Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
d4c6cda8
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d4c6cda8
编写于
8月 20, 2013
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix how immediate model attributes are detected
in particular, don't try to retroactively build call chain. Fixes #385
上级
6bd236d6
变更
7
显示空白变更内容
内联
并排
Showing
7 changed file
with
63 addition
and
32 deletion
+63
-32
lib/brakeman/checks/base_check.rb
lib/brakeman/checks/base_check.rb
+5
-23
lib/brakeman/checks/check_content_tag.rb
lib/brakeman/checks/check_content_tag.rb
+2
-4
lib/brakeman/checks/check_cross_site_scripting.rb
lib/brakeman/checks/check_cross_site_scripting.rb
+21
-3
lib/brakeman/checks/check_link_to.rb
lib/brakeman/checks/check_link_to.rb
+1
-1
test/apps/rails3.1/app/controllers/other_controller.rb
test/apps/rails3.1/app/controllers/other_controller.rb
+4
-0
test/apps/rails3.1/app/views/other/test_model_in_haml.html.haml
...pps/rails3.1/app/views/other/test_model_in_haml.html.haml
+7
-0
test/tests/rails31.rb
test/tests/rails31.rb
+23
-1
未找到文件。
lib/brakeman/checks/base_check.rb
浏览文件 @
d4c6cda8
...
...
@@ -364,7 +364,11 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
if
@safe_input_attributes
.
include?
method
false
elsif
call?
target
and
not
method
.
to_s
[
-
1
,
1
]
==
"?"
has_immediate_model?
target
,
out
if
res
=
has_immediate_model?
(
target
,
out
)
exp
else
false
end
elsif
model_name?
target
exp
else
...
...
@@ -429,28 +433,6 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
end
end
#Finds entire method call chain where +target+ is a target in the chain
def
find_chain
exp
,
target
return
unless
sexp?
exp
case
exp
.
node_type
when
:output
,
:format
find_chain
exp
.
value
,
target
when
:call
if
exp
==
target
or
include_target?
exp
,
target
return
exp
end
else
exp
.
each
do
|
e
|
if
sexp?
e
res
=
find_chain
e
,
target
return
res
if
res
end
end
nil
end
end
#Returns true if +target+ is in +exp+
def
include_target?
exp
,
target
return
false
unless
call?
exp
...
...
lib/brakeman/checks/check_content_tag.rb
浏览文件 @
d4c6cda8
...
...
@@ -107,12 +107,10 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
:link_path
=>
"content_tag"
elsif
not
tracker
.
options
[
:ignore_model_output
]
and
match
=
has_immediate_model?
(
arg
)
method
=
match
[
2
]
unless
IGNORE_MODEL_METHODS
.
include?
method
unless
IGNORE_MODEL_METHODS
.
include?
match
.
method
add_result
result
if
MODEL_METHODS
.
include?
method
or
method
.
to_s
=~
/^find_by/
if
likely_model_attribute?
match
confidence
=
CONFIDENCE
[
:high
]
else
confidence
=
CONFIDENCE
[
:med
]
...
...
lib/brakeman/checks/check_cross_site_scripting.rb
浏览文件 @
d4c6cda8
...
...
@@ -122,7 +122,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
unless
IGNORE_MODEL_METHODS
.
include?
method
add_result
exp
if
MODEL_METHODS
.
include?
method
or
method
.
to_s
=~
/^find_by/
if
likely_model_attribute?
match
confidence
=
CONFIDENCE
[
:high
]
else
confidence
=
CONFIDENCE
[
:med
]
...
...
@@ -138,12 +138,17 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
warning_code
=
:xss_to_json
end
code
=
find_chain
out
,
match
code
=
if
match
==
out
nil
else
match
end
warn
:template
=>
@current_template
,
:warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
warning_code
,
:message
=>
message
,
:code
=>
code
,
:code
=>
match
,
:confidence
=>
confidence
,
:link_path
=>
link_path
end
...
...
@@ -153,6 +158,19 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
end
end
#Call already involves a model, but might not be acting on a record
def
likely_model_attribute?
exp
return
false
unless
call?
exp
method
=
exp
.
method
if
MODEL_METHODS
.
include?
method
or
method
.
to_s
.
start_with?
"find_by_"
true
else
likely_model_attribute?
exp
.
target
end
end
#Process an output Sexp
def
process_output
exp
process
exp
.
value
.
dup
...
...
lib/brakeman/checks/check_link_to.rb
浏览文件 @
d4c6cda8
...
...
@@ -82,7 +82,7 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
return
false
if
IGNORE_MODEL_METHODS
.
include?
method
confidence
=
CONFIDENCE
[
:med
]
confidence
=
CONFIDENCE
[
:high
]
if
MODEL_METHODS
.
include?
method
or
method
.
to_s
=~
/^find_by/
confidence
=
CONFIDENCE
[
:high
]
if
likely_model_attribute?
match
warn_xss
(
result
,
"Unescaped model attribute in link_to"
,
match
,
confidence
)
end
...
...
test/apps/rails3.1/app/controllers/other_controller.rb
浏览文件 @
d4c6cda8
...
...
@@ -72,4 +72,8 @@ class OtherController < ApplicationController
Marshal
.
restore
User
.
find
(
1
).
cool_stored_thing
end
def
test_model_in_haml
@user
=
User
.
new
end
end
test/apps/rails3.1/app/views/other/test_model_in_haml.html.haml
0 → 100644
浏览文件 @
d4c6cda8
%user
%footer
=
@user
.
updated_at
%h1
=
@user
.
name
!=
@user
.
bio
test/tests/rails31.rb
浏览文件 @
d4c6cda8
...
...
@@ -13,7 +13,7 @@ class Rails31Tests < Test::Unit::TestCase
def
expected
@expected
||=
{
:model
=>
3
,
:template
=>
2
2
,
:template
=>
2
3
,
:controller
=>
4
,
:generic
=>
72
}
end
...
...
@@ -1033,4 +1033,26 @@ class Rails31Tests < Test::Unit::TestCase
:confidence
=>
1
,
:relative_path
=>
"app/controllers/other_controller.rb"
end
def
test_wrong_model_attributes_in_haml
assert_no_warning
:type
=>
:template
,
:warning_code
=>
2
,
:fingerprint
=>
"8851713f0af477e60090607b814ba68055e4ac1cf19df0628fddd961ff87e763"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
3
,
:message
=>
/^Unescaped\ model\ attribute/
,
:confidence
=>
0
,
:relative_path
=>
"app/views/other/test_model_in_haml.html.haml"
end
def
test_right_model_attribute_in_haml
assert_warning
:type
=>
:template
,
:warning_code
=>
2
,
:fingerprint
=>
"3310ef4a4bde8b120fd5d421565ee416af815404e7c116a8069052e8732589d0"
,
:warning_type
=>
"Cross Site Scripting"
,
:line
=>
7
,
:message
=>
/^Unescaped\ model\ attribute/
,
:confidence
=>
0
,
:relative_path
=>
"app/views/other/test_model_in_haml.html.haml"
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录