Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
472dc435
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
472dc435
编写于
6月 17, 2015
作者:
J
Justin
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #665 from presidentbeef/add_check_for_CVE-2015-3226
Add check for CVE-2015-3226
上级
cd4e6936
59b61e2a
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
138 addition
and
1 deletion
+138
-1
lib/brakeman/checks/check_json_encoding.rb
lib/brakeman/checks/check_json_encoding.rb
+47
-0
lib/brakeman/warning_codes.rb
lib/brakeman/warning_codes.rb
+1
-0
test/test.rb
test/test.rb
+4
-1
test/tests/cves.rb
test/tests/cves.rb
+86
-0
未找到文件。
lib/brakeman/checks/check_json_encoding.rb
0 → 100644
浏览文件 @
472dc435
require
'brakeman/checks/base_check'
class
Brakeman::CheckJSONEncoding
<
Brakeman
::
BaseCheck
Brakeman
::
Checks
.
add
self
@description
=
"Checks for missing JSON encoding (CVE-2015-3226)"
def
run_check
if
(
version_between?
"4.1.0"
,
"4.1.10"
or
version_between?
"4.2.0"
,
"4.2.1"
)
and
not
has_workaround?
message
=
"Rails
#{
tracker
.
config
[
:rails_version
]
}
does not encode JSON keys (CVE-2015-3226). Upgrade to Rails version "
if
version_between?
"4.1.0"
,
"4.1.10"
message
<<
"4.1.11"
else
message
<<
"4.2.2"
end
if
tracker
.
find_call
(
:methods
=>
[
:to_json
,
:encode
]).
any?
confidence
=
CONFIDENCE
[
:high
]
else
confidence
=
CONFIDENCE
[
:med
]
end
warn
:warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:CVE_2015_3226
,
:message
=>
message
,
:confidence
=>
confidence
,
:gem_info
=>
gemfile_or_environment
,
:link_path
=>
"https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"
end
end
def
has_workaround?
workaround
=
s
(
:module
,
:ActiveSupport
,
s
(
:module
,
:JSON
,
s
(
:module
,
:Encoding
,
s
(
:call
,
nil
,
:private
),
s
(
:class
,
:EscapedString
,
nil
,
s
(
:defn
,
:to_s
,
s
(
:args
),
s
(
:self
))))))
tracker
.
initializers
.
any?
do
|
name
,
initializer
|
initializer
==
workaround
end
end
end
lib/brakeman/warning_codes.rb
浏览文件 @
472dc435
...
...
@@ -88,6 +88,7 @@ module Brakeman::WarningCodes
:cross_site_scripting_inline
=>
84
,
:CVE_2014_7829
=>
85
,
:csrf_not_protected_by_raising_exception
=>
86
,
:CVE_2015_3226
=>
87
,
}
def
self
.
code
name
...
...
test/test.rb
浏览文件 @
472dc435
...
...
@@ -197,7 +197,10 @@ module BrakemanTester::RescanTestHelper
end
def
write_file
file
,
content
File
.
open
full_path
(
file
),
"w+"
do
|
f
|
require
'fileutils'
path
=
full_path
(
file
)
FileUtils
.
mkdir_p
(
File
.
dirname
(
path
))
File
.
open
path
,
"w"
do
|
f
|
f
.
puts
content
end
end
...
...
test/tests/cves.rb
0 → 100644
浏览文件 @
472dc435
require
'brakeman/rescanner'
class
CVETests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
RescanTestHelper
include
BrakemanTester
::
FindWarning
def
report
@rescanner
.
tracker
.
report
.
to_hash
end
def
assert_version
version
,
gem
=
:rails
if
gem
==
:rails
assert_equal
version
,
@rescanner
.
tracker
.
config
[
:rails_version
]
else
assert_equal
version
,
@rescanner
.
tracker
.
config
[
:gems
][
gem
][
:version
]
end
end
def
test_CVE_2015_3226_4_1_1
before_rescan_of
"Gemfile"
,
"rails4"
do
replace
"Gemfile"
,
"4.0.0"
,
"4.1.1"
end
assert_version
"4.1.1"
assert_warning
:type
=>
:warning
,
:warning_code
=>
87
,
:fingerprint
=>
"6c2281400c467a0100bcedeb122bc2cb024d09e538e18f4c7328c3569fff6754"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
4
,
:message
=>
/^Rails\ 4\.1\.1\ does\ not\ encode\ JSON\ keys\ \(C/
,
:confidence
=>
0
,
:relative_path
=>
"Gemfile"
,
:user_input
=>
nil
end
def
test_CVE_2015_3226_4_2_1
before_rescan_of
"Gemfile"
,
"rails4"
do
replace
"Gemfile"
,
"4.0.0"
,
"4.2.1"
end
assert_version
"4.2.1"
assert_warning
:type
=>
:warning
,
:warning_code
=>
87
,
:fingerprint
=>
"6c2281400c467a0100bcedeb122bc2cb024d09e538e18f4c7328c3569fff6754"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
4
,
:message
=>
/^Rails\ 4\.2\.1\ does\ not\ encode\ JSON\ keys\ \(C/
,
:confidence
=>
0
,
:relative_path
=>
"Gemfile"
,
:user_input
=>
nil
end
def
test_CVE_2015_3226_workaround
initializer
=
"config/initializers/json.rb"
before_rescan_of
[
"Gemfile"
,
initializer
],
"rails4"
do
replace
"Gemfile"
,
"4.0.0"
,
"4.2.1"
write_file
initializer
,
<<-
RUBY
module ActiveSupport
module JSON
module Encoding
private
class EscapedString
def to_s
self
end
end
end
end
end
RUBY
end
assert_version
"4.2.1"
assert_no_warning
:type
=>
:warning
,
:warning_code
=>
87
,
:fingerprint
=>
"6c2281400c467a0100bcedeb122bc2cb024d09e538e18f4c7328c3569fff6754"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
4
,
:message
=>
/^Rails\ 4\.2\.1\ does\ not\ encode\ JSON\ keys\ \(C/
,
:confidence
=>
0
,
:relative_path
=>
"Gemfile"
,
:user_input
=>
nil
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录