Add check for CVE-2014-3482 and CVE-2014-3483

88d4341c · Justin Collins · 0e3379b7 · 88d4341c · 88d4341c · 88d4341c
Showing with 39 addition and 1 deletion

lib/brakeman/checks/check_sql_cves.rb lib/brakeman/checks/check_sql_cves.rb +12 -0

lib/brakeman/warning_codes.rb lib/brakeman/warning_codes.rb +2 -0

test/tests/rails4.rb test/tests/rails4.rb +25 -1

未找到文件。
--- a/lib/brakeman/checks/check_sql_cves.rb
+++ b/lib/brakeman/checks/check_sql_cves.rb
@@ -48,6 +48,18 @@ class Brakeman::CheckSQLCVEs < Brakeman::BaseCheck
      }
    end

+    if tracker.config[:gems] and tracker.config[:gems][:pg]
+      issues << {
+        :cve => "CVE-2014-3482",
+        :versions => [%w[2.0.0 2.9.9 3.2.19], %w[3.0.0 3.2.18 3.2.19], %w[4.0.0 4.0.6 4.0.7], %w[4.1.0 4.1.2 4.1.3]],
+        :url => "https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J"
+      } <<
+      {
+        :cve => "CVE-2014-3483",
+        :versions => [%w[2.0.0 2.9.9 3.2.19], %w[3.0.0 3.2.18 3.2.19], %w[4.0.0 4.0.6 4.0.7], %w[4.1.0 4.1.2 4.1.3]],
+        :url => "https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }
+    end
+
    issues.each do |cve_issue|
      cve_warning_for cve_issue[:versions], cve_issue[:cve], cve_issue[:url]
    end

--- a/lib/brakeman/warning_codes.rb
+++ b/lib/brakeman/warning_codes.rb
@@ -78,6 +78,8 @@ module Brakeman::WarningCodes
    :CVE_2014_0082 => 75,
    :regex_dos => 76,
    :CVE_2014_0130 => 77,
+    :CVE_2014_3482 => 78,
+    :CVE_2014_3483 => 79,
  }

  def self.code name

--- a/test/tests/rails4.rb
+++ b/test/tests/rails4.rb
@@ -15,7 +15,7 @@ class Rails4Tests < Test::Unit::TestCase
      :controller => 0,
      :model => 1,
      :template => 2,
-      :generic => 28
+      :generic => 30
    }
  end

@@ -464,6 +464,30 @@ class Rails4Tests < Test::Unit::TestCase
      :user_input => nil
  end

+  def test_sql_injection_CVE_2014_3482
+    assert_warning :type => :warning,
+      :warning_code => 78,
+      :fingerprint => "5c9706393849d7de5125a3688562aea31e112a7b09d0abbb461ee5dc7c1751b8",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 4\.0\.0\ contains\ a\ SQL\ injection\ vul/,
+      :confidence => 0,
+      :relative_path => "Gemfile",
+      :user_input => nil
+  end
+
+  def test_sql_injection_CVE_2014_3483
+    assert_warning :type => :warning,
+      :warning_code => 79,
+      :fingerprint => "4a60c60c39e12b1dd1d8b490f228594f0a555aa5447587625df362327e86ad2f",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 4\.0\.0\ contains\ a\ SQL\ injection\ vul/,
+      :confidence => 0,
+      :relative_path => "Gemfile",
+      :user_input => nil
+  end
+
  def test_mass_assignment_with_permit!
    assert_warning :type => :warning,
      :warning_code => 70,