Skip to content

B
Brakeman

李少辉-开发者 / Brakeman

通知 1
Star 0
Fork 0
B
Brakeman

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 9fec336e 编写于 作者: J Justin Collins
浏览文件
操作

Fix warning code on low confidence XSS warnings

上级 870b815c
隐藏空白更改
内联 并排
Showing with 4 addition and 1 deletion
lib/brakeman/checks/check_cross_site_scripting.rb
浏览文件 @ 9fec336e
...@@ -173,11 +173,14 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck ...@@ -173,11 +173,14 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
add_result exp add_result exp
link_path = "cross_site_scripting" link_path = "cross_site_scripting"
warning_code = :cross_site_scripting
if @known_dangerous.include? exp.method if @known_dangerous.include? exp.method
confidence = CONFIDENCE[:high] confidence = CONFIDENCE[:high]
if exp.method == :to_json if exp.method == :to_json
message += " in JSON hash" message += " in JSON hash"
link_path += "_to_json" link_path += "_to_json"
warning_code = :xss_to_json
end end
else else
confidence = CONFIDENCE[:low] confidence = CONFIDENCE[:low]
...@@ -185,7 +188,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck ...@@ -185,7 +188,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
warn :template => @current_template, warn :template => @current_template,
:warning_type => "Cross Site Scripting", :warning_type => "Cross Site Scripting",
:warning_code => :xss_to_json, :warning_code => warning_code,
:message => message, :message => message,
:code => exp, :code => exp,
:user_input => @matched.match, :user_input => @matched.match,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册