Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
5a499e96
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
5a499e96
编写于
2月 18, 2014
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add check for CVE-2014-0082
上级
25107787
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
91 addition
and
2 deletion
+91
-2
lib/brakeman/checks/check_render_dos.rb
lib/brakeman/checks/check_render_dos.rb
+37
-0
lib/brakeman/warning_codes.rb
lib/brakeman/warning_codes.rb
+1
-0
test/apps/rails3.2/app/controllers/users_controller.rb
test/apps/rails3.2/app/controllers/users_controller.rb
+4
-0
test/apps/rails3/app/controllers/products_controller.rb
test/apps/rails3/app/controllers/products_controller.rb
+4
-0
test/tests/rails3.rb
test/tests/rails3.rb
+13
-1
test/tests/rails32.rb
test/tests/rails32.rb
+13
-1
test/tests/rescanner.rb
test/tests/rescanner.rb
+19
-0
未找到文件。
lib/brakeman/checks/check_render_dos.rb
0 → 100644
浏览文件 @
5a499e96
require
'brakeman/checks/base_check'
class
Brakeman::CheckRenderDoS
<
Brakeman
::
BaseCheck
Brakeman
::
Checks
.
add
self
@description
=
"Warn about denial of service with render :text (CVE-2014-0082)"
def
run_check
if
version_between?
"3.0.0"
,
"3.0.20"
or
version_between?
"3.1.0"
,
"3.1.12"
or
version_between?
"3.2.0"
,
"3.2.16"
tracker
.
find_call
(
:target
=>
nil
,
:method
=>
:render
).
each
do
|
result
|
if
text_render?
result
warn_about_text_render
break
end
end
end
end
def
text_render?
result
node_type?
result
[
:call
],
:render
and
result
[
:call
].
render_type
==
:text
end
def
warn_about_text_render
message
=
"Rails
#{
tracker
.
config
[
:rails_version
]
}
has a denial of service vulnerability (CVE-2014-0082). Upgrade to Rails version 3.2.17"
warn
:warning_type
=>
"Denial of Service"
,
:warning_code
=>
:CVE_2014_0082
,
:message
=>
message
,
:confidence
=>
CONFIDENCE
[
:high
],
:link_path
=>
"https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
,
:file
=>
gemfile_or_environment
end
end
lib/brakeman/warning_codes.rb
浏览文件 @
5a499e96
...
...
@@ -75,6 +75,7 @@ module Brakeman::WarningCodes
:CVE_2014_0080
=>
72
,
:CVE_2014_0081
=>
73
,
:CVE_2014_0081_call
=>
74
,
:CVE_2014_0082
=>
75
,
}
def
self
.
code
name
...
...
test/apps/rails3.2/app/controllers/users_controller.rb
浏览文件 @
5a499e96
...
...
@@ -92,4 +92,8 @@ class UsersController < ApplicationController
def
show_detailed_exceptions?
false
# no warning
end
def
render_text
render
:text
=>
"oh noes my service"
end
end
test/apps/rails3/app/controllers/products_controller.rb
浏览文件 @
5a499e96
...
...
@@ -80,4 +80,8 @@ class ProductsController < ApplicationController
format
.
xml
{
head
:ok
}
end
end
def
render_some_text
render
:text
=>
"jello"
end
end
test/tests/rails3.rb
浏览文件 @
5a499e96
...
...
@@ -16,7 +16,7 @@ class Rails3Tests < Test::Unit::TestCase
:controller
=>
1
,
:model
=>
8
,
:template
=>
38
,
:generic
=>
7
0
:generic
=>
7
1
}
if
RUBY_PLATFORM
==
'java'
...
...
@@ -1173,6 +1173,18 @@ class Rails3Tests < Test::Unit::TestCase
:user_input
=>
nil
end
def
test_denial_of_service_CVE_2014_0082
assert_warning
:type
=>
:warning
,
:warning_code
=>
75
,
:fingerprint
=>
"403a72d08a90043384fe56d3a6bc3e255b8799b380693914143d403607433db7"
,
:warning_type
=>
"Denial of Service"
,
:line
=>
nil
,
:message
=>
/^Rails\ 3\.0\.3\ has\ a\ denial\ of\ service\ vuln/
,
:confidence
=>
0
,
:relative_path
=>
"Gemfile"
,
:user_input
=>
nil
end
def
test_http_only_session_setting
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Session Setting"
,
...
...
test/tests/rails32.rb
浏览文件 @
5a499e96
...
...
@@ -11,7 +11,7 @@ class Rails32Tests < Test::Unit::TestCase
:controller
=>
0
,
:model
=>
5
,
:template
=>
11
,
:generic
=>
1
0
}
:generic
=>
1
1
}
if
RUBY_PLATFORM
==
'java'
@expected
[
:generic
]
+=
1
...
...
@@ -123,6 +123,18 @@ class Rails32Tests < Test::Unit::TestCase
:user_input
=>
nil
end
def
test_denial_of_service_CVE_2014_0082
assert_warning
:type
=>
:warning
,
:warning_code
=>
75
,
:fingerprint
=>
"403a72d08a90043384fe56d3a6bc3e255b8799b380693914143d403607433db7"
,
:warning_type
=>
"Denial of Service"
,
:line
=>
nil
,
:message
=>
/^Rails\ 3\.2\.9\.rc2\ has\ a\ denial\ of\ service\ /
,
:confidence
=>
0
,
:relative_path
=>
"Gemfile"
,
:user_input
=>
nil
end
def
test_redirect_1
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Redirect"
,
...
...
test/tests/rescanner.rb
浏览文件 @
5a499e96
...
...
@@ -267,4 +267,23 @@ class RescannerTests < Test::Unit::TestCase
assert_new
0
assert_fixed
2
end
def
test_gemfile_rails_version_fix_CVE_2014_0082
gemfile
=
"Gemfile.lock"
before_rescan_of
gemfile
do
replace
gemfile
,
"rails (3.2.9.rc2)"
,
"rails (3.2.17)"
end
#@original is actually modified
assert
@original
.
config
[
:rails_version
],
"3.2.17"
assert_reindex
:none
assert_changes
assert_new
0
if
RUBY_PLATFORM
==
"java"
assert_fixed
10
else
assert_fixed
9
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录