Expand SSL verify mode to Net::HTTP.start options

7225f6f5 · Justin Collins · c839eaed · 7225f6f5 · 7225f6f5 · 7225f6f5
Showing with 44 addition and 10 deletion

lib/brakeman/checks/check_ssl_verify.rb lib/brakeman/checks/check_ssl_verify.rb +27 -9

test/apps/rails4/lib/sweet_lib.rb test/apps/rails4/lib/sweet_lib.rb +4 -0

test/tests/rails4.rb test/tests/rails4.rb +13 -1

未找到文件。
--- a/lib/brakeman/checks/check_ssl_verify.rb
+++ b/lib/brakeman/checks/check_ssl_verify.rb
@@ -11,21 +11,39 @@ class Brakeman::CheckSSLVerify < Brakeman::BaseCheck

  def run_check
    check_open_ssl_verify_none
+    check_http_start
  end

  def check_open_ssl_verify_none
-    tracker.find_call(:method => :verify_mode=).each {|call| process_result(call)}
+    tracker.find_call(:method => :verify_mode=).each {|call| process_verify_mode_result(call) }
  end

-  def process_result(result)
-    return if duplicate?(result)
+  def process_verify_mode_result result
    if result[:call].last_arg == SSL_VERIFY_NONE
-      add_result result
-      warn :result => result,
-        :warning_type => "SSL Verification Bypass",
-        :warning_code => :ssl_verification_bypass,
-        :message => "SSL certificate verification was bypassed",
-        :confidence => CONFIDENCE[:high]
+      warn_about_ssl_verification_bypass result
    end
  end
+
+  def check_http_start
+    tracker.find_call(:target => :'Net::HTTP', :method => :start).each { |call| process_http_start_result call }
+  end
+
+  def process_http_start_result result
+    arg = result[:call].last_arg
+
+    if hash? arg and hash_access(arg, :verify_mode) == SSL_VERIFY_NONE
+      warn_about_ssl_verification_bypass result
+    end
+  end
+
+  def warn_about_ssl_verification_bypass result
+    return if duplicate?(result)
+    add_result result
+
+    warn :result => result,
+      :warning_type => "SSL Verification Bypass",
+      :warning_code => :ssl_verification_bypass,
+      :message => "SSL certificate verification was bypassed",
+      :confidence => CONFIDENCE[:high]
+  end
 end
--- a/test/apps/rails4/lib/sweet_lib.rb
+++ b/test/apps/rails4/lib/sweet_lib.rb
@@ -7,4 +7,8 @@ class SweetLib
    #Should warn about command injection
    system("rm #{@bad}")
  end
+
+  def test_net_http_start_ssl
+    Net::HTTP.start(uri.host, uri.port, :use_ssl => true, :verify_mode => OpenSSL::SSL::VERIFY_NONE)
+  end
 end
--- a/test/tests/rails4.rb
+++ b/test/tests/rails4.rb
@@ -14,7 +14,7 @@ class Rails4Tests < Test::Unit::TestCase
      :controller => 0,
      :model => 2,
      :template => 7,
-      :generic => 61
+      :generic => 62
    }
  end

@@ -1068,6 +1068,18 @@ class Rails4Tests < Test::Unit::TestCase
      :user_input => nil
  end

+  def test_ssl_verification_bypass_net_start
+    assert_warning :type => :warning,
+      :warning_code => 71,
+      :fingerprint => "fed73f1d7511e72e158a7080eefe377c0c34ad18190471829216e9a2c4f7126d",
+      :warning_type => "SSL Verification Bypass",
+      :line => 12,
+      :message => /^SSL\ certificate\ verification\ was\ bypasse/,
+      :confidence => 0,
+      :relative_path => "lib/sweet_lib.rb",
+      :user_input => nil
+  end
+
  def test_unscoped_find_by_id_bang
    assert_warning :type => :warning,
      :warning_code => 82,