Add check for CVE-2013-6417 (query generation)

566cb53c · Justin Collins · c69e419f · 566cb53c · 566cb53c · 566cb53c
8 changed file
--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -556,6 +556,11 @@ def check_rails_versions_against_cve_issues
        :versions => [%w[2.0.0 2.3.15 2.3.16], %w[3.0.0 3.0.18 3.0.19], %w[3.1.0 3.1.9 3.1.10], %w[3.2.0 3.2.10 3.2.11]],
        :url => "https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion"
      },
+      {
+        :cve => "CVE-2013-6417",
+        :versions => [%w[2.0.0 3.2.15 3.2.16], %w[4.0.0 4.0.1 4.0.2]],
+        :url => "https://groups.google.com/d/msg/ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ"
+      },
    ].each do |cve_issue|
      cve_warning_for cve_issue[:versions], cve_issue[:cve], cve_issue[:url]
    end

--- a/lib/brakeman/warning_codes.rb
+++ b/lib/brakeman/warning_codes.rb
@@ -69,6 +69,7 @@ module Brakeman::WarningCodes
    :CVE_2013_6415_call => 66,
    :CVE_2013_6416 => 67,
    :CVE_2013_6416_call => 68,
+    :CVE_2013_6417 => 69,
  }

  def self.code name

--- a/test/tests/only_files_option.rb
+++ b/test/tests/only_files_option.rb
@@ -87,4 +87,15 @@ class OnlyFilesOptionTests < Test::Unit::TestCase
      :user_input => nil
  end

+  def test_sql_injection_CVE_2013_6417
+    assert_warning :type => :warning,
+      :warning_code => 69,
+      :fingerprint => "e1b66f4311771d714a13be519693c540d7e917511a758827d9b2a0a7f958e40f",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 3\.2\.9\.rc2 contains\ a\ SQL\ injection\ vul/,
+      :confidence => 0,
+      :relative_path => "Gemfile",
+      :user_input => nil
+  end
 end
--- a/test/tests/rails2.rb
+++ b/test/tests/rails2.rb
@@ -965,6 +965,18 @@ class Rails2Tests < Test::Unit::TestCase
      :relative_path => "config/environment.rb"
  end

+  def test_sql_injection_CVE_2013_6417
+    assert_warning :type => :warning,
+      :warning_code => 69,
+      :fingerprint => "378978cda99add8404dd38db466f6ffa0b824ea8c57270d98869241a240d12a6",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 2\.3\.11\ contains\ a\ SQL\ injection\ vu/,
+      :confidence => 0,
+      :relative_path => "config/environment.rb",
+      :user_input => nil
+  end
+
  def test_to_json
    assert_warning :type => :template,
      :warning_type => "Cross Site Scripting",

--- a/test/tests/rails3.rb
+++ b/test/tests/rails3.rb
@@ -1111,6 +1111,18 @@ class Rails3Tests < Test::Unit::TestCase
      :user_input => nil
  end

+  def test_sql_injection_CVE_2013_6417
+    assert_warning :type => :warning,
+      :warning_code => 69,
+      :fingerprint => "e1b66f4311771d714a13be519693c540d7e917511a758827d9b2a0a7f958e40f",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 3\.0\.3\ contains\ a\ SQL\ injection\ vul/,
+      :confidence => 0,
+      :relative_path => "Gemfile",
+      :user_input => nil
+  end
+
  def test_http_only_session_setting
    assert_warning :type => :warning,
      :warning_type => "Session Setting",

--- a/test/tests/rails31.rb
+++ b/test/tests/rails31.rb
@@ -832,6 +832,18 @@ class Rails31Tests < Test::Unit::TestCase
      :user_input => nil
  end

+  def test_sql_injection_CVE_2013_6417
+    assert_warning :type => :warning,
+      :warning_code => 69,
+      :fingerprint => "e1b66f4311771d714a13be519693c540d7e917511a758827d9b2a0a7f958e40f",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 3\.1\.0\ contains\ a\ SQL\ injection\ vul/,
+      :confidence => 0,
+      :relative_path => "Gemfile",
+      :user_input => nil
+  end
+
  def test_to_json_with_overwritten_config
    assert_warning :type => :template,
      :warning_type => "Cross Site Scripting",

--- a/test/tests/rails32.rb
+++ b/test/tests/rails32.rb
@@ -112,6 +112,18 @@ class Rails32Tests < Test::Unit::TestCase
      :user_input => nil
  end

+  def test_sql_injection_CVE_2013_6417
+    assert_warning :type => :warning,
+      :warning_code => 69,
+      :fingerprint => "e1b66f4311771d714a13be519693c540d7e917511a758827d9b2a0a7f958e40f",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 3\.2\.9\.rc2 contains\ a\ SQL\ injection\ vul/,
+      :confidence => 0,
+      :relative_path => "Gemfile",
+      :user_input => nil
+  end
+
  def test_redirect_1
    assert_warning :type => :warning,
      :warning_type => "Redirect",

--- a/test/tests/rails_with_xss_plugin.rb
+++ b/test/tests/rails_with_xss_plugin.rb
@@ -335,6 +335,18 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
      :file => /Gemfile/
  end

+  def test_sql_injection_CVE_2013_6417
+    assert_warning :type => :warning,
+      :warning_code => 69,
+      :fingerprint => "e1b66f4311771d714a13be519693c540d7e917511a758827d9b2a0a7f958e40f",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 2\.3\.14\ contains\ a\ SQL\ injection\ vu/,
+      :confidence => 0,
+      :relative_path => "Gemfile",
+      :user_input => nil
+  end
+
  def test_number_to_currency_CVE_2013_6415
    assert_warning :type => :warning,
      :warning_code => 65,