Class: Brakeman::CheckForgerySetting
- Inherits:
-
BaseCheck
- Object
- SexpProcessor
- BaseCheck
- Brakeman::CheckForgerySetting
- Defined in:
- lib/brakeman/checks/check_forgery_setting.rb
Overview
Checks that protect_from_forgery is set in the ApplicationController.
Also warns for CSRF weakness in certain versions of Rails: groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665
Constant Summary
Constants inherited from BaseCheck
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseCheck
Attributes inherited from SexpProcessor
Instance Method Summary collapse
Methods inherited from BaseCheck
#add_result, inherited, #initialize, #process_call, #process_cookies, #process_default, #process_if, #process_params, #process_string_interp
Methods included from Util
#array?, #block?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_all!, #process_call_args, #process_class, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #initialize, #process, #process_dummy, #scope
Constructor Details
This class inherits a constructor from Brakeman::BaseCheck
Instance Method Details
#run_check ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/brakeman/checks/check_forgery_setting.rb', line 12 def run_check app_controller = tracker.controllers[:ApplicationController] if tracker.config[:rails][:action_controller] and tracker.config[:rails][:action_controller][:allow_forgery_protection] == Sexp.new(:false) warn :controller => :ApplicationController, :warning_type => "Cross-Site Request Forgery", :warning_code => :csrf_protection_disabled, :message => "Forgery protection is disabled", :confidence => CONFIDENCE[:high], :file => app_controller[:files].first elsif app_controller and not app_controller[:options][:protect_from_forgery] warn :controller => :ApplicationController, :warning_type => "Cross-Site Request Forgery", :warning_code => :csrf_protection_missing, :message => "'protect_from_forgery' should be called in ApplicationController", :confidence => CONFIDENCE[:high], :file => app_controller[:files].first elsif version_between? "2.1.0", "2.3.10" warn :controller => :ApplicationController, :warning_type => "Cross-Site Request Forgery", :warning_code => :CVE_2011_0447, :message => "CSRF protection is flawed in unpatched versions of Rails #{tracker.config[:rails_version]} (CVE-2011-0447). Upgrade to 2.3.11 or apply patches as needed", :confidence => CONFIDENCE[:high], :gem_info => gemfile_or_environment, :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion" elsif version_between? "3.0.0", "3.0.3" warn :controller => :ApplicationController, :warning_type => "Cross-Site Request Forgery", :warning_code => :CVE_2011_0447, :message => "CSRF protection is flawed in unpatched versions of Rails #{tracker.config[:rails_version]} (CVE-2011-0447). Upgrade to 3.0.4 or apply patches as needed", :confidence => CONFIDENCE[:high], :gem_info => gemfile_or_environment, :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion" end end |