Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
0e792305
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
0e792305
编写于
5月 22, 2014
作者:
P
Patrick Toomey
提交者:
Justin Collins
5月 26, 2014
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add support for namespaced models
上级
1eb6498b
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
215 addition
and
82 deletion
+215
-82
lib/brakeman/processors/controller_processor.rb
lib/brakeman/processors/controller_processor.rb
+28
-21
lib/brakeman/processors/library_processor.rb
lib/brakeman/processors/library_processor.rb
+28
-21
lib/brakeman/processors/model_processor.rb
lib/brakeman/processors/model_processor.rb
+114
-36
test/apps/rails3.2/app/models/multi_model.rb
test/apps/rails3.2/app/models/multi_model.rb
+17
-0
test/tests/rails32.rb
test/tests/rails32.rb
+28
-4
未找到文件。
lib/brakeman/processors/controller_processor.rb
浏览文件 @
0e792305
...
...
@@ -55,21 +55,24 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
name
=
(
@current_module
[
:name
].
to_s
+
"::"
+
name
.
to_s
).
to_sym
end
if
@tracker
.
controllers
[
name
.
to_sym
]
if
@tracker
.
controllers
[
name
]
@current_class
=
@tracker
.
controllers
[
name
]
@current_class
[
:files
]
<<
@file_name
unless
@current_class
[
:files
].
include?
@file_name
@current_class
[
:src
][
@file_name
]
=
exp
else
@current_class
=
{
:name
=>
name
,
:parent
=>
parent
,
:includes
=>
[],
:public
=>
{},
:private
=>
{},
:protected
=>
{},
:options
=>
{
:before_filters
=>
[]},
:src
=>
{
@file_name
=>
exp
},
:files
=>
[
@file_name
]
}
@tracker
.
controllers
[
@current_class
[
:name
]]
=
@current_class
@current_class
=
{
:name
=>
name
,
:parent
=>
parent
,
:includes
=>
[],
:public
=>
{},
:private
=>
{},
:protected
=>
{},
:options
=>
{
:before_filters
=>
[]},
:src
=>
{
@file_name
=>
exp
},
:files
=>
[
@file_name
]
}
@tracker
.
controllers
[
name
]
=
@current_class
end
exp
.
body
=
process_all!
exp
.
body
...
...
@@ -98,20 +101,24 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
if
@tracker
.
libs
[
name
]
@current_module
=
@tracker
.
libs
[
name
]
@current_module
[
:files
]
<<
@file_name
@current_module
[
:files
]
<<
@file_name
unless
@current_module
[
:files
].
include?
@file_name
@current_module
[
:src
][
@file_name
]
=
exp
else
@current_module
=
{
:name
=>
name
,
:parent
=>
parent
,
:includes
=>
[],
:public
=>
{},
:private
=>
{},
:protected
=>
{},
:options
=>
{
:before_filters
=>
[]},
:src
=>
exp
,
:files
=>
[
@file_name
]
}
@current_module
=
{
:name
=>
name
,
:parent
=>
parent
,
:includes
=>
[],
:public
=>
{},
:private
=>
{},
:protected
=>
{},
:options
=>
{
:before_filters
=>
[]},
:src
=>
{
@file_name
=>
exp
},
:files
=>
[
@file_name
]
}
@tracker
.
libs
[
name
]
=
@current_module
end
exp
.
body
=
process_all!
exp
.
body
if
outer_module
...
...
lib/brakeman/processors/library_processor.rb
浏览文件 @
0e792305
...
...
@@ -8,6 +8,8 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
super
@file_name
=
nil
@alias_processor
=
Brakeman
::
AliasProcessor
.
new
tracker
@current_module
=
nil
@current_class
=
nil
end
def
process_library
src
,
file_name
=
nil
...
...
@@ -17,6 +19,7 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
def
process_class
exp
name
=
class_name
(
exp
.
class_name
)
parent
=
class_name
exp
.
parent_name
if
@current_class
outer_class
=
@current_class
...
...
@@ -32,16 +35,16 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
@current_class
[
:files
]
<<
@file_name
unless
@current_class
[
:files
].
include?
@file_name
@current_class
[
:src
][
@file_name
]
=
exp
else
parent
=
class_name
exp
.
parent_name
@current_class
=
{
:name
=>
name
,
:parent
=>
parent
,
:includes
=>
[]
,
:public
=>
{},
:private
=>
{},
:protected
=>
{
},
:src
=>
{
@file_name
=>
exp
},
:files
=>
[
@file_name
]
}
@current_class
=
{
:name
=>
name
,
:parent
=>
parent
,
:includes
=>
[]
,
:public
=>
{}
,
:private
=>
{},
:protected
=>
{},
:src
=>
{
@file_name
=>
exp
},
:files
=>
[
@file_name
]
}
@tracker
.
libs
[
name
]
=
@current_class
end
...
...
@@ -61,8 +64,8 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
name
=
class_name
(
exp
.
module_name
)
if
@current_module
outer_
class
=
@current_module
name
=
(
outer_
class
[
:name
].
to_s
+
"::"
+
name
.
to_s
).
to_sym
outer_
module
=
@current_module
name
=
(
outer_
module
[
:name
].
to_s
+
"::"
+
name
.
to_s
).
to_sym
end
if
@current_class
...
...
@@ -71,22 +74,26 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
if
@tracker
.
libs
[
name
]
@current_module
=
@tracker
.
libs
[
name
]
@current_module
[
:files
]
<<
@file_name
unless
@current_module
[
:files
].
include?
@file_name
@current_module
[
:src
][
@file_name
]
=
exp
else
@current_module
=
{
:name
=>
name
,
:includes
=>
[],
:public
=>
{},
:private
=>
{},
:protected
=>
{},
:src
=>
exp
,
:files
=>
[
@file_name
]
}
@current_module
=
{
:name
=>
name
,
:includes
=>
[],
:public
=>
{},
:private
=>
{},
:protected
=>
{},
:src
=>
{
@file_name
=>
exp
},
:files
=>
[
@file_name
]
}
@tracker
.
libs
[
name
]
=
@current_module
end
exp
.
body
=
process_all!
exp
.
body
if
outer_
class
@current_module
=
outer_
class
if
outer_
module
@current_module
=
outer_
module
else
@current_module
=
nil
end
...
...
lib/brakeman/processors/model_processor.rb
浏览文件 @
0e792305
...
...
@@ -7,8 +7,9 @@ class Brakeman::ModelProcessor < Brakeman::BaseProcessor
def
initialize
tracker
super
@
model
=
nil
@
current_class
=
nil
@current_method
=
nil
@current_module
=
nil
@visibility
=
:public
@file_name
=
nil
end
...
...
@@ -24,36 +25,101 @@ class Brakeman::ModelProcessor < Brakeman::BaseProcessor
name
=
class_name
(
exp
.
class_name
)
parent
=
class_name
(
exp
.
parent_name
)
if
@model
Brakeman
.
debug
"[Notice] Skipping inner class:
#{
name
}
"
ignore
elsif
@tracker
.
models
[
name
.
to_sym
]
@model
=
@tracker
.
models
[
name
]
@model
[
:files
]
<<
@file_name
unless
@model
[
:files
].
include?
@file_name
exp
.
body
=
process_all!
exp
.
body
@model
=
nil
exp
#If inside an inner class we treat it as a library.
if
@current_class
Brakeman
.
debug
"[Notice] Treating inner class as library:
#{
name
}
"
Brakeman
::
LibraryProcessor
.
new
(
@tracker
).
process_library
exp
,
@file_name
return
exp
end
if
@current_class
outer_class
=
@current_class
name
=
(
outer_class
[
:name
].
to_s
+
"::"
+
name
.
to_s
).
to_sym
end
if
@current_module
name
=
(
@current_module
[
:name
].
to_s
+
"::"
+
name
.
to_s
).
to_sym
end
if
@tracker
.
models
[
name
]
@current_class
=
@tracker
.
models
[
name
]
@current_class
[
:files
]
<<
@file_name
unless
@current_class
[
:files
].
include?
@file_name
@current_class
[
:src
][
@file_name
]
=
exp
else
@model
=
{
:name
=>
name
.
to_sym
,
@current_class
=
{
:name
=>
name
,
:parent
=>
parent
,
:includes
=>
[],
:public
=>
{},
:private
=>
{},
:protected
=>
{},
:options
=>
{},
:src
=>
{
@file_name
=>
exp
},
:associations
=>
{},
:files
=>
[
@file_name
]
}
@tracker
.
models
[
name
]
=
@current_class
end
exp
.
body
=
process_all!
exp
.
body
if
outer_class
@current_class
=
outer_class
else
@current_class
=
nil
end
exp
end
def
process_module
exp
name
=
class_name
(
exp
.
class_name
)
if
@current_module
outer_module
=
@current_module
name
=
(
outer_module
[
:name
].
to_s
+
"::"
+
name
.
to_s
).
to_sym
end
if
@current_class
name
=
(
@current_class
[
:name
].
to_s
+
"::"
+
name
.
to_s
).
to_sym
end
if
@tracker
.
libs
[
name
]
@current_module
=
@tracker
.
libs
[
name
]
@current_module
[
:files
]
<<
@file_name
unless
@current_module
[
:files
].
include?
@file_name
@current_module
[
:src
][
@file_name
]
=
exp
else
@current_module
=
{
:name
=>
name
,
:includes
=>
[],
:public
=>
{},
:private
=>
{},
:protected
=>
{},
:options
=>
{},
:src
=>
{
@file_name
=>
exp
},
:associations
=>
{},
:files
=>
[
@file_name
]
}
@tracker
.
models
[
@model
[
:name
]]
=
@model
exp
.
body
=
process_all!
exp
.
body
@model
=
nil
exp
:files
=>
[
@file_name
]
}
@tracker
.
libs
[
name
]
=
@current_module
end
exp
.
body
=
process_all!
exp
.
body
if
outer_module
@current_module
=
outer_module
else
@current_module
=
nil
end
exp
end
#Handle calls outside of methods,
#such as include, attr_accessible, private, etc.
def
process_call
exp
return
exp
unless
@
model
return
exp
unless
@
current_class
target
=
exp
.
target
if
sexp?
target
target
=
process
target
...
...
@@ -70,36 +136,36 @@ class Brakeman::ModelProcessor < Brakeman::BaseProcessor
when
:private
,
:protected
,
:public
@visibility
=
method
when
:attr_accessible
@
model
[
:attr_accessible
]
||=
[]
@
current_class
[
:attr_accessible
]
||=
[]
else
#??
end
else
case
method
when
:include
@
model
[
:includes
]
<<
class_name
(
first_arg
)
if
@model
@
current_class
[
:includes
]
<<
class_name
(
first_arg
)
if
@current_class
when
:attr_accessible
@
model
[
:attr_accessible
]
||=
[]
@
current_class
[
:attr_accessible
]
||=
[]
args
=
[]
exp
.
each_arg
do
|
e
|
if
node_type?
e
,
:lit
args
<<
e
.
value
elsif
hash
?
e
@
model
[
:options
][:
role_accessible
]
||=
[]
@
model
[
:options
][
:role_accessible
].
concat
args
@
current_class
[
:options
][:
role_accessible
]
||=
[]
@
current_class
[
:options
][
:role_accessible
].
concat
args
end
end
@
model
[
:attr_accessible
].
concat
args
@
current_class
[
:attr_accessible
].
concat
args
else
if
@
model
if
@
current_class
if
ASSOCIATIONS
.
include?
method
@
model
[
:associations
][
method
]
||=
[]
@
model
[
:associations
][
method
].
concat
exp
.
args
@
current_class
[
:associations
][
method
]
||=
[]
@
current_class
[
:associations
][
method
].
concat
exp
.
args
else
@
model
[
:options
][
method
]
||=
[]
@
model
[
:options
][
method
]
<<
exp
.
arglist
.
line
(
exp
.
line
)
@
current_class
[
:options
][
method
]
||=
[]
@
current_class
[
:options
][
method
]
<<
exp
.
arglist
.
line
(
exp
.
line
)
end
end
end
...
...
@@ -114,27 +180,36 @@ class Brakeman::ModelProcessor < Brakeman::BaseProcessor
#Add method definition to tracker
def
process_defn
exp
return
exp
unless
@
model
return
exp
unless
@
current_class
name
=
exp
.
method_name
@current_method
=
name
res
=
Sexp
.
new
:methdef
,
name
,
exp
.
formal_args
,
*
process_all!
(
exp
.
body
)
res
.
line
(
exp
.
line
)
@current_method
=
nil
if
@model
list
=
@model
[
@visibility
]
list
[
name
]
=
{
:src
=>
res
,
:file
=>
@file_name
}
if
@current_class
@current_class
[
@visibility
][
name
]
=
{
:src
=>
res
,
:file
=>
@file_name
}
elsif
@current_module
@current_module
[
@visibility
][
name
]
=
{
:src
=>
res
,
:file
=>
@file_name
}
end
res
end
#Add method definition to tracker
def
process_defs
exp
return
exp
unless
@
model
return
exp
unless
@
current_class
name
=
exp
.
method_name
if
exp
[
1
].
node_type
==
:self
target
=
@model
[
:name
]
if
@current_class
target
=
@current_class
[
:name
]
elsif
@current_module
target
=
@current_module
else
target
=
nil
end
else
target
=
class_name
exp
[
1
]
end
...
...
@@ -143,8 +218,11 @@ class Brakeman::ModelProcessor < Brakeman::BaseProcessor
res
=
Sexp
.
new
:selfdef
,
target
,
name
,
exp
.
formal_args
,
*
process_all!
(
exp
.
body
)
res
.
line
(
exp
.
line
)
@current_method
=
nil
if
@model
@model
[
@visibility
][
name
]
=
{
:src
=>
res
,
:file
=>
@file_name
}
if
@current_class
@current_class
[
@visibility
][
name
]
=
{
:src
=>
res
,
:file
=>
@file_name
}
elsif
@current_module
@current_module
[
@visibility
][
name
]
=
{
:src
=>
res
,
:file
=>
@file_name
}
end
res
end
...
...
test/apps/rails3.2/app/models/multi_model.rb
0 → 100644
浏览文件 @
0e792305
module
MultiModel
class
Model1
<
ActiveRecord
::
Base
def
model_exec
system
params
[
:user_input
]
end
end
class
Model2
<
ActiveRecord
::
Base
def
model_exec
system
params
[
:user_input2
]
end
end
end
test/tests/rails32.rb
浏览文件 @
0e792305
...
...
@@ -16,7 +16,7 @@ class Rails32Tests < Test::Unit::TestCase
:controller
=>
8
,
:model
=>
5
,
:template
=>
11
,
:generic
=>
1
4
}
:generic
=>
1
6
}
if
RUBY_PLATFORM
==
'java'
@expected
[
:generic
]
+=
1
...
...
@@ -336,9 +336,9 @@ class Rails32Tests < Test::Unit::TestCase
:format_code
=>
/params\[:user_input\]/
end
def
test_controller_default_routes
def
test_controller_default_routes
# Test to ensure warnings are generated for loose routes
assert_warning
:type
=>
:controller
,
assert_warning
:type
=>
:controller
,
:warning_type
=>
"Default Routes"
,
:message
=>
/GlobGetController.*get requests/
,
:fingerprint
=>
"6550aaf3da845a600a9c8fb767d08489679a9e3d89554db3c920ddb4eafcfb8e"
,
...
...
@@ -385,5 +385,29 @@ class Rails32Tests < Test::Unit::TestCase
:message
=>
/BarMatchController.*matched requests/
,
:fingerprint
=>
"857efc249dfd1b5086dcf79c35e31ef19a7782d03b3beaa12f55f8634b543d2d"
,
:file
=>
/routes\.rb/
end
end
def
test_command_injection_from_namespaced_model_1
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Command Injection"
,
:class
=>
:"MultiModel::Model1"
,
:line
=>
5
,
:message
=>
/^Possible command injection/
,
:confidence
=>
0
,
:file
=>
/multi_model\.rb/
,
:relative_path
=>
"app/models/multi_model.rb"
,
:format_code
=>
/params\[:user_input\]/
end
def
test_command_injection_from_namespaced_model_2
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Command Injection"
,
:class
=>
:"MultiModel::Model2"
,
:line
=>
13
,
:message
=>
/^Possible command injection/
,
:confidence
=>
0
,
:file
=>
/multi_model\.rb/
,
:relative_path
=>
"app/models/multi_model.rb"
,
:format_code
=>
/params\[:user_input2\]/
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录