Class: Brakeman::CheckSymbolDoS
- Inherits:
-
BaseCheck
- Object
- SexpProcessor
- BaseCheck
- Brakeman::CheckSymbolDoS
- Defined in:
- lib/brakeman/checks/check_symbol_dos.rb
Constant Summary
Constants inherited from BaseCheck
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseCheck
Attributes inherited from SexpProcessor
Instance Method Summary collapse
Methods inherited from BaseCheck
#add_result, inherited, #initialize, #process_call, #process_cookies, #process_default, #process_if, #process_params, #process_string_interp
Methods included from Util
#array?, #block?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_all!, #process_call_args, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #initialize, #process, #process_dummy, #scope
Constructor Details
This class inherits a constructor from Brakeman::BaseCheck
Instance Method Details
#check_unsafe_symbol_creation(result) ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/brakeman/checks/check_symbol_dos.rb', line 35 def check_unsafe_symbol_creation result return if duplicate? result or result[:call].original_line add_result result call = result[:call] if result[:method] == :to_sym args = [call.target] else args = call.select { |e| sexp? e } end if input = args.map{ |arg| has_immediate_user_input?(arg) }.compact.first confidence = CONFIDENCE[:high] elsif input = args.map{ |arg| include_user_input?(arg) }.compact.first confidence = CONFIDENCE[:med] end if confidence = "Symbol conversion from unsafe string (#{friendly_type_of input})" warn :result => result, :warning_type => "Denial of Service", :warning_code => :unsafe_symbol_creation, :message => , :user_input => input.match, :confidence => confidence end end |
#run_check ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/brakeman/checks/check_symbol_dos.rb', line 8 def run_check fix_version = case when version_between?('2.0.0', '2.3.17') '2.3.18' when version_between?('3.1.0', '3.1.11') '3.1.12' when version_between?('3.2.0', '3.2.12') '3.2.13' else nil end if fix_version && active_record_models.any? warn :warning_type => "Denial of Service", :warning_code => :CVE_2013_1854, :message => "Rails #{tracker.config[:rails_version]} has a denial of service vulnerability in ActiveRecord: upgrade to #{fix_version} or patch", :confidence => CONFIDENCE[:med], :file => gemfile_or_environment, :link => "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ" end tracker.find_call(:methods => [:to_sym, :literal_to_sym], :nested => true).each do |result| check_unsafe_symbol_creation(result) end end |