Skip to content

B
brakeman

CoCo_Code_Op2 / brakeman

通知 1
Star 0
Fork 0
B
brakeman

体验新版 GitCode,发现更多精彩内容 >>

提交 7821c8cc 编写于 作者: J Justin Collins
浏览文件
操作

Detect workaround for i18n XSS

上级 469f9f9d
隐藏空白更改
内联 并排
Showing with 4 addition and 4 deletion
lib/brakeman/checks/check_i18n_xss.rb
浏览文件 @ 7821c8cc
......@@ -6,7 +6,7 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
@description = "Checks for i18n XSS (CVE-2013-4491)"
def run_check
if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1")# and not has_workaround?
if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1") and not has_workaround?
message = "Rails #{tracker.config[:rails_version]} has an XSS vulnerability in i18n (CVE-2013-4491). Upgrade to Rails version "
i18n_gem = tracker.config[:gems] && tracker.config[:gems][:i18n]
......
test/tests/rails4.rb
浏览文件 @ 7821c8cc
......@@ -15,7 +15,7 @@ class Rails4Tests < Test::Unit::TestCase
:controller => 0,
:model => 0,
:template => 1,
:generic => 13
:generic => 12
}
end
......@@ -144,8 +144,8 @@ class Rails4Tests < Test::Unit::TestCase
:user_input => s(:call, s(:params), :[], s(:lit, :query))
end
def test_i18n_xss_CVE_2013_4491
assert_warning :type => :warning,
def test_i18n_xss_CVE_2013_4491_workaround
assert_no_warning :type => :warning,
:warning_code => 63,
:fingerprint => "de0e11056b9f9af7b8570d5354185cd7e17a18cc61d627555fe4adfff00fb447",
:warning_type => "Cross Site Scripting",
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册