Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
0c37f7de
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
0c37f7de
编写于
2月 04, 2014
作者:
J
Justin
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #439 from presidentbeef/active_record_base_connect_sqli
Also catch #connection calls on ActiveRecord::Base
上级
21201d49
f98e58e7
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
31 addition
and
8 deletion
+31
-8
lib/brakeman/checks/check_sql.rb
lib/brakeman/checks/check_sql.rb
+4
-2
test/apps/rails2/app/models/user.rb
test/apps/rails2/app/models/user.rb
+9
-0
test/tests/rails2.rb
test/tests/rails2.rb
+16
-4
test/tests/tabs_output.rb
test/tests/tabs_output.rb
+2
-2
未找到文件。
lib/brakeman/checks/check_sql.rb
浏览文件 @
0c37f7de
...
...
@@ -40,7 +40,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
Brakeman
.
debug
"Finding possible SQL calls using constantized()"
calls
.
concat
tracker
.
find_call
(
:methods
=>
@sql_targets
).
select
{
|
result
|
constantize_call?
result
}
connect_targets
=
active_record_models
.
keys
<<
nil
connect_targets
=
active_record_models
.
keys
+
[
nil
,
:"ActiveRecord::Base"
]
calls
.
concat
tracker
.
find_call
(
:targets
=>
connect_targets
,
:methods
=>
@connection_calls
,
:chained
=>
true
).
select
{
|
result
|
connect_call?
result
}
Brakeman
.
debug
"Finding calls to named_scope or scope"
...
...
@@ -556,11 +556,13 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
if
call?
target
and
target
.
method
==
:connection
target
=
target
.
target
klass
=
class_name
(
target
)
target
.
nil?
or
target
==
SELF_CLASS
or
node_type?
target
,
:self
or
active_record_models
.
include?
class_name
(
target
)
klass
==
:"ActiveRecord::Base"
or
active_record_models
.
include?
klass
end
end
...
...
test/apps/rails2/app/models/user.rb
浏览文件 @
0c37f7de
...
...
@@ -21,4 +21,13 @@ class User < ActiveRecord::Base
User
.
find
(
:all
,
:conditions
=>
self
.
merge_conditions
(
some_conditions
))
find
(
:all
,
:conditions
=>
User
.
merge_conditions
(
some_conditions
))
end
def
self
.
some_method
(
value
)
results
=
ActiveRecord
::
Base
.
connection
.
execute
(
%Q(SELECT
id
FROM
table t
WHERE
t.something = '
#{
value
}
')
)
end
end
test/tests/rails2.rb
浏览文件 @
0c37f7de
...
...
@@ -12,13 +12,13 @@ class Rails2Tests < Test::Unit::TestCase
:controller
=>
1
,
:model
=>
3
,
:template
=>
45
,
:generic
=>
4
8
}
:generic
=>
4
9
}
else
@expected
||=
{
:controller
=>
1
,
:model
=>
3
,
:template
=>
45
,
:generic
=>
49
}
:generic
=>
50
}
end
end
...
...
@@ -611,6 +611,18 @@ class Rails2Tests < Test::Unit::TestCase
:file
=>
/user\.rb/
,
:relative_path
=>
"app/models/user.rb"
end
def
test_sql_injection_active_record_base_connection
assert_warning
:type
=>
:warning
,
:warning_code
=>
0
,
:fingerprint
=>
"37885d589fc5c41553dcc38b36b506c2e508d1f37ce040eb6dca92a958f858fb"
,
:warning_type
=>
"SQL Injection"
,
:line
=>
26
,
:message
=>
/^Possible\ SQL\ injection/
,
:confidence
=>
1
,
:relative_path
=>
"app/models/user.rb"
,
:user_input
=>
s
(
:lvar
,
:value
)
end
def
test_escape_once
results
=
find
:type
=>
:template
,
...
...
@@ -1252,13 +1264,13 @@ class Rails2WithOptionsTests < Test::Unit::TestCase
:controller
=>
1
,
:model
=>
4
,
:template
=>
45
,
:generic
=>
4
8
}
:generic
=>
4
9
}
else
@expected
||=
{
:controller
=>
1
,
:model
=>
4
,
:template
=>
45
,
:generic
=>
49
}
:generic
=>
50
}
end
end
...
...
test/tests/tabs_output.rb
浏览文件 @
0c37f7de
...
...
@@ -3,9 +3,9 @@ class TestTabsOutput < Test::Unit::TestCase
def
test_reported_warnings
if
Brakeman
::
Scanner
::
RUBY_1_9
assert_equal
98
,
Report
.
lines
.
to_a
.
count
else
assert_equal
99
,
Report
.
lines
.
to_a
.
count
else
assert_equal
100
,
Report
.
lines
.
to_a
.
count
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录