url_for actually has only_path => true

if it is from ActionView::Helpers::UrlHelper. So redirect_to(url_for(params)) is considered safe

url_for actually has only_path => true
if it is from ActionView::Helpers::UrlHelper. So redirect_to(url_for(params)) is considered safe
57110e95 · Justin Collins · efcc19cd · 57110e95
显示空白变更内容
内联并排

Showing with 17 addition and 1 deletion

lib/brakeman/checks/check_redirect.rb lib/brakeman/checks/check_redirect.rb +17 -1

未找到文件。
--- a/lib/brakeman/checks/check_redirect.rb
+++ b/lib/brakeman/checks/check_redirect.rb
@@ -92,10 +92,26 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
          end
        end
      elsif call? arg and arg[2] == :url_for
-        return only_path?(arg)
+        return check_url_for(arg)
      end
    end

    false
  end
+
+  #+url_for+ is only_path => true by default. This checks to see if it is
+  #set to false for some reason.
+  def check_url_for call
+    call[3].each do |arg|
+      if hash? arg
+        hash_iterate(arg) do |k,v|
+          if symbol? k and k[1] == :only_path and v.is_a? Sexp and v[0] == :false
+            return false
+          end
+        end
+      end
+    end
+
+    true
+  end
 end