diff --git a/lib/brakeman.rb b/lib/brakeman.rb index 5399460deb0d7575ff4f4aec50e978b13ac2fe80..2f14134ce4e5223a7b23a2202d0951e01d5087e3 100644 --- a/lib/brakeman.rb +++ b/lib/brakeman.rb @@ -162,7 +162,9 @@ module Brakeman require 'brakeman/scanner' $stderr.puts "Available Checks:" $stderr.puts "-" * 30 - $stderr.puts Checks.checks.map { |c| c.to_s.match(/^Brakeman::(.*)$/)[1] }.sort.join "\n" + $stderr.puts Checks.checks.map { |c| + c.to_s.match(/^Brakeman::(.*)$/)[1].ljust(27) << c.description + }.sort.join "\n" end #Installs Rake task for running Brakeman, diff --git a/lib/brakeman/checks/base_check.rb b/lib/brakeman/checks/base_check.rb index c572c709da9f299beadecb953a8891820d5335ec..bcb1279a0bbf4bc1e8095945b1ef06496f8cc066 100644 --- a/lib/brakeman/checks/base_check.rb +++ b/lib/brakeman/checks/base_check.rb @@ -396,4 +396,8 @@ class Brakeman::BaseCheck < SexpProcessor "config/environment.rb" end end + + def self.description + @description + end end diff --git a/lib/brakeman/checks/check_basic_auth.rb b/lib/brakeman/checks/check_basic_auth.rb index b88bafb70a004708993e82cb4a51b0afcaea29dd..b210253bca21cf161f049c7f534c2a46de5e0f65 100644 --- a/lib/brakeman/checks/check_basic_auth.rb +++ b/lib/brakeman/checks/check_basic_auth.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckBasicAuth < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for the use of http_basic_authenticate_with" + def run_check return if version_between? "0.0.0", "3.0.99" diff --git a/lib/brakeman/checks/check_cross_site_scripting.rb b/lib/brakeman/checks/check_cross_site_scripting.rb index 253ff491df14952f46fffc693996f0b005a4c69b..ed5011606e8b869892a2c3c5b9f8cedc2790638a 100644 --- a/lib/brakeman/checks/check_cross_site_scripting.rb +++ b/lib/brakeman/checks/check_cross_site_scripting.rb @@ -14,6 +14,8 @@ require 'set' class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for unescaped output in views" + #Model methods which are known to be harmless IGNORE_MODEL_METHODS = Set.new([:average, :count, :maximum, :minimum, :sum]) diff --git a/lib/brakeman/checks/check_default_routes.rb b/lib/brakeman/checks/check_default_routes.rb index f96c61c53c8fcae81fbc95b20771cf6df54ef31b..c26de39ac751446bc228c6ec3a28269ff19bd168 100644 --- a/lib/brakeman/checks/check_default_routes.rb +++ b/lib/brakeman/checks/check_default_routes.rb @@ -4,6 +4,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for default routes" + #Checks for :allow_all_actions globally and for individual routes #if it is not enabled globally. def run_check diff --git a/lib/brakeman/checks/check_escape_function.rb b/lib/brakeman/checks/check_escape_function.rb index e63e375504fc4c725bac2cde7cf0db82a1205d29..29e6f8b8398f7e4956aff3106cf794ab1c918be3 100644 --- a/lib/brakeman/checks/check_escape_function.rb +++ b/lib/brakeman/checks/check_escape_function.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for versions before 2.3.14 which have a vulnerable escape method" + def run_check if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0' diff --git a/lib/brakeman/checks/check_evaluation.rb b/lib/brakeman/checks/check_evaluation.rb index 3158d52e6034e29351df5562e8f53300b4aad7fb..4685400cde99df5cae46ea22bf01baecbea23845 100644 --- a/lib/brakeman/checks/check_evaluation.rb +++ b/lib/brakeman/checks/check_evaluation.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckEvaluation < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Searches for evaluation of user input" + #Process calls def run_check Brakeman.debug "Finding eval-like calls" diff --git a/lib/brakeman/checks/check_execute.rb b/lib/brakeman/checks/check_execute.rb index 736452185e4f214ff4b7b53347d59e0fe40ba051..d8d55b1498c7d9b294506ea7853d41d93d0d8c6a 100644 --- a/lib/brakeman/checks/check_execute.rb +++ b/lib/brakeman/checks/check_execute.rb @@ -11,6 +11,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckExecute < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Finds instances of possible command injection" + #Check models, controllers, and views for command injection. def run_check Brakeman.debug "Finding system calls using ``" diff --git a/lib/brakeman/checks/check_file_access.rb b/lib/brakeman/checks/check_file_access.rb index 48f868267968404a1f3e00f053c30a1893cec5de..2f97fb27fdc947314c430dce9bb7265ce9a3ad3b 100644 --- a/lib/brakeman/checks/check_file_access.rb +++ b/lib/brakeman/checks/check_file_access.rb @@ -5,6 +5,8 @@ require 'brakeman/processors/lib/processor_helper' class Brakeman::CheckFileAccess < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Finds possible file access using user input" + def run_check Brakeman.debug "Finding possible file access" methods = tracker.find_call :targets => [:Dir, :File, :IO, :Kernel, :"Net::FTP", :"Net::HTTP", :PStore, :Pathname, :Shell, :YAML], :methods => [:[], :chdir, :chroot, :delete, :entries, :foreach, :glob, :install, :lchmod, :lchown, :link, :load, :load_file, :makedirs, :move, :new, :open, :read, :read_lines, :rename, :rmdir, :safe_unlink, :symlink, :syscopy, :sysopen, :truncate, :unlink] diff --git a/lib/brakeman/checks/check_filter_skipping.rb b/lib/brakeman/checks/check_filter_skipping.rb index 91ffc01b66c0afcb76fe5fd65b5f657ff5234aab..9b13a4e03879594661df60a532f4b2c776094a4d 100644 --- a/lib/brakeman/checks/check_filter_skipping.rb +++ b/lib/brakeman/checks/check_filter_skipping.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for versions 3.0-3.0.9 which had a vulnerability in filters" + def run_check if version_between?('3.0.0', '3.0.9') and uses_arbitrary_actions? diff --git a/lib/brakeman/checks/check_forgery_setting.rb b/lib/brakeman/checks/check_forgery_setting.rb index 05c8e4b857a02571a2c08c37502a1073d7d2984a..b3783c58a8e98bd474fd3923e85a433ea076b785 100644 --- a/lib/brakeman/checks/check_forgery_setting.rb +++ b/lib/brakeman/checks/check_forgery_setting.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckForgerySetting < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Verifies that protect_from_forgery is enabled in ApplicationController" + def run_check app_controller = tracker.controllers[:ApplicationController] if tracker.config[:rails][:action_controller] and diff --git a/lib/brakeman/checks/check_link_to.rb b/lib/brakeman/checks/check_link_to.rb index a5d7c87efba68c7a1b3eee087114e0d8bc1e6763..f7834c1b3b6f0ecc7b6e0dfe442d065aa049a199 100644 --- a/lib/brakeman/checks/check_link_to.rb +++ b/lib/brakeman/checks/check_link_to.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/check_cross_site_scripting' class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting Brakeman::Checks.add self + @description = "Checks for XSS in link_to in versions before 3.0" + def run_check return unless version_between?("2.0.0", "2.9.9") and not tracker.config[:escape_html] diff --git a/lib/brakeman/checks/check_mail_to.rb b/lib/brakeman/checks/check_mail_to.rb index 5a297d5cc7d5d100f26af1d17b4e72731a9989d8..2f40d6a30b654061d7660b0b66615e3176ed281d 100644 --- a/lib/brakeman/checks/check_mail_to.rb +++ b/lib/brakeman/checks/check_mail_to.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckMailTo < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for mail_to XSS vulnerability in certain versions" + def run_check if (version_between? "2.3.0", "2.3.10" or version_between? "3.0.0", "3.0.3") and result = mail_to_javascript? message = "Vulnerability in mail_to using javascript encoding (CVE-2011-0446). Upgrade to Rails version " diff --git a/lib/brakeman/checks/check_mass_assignment.rb b/lib/brakeman/checks/check_mass_assignment.rb index 4109ec44f1504de1cf59d0150659277347c47a9e..e13d15c58cc5b3ccb306781ef67c9e4cc2c9df85 100644 --- a/lib/brakeman/checks/check_mass_assignment.rb +++ b/lib/brakeman/checks/check_mass_assignment.rb @@ -7,6 +7,8 @@ require 'set' class Brakeman::CheckMassAssignment < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Finds instances of mass assignment" + def run_check return if mass_assign_disabled? diff --git a/lib/brakeman/checks/check_model_attributes.rb b/lib/brakeman/checks/check_model_attributes.rb index 3406e34e03a97d464a1a96e799edfd35443cee90..0451876d4441fccfef54e2935f936953a8f187a1 100644 --- a/lib/brakeman/checks/check_model_attributes.rb +++ b/lib/brakeman/checks/check_model_attributes.rb @@ -8,6 +8,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckModelAttributes < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Reports models which do not use attr_restricted and warns on models that use attr_protected" + def run_check return if mass_assign_disabled? diff --git a/lib/brakeman/checks/check_nested_attributes.rb b/lib/brakeman/checks/check_nested_attributes.rb index 1df79d25ba112c7183e39c659c9a2e507406321f..142403db4416976f6c953c1c9ab07eaa0efd5838 100644 --- a/lib/brakeman/checks/check_nested_attributes.rb +++ b/lib/brakeman/checks/check_nested_attributes.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for nested attributes vulnerability in Rails 2.3.9 and 3.0.0" + def run_check version = tracker.config[:rails_version] diff --git a/lib/brakeman/checks/check_quote_table_name.rb b/lib/brakeman/checks/check_quote_table_name.rb index a817b2169dbe5c0a551c5ddd9fd6d4f72d166c23..93fbb349f5804e6a0c2b7c268962bc6872bff565 100644 --- a/lib/brakeman/checks/check_quote_table_name.rb +++ b/lib/brakeman/checks/check_quote_table_name.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for quote_table_name vulnerability in versions before 2.3.14 and 3.0.10" + def run_check if (version_between?('2.0.0', '2.3.13') or version_between?('3.0.0', '3.0.9')) diff --git a/lib/brakeman/checks/check_redirect.rb b/lib/brakeman/checks/check_redirect.rb index ce795ff4053356aacee7a1752079a72082bf26e2..4baf4f2a89a66305258f2e2df5272402e6dbd1df 100644 --- a/lib/brakeman/checks/check_redirect.rb +++ b/lib/brakeman/checks/check_redirect.rb @@ -8,6 +8,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckRedirect < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Looks for calls to redirect_to with user input as arguments" + def run_check Brakeman.debug "Finding calls to redirect_to()" diff --git a/lib/brakeman/checks/check_render.rb b/lib/brakeman/checks/check_render.rb index 464691f404796d0575cefaa66b281eeefa4931d2..c2cea5b8e0c8e8a840a69e4cfcfc7d60b9dd5fe5 100644 --- a/lib/brakeman/checks/check_render.rb +++ b/lib/brakeman/checks/check_render.rb @@ -4,6 +4,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckRender < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Finds calls to render that might allow file access" + def run_check tracker.find_call(:target => nil, :method => :render).each do |result| process_render result diff --git a/lib/brakeman/checks/check_response_splitting.rb b/lib/brakeman/checks/check_response_splitting.rb index 408c9cce1bf60ff6f32146e32f14992e998085d9..ec1efa1f39d0c7639aabdebd2dce5134b8d9fd5f 100644 --- a/lib/brakeman/checks/check_response_splitting.rb +++ b/lib/brakeman/checks/check_response_splitting.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Report response splitting in Rails 2.3.0 - 2.3.13" + def run_check if version_between?('2.3.0', '2.3.13') diff --git a/lib/brakeman/checks/check_send_file.rb b/lib/brakeman/checks/check_send_file.rb index 7cf05bf2b5bf669de307613e63bf1b4f028089a1..e45325aef4333430832eabf1aaf84ee3e284a301 100644 --- a/lib/brakeman/checks/check_send_file.rb +++ b/lib/brakeman/checks/check_send_file.rb @@ -5,6 +5,8 @@ require 'brakeman/processors/lib/processor_helper' class Brakeman::CheckSendFile < Brakeman::CheckFileAccess Brakeman::Checks.add self + @description = "Check for user input in uses of send_file" + def run_check Brakeman.debug "Finding all calls to send_file()" diff --git a/lib/brakeman/checks/check_session_settings.rb b/lib/brakeman/checks/check_session_settings.rb index 894d708c466d8372f3c5ab2fec821384da78d272..b3e7f6db61921caf735c9252aab6c67e27014a5b 100644 --- a/lib/brakeman/checks/check_session_settings.rb +++ b/lib/brakeman/checks/check_session_settings.rb @@ -4,6 +4,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckSessionSettings < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for session key length and http_only settings" + def initialize *args super diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb index 355d922a87df82ad9c5f55b83ecd5d84050ec98d..466f6e251fab943264e93962989ec1b45a078779 100644 --- a/lib/brakeman/checks/check_sql.rb +++ b/lib/brakeman/checks/check_sql.rb @@ -11,6 +11,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckSQL < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Check for SQL injection" + def run_check @rails_version = tracker.config[:rails_version] diff --git a/lib/brakeman/checks/check_strip_tags.rb b/lib/brakeman/checks/check_strip_tags.rb index 1fdd59311a6596e4a9f2e5517a2a6da7925c6778..1b221c4a1eb19d6d7bea36e322d720e927dfb8e1 100644 --- a/lib/brakeman/checks/check_strip_tags.rb +++ b/lib/brakeman/checks/check_strip_tags.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckStripTags < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Report strip_tags vulnerability in versions before 2.3.13 and 3.0.10" + def run_check if (version_between?('2.0.0', '2.3.12') or version_between?('3.0.0', '3.0.9')) and uses_strip_tags? diff --git a/lib/brakeman/checks/check_translate_bug.rb b/lib/brakeman/checks/check_translate_bug.rb index 9f7e0ba515e66cad96538493930f7a3fe92bef85..d77cafe265226de3f8d26ff07d15e72d193ce424 100644 --- a/lib/brakeman/checks/check_translate_bug.rb +++ b/lib/brakeman/checks/check_translate_bug.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckTranslateBug < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Report XSS vulnerability in translate helper" + def run_check if (version_between?('2.3.0', '2.3.99') and tracker.config[:escape_html]) or version_between?('3.0.0', '3.0.10') or diff --git a/lib/brakeman/checks/check_validation_regex.rb b/lib/brakeman/checks/check_validation_regex.rb index 6be68753faf31a70ae95aee77b2042ef9bb3547b..00f2a6918234278e3f8f4dccd51b2f586afd1ed5 100644 --- a/lib/brakeman/checks/check_validation_regex.rb +++ b/lib/brakeman/checks/check_validation_regex.rb @@ -10,6 +10,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckValidationRegex < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Report uses of validates_format_of with improper anchors" + WITH = Sexp.new(:lit, :with) def run_check diff --git a/lib/brakeman/checks/check_without_protection.rb b/lib/brakeman/checks/check_without_protection.rb index ec7681f6fea517f33f676f50b5ecef38331dfebc..a725fb9414274f4cc718173c542ccfabafa0b93b 100644 --- a/lib/brakeman/checks/check_without_protection.rb +++ b/lib/brakeman/checks/check_without_protection.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Check for mass assignment using without_protection" + def run_check if version_between? "0.0.0", "3.0.99" return