Add check for CVE-2012-2695

lib/brakeman/checks/check_sql.rb

@@ -43,6 +43,9 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     Brakeman.debug "Checking version of Rails for CVE-2012-2661"
     check_rails_version_for_cve_2012_2661
 
+    Brakeman.debug "Checking version of Rails for CVE-2012-2695"
+    check_rails_version_for_cve_2012_2695
+
     Brakeman.debug "Processing possible SQL calls"
     calls.each do |c|
       process_result c
@@ -104,6 +107,15 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     end
   end
 
+  def check_rails_version_for_cve_2012_2695
+    if version_between?("2.0.0", "3.0.0") || version_between?("3.0.0", "3.0.13") || version_between?("3.1.0", "3.1.5") || version_between?("3.2.0", "3.2.5")
+      warn :warning_type => 'SQL Injection',
+        :message => 'All versions of Rails before 3.0.14, 3.1.6, and 3.2.6 contain a SQL Injection Vulnerability: CVE-2012-2695; Upgrade to 3.2.6, 3.1.6, 3.0.14',
+        :confidence => CONFIDENCE[:high],
+        :file => gemfile_or_environment
+    end
+  end
+
   def process_scope_with_block model_name, args
     scope_name = args[1][1]
     block = args[-1][-1]

test/tests/test_rails2.rb

@@ -12,13 +12,13 @@ class Rails2Tests < Test::Unit::TestCase
         :controller => 1,
         :model => 2,
         :template => 27,
-        :warning => 27 }
+        :warning => 28 }
     else
       @expected ||= {
         :controller => 1,
         :model => 2,
         :template => 27,
-        :warning => 28 }
+        :warning => 29 }
     end
   end
 
@@ -172,6 +172,13 @@ class Rails2Tests < Test::Unit::TestCase
       :confidence => 0
   end
 
+  def test_rails_cve_2012_2695
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :message => /CVE-2012-2695/,
+      :confidence => 0
+  end
+
   def test_sql_injection_find_by_sql
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",

test/tests/test_rails3.rb

@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase
       :controller => 1,
       :model => 5,
       :template => 22,
-      :warning => 25
+      :warning => 26
     }
   end
 
@@ -183,6 +183,14 @@ class Rails3Tests < Test::Unit::TestCase
       :file => /Gemfile/
   end
 
+  def test_rails_cve_2012_2695
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :message => /CVE-2012-2695/,
+      :confidence => 0,
+      :file => /Gemfile/
+  end
+
   def test_sql_injection_find_by_sql
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",

test/tests/test_rails31.rb

@@ -15,7 +15,7 @@ class Rails31Tests < Test::Unit::TestCase
       :model => 0,
       :template => 4,
       :controller => 1,
-      :warning => 39 }
+      :warning => 40 }
   end
 
   def test_without_protection
@@ -96,6 +96,14 @@ class Rails31Tests < Test::Unit::TestCase
       :file => /Gemfile/
   end
 
+  def test_rails_cve_2012_2695
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :message => /CVE-2012-2695/,
+      :confidence => 0,
+      :file => /Gemfile/
+  end
+
   def test_sql_injection_scope_lambda
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",

test/tests/test_rails_with_xss_plugin.rb

@@ -11,7 +11,7 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
       :controller => 1,
       :model => 3,
       :template => 1,
-      :warning => 12 }
+      :warning => 13 }
   end
 
   def report
@@ -136,6 +136,14 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
       :file => /Gemfile/
   end
 
+  def test_rails_cve_2012_2695
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :message => /CVE-2012-2695/,
+      :confidence => 0,
+      :file => /Gemfile/
+  end
+
   def test_sql_injection_12 
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",