Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
e62cf7e8
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
e62cf7e8
编写于
5月 07, 2013
作者:
J
Justin
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #327 from presidentbeef/add_method_for_input_type_output
Factor out dangerous input type in messages and normalize
上级
d60d5d86
a9ae876d
变更
12
隐藏空白更改
内联
并排
Showing
12 changed file
with
44 addition
and
145 deletion
+44
-145
lib/brakeman/checks/base_check.rb
lib/brakeman/checks/base_check.rb
+19
-0
lib/brakeman/checks/check_content_tag.rb
lib/brakeman/checks/check_content_tag.rb
+8
-29
lib/brakeman/checks/check_cross_site_scripting.rb
lib/brakeman/checks/check_cross_site_scripting.rb
+3
-19
lib/brakeman/checks/check_file_access.rb
lib/brakeman/checks/check_file_access.rb
+1
-14
lib/brakeman/checks/check_link_to.rb
lib/brakeman/checks/check_link_to.rb
+4
-15
lib/brakeman/checks/check_link_to_href.rb
lib/brakeman/checks/check_link_to_href.rb
+1
-8
lib/brakeman/checks/check_render.rb
lib/brakeman/checks/check_render.rb
+2
-15
lib/brakeman/checks/check_symbol_dos.rb
lib/brakeman/checks/check_symbol_dos.rb
+1
-14
lib/brakeman/checks/check_unsafe_reflection.rb
lib/brakeman/checks/check_unsafe_reflection.rb
+1
-14
lib/brakeman/checks/check_yaml_load.rb
lib/brakeman/checks/check_yaml_load.rb
+1
-14
test/tests/test_rails3.rb
test/tests/test_rails3.rb
+2
-2
test/tests/test_rails31.rb
test/tests/test_rails31.rb
+1
-1
未找到文件。
lib/brakeman/checks/base_check.rb
浏览文件 @
e62cf7e8
...
...
@@ -516,4 +516,23 @@ class Brakeman::BaseCheck < Brakeman::SexpProcessor
@active_record_models
end
def
friendly_type_of
input_type
if
input_type
.
is_a?
Match
input_type
=
input_type
.
type
end
case
input_type
when
:params
"parameter value"
when
:cookies
"cookie value"
when
:request
"request value"
when
:model
"model attribute"
else
"user input"
end
end
end
lib/brakeman/checks/check_content_tag.rb
浏览文件 @
e62cf7e8
...
...
@@ -45,7 +45,7 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
call
=
result
[
:call
]
=
result
[
:call
].
dup
args
=
call
.
arglist
args
=
call
.
arglist
tag_name
=
args
[
1
]
content
=
args
[
2
]
...
...
@@ -94,19 +94,12 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
end
if
input
=
has_immediate_user_input?
(
arg
)
case
input
.
type
when
:
params
message
=
"Unescaped parameter value in content_tag"
when
:
cookies
message
=
"Unescaped cookie value in content_tag"
else
message
=
"Unescaped user input value in content_tag"
end
message
=
"Unescaped
#{
friendly_type_of
input
}
in content_tag"
add_result
result
warn
:
result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
:
warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:xss_content_tag
,
:message
=>
message
,
:user_input
=>
input
.
match
,
...
...
@@ -126,7 +119,7 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
end
warn
:result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
:warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:xss_content_tag
,
:message
=>
"Unescaped model attribute in content_tag"
,
:user_input
=>
match
,
...
...
@@ -135,28 +128,14 @@ class Brakeman::CheckContentTag < Brakeman::CheckCrossSiteScripting
end
elsif
@matched
message
=
"Unescaped "
case
@matched
.
type
when
:model
return
if
tracker
.
options
[
:ignore_model_output
]
message
<<
"model attribute"
when
:params
message
<<
"parameter"
when
:cookies
message
<<
"cookie"
when
:session
message
<<
"session"
else
message
<<
"user input"
end
return
if
@matched
.
type
==
:model
and
tracker
.
options
[
:ignore_model_output
]
message
<<
" value
in content_tag"
message
=
"Unescaped
#{
friendly_type_of
@matched
}
in content_tag"
add_result
result
warn
:result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
warn
:result
=>
result
,
:warning_type
=>
"Cross Site Scripting"
,
:warning_code
=>
:xss_content_tag
,
:message
=>
message
,
:user_input
=>
@matched
.
match
,
...
...
lib/brakeman/checks/check_cross_site_scripting.rb
浏览文件 @
e62cf7e8
...
...
@@ -104,16 +104,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
if
input
=
has_immediate_user_input?
(
out
)
add_result
exp
case
input
.
type
when
:params
message
=
"Unescaped parameter value"
when
:cookies
message
=
"Unescaped cookie value"
when
:request
message
=
"Unescaped request value"
else
message
=
"Unescaped user input value"
end
message
=
"Unescaped
#{
friendly_type_of
input
}
"
warn
:template
=>
@current_template
,
:warning_type
=>
"Cross Site Scripting"
,
...
...
@@ -194,15 +185,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
message
=
nil
if
@matched
case
@matched
.
type
when
:model
unless
tracker
.
options
[
:ignore_model_output
]
message
=
"Unescaped model attribute"
end
when
:params
message
=
"Unescaped parameter value"
when
:cookies
message
=
"Unescaped cookie value"
unless
@matched
.
type
and
tracker
.
options
[
:ignore_model_output
]
message
=
"Unescaped
#{
friendly_type_of
@matched
}
"
end
if
message
and
not
duplicate?
exp
...
...
lib/brakeman/checks/check_file_access.rb
浏览文件 @
e62cf7e8
...
...
@@ -48,20 +48,7 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
end
if
match
case
match
.
type
when
:params
message
=
"Parameter"
when
:cookies
message
=
"Cookie"
when
:request
message
=
"Request"
when
:model
message
=
"Model attribute"
else
message
=
"User input"
end
message
<<
" value used in file name"
message
=
"
#{
friendly_type_of
(
match
).
capitalize
}
used in file name"
warn
:result
=>
result
,
:warning_type
=>
"File Access"
,
...
...
lib/brakeman/checks/check_link_to.rb
浏览文件 @
e62cf7e8
...
...
@@ -68,14 +68,7 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
input
=
has_immediate_user_input?
(
argument
)
return
false
unless
input
case
input
.
type
when
:
params
message
=
"Unescaped parameter value in link_to"
when
:
cookies
message
=
"Unescaped cookie value in link_to"
else
message
=
"Unescaped user input value in link_to"
end
message
=
"Unescaped
#{
friendly_type_of
input
}
in link_to"
warn_xss
(
result
,
message
,
input
.
match
,
CONFIDENCE
[:
high
])
end
...
...
@@ -96,15 +89,11 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
# Check if we should warn about the matched result
def
check_matched
(
result
,
matched
=
nil
)
return
false
unless
matched
message
=
nil
return
false
if
matched
.
type
==
:model
and
not
tracker
.
options
[
:ignore_model_output
]
if
matched
.
type
==
:model
and
not
tracker
.
options
[
:ignore_model_output
]
message
=
"Unescaped model attribute in link_to"
elsif
matched
.
type
==
:params
message
=
"Unescaped parameter value in link_to"
end
message
=
"Unescaped
#{
friendly_type_of
matched
}
in link_to"
message
?
warn_xss
(
result
,
message
,
@matched
.
match
,
CONFIDENCE
[
:med
])
:
false
warn_xss
(
result
,
message
,
@matched
.
match
,
CONFIDENCE
[
:med
])
end
# Create a warn for this xss
...
...
lib/brakeman/checks/check_link_to_href.rb
浏览文件 @
e62cf7e8
...
...
@@ -42,14 +42,7 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
if
input
=
has_immediate_user_input?
(
url_arg
)
case
input
.
type
when
:params
message
=
"Unsafe parameter value in link_to href"
when
:cookies
message
=
"Unsafe cookie value in link_to href"
else
message
=
"Unsafe user input value in link_to href"
end
message
=
"Unsafe
#{
friendly_type_of
input
}
in link_to href"
unless
duplicate?
result
add_result
result
...
...
lib/brakeman/checks/check_render.rb
浏览文件 @
e62cf7e8
...
...
@@ -47,22 +47,9 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
return
end
message
=
"Render path contains "
case
input
.
type
when
:params
message
<<
"parameter value"
when
:cookies
message
<<
"cookie value"
when
:request
message
<<
"request value"
when
:model
#Skip models
return
else
message
<<
"user input value"
end
return
if
input
.
type
==
:model
#skip models
message
=
"Render path contains
#{
friendly_type_of
input
}
"
warn
:result
=>
result
,
:warning_type
=>
"Dynamic Render Path"
,
...
...
lib/brakeman/checks/check_symbol_dos.rb
浏览文件 @
e62cf7e8
...
...
@@ -52,20 +52,7 @@ class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
end
if
confidence
input_type
=
case
input
.
type
when
:params
"parameter value"
when
:cookies
"cookies value"
when
:request
"request value"
when
:model
"model attribute"
else
"user input"
end
message
=
"Symbol conversion from unsafe string (
#{
input_type
}
)"
message
=
"Symbol conversion from unsafe string (
#{
friendly_type_of
input
}
)"
warn
:result
=>
result
,
:warning_type
=>
"Denial of Service"
,
...
...
lib/brakeman/checks/check_unsafe_reflection.rb
浏览文件 @
e62cf7e8
...
...
@@ -38,20 +38,7 @@ class Brakeman::CheckUnsafeReflection < Brakeman::BaseCheck
end
if
confidence
input_type
=
case
input
.
type
when
:params
"parameter value"
when
:cookies
"cookies value"
when
:request
"request value"
when
:model
"model attribute"
else
"user input"
end
message
=
"Unsafe Reflection method
#{
method
}
called with
#{
input_type
}
"
message
=
"Unsafe Reflection method
#{
method
}
called with
#{
friendly_type_of
input
}
"
warn
:result
=>
result
,
:warning_type
=>
"Remote Code Execution"
,
...
...
lib/brakeman/checks/check_yaml_load.rb
浏览文件 @
e62cf7e8
...
...
@@ -28,20 +28,7 @@ class Brakeman::CheckYAMLLoad < Brakeman::BaseCheck
end
if
confidence
input_type
=
case
input
.
type
when
:params
"parameter value"
when
:cookies
"cookies value"
when
:request
"request value"
when
:model
"model attribute"
else
"user input"
end
message
=
"YAML.
#{
method
}
called with
#{
input_type
}
"
message
=
"YAML.
#{
method
}
called with
#{
friendly_type_of
input
}
"
warn
:result
=>
result
,
:warning_type
=>
"Remote Code Execution"
,
...
...
test/tests/test_rails3.rb
浏览文件 @
e62cf7e8
...
...
@@ -1036,7 +1036,7 @@ class Rails3Tests < Test::Unit::TestCase
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Remote Code Execution"
,
:line
=>
125
,
:message
=>
/^YAML\.load\ called\ with\ cookie
s
\ value/
,
:message
=>
/^YAML\.load\ called\ with\ cookie\ value/
,
:confidence
=>
1
,
:file
=>
/home_controller\.rb/
end
...
...
@@ -1064,7 +1064,7 @@ class Rails3Tests < Test::Unit::TestCase
assert_warning
:type
=>
:warning
,
:warning_type
=>
"Remote Code Execution"
,
:line
=>
131
,
:message
=>
/^YAML\.load_stream\ called\ with\ cookie
s\ val
/
,
:message
=>
/^YAML\.load_stream\ called\ with\ cookie
\ value
/
,
:confidence
=>
0
,
:file
=>
/home_controller\.rb/
end
...
...
test/tests/test_rails31.rb
浏览文件 @
e62cf7e8
...
...
@@ -718,7 +718,7 @@ class Rails31Tests < Test::Unit::TestCase
assert_warning
:type
=>
:warning
,
:warning_type
=>
"File Access"
,
:line
=>
109
,
:message
=>
/^Model attribute\
value\
used\ in\ file\ name/
,
:message
=>
/^Model attribute\ used\ in\ file\ name/
,
:confidence
=>
1
,
:file
=>
/users_controller\.rb/
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录