Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
a2fdd0fc
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a2fdd0fc
编写于
8月 13, 2012
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'strip_tags_CVE_2012_3465'
Add check for CVE-2012-3465 Conflicts: test/tests/test_rails3.rb
上级
24e5b664
27992ba6
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
103 addition
and
14 deletion
+103
-14
lib/brakeman/checks/check_cross_site_scripting.rb
lib/brakeman/checks/check_cross_site_scripting.rb
+4
-0
lib/brakeman/checks/check_strip_tags.rb
lib/brakeman/checks/check_strip_tags.rb
+36
-7
test/apps/rails2/app/views/home/test_strip_tags.html.erb
test/apps/rails2/app/views/home/test_strip_tags.html.erb
+3
-0
test/apps/rails3.1/app/views/other/test_strip_tags.html.erb
test/apps/rails3.1/app/views/other/test_strip_tags.html.erb
+1
-0
test/apps/rails3/app/views/other/test_strip_tags.html.erb
test/apps/rails3/app/views/other/test_strip_tags.html.erb
+1
-0
test/apps/rails_with_xss_plugin/app/views/users/show.html.erb
.../apps/rails_with_xss_plugin/app/views/users/show.html.erb
+2
-0
test/tests/test_rails2.rb
test/tests/test_rails2.rb
+30
-4
test/tests/test_rails3.rb
test/tests/test_rails3.rb
+9
-1
test/tests/test_rails31.rb
test/tests/test_rails31.rb
+9
-1
test/tests/test_rails_with_xss_plugin.rb
test/tests/test_rails_with_xss_plugin.rb
+8
-1
未找到文件。
lib/brakeman/checks/check_cross_site_scripting.rb
浏览文件 @
a2fdd0fc
...
...
@@ -54,6 +54,10 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
@ignore_methods
<<
:auto_link
end
if
version_between?
"2.0.0"
,
"2.3.14"
@known_dangerous
<<
:strip_tags
end
if
tracker
.
options
[
:rails3
]
@ignore_methods
<<
:select
end
...
...
lib/brakeman/checks/check_strip_tags.rb
浏览文件 @
a2fdd0fc
require
'brakeman/checks/base_check'
#Checks for uses of strip_tags in Rails versions before 2.3.13 and 3.0.10
#Check for uses of strip_tags in Rails versions before 3.0.17, 3.1.8, 3.2.8 (including 2.3.x):
#https://groups.google.com/d/topic/rubyonrails-security/FgVEtBajcTY/discussion
#
#Check for uses of strip_tags in Rails versions before 2.3.13 and 3.0.10:
#http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
class
Brakeman::CheckStripTags
<
Brakeman
::
BaseCheck
Brakeman
::
Checks
.
add
self
@description
=
"Report strip_tags vulnerabilit
y in versions before 2.3.13 and 3.0.10
"
@description
=
"Report strip_tags vulnerabilit
ies CVE-2011-2931 and CVE-2012-3465
"
def
run_check
if
(
version_between?
(
'2.0.0'
,
'2.3.12'
)
or
version_between?
(
'3.0.0'
,
'3.0.9'
))
and
uses_strip_tags?
if
uses_strip_tags?
cve_2011_2931
cve_2012_3465
end
end
def
cve_2011_2931
if
version_between?
(
'2.0.0'
,
'2.3.12'
)
or
version_between?
(
'3.0.0'
,
'3.0.9'
)
if
tracker
.
config
[
:rails_version
]
=~
/^3/
message
=
"Versions before 3.0.10 have a vulnerability in strip_tags
: CVE-2011-2931
"
message
=
"Versions before 3.0.10 have a vulnerability in strip_tags
(CVE-2011-2931)
"
else
message
=
"Versions before 2.3.13 have a vulnerability in strip_tags
: CVE-2011-2931
"
message
=
"Versions before 2.3.13 have a vulnerability in strip_tags
(CVE-2011-2931)
"
end
warn
:warning_type
=>
"Cross Site Scripting"
,
:message
=>
message
,
:confidence
=>
CONFIDENCE
[
:high
],
:file
=>
gemfile_or_environment
,
:confidence
=>
CONFIDENCE
[
:high
],
:link_path
=>
"https://groups.google.com/d/topic/rubyonrails-security/K5EwdJt06hI/discussion"
end
end
def
cve_2012_3465
case
when
(
version_between?
(
'2.0.0'
,
'2.3.14'
)
and
tracker
.
config
[
:escape_html
])
message
=
"All Rails 2.x versions have a vulnerability in strip_tags (CVE-2012-3465)"
when
version_between?
(
'3.0.10'
,
'3.0.16'
)
message
=
"Rails
#{
tracker
.
config
[
:rails_version
]
}
has a vulnerability in strip_tags (CVE-2012-3465). Upgrade to 3.0.17"
when
version_between?
(
'3.1.0'
,
'3.1.7'
)
message
=
"Rails
#{
tracker
.
config
[
:rails_version
]
}
has a vulnerability in strip_tags (CVE-2012-3465). Upgrade to 3.1.8"
when
version_between?
(
'3.2.0'
,
'3.2.7'
)
message
=
"Rails
#{
tracker
.
config
[
:rails_version
]
}
has a vulnerability in strip_tags (CVE-2012-3465). Upgrade to 3.2.8"
else
return
end
warn
:warning_type
=>
"Cross Site Scripting"
,
:message
=>
message
,
:confidence
=>
CONFIDENCE
[
:high
],
:file
=>
gemfile_or_environment
,
:link_path
=>
"https://groups.google.com/d/topic/rubyonrails-security/FgVEtBajcTY/discussion"
end
def
uses_strip_tags?
Brakeman
.
debug
"Finding calls to strip_tags()"
...
...
test/apps/rails2/app/views/home/test_strip_tags.html.erb
0 → 100644
浏览文件 @
a2fdd0fc
<%=
h
strip_tags
(
params
[
:name
])
%>
<%=
strip_tags
(
params
[
:body
])
%>
test/apps/rails3.1/app/views/other/test_strip_tags.html.erb
0 → 100644
浏览文件 @
a2fdd0fc
<%=
strip_tags
params
[
:body
]
%>
test/apps/rails3/app/views/other/test_strip_tags.html.erb
0 → 100644
浏览文件 @
a2fdd0fc
<%=
strip_tags
params
[
:body
]
%>
test/apps/rails_with_xss_plugin/app/views/users/show.html.erb
浏览文件 @
a2fdd0fc
...
...
@@ -16,6 +16,8 @@
<b>
Bad:
</b>
<%=
@evil_input
%>
</p>
<%=
strip_tags
@user
.
profile
%>
<%
if
@current_user
and
(
@current_user
.
id
==
@user
.
id
or
@current_user
.
admin?
)
%>
<%=
link_to
'Edit'
,
edit_user_path
(
@user
)
%>
|
<%
end
%>
...
...
test/tests/test_rails2.rb
浏览文件 @
a2fdd0fc
...
...
@@ -11,14 +11,14 @@ class Rails2Tests < Test::Unit::TestCase
@expected
||=
{
:controller
=>
1
,
:model
=>
2
,
:template
=>
3
1
,
:warning
=>
29
}
:template
=>
3
2
,
:warning
=>
30
}
else
@expected
||=
{
:controller
=>
1
,
:model
=>
2
,
:template
=>
3
1
,
:warning
=>
3
0
}
:template
=>
3
2
,
:warning
=>
3
1
}
end
end
...
...
@@ -633,6 +633,15 @@ class Rails2Tests < Test::Unit::TestCase
:file
=>
/test_xss_with_or\.html\.erb/
end
def
test_cross_site_scripting_strip_tags
assert_warning
:type
=>
:template
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
3
,
:message
=>
/^Unescaped\ parameter\ value/
,
:confidence
=>
0
,
:file
=>
/test_strip_tags\.html\.erb/
end
def
test_check_send
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Dangerous Send"
,
...
...
@@ -648,5 +657,22 @@ class Rails2Tests < Test::Unit::TestCase
:confidence
=>
1
,
:file
=>
/home_controller\.rb/
end
def
test_strip_tags_CVE_2011_2931
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Cross Site Scripting"
,
:message
=>
/^Versions\ before\ 2\.3\.13\ have\ a\ vulnerabil/
,
:confidence
=>
0
,
:file
=>
/environment\.rb/
end
def
test_strip_tags_CVE_2012_3465_high
assert_warning
:type
=>
:template
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
3
,
:message
=>
/^Unescaped\ parameter\ value/
,
:confidence
=>
0
,
:file
=>
/test_strip_tags\.html\.erb/
end
end
test/tests/test_rails3.rb
浏览文件 @
a2fdd0fc
...
...
@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase
:controller
=>
1
,
:model
=>
5
,
:template
=>
23
,
:warning
=>
2
7
:warning
=>
2
8
}
end
...
...
@@ -611,4 +611,12 @@ class Rails3Tests < Test::Unit::TestCase
:confidence
=>
0
,
:file
=>
/Gemfile/
end
def
test_strip_tags_CVE_2012_3465
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Cross Site Scripting"
,
:message
=>
/^Versions\ before\ 3\.0\.10\ have\ a\ vulnerabil/
,
:confidence
=>
0
,
:file
=>
/Gemfile/
end
end
test/tests/test_rails31.rb
浏览文件 @
a2fdd0fc
...
...
@@ -15,7 +15,7 @@ class Rails31Tests < Test::Unit::TestCase
:model
=>
0
,
:template
=>
12
,
:controller
=>
1
,
:warning
=>
4
6
}
:warning
=>
4
7
}
end
def
test_without_protection
...
...
@@ -579,4 +579,12 @@ class Rails31Tests < Test::Unit::TestCase
:confidence
=>
2
,
:file
=>
/Gemfile/
end
def
test_strip_tags_CVE_2012_3465
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Cross Site Scripting"
,
:message
=>
/^Rails\ 3\.1\.0\ has\ a\ vulnerability\ in\ strip/
,
:confidence
=>
0
,
:file
=>
/Gemfile/
end
end
test/tests/test_rails_with_xss_plugin.rb
浏览文件 @
a2fdd0fc
...
...
@@ -11,7 +11,7 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
:controller
=>
1
,
:model
=>
3
,
:template
=>
1
,
:warning
=>
1
3
}
:warning
=>
1
4
}
end
def
report
...
...
@@ -243,4 +243,11 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
:file
=>
/user\.rb/
end
def
test_strip_tags_CVE_2012_3465
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Cross Site Scripting"
,
:message
=>
/^All\ Rails\ 2\.x\ versions\ have\ a\ vulnerabil/
,
:confidence
=>
0
,
:file
=>
/Gemfile/
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录