Add check descriptions for -k output

fe7512f8 · Justin Collins · 4ce16d1f · fe7512f8 · fe7512f8 · fe7512f8
27 changed file
--- a/lib/brakeman.rb
+++ b/lib/brakeman.rb
@@ -162,7 +162,9 @@ module Brakeman
    require 'brakeman/scanner'
    $stderr.puts "Available Checks:"
    $stderr.puts "-" * 30
-    $stderr.puts Checks.checks.map { |c| c.to_s.match(/^Brakeman::(.*)$/)[1] }.sort.join "\n"
+    $stderr.puts Checks.checks.map { |c|
+      c.to_s.match(/^Brakeman::(.*)$/)[1].ljust(27) << c.description
+    }.sort.join "\n"
  end

  #Installs Rake task for running Brakeman,

--- a/lib/brakeman/checks/base_check.rb
+++ b/lib/brakeman/checks/base_check.rb
@@ -396,4 +396,8 @@ class Brakeman::BaseCheck < SexpProcessor
      "config/environment.rb"
    end
  end
+
+  def self.description
+    @description
+  end
 end
--- a/lib/brakeman/checks/check_basic_auth.rb
+++ b/lib/brakeman/checks/check_basic_auth.rb
@@ -7,6 +7,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for the use of http_basic_authenticate_with"
+
  def run_check
    return if version_between? "0.0.0", "3.0.99"


--- a/lib/brakeman/checks/check_cross_site_scripting.rb
+++ b/lib/brakeman/checks/check_cross_site_scripting.rb
@@ -14,6 +14,8 @@ require 'set'
 class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for unescaped output in views"
+
  #Model methods which are known to be harmless
  IGNORE_MODEL_METHODS = Set.new([:average, :count, :maximum, :minimum, :sum])


--- a/lib/brakeman/checks/check_default_routes.rb
+++ b/lib/brakeman/checks/check_default_routes.rb
@@ -4,6 +4,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for default routes"
+
  #Checks for :allow_all_actions globally and for individual routes
  #if it is not enabled globally.
  def run_check

--- a/lib/brakeman/checks/check_escape_function.rb
+++ b/lib/brakeman/checks/check_escape_function.rb
@@ -5,6 +5,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for versions before 2.3.14 which have a vulnerable escape method"
+
  def run_check
    if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0' 


--- a/lib/brakeman/checks/check_evaluation.rb
+++ b/lib/brakeman/checks/check_evaluation.rb
@@ -5,6 +5,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckEvaluation < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Searches for evaluation of user input"
+
  #Process calls
  def run_check
    Brakeman.debug "Finding eval-like calls"

--- a/lib/brakeman/checks/check_execute.rb
+++ b/lib/brakeman/checks/check_execute.rb
@@ -11,6 +11,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckExecute < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Finds instances of possible command injection"
+
  #Check models, controllers, and views for command injection.
  def run_check
    Brakeman.debug "Finding system calls using ``"

--- a/lib/brakeman/checks/check_file_access.rb
+++ b/lib/brakeman/checks/check_file_access.rb
@@ -5,6 +5,8 @@ require 'brakeman/processors/lib/processor_helper'
 class Brakeman::CheckFileAccess < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Finds possible file access using user input"
+
  def run_check
    Brakeman.debug "Finding possible file access"
    methods = tracker.find_call :targets => [:Dir, :File, :IO, :Kernel, :"Net::FTP", :"Net::HTTP", :PStore, :Pathname, :Shell, :YAML], :methods => [:[], :chdir, :chroot, :delete, :entries, :foreach, :glob, :install, :lchmod, :lchown, :link, :load, :load_file, :makedirs, :move, :new, :open, :read, :read_lines, :rename, :rmdir, :safe_unlink, :symlink, :syscopy, :sysopen, :truncate, :unlink]

--- a/lib/brakeman/checks/check_filter_skipping.rb
+++ b/lib/brakeman/checks/check_filter_skipping.rb
@@ -5,6 +5,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for versions 3.0-3.0.9 which had a vulnerability in filters"
+
  def run_check
    if version_between?('3.0.0', '3.0.9') and uses_arbitrary_actions?


--- a/lib/brakeman/checks/check_forgery_setting.rb
+++ b/lib/brakeman/checks/check_forgery_setting.rb
@@ -7,6 +7,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Verifies that protect_from_forgery is enabled in ApplicationController"
+
  def run_check
    app_controller = tracker.controllers[:ApplicationController]
    if tracker.config[:rails][:action_controller] and

--- a/lib/brakeman/checks/check_link_to.rb
+++ b/lib/brakeman/checks/check_link_to.rb
@@ -7,6 +7,8 @@ require 'brakeman/checks/check_cross_site_scripting'
 class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
  Brakeman::Checks.add self

+  @description = "Checks for XSS in link_to in versions before 3.0"
+
  def run_check
    return unless version_between?("2.0.0", "2.9.9") and not tracker.config[:escape_html]


--- a/lib/brakeman/checks/check_mail_to.rb
+++ b/lib/brakeman/checks/check_mail_to.rb
@@ -7,6 +7,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckMailTo < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for mail_to XSS vulnerability in certain versions"
+
  def run_check
    if (version_between? "2.3.0", "2.3.10" or version_between? "3.0.0", "3.0.3") and result = mail_to_javascript?
      message = "Vulnerability in mail_to using javascript encoding (CVE-2011-0446). Upgrade to Rails version "

--- a/lib/brakeman/checks/check_mass_assignment.rb
+++ b/lib/brakeman/checks/check_mass_assignment.rb
@@ -7,6 +7,8 @@ require 'set'
 class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Finds instances of mass assignment"
+
  def run_check
    return if mass_assign_disabled?


--- a/lib/brakeman/checks/check_model_attributes.rb
+++ b/lib/brakeman/checks/check_model_attributes.rb
@@ -8,6 +8,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Reports models which do not use attr_restricted and warns on models that use attr_protected"
+
  def run_check
    return if mass_assign_disabled?


--- a/lib/brakeman/checks/check_nested_attributes.rb
+++ b/lib/brakeman/checks/check_nested_attributes.rb
@@ -5,6 +5,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for nested attributes vulnerability in Rails 2.3.9 and 3.0.0"
+
  def run_check
    version = tracker.config[:rails_version]


--- a/lib/brakeman/checks/check_quote_table_name.rb
+++ b/lib/brakeman/checks/check_quote_table_name.rb
@@ -5,6 +5,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for quote_table_name vulnerability in versions before 2.3.14 and 3.0.10"
+
  def run_check
    if (version_between?('2.0.0', '2.3.13') or 
        version_between?('3.0.0', '3.0.9'))

--- a/lib/brakeman/checks/check_redirect.rb
+++ b/lib/brakeman/checks/check_redirect.rb
@@ -8,6 +8,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckRedirect < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Looks for calls to redirect_to with user input as arguments"
+
  def run_check
    Brakeman.debug "Finding calls to redirect_to()"


--- a/lib/brakeman/checks/check_render.rb
+++ b/lib/brakeman/checks/check_render.rb
@@ -4,6 +4,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckRender < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Finds calls to render that might allow file access"
+
  def run_check
    tracker.find_call(:target => nil, :method => :render).each do |result|
      process_render result

--- a/lib/brakeman/checks/check_response_splitting.rb
+++ b/lib/brakeman/checks/check_response_splitting.rb
@@ -5,6 +5,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Report response splitting in Rails 2.3.0 - 2.3.13"
+
  def run_check
    if version_between?('2.3.0', '2.3.13')


--- a/lib/brakeman/checks/check_send_file.rb
+++ b/lib/brakeman/checks/check_send_file.rb
@@ -5,6 +5,8 @@ require 'brakeman/processors/lib/processor_helper'
 class Brakeman::CheckSendFile < Brakeman::CheckFileAccess
  Brakeman::Checks.add self

+  @description = "Check for user input in uses of send_file"
+
  def run_check
    Brakeman.debug "Finding all calls to send_file()"


--- a/lib/brakeman/checks/check_session_settings.rb
+++ b/lib/brakeman/checks/check_session_settings.rb
@@ -4,6 +4,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckSessionSettings < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Checks for session key length and http_only settings"
+
  def initialize *args
    super


--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -11,6 +11,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckSQL < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Check for SQL injection"
+
  def run_check
    @rails_version = tracker.config[:rails_version]


--- a/lib/brakeman/checks/check_strip_tags.rb
+++ b/lib/brakeman/checks/check_strip_tags.rb
@@ -5,6 +5,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckStripTags < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Report strip_tags vulnerability in versions before 2.3.13 and 3.0.10"
+
  def run_check
    if (version_between?('2.0.0', '2.3.12') or 
        version_between?('3.0.0', '3.0.9')) and uses_strip_tags?

--- a/lib/brakeman/checks/check_translate_bug.rb
+++ b/lib/brakeman/checks/check_translate_bug.rb
@@ -5,6 +5,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckTranslateBug < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Report XSS vulnerability in translate helper"
+
  def run_check
    if (version_between?('2.3.0', '2.3.99') and tracker.config[:escape_html]) or
        version_between?('3.0.0', '3.0.10') or

--- a/lib/brakeman/checks/check_validation_regex.rb
+++ b/lib/brakeman/checks/check_validation_regex.rb
@@ -10,6 +10,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckValidationRegex < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Report uses of validates_format_of with improper anchors"
+
  WITH = Sexp.new(:lit, :with)

  def run_check

--- a/lib/brakeman/checks/check_without_protection.rb
+++ b/lib/brakeman/checks/check_without_protection.rb
@@ -7,6 +7,8 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck
  Brakeman::Checks.add self

+  @description = "Check for mass assignment using without_protection"
+
  def run_check
    if version_between? "0.0.0", "3.0.99"
      return