From 492505f73d7406d5d226f265b39fc2b2d4ce86f9 Mon Sep 17 00:00:00 2001 From: Justin Collins Date: Tue, 11 Sep 2012 17:57:30 -0700 Subject: [PATCH] Add test for old `mail_to` vulnerability --- .../app/controllers/other_controller.rb | 4 ++++ .../app/views/other/test_mail_to.html.erb | 4 ++++ test/apps/rails3/config/routes.rb | 2 ++ test/tests/test_rails3.rb | 19 ++++++++++++++----- 4 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 test/apps/rails3/app/views/other/test_mail_to.html.erb diff --git a/test/apps/rails3/app/controllers/other_controller.rb b/test/apps/rails3/app/controllers/other_controller.rb index a11b7f79..57f3cec4 100644 --- a/test/apps/rails3/app/controllers/other_controller.rb +++ b/test/apps/rails3/app/controllers/other_controller.rb @@ -39,4 +39,8 @@ class OtherController < ApplicationController def test_render_with_nonsymbol_key render x => :y end + + def test_mail_to + @user = User.find(current_user) + end end diff --git a/test/apps/rails3/app/views/other/test_mail_to.html.erb b/test/apps/rails3/app/views/other/test_mail_to.html.erb new file mode 100644 index 00000000..3fcca627 --- /dev/null +++ b/test/apps/rails3/app/views/other/test_mail_to.html.erb @@ -0,0 +1,4 @@ +<%= mail_to @user.email, @user.name, :encode => :javascript %> + +Should not warn: +<%= mail_to @user.email, @user.name, :encode => :hex %> diff --git a/test/apps/rails3/config/routes.rb b/test/apps/rails3/config/routes.rb index 472547b4..8f72e917 100644 --- a/test/apps/rails3/config/routes.rb +++ b/test/apps/rails3/config/routes.rb @@ -11,6 +11,8 @@ Rails3::Application.routes.draw do get "other/test_send_file" + get "other/test_mail_to" + get "home/index" get "home/test_params" diff --git a/test/tests/test_rails3.rb b/test/tests/test_rails3.rb index 6cacdcb0..5fdd56ec 100644 --- a/test/tests/test_rails3.rb +++ b/test/tests/test_rails3.rb @@ -14,7 +14,7 @@ class Rails3Tests < Test::Unit::TestCase @expected ||= { :controller => 1, :model => 5, - :template => 29, + :template => 30, :warning => 30 } end @@ -532,7 +532,7 @@ class Rails3Tests < Test::Unit::TestCase def test_default_routes assert_warning :warning_type => "Default Routes", - :line => 95, + :line => 97, :message => /All public methods in controllers are available as actions/, :file => /routes\.rb/ end @@ -572,7 +572,7 @@ class Rails3Tests < Test::Unit::TestCase def test_string_buffer_manipulation_bug assert_warning :type => :warning, :warning_type => "Cross Site Scripting", - :message => /^Rails 3.0.5 has a vulnerabilty in SafeBuffer. Upgrade to 3.0.12/, + :message => /^Rails 3.0.3 has a vulnerabilty in SafeBuffer. Upgrade to 3.0.12/, :confidence => 1, :file => /Gemfile/ end @@ -653,7 +653,7 @@ class Rails3Tests < Test::Unit::TestCase assert_warning :type => :template, :warning_type => "Cross Site Scripting", :line => 3, - :message => /^Upgrade\ to\ Rails\ 3\.0\.17,\ 3\.0\.5\ select_ta/, + :message => /^Upgrade\ to\ Rails\ 3\.0\.17,\ 3\.0\.3\ select_ta/, :confidence => 0, :file => /test_select_tag\.html\.erb/ end @@ -661,7 +661,7 @@ class Rails3Tests < Test::Unit::TestCase def test_cross_site_scripting_single_quotes_CVE_2012_3464 assert_warning :type => :warning, :warning_type => "Cross Site Scripting", - :message => /^Rails\ 3\.0\.5\ does\ not\ escape\ single\ quote/, + :message => /^Rails\ 3\.0\.3\ does\ not\ escape\ single\ quote/, :confidence => 1, :file => /Gemfile/ end @@ -681,4 +681,13 @@ class Rails3Tests < Test::Unit::TestCase :confidence => 0, :file => /Gemfile/ end + + def test_mail_link_CVE_2011_0446 + assert_warning :type => :template, + :warning_type => "Mail Link", + :line => 1, + :message => /^Vulnerability\ in\ mail_to\ using\ javascrip/, + :confidence => 0, + :file => /Gemfile/ + end end -- GitLab