Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
22484228
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
22484228
编写于
2月 24, 2015
作者:
J
Justin
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #623 from presidentbeef/simple_format_fix
Fix file in simple_format usage CVE warnings
上级
d5ab9d2c
cdda76d0
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
4 addition
and
5 deletion
+4
-5
lib/brakeman/checks/check_simple_format.rb
lib/brakeman/checks/check_simple_format.rb
+0
-1
test/tests/rails4_with_engines.rb
test/tests/rails4_with_engines.rb
+4
-4
未找到文件。
lib/brakeman/checks/check_simple_format.rb
浏览文件 @
22484228
...
...
@@ -53,7 +53,6 @@ class Brakeman::CheckSimpleFormat < Brakeman::CheckCrossSiteScripting
:warning_code
=>
:CVE_2013_6416_call
,
:message
=>
"Values passed to simple_format are not safe in Rails
#{
@tracker
.
config
[
:rails_version
]
}
"
,
:confidence
=>
CONFIDENCE
[
:high
],
:gem_info
=>
gemfile_or_environment
,
:link_path
=>
"https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
,
:user_input
=>
match
.
match
end
...
...
test/tests/rails4_with_engines.rb
浏览文件 @
22484228
...
...
@@ -44,22 +44,22 @@ class Rails4WithEnginesTests < Test::Unit::TestCase
def
test_xss_simple_format_CVE_2013_6416
assert_warning
:type
=>
:template
,
:warning_code
=>
68
,
:fingerprint
=>
"
0e340cc916e7487f118dae7cf3e3c1e6763c13455ec84ad56b4d3f520de8b3cb
"
,
:fingerprint
=>
"
e5b270bcb5bf77069b7e4adf0c46221d1277f0b126c795e43b700a6b0f4747ae
"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
20
,
:message
=>
/^Values\ passed\ to\ simple_format\ are\ not\ s/
,
:confidence
=>
0
,
:relative_path
=>
"
Gemfile
"
,
:relative_path
=>
"
engines/user_removal/app/views/users/show.html.erb
"
,
:user_input
=>
s
(
:call
,
s
(
:call
,
s
(
:const
,
:User
),
:find
,
s
(
:call
,
s
(
:params
),
:[]
,
s
(
:lit
,
:id
))),
:likes
)
assert_warning
:type
=>
:template
,
:warning_code
=>
68
,
:fingerprint
=>
"
33d10865a3c6c1594ecbee5511cde466b474b0e819ef979193159559becfbd4c
"
,
:fingerprint
=>
"
e31d9365f0e99e55bb3d62deda2bf1ee0bc4e5970dd5791fcde8056f6558f51f
"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
21
,
:message
=>
/^Values\ passed\ to\ simple_format\ are\ not\ s/
,
:confidence
=>
0
,
:relative_path
=>
"
Gemfile
"
,
:relative_path
=>
"
engines/user_removal/app/views/users/show.html.erb
"
,
:user_input
=>
s
(
:call
,
s
(
:params
),
:[]
,
s
(
:lit
,
:color
))
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录