Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
a9ae876d
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
a9ae876d
编写于
5月 07, 2013
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Factor out input type in messages and normalize
上级
d60d5d86
变更
12
隐藏空白更改
内联
并排
Showing
12 changed file
with
44 addition
and
145 deletion
+44
-145
lib/brakeman/checks/base_check.rb
lib/brakeman/checks/base_check.rb
+19
-0
lib/brakeman/checks/check_content_tag.rb
lib/brakeman/checks/check_content_tag.rb
+8
-29
lib/brakeman/checks/check_cross_site_scripting.rb
lib/brakeman/checks/check_cross_site_scripting.rb
+3
-19
lib/brakeman/checks/check_file_access.rb
lib/brakeman/checks/check_file_access.rb
+1
-14
lib/brakeman/checks/check_link_to.rb
lib/brakeman/checks/check_link_to.rb
+4
-15
lib/brakeman/checks/check_link_to_href.rb
lib/brakeman/checks/check_link_to_href.rb
+1
-8
lib/brakeman/checks/check_render.rb
lib/brakeman/checks/check_render.rb
+2
-15
lib/brakeman/checks/check_symbol_dos.rb
lib/brakeman/checks/check_symbol_dos.rb
+1
-14
lib/brakeman/checks/check_unsafe_reflection.rb
lib/brakeman/checks/check_unsafe_reflection.rb
+1
-14
lib/brakeman/checks/check_yaml_load.rb
lib/brakeman/checks/check_yaml_load.rb
+1
-14
test/tests/test_rails3.rb
test/tests/test_rails3.rb
+2
-2
test/tests/test_rails31.rb
test/tests/test_rails31.rb
+1
-1
未找到文件。
lib/brakeman/checks/base_check.rb
浏览文件 @
a9ae876d
...
...
@@ -516,4 +516,23 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
@active_record_models
end
def
friendly_type_of
input_type
if
input_type
.
is_a?
Match
input_type
=
input_type
.
type
end
case
input_type
when
:params
"parameter value"
when
:cookies
"cookie value"
when
:request
"request value"
when
:model
"model attribute"
else
"user input"
end
end
end
lib/brakeman/checks/check_content_tag.rb
浏览文件 @
a9ae876d
...
...
@@ -45,7 +45,7 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
call
=
result
[
:call
]
=
result
[
:call
].
dup
args
=
call
.
arglist
args
=
call
.
arglist
tag_name
=
args
[
1
]
content
=
args
[
2
]
...
...
@@ -94,19 +94,12 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
end
if
input
=
has_immediate_user_input?
(
arg
)
case
input
.
type
when
:
params
message
=
"Unescaped parameter value in content_tag"
when
:
cookies
message
=
"Unescaped cookie value in content_tag"
else
message
=
"Unescaped user input value in content_tag"
end
message
=
"Unescaped
#{
friendly_type_of
input
}
in content_tag"
add_result
result
warn
:
result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
:
warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:xss_content_tag
,
:message
=>
message
,
:user_input
=>
input
.
match
,
...
...
@@ -126,7 +119,7 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
end
warn
:result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
:warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:xss_content_tag
,
:message
=>
"Unescaped model attribute in content_tag"
,
:user_input
=>
match
,
...
...
@@ -135,28 +128,14 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
end
elsif
@matched
message
=
"Unescaped "
case
@matched
.
type
when
:model
return
if
tracker
.
options
[
:ignore_model_output
]
message
<<
"model attribute"
when
:params
message
<<
"parameter"
when
:cookies
message
<<
"cookie"
when
:session
message
<<
"session"
else
message
<<
"user input"
end
return
if
@matched
.
type
==
:model
and
tracker
.
options
[
:ignore_model_output
]
message
<<
" value
in content_tag"
message
=
"Unescaped
#{
friendly_type_of
@matched
}
in content_tag"
add_result
result
warn
:result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
warn
:result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:xss_content_tag
,
:message
=>
message
,
:user_input
=>
@matched
.
match
,
...
...
lib/brakeman/checks/check_cross_site_scripting.rb
浏览文件 @
a9ae876d
...
...
@@ -104,16 +104,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
if
input
=
has_immediate_user_input?
(
out
)
add_result
exp
case
input
.
type
when
:params
message
=
"Unescaped parameter value"
when
:cookies
message
=
"Unescaped cookie value"
when
:request
message
=
"Unescaped request value"
else
message
=
"Unescaped user input value"
end
message
=
"Unescaped
#{
friendly_type_of
input
}
"
warn
:template
=>
@current_template
,
:warning_type
=>
"Cross Site Scripting"
,
...
...
@@ -194,15 +185,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
message
=
nil
if
@matched
case
@matched
.
type
when
:model
unless
tracker
.
options
[
:ignore_model_output
]
message
=
"Unescaped model attribute"
end
when
:params
message
=
"Unescaped parameter value"
when
:cookies
message
=
"Unescaped cookie value"
unless
@matched
.
type
and
tracker
.
options
[
:ignore_model_output
]
message
=
"Unescaped
#{
friendly_type_of
@matched
}
"
end
if
message
and
not
duplicate?
exp
...
...
lib/brakeman/checks/check_file_access.rb
浏览文件 @
a9ae876d
...
...
@@ -48,20 +48,7 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
end
if
match
case
match
.
type
when
:params
message
=
"Parameter"
when
:cookies
message
=
"Cookie"
when
:request
message
=
"Request"
when
:model
message
=
"Model attribute"
else
message
=
"User input"
end
message
<<
" value used in file name"
message
=
"
#{
friendly_type_of
(
match
).
capitalize
}
used in file name"
warn
:result
=>
result
,
:warning_type
=>
"File Access"
,
...
...
lib/brakeman/checks/check_link_to.rb
浏览文件 @
a9ae876d
...
...
@@ -68,14 +68,7 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
input
=
has_immediate_user_input?
(
argument
)
return
false
unless
input
case
input
.
type
when
:
params
message
=
"Unescaped parameter value in link_to"
when
:
cookies
message
=
"Unescaped cookie value in link_to"
else
message
=
"Unescaped user input value in link_to"
end
message
=
"Unescaped
#{
friendly_type_of
input
}
in link_to"
warn_xss
(
result
,
message
,
input
.
match
,
CONFIDENCE
[:
high
])
end
...
...
@@ -96,15 +89,11 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
# Check if we should warn about the matched result
def
check_matched
(
result
,
matched
=
nil
)
return
false
unless
matched
message
=
nil
return
false
if
matched
.
type
==
:model
and
not
tracker
.
options
[
:ignore_model_output
]
if
matched
.
type
==
:model
and
not
tracker
.
options
[
:ignore_model_output
]
message
=
"Unescaped model attribute in link_to"
elsif
matched
.
type
==
:params
message
=
"Unescaped parameter value in link_to"
end
message
=
"Unescaped
#{
friendly_type_of
matched
}
in link_to"
message
?
warn_xss
(
result
,
message
,
@matched
.
match
,
CONFIDENCE
[
:med
])
:
false
warn_xss
(
result
,
message
,
@matched
.
match
,
CONFIDENCE
[
:med
])
end
# Create a warn for this xss
...
...
lib/brakeman/checks/check_link_to_href.rb
浏览文件 @
a9ae876d
...
...
@@ -42,14 +42,7 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
if
input
=
has_immediate_user_input?
(
url_arg
)
case
input
.
type
when
:params
message
=
"Unsafe parameter value in link_to href"
when
:cookies
message
=
"Unsafe cookie value in link_to href"
else
message
=
"Unsafe user input value in link_to href"
end
message
=
"Unsafe
#{
friendly_type_of
input
}
in link_to href"
unless
duplicate?
result
add_result
result
...
...
lib/brakeman/checks/check_render.rb
浏览文件 @
a9ae876d
...
...
@@ -47,22 +47,9 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
return
end
message
=
"Render path contains "
case
input
.
type
when
:params
message
<<
"parameter value"
when
:cookies
message
<<
"cookie value"
when
:request
message
<<
"request value"
when
:model
#Skip models
return
else
message
<<
"user input value"
end
return
if
input
.
type
==
:model
#skip models
message
=
"Render path contains
#{
friendly_type_of
input
}
"
warn
:result
=>
result
,
:warning_type
=>
"Dynamic Render Path"
,
...
...
lib/brakeman/checks/check_symbol_dos.rb
浏览文件 @
a9ae876d
...
...
@@ -52,20 +52,7 @@ class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
end
if
confidence
input_type
=
case
input
.
type
when
:params
"parameter value"
when
:cookies
"cookies value"
when
:request
"request value"
when
:model
"model attribute"
else
"user input"
end
message
=
"Symbol conversion from unsafe string (
#{
input_type
}
)"
message
=
"Symbol conversion from unsafe string (
#{
friendly_type_of
input
}
)"
warn
:result
=>
result
,
:warning_type
=>
"Denial of Service"
,
...
...
lib/brakeman/checks/check_unsafe_reflection.rb
浏览文件 @
a9ae876d
...
...
@@ -38,20 +38,7 @@ class Brakeman::CheckUnsafeReflection < Brakeman::BaseCheck
end
if
confidence
input_type
=
case
input
.
type
when
:params
"parameter value"
when
:cookies
"cookies value"
when
:request
"request value"
when
:model
"model attribute"
else
"user input"
end
message
=
"Unsafe Reflection method
#{
method
}
called with
#{
input_type
}
"
message
=
"Unsafe Reflection method
#{
method
}
called with
#{
friendly_type_of
input
}
"
warn
:result
=>
result
,
:warning_type
=>
"Remote Code Execution"
,
...
...
lib/brakeman/checks/check_yaml_load.rb
浏览文件 @
a9ae876d
...
...
@@ -28,20 +28,7 @@ class Brakeman::CheckYAMLLoad < Brakeman::BaseCheck
end
if
confidence
input_type
=
case
input
.
type
when
:params
"parameter value"
when
:cookies
"cookies value"
when
:request
"request value"
when
:model
"model attribute"
else
"user input"
end
message
=
"YAML.
#{
method
}
called with
#{
input_type
}
"
message
=
"YAML.
#{
method
}
called with
#{
friendly_type_of
input
}
"
warn
:result
=>
result
,
:warning_type
=>
"Remote Code Execution"
,
...
...
test/tests/test_rails3.rb
浏览文件 @
a9ae876d
...
...
@@ -1036,7 +1036,7 @@ class Rails3Tests < Test::Unit::TestCase
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Remote Code Execution"
,
:line
=>
125
,
:message
=>
/^YAML\.load\ called\ with\ cookie
s
\ value/
,
:message
=>
/^YAML\.load\ called\ with\ cookie\ value/
,
:confidence
=>
1
,
:file
=>
/home_controller\.rb/
end
...
...
@@ -1064,7 +1064,7 @@ class Rails3Tests < Test::Unit::TestCase
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Remote Code Execution"
,
:line
=>
131
,
:message
=>
/^YAML\.load_stream\ called\ with\ cookie
s\ val
/
,
:message
=>
/^YAML\.load_stream\ called\ with\ cookie
\ value
/
,
:confidence
=>
0
,
:file
=>
/home_controller\.rb/
end
...
...
test/tests/test_rails31.rb
浏览文件 @
a9ae876d
...
...
@@ -718,7 +718,7 @@ class Rails31Tests < Test::Unit::TestCase
assert_warning
:type
=>
:warning
,
:warning_type
=>
"File Access"
,
:line
=>
109
,
:message
=>
/^Model attribute\
value\
used\ in\ file\ name/
,
:message
=>
/^Model attribute\ used\ in\ file\ name/
,
:confidence
=>
1
,
:file
=>
/users_controller\.rb/
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录