Class: Brakeman::CheckJSONParsing
- Inherits:
-
BaseCheck
- Object
- SexpProcessor
- BaseCheck
- Brakeman::CheckJSONParsing
- Defined in:
- lib/brakeman/checks/check_json_parsing.rb
Constant Summary
Constants inherited from BaseCheck
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseCheck
Attributes inherited from SexpProcessor
Instance Method Summary collapse
- #check_cve_2013_0269 ⇒ Object
- #check_cve_2013_0333 ⇒ Object
- #check_json_version(name, version) ⇒ Object
- #run_check ⇒ Object
-
#uses_gem_backend? ⇒ Boolean
Check for ‘ActiveSupport::JSON.backend = “JSONGem”`.
- #uses_json_parse? ⇒ Boolean
-
#uses_yajl? ⇒ Boolean
Check if ‘yajl` is included in Gemfile.
Methods inherited from BaseCheck
#add_result, inherited, #initialize, #process_call, #process_cookies, #process_default, #process_if, #process_params, #process_string_interp
Methods included from Util
#array?, #block?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_all!, #process_call_args, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #initialize, #process, #process_dummy, #scope
Constructor Details
This class inherits a constructor from Brakeman::BaseCheck
Instance Method Details
#check_cve_2013_0269 ⇒ Object
56 57 58 59 60 61 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 56 def check_cve_2013_0269 [:json, :json_pure].each do |name| version = tracker.config[:gems] && tracker.config[:gems][name] check_json_version name, version if version end end |
#check_cve_2013_0333 ⇒ Object
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 13 def check_cve_2013_0333 return unless version_between? "0.0.0", "2.3.15" or version_between? "3.0.0", "3.0.19" unless uses_yajl? or uses_gem_backend? new_version = if version_between? "0.0.0", "2.3.14" "2.3.16" elsif version_between? "3.0.0", "3.0.19" "3.0.20" end = "Rails #{tracker.config[:rails_version]} has a serious JSON parsing vulnerability: upgrade to #{new_version} or patch" warn :warning_type => "Remote Code Execution", :warning_code => :CVE_2013_0333, :message => , :confidence => CONFIDENCE[:high], :file => gemfile_or_environment, :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion" end end |
#check_json_version(name, version) ⇒ Object
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 63 def check_json_version name, version return if version >= "1.7.7" or (version >= "1.6.8" and version < "1.7.0") or (version >= "1.5.5" and version < "1.6.0") warning_type = "Denial of Service" confidence = CONFIDENCE[:med] = "#{name} gem version #{version} has a symbol creation vulnerablity: upgrade to " if version >= "1.7.0" confidence = CONFIDENCE[:high] warning_type = "Remote Code Execution" = "#{name} gem version #{version} has a remote code vulnerablity: upgrade to 1.7.7" elsif version >= "1.6.0" << "1.6.8" elsif version >= "1.5.0" << "1.5.5" else confidence = CONFIDENCE[:low] << "1.5.5" end if confidence == CONFIDENCE[:med] and uses_json_parse? confidence = CONFIDENCE[:high] end warn :warning_type => warning_type, :warning_code => :CVE_2013_0269, :message => , :confidence => confidence, :file => gemfile_or_environment, :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion" end |
#run_check ⇒ Object
8 9 10 11 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 8 def run_check check_cve_2013_0333 check_cve_2013_0269 end |
#uses_gem_backend? ⇒ Boolean
Check for ‘ActiveSupport::JSON.backend = “JSONGem”`
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 40 def uses_gem_backend? matches = tracker.check_initializers(:'ActiveSupport::JSON', :backend=) unless matches.empty? json_gem = s(:str, "JSONGem") matches.each do |result| if result.call.first_arg == json_gem return true end end end false end |
#uses_json_parse? ⇒ Boolean
97 98 99 100 101 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 97 def uses_json_parse? return @uses_json_parse unless @uses_json_parse.nil? not tracker.find_call(:target => :JSON, :method => :parse).empty? end |
#uses_yajl? ⇒ Boolean
Check if ‘yajl` is included in Gemfile
35 36 37 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 35 def uses_yajl? tracker.config[:gems] and tracker.config[:gems][:yajl] end |