提交 9845e74a 编写于 作者: O oreoshake

Check for overridden initializer values

上级 5004d3ad
...@@ -31,7 +31,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck ...@@ -31,7 +31,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
CGI = Sexp.new(:const, :CGI) CGI = Sexp.new(:const, :CGI)
FORM_BUILDER = Sexp.new(:call, Sexp.new(:const, :FormBuilder), :new, Sexp.new(:arglist)) FORM_BUILDER = Sexp.new(:call, Sexp.new(:const, :FormBuilder), :new, Sexp.new(:arglist))
#Run check #Run check
def run_check def run_check
...@@ -58,8 +58,9 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck ...@@ -58,8 +58,9 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
@known_dangerous << :strip_tags @known_dangerous << :strip_tags
end end
matches = tracker.check_initializers :ActiveSupport, :escape_html_entities_in_json= json_escape_on = false
json_escape_on = matches.detect {|result| true? result[-1].first_arg} initializers = tracker.check_initializers :ActiveSupport, :escape_html_entities_in_json=
initializers.each {|result| json_escape_on = true? (result[-1].first_arg) }
if !json_escape_on or version_between? "0.0.0", "2.0.99" if !json_escape_on or version_between? "0.0.0", "2.0.99"
@known_dangerous << :to_json @known_dangerous << :to_json
...@@ -107,7 +108,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck ...@@ -107,7 +108,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
message = "Unescaped user input value" message = "Unescaped user input value"
end end
warn :template => @current_template, warn :template => @current_template,
:warning_type => "Cross Site Scripting", :warning_type => "Cross Site Scripting",
:message => message, :message => message,
:code => input.match, :code => input.match,
...@@ -128,13 +129,13 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck ...@@ -128,13 +129,13 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
message = "Unescaped model attribute" message = "Unescaped model attribute"
link_path = "cross_site_scripting" link_path = "cross_site_scripting"
if node_type?(out, :call, :attrasgn) && out.method == :to_json if node_type?(out, :call, :attrasgn) && out.method == :to_json
message += " in JSON hash" message += " in JSON hash"
link_path += "_to_json" link_path += "_to_json"
end end
code = find_chain out, match code = find_chain out, match
warn :template => @current_template, warn :template => @current_template,
:warning_type => "Cross Site Scripting", :warning_type => "Cross Site Scripting",
:message => message, :message => message,
:code => code, :code => code,
:confidence => confidence, :confidence => confidence,
...@@ -203,7 +204,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck ...@@ -203,7 +204,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
end end
warn :template => @current_template, warn :template => @current_template,
:warning_type => "Cross Site Scripting", :warning_type => "Cross Site Scripting",
:message => message, :message => message,
:code => exp, :code => exp,
:user_input => @matched.match, :user_input => @matched.match,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册