Skip to content

B
Brakeman

李少辉-开发者 / Brakeman

通知 1
Star 0
Fork 0
B
Brakeman

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 6d082467 编写于 作者: J Justin
浏览文件
操作

Merge pull request #139 from presidentbeef/fix_redirect_false_negative 

Fix `redirect_to` false negative with only_path
上级 5a0eb528 a4216449
显示空白变更内容
内联 并排
Showing with 25 addition and 19 deletion
lib/brakeman/checks/check_redirect.rb
浏览文件 @ 6d082467
...@@ -95,7 +95,8 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck ...@@ -95,7 +95,8 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
#Checks +redirect_to+ arguments for +only_path => true+ which essentially #Checks +redirect_to+ arguments for +only_path => true+ which essentially
#nullifies the danger posed by redirecting with user input #nullifies the danger posed by redirecting with user input
def only_path? call def only_path? call
call.args.each do |arg| arg = call.first_arg
if hash? arg if hash? arg
if value = hash_access(arg, :only_path) if value = hash_access(arg, :only_path)
return true if true?(value) return true if true?(value)
...@@ -103,7 +104,6 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck ...@@ -103,7 +104,6 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
elsif call? arg and arg.method == :url_for elsif call? arg and arg.method == :url_for
return check_url_for(arg) return check_url_for(arg)
end end
end
false false
end end
...@@ -111,13 +111,13 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck ...@@ -111,13 +111,13 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
#+url_for+ is only_path => true by default. This checks to see if it is #+url_for+ is only_path => true by default. This checks to see if it is
#set to false for some reason. #set to false for some reason.
def check_url_for call def check_url_for call
call.args.each do |arg| arg = call.first_arg
if hash? arg if hash? arg
if value = hash_access(arg, :only_path) if value = hash_access(arg, :only_path)
return false if false?(value) return false if false?(value)
end end
end end
end
true true
end end
......
test/apps/rails3/app/controllers/home_controller.rb
浏览文件 @ 6d082467
...@@ -73,8 +73,8 @@ class HomeController < ApplicationController ...@@ -73,8 +73,8 @@ class HomeController < ApplicationController
current_user.something.something.build(params[:awesome_user]) current_user.something.something.build(params[:awesome_user])
end end
def test_only_path def test_only_path_wrong
redirect_to params[:user], :only_path => true redirect_to params[:user], :only_path => true #This should still warn
end end
def test_url_for_only_path def test_url_for_only_path
...@@ -92,6 +92,12 @@ class HomeController < ApplicationController ...@@ -92,6 +92,12 @@ class HomeController < ApplicationController
y + 1 + 2 y + 1 + 2
end end
def test_only_path_correct
params.merge! :only_path => true
redirect_to params
end
private private
def filter_it def filter_it
......
test/tests/test_rails3.rb
浏览文件 @ 6d082467
...@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase ...@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase
:controller => 1, :controller => 1,
:model => 5, :model => 5,
:template => 23, :template => 23,
:warning => 29 :warning => 30
} }
end end
...@@ -135,11 +135,11 @@ class Rails3Tests < Test::Unit::TestCase ...@@ -135,11 +135,11 @@ class Rails3Tests < Test::Unit::TestCase
:file => /products_controller\.rb/ :file => /products_controller\.rb/
end end
def test_redirect_only_path def test_redirect_only_path_in_wrong_argument
assert_no_warning :type => :warning, assert_warning :type => :warning,
:warning_type => "Redirect", :warning_type => "Redirect",
:line => 78, :line => 77,
:message => /^Possible unprotected redirect near line 78: redirect_to\(params\[/, :message => /^Possible unprotected redirect near line 77: redirect_to\(params\[/,
:confidence => 0, :confidence => 0,
:file => /home_controller\.rb/ :file => /home_controller\.rb/
end end
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册