Skip to content

B
Brakeman

李少辉-开发者 / Brakeman

通知 1
Star 0
Fork 0
B
Brakeman

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
warning_codes.rb 2.1 KB
Newer Older
J
Warning codes for everyone  
Justin Collins 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 
module Brakeman::WarningCodes
  Codes = {
    :sql_injection => 0,
    :sql_injection_limit_offset => 1,
    :cross_site_scripting => 2,
    :xss_link_to => 3,
    :xss_link_to_href => 4,
    :xss_to_json => 5,
    :csrf_protection_disabled => 6,
    :csrf_protection_missing => 7,
    :csrf_blacklist => 8,
    :basic_auth_password => 9,
    :auth_blacklist => 10,
    :all_default_routes => 11,
    :controller_default_routes => 12,
    :code_eval => 13,
    :command_injection => 14,
    :dynamic_render_path => 15,
    :file_access => 16,
    :mass_assign_call => 17,
    :open_redirect => 18,
    :no_attr_accessible => 19,
    :attr_protected_used => 20,
    :safe_buffer_vuln => 21,
    :select_options_vuln => 22,
    :dangerous_send => 23,
    :unsafe_constantize => 24,
    :unsafe_deserialize => 25,
    :http_cookies => 26,
    :secure_cookies => 27,
    :translate_vuln => 28,
    :session_secret => 29,
    :validation_regex => 30,
    :CVE_2010_3933 => 31,
    :CVE_2011_0446 => 32,
    :CVE_2011_0447 => 33,
    :CVE_2011_2929 => 34,
    :CVE_2011_2930 => 35,
    :CVE_2011_2931 => 36,
    :CVE_2011_3186 => 37,
    :CVE_2012_2660 => 38,
    :CVE_2012_2661 => 39,
    :CVE_2012_2695 => 40,
    :CVE_2012_2931 => 41,
    :CVE_2012_3424 => 42,
    :CVE_2012_3463 => 43,
    :CVE_2012_3464 => 44,
    :CVE_2012_3465 => 45,
    :CVE_2012_5664 => 46,
    :CVE_2013_0155 => 47,
    :CVE_2013_0156 => 48,
    :CVE_2013_0269 => 49,
    :CVE_2013_0277 => 50,
    :CVE_2013_0276 => 51,
    :CVE_2013_0333 => 52,
    :xss_content_tag => 53,
J
Add new codes for new CVEs  
Justin Collins 已提交
57 58 59 60 61 
    :mass_assign_without_protection => 54,
    :CVE_2013_1854 => 55,
    :CVE_2013_1855 => 56,
    :CVE_2013_1856 => 57,
    :CVE_2013_1857 => 58,
J
Use different warning code for ModelAttrAccessible  
Justin Collins 已提交
62 
    :unsafe_symbol_creation => 59,
J
Add check for detailed exceptions  
Justin Collins 已提交
63 64 
    :dangerous_attr_accessible => 60,
    :local_request_config => 61,
J
Add check for CVE-2013-4491 (i18n XSS)  
Justin Collins 已提交
65 66 
    :detailed_exceptions => 62,
    :CVE_2013_4491 => 63,
J
Add check for CVE-2013-6414 (header DoS)  
Justin Collins 已提交
67 
    :CVE_2013_6414 => 64,
J
Add check for CVE-2013-6415 (number_to_currency)  
Justin Collins 已提交
68 69 
    :CVE_2013_6415 => 65,
    :CVE_2013_6415_call => 66,
J
Add check for CVE-2013-6416 (simple_format XSS)  
Justin Collins 已提交
70 71 
    :CVE_2013_6416 => 67,
    :CVE_2013_6416_call => 68,
J
Add check for CVE-2013-6417 (query generation)  
Justin Collins 已提交
72 
    :CVE_2013_6417 => 69,
J
Add check for Parameters#permit!  
Justin Collins 已提交
73 
    :mass_assign_permit! => 70,
J
Add check for CVE-2014-0080  
Justin Collins 已提交
74 75 
    :ssl_verification_bypass => 71,
    :CVE_2014_0080 => 72,
J
Warning codes for everyone  
Justin Collins 已提交
76 77 78 79 80 81 
  }

  def self.code name
    Codes[name]
  end
end