Catch raw hrefs as bad, warn unless wrapped in a "safe" method
Add concept of a safe-ening method to mark hrefs as safe Feature: Warn when using unsafe hrefs. This is a very specific case that as of now produces a ton of noise. This came out of an xss vuln where the value was escaped but still vulnerable. link_to 'asdf', h(@scary) where @scary = 'javascript:alert(1)' or @scary = 'data: # http://palpapers.plynt.com/issues/2010Oct/bypass-xss-filters/ This branch accomplishes slightly intelligent warnings by adding a new command line option to declare methods that make a string URL safe (unless there is already a standard one out there). e.g.: $ brakeman . --url-safe-methods ensure_valid_protocol! link_to 'asdf', ensure_valid_protocol!(@scary, :javascript)
Showing
想要评论请 注册 或 登录