.rb +1 -1
  31. data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
  32. data/lib/brakeman/checks/check_sql_cves.rb +2 -2
  33. data/lib/brakeman/checks/check_strip_tags.rb +2 -2
  34. data/lib/brakeman/checks/check_symbol_dos.rb +2 -23
  35. data/lib/brakeman/checks/check_symbol_dos_cve.rb +30 -0
  36. data/lib/brakeman/checks/check_translate_bug.rb +1 -1
  37. data/lib/brakeman/checks/check_yaml_parsing.rb +2 -2
  38. data/lib/brakeman/options.rb +6 -2
  39. data/lib/brakeman/parsers/rails3_erubis.rb +2 -2
  40. data/lib/brakeman/processors/alias_processor.rb +54 -1
  41. data/lib/brakeman/processors/base_processor.rb +0 -8
  42. data/lib/brakeman/processors/controller_alias_processor.rb +40 -2
  43. data/lib/brakeman/processors/controller_processor.rb +5 -3
  44. data/lib/brakeman/processors/gem_processor.rb +13 -9
  45. data/lib/brakeman/processors/lib/basic_processor.rb +17 -0
  46. data/lib/brakeman/processors/lib/find_all_calls.rb +2 -2
  47. data/lib/brakeman/processors/lib/find_call.rb +2 -2
  48. data/lib/brakeman/processors/lib/processor_helper.rb +9 -0
  49. data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -1
  50. data/lib/brakeman/processors/lib/rails2_route_processor.rb +3 -3
  51. data/lib/brakeman/processors/lib/rails3_config_processor.rb +4 -1
  52. data/lib/brakeman/processors/lib/rails3_route_processor.rb +4 -2
  53. data/lib/brakeman/processors/output_processor.rb +1 -7
  54. data/lib/brakeman/report/report_json.rb +1 -1
  55. data/lib/brakeman/tracker.rb +7 -1
  56. data/lib/brakeman/version.rb +1 -1
  57. data/lib/brakeman/warning.rb +15 -1
  58. data/lib/brakeman/warning_codes.rb +3 -0
  59. data/lib/ruby_parser/bm_sexp.rb +17 -5
  60. metadata +55 -56
  61. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NDU2OGUzNjFlZDYyMzU3NGNjODNhOGQxNzczYThmN2Y5NGUxZDYxOQ==
5
- data.tar.gz: !binary |-
6
- MzNiNzA0ZjBmNjZmOGNkOWYxNDgzMTg3YjY2MzIxYTlmNzIxODYzNA==
2
+ SHA1:
3
+ metadata.gz: 8e036c60e03551ca1b437c9c0ba69ba388ec0bf1
4
+ data.tar.gz: 1b2cd12bd7417aa8409dc36d978d40557363c6d6
7
5
  SHA512:
8
- metadata.gz: !binary |-
9
- ZDUyOWJkNzA0NDUzZmZiNTBjZWJlZjZjZWIzYjI2MzJmMDk4NTk5NDBjNjZm
10
- OGUxN2UyNGE3MTA5MDlkMjI2MDg1NjlmNzE1ZGIwZDYwOWExNzFkYzQ0MzBl
11
- ZTExMjIyZGQ4YjRkZTMwMDk1NzAwMjg3Y2RiNGM3NWJiYzFjNWE=
12
- data.tar.gz: !binary |-
13
- YTFlM2JlMmJhN2E4OGJhNzU3N2QzNzcxYWFkMDhlZDhhNTMzM2EyMmI3MGVj
14
- NjBhZGQyN2ViYTAzYzQzOTY3OTcxZGNkNWM3OTljY2YzM2NlYmVkNzRhZTk5
15
- M2IzMDAwOGE4MzM1Y2U0ZTE4MjhkZDY4MzdkNzI3NzE2YWE1MjA=
6
+ metadata.gz: cf9478f1fa9747f397f1c614ee4058f1de4b0c99dc0c444d2ac169ec0d1aa5adf895ea0e804761d148cd7779fcb2f1a9fd6bc1dec73c99beaf005aa5c45ad1c7
7
+ data.tar.gz: 4b71efa6cf9e69e771d4698364d4ec2a7b19c05a1f3d24d8cd72a9e8e8bcb384143c5e06f8b7865d66bfa96ef52ae8a0dc7e302ddd7a65cdb15c8f0ffa21ee7b
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
Binary file
data/CHANGES CHANGED
@@ -1,3 +1,22 @@
1
+ # 3.0.0
2
+
3
+ * Add check for CVE-2014-7829
4
+ * Add check for cross site scripting via inline renders
5
+ * Fix formatting of command interpolation
6
+ * Local variables are no longer formatted as `(local var)`
7
+ * Actually skip skipped before filters
8
+ * `--exit-on-warn --compare` only returns error code on new warnings (Jeff Yip)
9
+ * Fix parsing of `<%==` in ERB
10
+ * Sort warnings by fingerprint in JSON report (Jeff Yip)
11
+ * Handle symmetric multiple assignment
12
+ * Do not branch for self attribute assignment `x = x.y`
13
+ * Fix CVE for CVE-2011-2932
14
+ * Remove "fake filters" from warning fingerpints
15
+ * Index calls in `lib/` files
16
+ * Move Symbol DoS to optional checks
17
+ * CVEs report correct line and file name (Gemfile/Gemfile.lock) (Rob Fletcher)
18
+ * Change `--separate-models` to be the default
19
+
1
20
  # 2.6.3
2
21
 
3
22
  * Whitelist `exists` arel method from SQL injection check
data/bin/brakeman CHANGED
@@ -70,7 +70,7 @@ begin
70
70
  puts MultiJson.dump(vulns, :pretty => true)
71
71
  end
72
72
 
73
- if options[:exit_on_warn] and (vulns[:new].count + vulns[:fixed].count > 0)
73
+ if options[:exit_on_warn] && vulns[:new].count > 0
74
74
  exit Brakeman::Warnings_Found_Exit_Code
75
75
  end
76
76
  else
data/lib/brakeman.rb CHANGED
@@ -19,7 +19,7 @@ module Brakeman
19
19
  # * :app_path - path to root of Rails app (required)
20
20
  # * :assume_all_routes - assume all methods are routes (default: true)
21
21
  # * :check_arguments - check arguments of methods (default: true)
22
- # * :collapse_mass_assignment - report unprotected models in single warning (default: true)
22
+ # * :collapse_mass_assignment - report unprotected models in single warning (default: false)
23
23
  # * :combine_locations - combine warning locations (default: true)
24
24
  # * :config_file - configuration file
25
25
  # * :escape_html - escape HTML by default (automatic)
@@ -28,6 +28,7 @@ module Brakeman
28
28
  # * :highlight_user_input - highlight user input in reported warnings (default: true)
29
29
  # * :html_style - path to CSS file
30
30
  # * :ignore_model_output - consider models safe (default: false)
31
+ # * :index_libs - add libraries to call index (default: true)
31
32
  # * :interprocedural - limited interprocedural processing of method calls (default: false)
32
33
  # * :message_limit - limit length of messages
33
34
  # * :min_confidence - minimum confidence (0-2, 0 is highest)
@@ -122,10 +123,11 @@ module Brakeman
122
123
  :safe_methods => Set.new,
123
124
  :min_confidence => 2,
124
125
  :combine_locations => true,
125
- :collapse_mass_assignment => true,
126
+ :collapse_mass_assignment => false,
126
127
  :highlight_user_input => true,
127
128
  :ignore_redirect_to_model => true,
128
129
  :ignore_model_output => false,
130
+ :index_libs => true,
129
131
  :message_limit => 100,
130
132
  :parallel_checks => true,
131
133
  :relative_path => false,
@@ -71,7 +71,7 @@ module Brakeman
71
71
  end
72
72
 
73
73
  def lib_paths
74
- @lib_files ||= find_paths("lib").reject { |path| path.include? "/generators/" }
74
+ @lib_files ||= find_paths("lib").reject { |path| path.include? "/generators/" or path.include? "lib/tasks/" }
75
75
  end
76
76
 
77
77
  private
@@ -328,7 +328,7 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
328
328
  end
329
329
  elsif sexp? exp
330
330
  case exp.node_type
331
- when :string_interp
331
+ when :string_interp, :dstr
332
332
  exp.each do |e|
333
333
  if sexp? e
334
334
  match = has_immediate_user_input?(e)
@@ -336,7 +336,7 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
336
336
  end
337
337
  end
338
338
  false
339
- when :string_eval
339
+ when :string_eval, :evstr
340
340
  if sexp? exp.value
341
341
  if exp.value.node_type == :rlist
342
342
  exp.value.each_sexp do |e|
@@ -390,14 +390,14 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
390
390
  end
391
391
  elsif sexp? exp
392
392
  case exp.node_type
393
- when :string_interp
393
+ when :string_interp, :dstr
394
394
  exp.each do |e|
395
395
  if sexp? e and match = has_immediate_model?(e, out)
396
396
  return match
397
397
  end
398
398
  end
399
399
  false
400
- when :string_eval
400
+ when :string_eval, :evstr
401
401
  if sexp? exp.value
402
402
  if exp.value.node_type == :rlist
403
403
  exp.value.each_sexp do |e|
@@ -484,11 +484,13 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
484
484
 
485
485
  def lts_version? version
486
486
  tracker.config[:gems][:'railslts-version'] and
487
- version_between? version, "2.3.18.99", tracker.config[:gems][:'railslts-version']
487
+ version_between? version, "2.3.18.99", tracker.config[:gems][:'railslts-version'][:version]
488
488
  end
489
489
 
490
- def gemfile_or_environment
491
- if @app_tree.exists?("Gemfile")
490
+ def gemfile_or_environment gem_name = :rails
491
+ if gem_name and info = tracker.config[:gems][gem_name]
492
+ info
493
+ elsif @app_tree.exists?("Gemfile")
492
494
  "Gemfile"
493
495
  else
494
496
  "config/environment.rb"
@@ -68,7 +68,7 @@ class Brakeman::CheckCreateWith < Brakeman::BaseCheck
68
68
  warn :warning_type => "Mass Assignment",
69
69
  :warning_code => :CVE_2014_3514,
70
70
  :message => @message,
71
- :file => gemfile_or_environment,
71
+ :gem_info => gemfile_or_environment,
72
72
  :confidence => CONFIDENCE[:med],
73
73
  :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
74
74
  end
@@ -35,48 +35,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
35
35
 
36
36
  #Run check
37
37
  def run_check
38
- @ignore_methods = Set[:button_to, :check_box, :content_tag, :escapeHTML, :escape_once,
39
- :field_field, :fields_for, :h, :hidden_field,
40
- :hidden_field, :hidden_field_tag, :image_tag, :label,
41
- :link_to, :mail_to, :radio_button, :select,
42
- :submit_tag, :text_area, :text_field,
43
- :text_field_tag, :url_encode, :url_for,
44
- :will_paginate].merge tracker.options[:safe_methods]
45
-
46
- @models = tracker.models.keys
47
- @inspect_arguments = tracker.options[:check_arguments]
48
-
49
- @known_dangerous = Set[:truncate, :concat]
50
-
51
- if version_between? "2.0.0", "3.0.5"
52
- @known_dangerous << :auto_link
53
- elsif version_between? "3.0.6", "3.0.99"
54
- @ignore_methods << :auto_link
55
- end
56
-
57
- if version_between? "2.0.0", "2.3.14"
58
- @known_dangerous << :strip_tags
59
- end
60
-
61
- json_escape_on = false
62
- initializers = tracker.check_initializers :ActiveSupport, :escape_html_entities_in_json=
63
- initializers.each {|result| json_escape_on = true?(result.call.first_arg) }
64
-
65
- if tracker.config[:rails][:active_support] and
66
- true? tracker.config[:rails][:active_support][:escape_html_entities_in_json]
67
-
68
- json_escape_on = true
69
- elsif version_between? "4.0.0", "5.0.0"
70
- json_escape_on = true
71
- end
72
-
73
- if !json_escape_on or version_between? "0.0.0", "2.0.99"
74
- @known_dangerous << :to_json
75
- Brakeman.debug("Automatic to_json escaping not enabled, consider to_json dangerous")
76
- else
77
- @safe_input_attributes << :to_json
78
- Brakeman.debug("Automatic to_json escaping is enabled.")
79
- end
38
+ setup
80
39
 
81
40
  tracker.each_template do |name, template|
82
41
  Brakeman.debug "Checking #{name} for XSS"
@@ -301,6 +260,51 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
301
260
  exp
302
261
  end
303
262
 
263
+ def setup
264
+ @ignore_methods = Set[:button_to, :check_box, :content_tag, :escapeHTML, :escape_once,
265
+ :field_field, :fields_for, :h, :hidden_field,
266
+ :hidden_field, :hidden_field_tag, :image_tag, :label,
267
+ :link_to, :mail_to, :radio_button, :select,
268
+ :submit_tag, :text_area, :text_field,
269
+ :text_field_tag, :url_encode, :url_for,
270
+ :will_paginate].merge tracker.options[:safe_methods]
271
+
272
+ @models = tracker.models.keys
273
+ @inspect_arguments = tracker.options[:check_arguments]
274
+
275
+ @known_dangerous = Set[:truncate, :concat]
276
+
277
+ if version_between? "2.0.0", "3.0.5"
278
+ @known_dangerous << :auto_link
279
+ elsif version_between? "3.0.6", "3.0.99"
280
+ @ignore_methods << :auto_link
281
+ end
282
+
283
+ if version_between? "2.0.0", "2.3.14"
284
+ @known_dangerous << :strip_tags
285
+ end
286
+
287
+ json_escape_on = false
288
+ initializers = tracker.check_initializers :ActiveSupport, :escape_html_entities_in_json=
289
+ initializers.each {|result| json_escape_on = true?(result.call.first_arg) }
290
+
291
+ if tracker.config[:rails][:active_support] and
292
+ true? tracker.config[:rails][:active_support][:escape_html_entities_in_json]
293
+
294
+ json_escape_on = true
295
+ elsif version_between? "4.0.0", "5.0.0"
296
+ json_escape_on = true
297
+ end
298
+
299
+ if !json_escape_on or version_between? "0.0.0", "2.0.99"
300
+ @known_dangerous << :to_json
301
+ Brakeman.debug("Automatic to_json escaping not enabled, consider to_json dangerous")
302
+ else
303
+ @safe_input_attributes << :to_json
304
+ Brakeman.debug("Automatic to_json escaping is enabled.")
305
+ end
306
+ end
307
+
304
308
  def raw_call? exp
305
309
  exp.value.node_type == :call and exp.value.method == :raw
306
310
  end
@@ -29,7 +29,7 @@ class Brakeman::CheckDigestDoS < Brakeman::BaseCheck
29
29
  :message => message,
30
30
  :confidence => confidence,
31
31
  :link_path => "https://groups.google.com/d/topic/rubyonrails-security/vxJjrc15qYM/discussion",
32
- :file => gemfile_or_environment
32
+ :gem_info => gemfile_or_environment
33
33
  end
34
34
 
35
35
  def with_http_digest?
@@ -11,10 +11,10 @@ class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck
11
11
  if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0'
12
12
 
13
13
  warn :warning_type => 'Cross Site Scripting',
14
- :warning_code => :CVE_2011_2931,
15
- :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2931',
14
+ :warning_code => :CVE_2011_2932,
15
+ :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2932',
16
16
  :confidence => CONFIDENCE[:high],
17
- :file => gemfile_or_environment,
17
+ :gem_info => gemfile_or_environment,
18
18
  :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion"
19
19
  end
20
20
  end
@@ -0,0 +1,35 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ class Brakeman::CheckFileDisclosure < Brakeman::BaseCheck
4
+ Brakeman::Checks.add self
5
+
6
+ @description = "Checks for versions with file existence disclosure vulnerability"
7
+
8
+ def run_check
9
+ fix_version = case
10
+ when version_between?('2.0.0', '2.3.18')
11
+ '3.2.21'
12
+ when version_between?('3.0.0', '3.2.20')
13
+ '3.2.21'
14
+ when version_between?('4.0.0', '4.0.11')
15
+ '4.0.12'
16
+ when version_between?('4.1.0', '4.1.7')
17
+ '4.1.8'
18
+ else
19
+ nil
20
+ end
21
+
22
+ if fix_version and serves_static_assets?
23
+ warn :warning_type => "File Access",
24
+ :warning_code => :CVE_2014_7829,
25
+ :message => "Rails #{tracker.config[:rails_version]} has a file existence disclosure. Upgrade to #{fix_version} or disable serving static assets",
26
+ :confidence => CONFIDENCE[:high],
27
+ :gem_info => gemfile_or_environment,
28
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ"
29
+ end
30
+ end
31
+
32
+ def serves_static_assets?
33
+ true? tracker.config[:rails][:serve_static_assets]
34
+ end
35
+ end
@@ -14,7 +14,7 @@ class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck
14
14
  :warning_code => :CVE_2011_2929,
15
15
  :message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed: CVE-2011-2929",
16
16
  :confidence => CONFIDENCE[:high],
17
- :file => gemfile_or_environment,
17
+ :gem_info => gemfile_or_environment,
18
18
  :link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion"
19
19
  end
20
20
  end
@@ -37,7 +37,7 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
37
37
  :warning_code => :CVE_2011_0447,
38
38
  :message => "CSRF protection is flawed in unpatched versions of Rails #{tracker.config[:rails_version]} (CVE-2011-0447). Upgrade to 2.3.11 or apply patches as needed",
39
39
  :confidence => CONFIDENCE[:high],
40
- :file => gemfile_or_environment,
40
+ :gem_info => gemfile_or_environment,
41
41
  :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
42
42
 
43
43
  elsif version_between? "3.0.0", "3.0.3"
@@ -47,7 +47,7 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
47
47
  :warning_code => :CVE_2011_0447,
48
48
  :message => "CSRF protection is flawed in unpatched versions of Rails #{tracker.config[:rails_version]} (CVE-2011-0447). Upgrade to 3.0.4 or apply patches as needed",
49
49
  :confidence => CONFIDENCE[:high],
50
- :file => gemfile_or_environment,
50
+ :gem_info => gemfile_or_environment,
51
51
  :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
52
52
  end
53
53
  end
@@ -19,7 +19,7 @@ class Brakeman::CheckHeaderDoS < Brakeman::BaseCheck
19
19
  :warning_code => :CVE_2013_6414,
20
20
  :message => message,
21
21
  :confidence => CONFIDENCE[:med],
22
- :file => gemfile_or_environment,
22
+ :gem_info => gemfile_or_environment,
23
23
  :link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"
24
24
  end
25
25
  end
@@ -8,8 +8,7 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
8
8
  def run_check
9
9
  if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1") and not has_workaround?
10
10
  message = "Rails #{tracker.config[:rails_version]} has an XSS vulnerability in i18n (CVE-2013-4491). Upgrade to Rails version "
11
-
12
- i18n_gem = tracker.config[:gems][:i18n]
11
+ i18n_gem = tracker.config[:gems][:i18n][:version] if tracker.config[:gems][:i18n]
13
12
 
14
13
  if version_between? "3.0.6", "3.1.99" and version_before i18n_gem, "0.5.1"
15
14
  message << "3.2.16 or i18n 0.5.1"
@@ -23,7 +22,7 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
23
22
  :warning_code => :CVE_2013_4491,
24
23
  :message => message,
25
24
  :confidence => CONFIDENCE[:med],
26
- :file => gemfile_or_environment,
25
+ :gem_info => gemfile_or_environment(:i18n),
27
26
  :link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"
28
27
  end
29
28
  end
@@ -32,7 +32,7 @@ class Brakeman::CheckJRubyXML < Brakeman::BaseCheck
32
32
  :warning_code => :CVE_2013_1856,
33
33
  :message => "Rails #{tracker.config[:rails_version]} with JRuby has a vulnerability in XML parser: upgrade to #{fix_version} or patch",
34
34
  :confidence => CONFIDENCE[:high],
35
- :file => gemfile_or_environment,
35
+ :gem_info => gemfile_or_environment,
36
36
  :link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ"
37
37
  end
38
38
  end
@@ -21,12 +21,17 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
21
21
  end
22
22
 
23
23
  message = "Rails #{tracker.config[:rails_version]} has a serious JSON parsing vulnerability: upgrade to #{new_version} or patch"
24
+ if uses_yajl?
25
+ gem_info = gemfile_or_environment(:yajl)
26
+ else
27
+ gem_info = gemfile_or_environment
28
+ end
24
29
 
25
30
  warn :warning_type => "Remote Code Execution",
26
31
  :warning_code => :CVE_2013_0333,
27
32
  :message => message,
28
33
  :confidence => CONFIDENCE[:high],
29
- :file => gemfile_or_environment,
34
+ :gem_info => gem_info,
30
35
  :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion"
31
36
  end
32
37
  end
@@ -55,8 +60,8 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
55
60
 
56
61
  def check_cve_2013_0269
57
62
  [:json, :json_pure].each do |name|
58
- version = tracker.config[:gems] && tracker.config[:gems][name]
59
- check_json_version name, version if version
63
+ gem_hash = tracker.config[:gems][name] if tracker.config[:gems]
64
+ check_json_version name, gem_hash[:version] if gem_hash and gem_hash[:version]
60
65
  end
61
66
  end
62
67
 
@@ -90,7 +95,7 @@ class Brakeman::CheckJSONParsing < Brakeman::BaseCheck
90
95
  :warning_code => :CVE_2013_0269,
91
96
  :message => message,
92
97
  :confidence => confidence,
93
- :file => gemfile_or_environment,
98
+ :gem_info => gemfile_or_environment(name),
94
99
  :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion"
95
100
  end
96
101
 
@@ -24,7 +24,7 @@ class Brakeman::CheckMailTo < Brakeman::BaseCheck
24
24
  :warning_code => :CVE_2011_0446,
25
25
  :message => message,
26
26
  :confidence => CONFIDENCE[:high],
27
- :file => gemfile_or_environment,
27
+ :gem_info => gemfile_or_environment,
28
28
  :link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion"
29
29
  end
30
30
  end
@@ -23,7 +23,7 @@ class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck
23
23
  :warning_code => :CVE_2010_3933,
24
24
  :message => message,
25
25
  :confidence => CONFIDENCE[:high],
26
- :file => gemfile_or_environment,
26
+ :gem_info => gemfile_or_environment,
27
27
  :link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion"
28
28
  end
29
29
  end