Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
bd3b8d88
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
bd3b8d88
编写于
9月 21, 2012
作者:
O
oreoshake
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Always treat an array as safe from off-host redirects
上级
7f26b057
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
6 addition
and
29 deletion
+6
-29
lib/brakeman/checks/check_redirect.rb
lib/brakeman/checks/check_redirect.rb
+4
-16
test/apps/rails2/app/controllers/home_controller.rb
test/apps/rails2/app/controllers/home_controller.rb
+0
-4
test/tests/test_rails2.rb
test/tests/test_rails2.rb
+2
-9
未找到文件。
lib/brakeman/checks/check_redirect.rb
浏览文件 @
bd3b8d88
...
...
@@ -59,6 +59,10 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
args
=
call
.
args
first_arg
=
call
.
first_arg
# if the first argument is an array, rails assumes you are building a
# polymorphic route, which will never jump off-host
return
false
if
array?
first_arg
if
tracker
.
options
[
:ignore_redirect_to_model
]
and
call?
first_arg
and
(
@model_find_calls
.
include?
first_arg
.
method
or
first_arg
.
method
.
to_s
.
match
(
/^find_by_/
))
and
model_name?
first_arg
.
target
...
...
@@ -66,22 +70,6 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
return
false
end
# if the first argument is an array, rails assumes you are building a polymorphic route.
# therefore, if each value is a model, we're safe. You can guess a url if there are user
# supplied values in the array so long as something resposnds to <parameter_value>_path,
# so we still need to consider anything other than a model as dangerous.
if
array?
first_arg
args
.
first
.
each
do
|
arg
|
next
if
arg
==
:array
#wtf bugfix?
unless
is_immediate_model?
arg
return
Match
.
new
(
:immediate
,
arg
)
end
end
return
false
end
args
.
each
do
|
arg
|
if
res
=
has_immediate_model?
(
arg
)
# polymorphic routes are assumed to be safe
...
...
test/apps/rails2/app/controllers/home_controller.rb
浏览文件 @
bd3b8d88
...
...
@@ -169,10 +169,6 @@ class HomeController < ApplicationController
redirect_to
[
User
.
find
(
1
),
User
.
find
(
2
)]
end
def
test_array_with_badness
redirect_to
[
params
[
:badness
]]
end
def
test_model_attr_badness
redirect_to
[
User
.
new
.
donkey
]
end
...
...
test/tests/test_rails2.rb
浏览文件 @
bd3b8d88
...
...
@@ -12,13 +12,13 @@ class Rails2Tests < Test::Unit::TestCase
:controller
=>
1
,
:model
=>
2
,
:template
=>
41
,
:warning
=>
3
4
}
:warning
=>
3
3
}
else
@expected
||=
{
:controller
=>
1
,
:model
=>
2
,
:template
=>
41
,
:warning
=>
3
5
}
:warning
=>
3
4
}
end
end
...
...
@@ -125,13 +125,6 @@ class Rails2Tests < Test::Unit::TestCase
:message
=>
/^Possible unprotected redirect/
,
:confidence
=>
0
,
:file
=>
/home_controller\.rb/
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Redirect"
,
:line
=>
181
,
:message
=>
/^Possible unprotected redirect/
,
:confidence
=>
0
,
:file
=>
/home_controller\.rb/
end
def
test_dynamic_render_path
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录