Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
CoCo_Code_Op2
brakeman
提交
c69e419f
B
brakeman
项目概览
CoCo_Code_Op2
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
c69e419f
编写于
12月 11, 2013
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add check for CVE-2013-6416 (simple_format XSS)
上级
f93112e6
变更
5
显示空白变更内容
内联
并排
Showing
5 changed file
with
107 addition
and
4 deletion
+107
-4
lib/brakeman/checks/check_simple_format.rb
lib/brakeman/checks/check_simple_format.rb
+60
-0
lib/brakeman/warning_codes.rb
lib/brakeman/warning_codes.rb
+2
-0
test/apps/rails4_with_engines/engines/user_removal/app/views/users/show.html.erb
...ngines/engines/user_removal/app/views/users/show.html.erb
+7
-0
test/tests/rails4.rb
test/tests/rails4.rb
+2
-2
test/tests/rails4_with_engines.rb
test/tests/rails4_with_engines.rb
+36
-2
未找到文件。
lib/brakeman/checks/check_simple_format.rb
0 → 100644
浏览文件 @
c69e419f
require
'brakeman/checks/base_check'
class
Brakeman::CheckSimpleFormat
<
Brakeman
::
CheckCrossSiteScripting
Brakeman
::
Checks
.
add
self
@description
=
"Checks for simple_format XSS vulnerability (CVE-2013-6416) in certain versions"
def
run_check
if
version_between?
"4.0.0"
,
"4.0.1"
@inspect_arguments
=
true
@ignore_methods
=
Set
[
:h
,
:escapeHTML
]
check_simple_format_usage
generic_warning
unless
@found_any
end
end
def
generic_warning
message
=
"Rails
#{
tracker
.
config
[
:rails_version
]
}
has a vulnerability in simple_format (CVE-2013-6416). Upgrade to Rails version 4.0.2"
warn
:warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:CVE_2013_6416
,
:message
=>
message
,
:confidence
=>
CONFIDENCE
[
:med
],
:file
=>
gemfile_or_environment
,
:link_path
=>
"https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
end
def
check_simple_format_usage
tracker
.
find_call
(
:target
=>
false
,
:method
=>
:simple_format
).
each
do
|
result
|
@matched
=
false
process_call
result
[
:call
]
if
@matched
warn_on_simple_format
result
,
@matched
end
end
end
def
process_call
exp
@mark
=
true
actually_process_call
exp
exp
end
def
warn_on_simple_format
result
,
match
return
if
duplicate?
result
add_result
result
@found_any
=
true
warn
:result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:CVE_2013_6416_call
,
:message
=>
"Values passed to simple_format are not safe in Rails
#{
@tracker
.
config
[
:rails_version
]
}
"
,
:confidence
=>
CONFIDENCE
[
:high
],
:file
=>
gemfile_or_environment
,
:link_path
=>
"https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
,
:user_input
=>
match
.
match
end
end
lib/brakeman/warning_codes.rb
浏览文件 @
c69e419f
...
...
@@ -67,6 +67,8 @@ module Brakeman::WarningCodes
:CVE_2013_6414
=>
64
,
:CVE_2013_6415
=>
65
,
:CVE_2013_6415_call
=>
66
,
:CVE_2013_6416
=>
67
,
:CVE_2013_6416_call
=>
68
,
}
def
self
.
code
name
...
...
test/apps/rails4_with_engines/engines/user_removal/app/views/users/show.html.erb
浏览文件 @
c69e419f
...
...
@@ -15,6 +15,13 @@
<%=
@user_data
%>
</p>
<p>
<b>
Stuff I like:
</b>
<%=
simple_format
(
@user
.
likes
,
:class
=>
"likes"
)
%>
<%=
simple_format
(
"some string"
,
:color
=>
params
[
:color
])
%>
<%=
simple_format
(
"some string"
,
:id
=>
h
(
params
[
:color
]))
%>
should not warn
</p>
<%=
link_to
'Edit'
,
edit_user_path
(
@user
)
%>
|
<%=
link_to
'Back'
,
users_path
%>
...
...
test/tests/rails4.rb
浏览文件 @
c69e419f
...
...
@@ -14,8 +14,8 @@ class Rails4Tests < Test::Unit::TestCase
@expected
||=
{
:controller
=>
0
,
:model
=>
0
,
:template
=>
0
,
:generic
=>
5
:template
=>
1
,
:generic
=>
6
}
end
...
...
test/tests/rails4_with_engines.rb
浏览文件 @
c69e419f
...
...
@@ -10,8 +10,8 @@ class Rails4WithEnginesTests < Test::Unit::TestCase
@expected
||=
{
:controller
=>
0
,
:model
=>
5
,
:template
=>
9
,
:generic
=>
2
}
:template
=>
11
,
:generic
=>
6
}
end
def
report
...
...
@@ -40,6 +40,40 @@ class Rails4WithEnginesTests < Test::Unit::TestCase
:user_input
=>
nil
end
def
test_xss_simple_format_CVE_2013_6416
assert_warning
:type
=>
:template
,
:warning_code
=>
68
,
:fingerprint
=>
"0e340cc916e7487f118dae7cf3e3c1e6763c13455ec84ad56b4d3f520de8b3cb"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
20
,
:message
=>
/^Values\ passed\ to\ simple_format\ are\ not\ s/
,
:confidence
=>
0
,
:relative_path
=>
"Gemfile"
,
:user_input
=>
s
(
:call
,
s
(
:call
,
s
(
:const
,
:User
),
:find
,
s
(
:call
,
s
(
:params
),
:[]
,
s
(
:lit
,
:id
))),
:likes
)
assert_warning
:type
=>
:template
,
:warning_code
=>
68
,
:fingerprint
=>
"33d10865a3c6c1594ecbee5511cde466b474b0e819ef979193159559becfbd4c"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
21
,
:message
=>
/^Values\ passed\ to\ simple_format\ are\ not\ s/
,
:confidence
=>
0
,
:relative_path
=>
"Gemfile"
,
:user_input
=>
s
(
:call
,
s
(
:params
),
:[]
,
s
(
:lit
,
:color
))
end
def
test_sql_injection_CVE_2013_6417
assert_warning
:type
=>
:warning
,
:warning_code
=>
69
,
:fingerprint
=>
"e1b66f4311771d714a13be519693c540d7e917511a758827d9b2a0a7f958e40f"
,
:warning_type
=>
"SQL Injection"
,
:line
=>
nil
,
:message
=>
/^Rails\ 4\.0\.0\ contains\ a\ SQL\ injection\ vul/
,
:confidence
=>
0
,
:relative_path
=>
"Gemfile"
,
:user_input
=>
nil
end
def
test_redirect_1
assert_warning
:type
=>
:generic
,
:warning_code
=>
18
,
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录