11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# File 'lib/tainted_love/replacer/replace_rails_user_input.rb', line 11
def replace!
if Object.const_defined?('ActiveRecord::Base')
ActiveRecord::Base.after_find do
attributes.each do |key, value|
TaintedLove.tag(value.taint, source: "ActiveRecord attribute #{self.class.to_s}##{key}", value: value)
end
end
end
TaintedLove.proxy_method('ActionDispatch::Http::Headers', :[]) do |return_value, *args|
TaintedLove.tag(return_value.taint, source: "headers[#{args.first.inspect}]", value: return_value)
end
if Object.const_defined?('ActionController::Parameters')
ActionController::Parameters.class_eval do
def keys
@parameters.keys.map { |key|
TaintedLove.tag(key.dup.taint, source: "Parameter name #{key.inspect}", value: key)
}
end
end
end
TaintedLove.proxy_method('ActiveSupport::SafeBuffer', :initialize) do |return_value, str|
return_value.tainted_love_tags = str.tainted_love_tags
end
end
|