From fe7512f8ca284deaa4f4af0c9fb17d599a5c460a Mon Sep 17 00:00:00 2001 From: Justin Collins Date: Thu, 2 Feb 2012 11:24:59 -0800 Subject: [PATCH] Add check descriptions for -k output --- lib/brakeman.rb | 4 +++- lib/brakeman/checks/base_check.rb | 4 ++++ lib/brakeman/checks/check_basic_auth.rb | 2 ++ lib/brakeman/checks/check_cross_site_scripting.rb | 2 ++ lib/brakeman/checks/check_default_routes.rb | 2 ++ lib/brakeman/checks/check_escape_function.rb | 2 ++ lib/brakeman/checks/check_evaluation.rb | 2 ++ lib/brakeman/checks/check_execute.rb | 2 ++ lib/brakeman/checks/check_file_access.rb | 2 ++ lib/brakeman/checks/check_filter_skipping.rb | 2 ++ lib/brakeman/checks/check_forgery_setting.rb | 2 ++ lib/brakeman/checks/check_link_to.rb | 2 ++ lib/brakeman/checks/check_mail_to.rb | 2 ++ lib/brakeman/checks/check_mass_assignment.rb | 2 ++ lib/brakeman/checks/check_model_attributes.rb | 2 ++ lib/brakeman/checks/check_nested_attributes.rb | 2 ++ lib/brakeman/checks/check_quote_table_name.rb | 2 ++ lib/brakeman/checks/check_redirect.rb | 2 ++ lib/brakeman/checks/check_render.rb | 2 ++ lib/brakeman/checks/check_response_splitting.rb | 2 ++ lib/brakeman/checks/check_send_file.rb | 2 ++ lib/brakeman/checks/check_session_settings.rb | 2 ++ lib/brakeman/checks/check_sql.rb | 2 ++ lib/brakeman/checks/check_strip_tags.rb | 2 ++ lib/brakeman/checks/check_translate_bug.rb | 2 ++ lib/brakeman/checks/check_validation_regex.rb | 2 ++ lib/brakeman/checks/check_without_protection.rb | 2 ++ 27 files changed, 57 insertions(+), 1 deletion(-) diff --git a/lib/brakeman.rb b/lib/brakeman.rb index 5399460d..2f14134c 100644 --- a/lib/brakeman.rb +++ b/lib/brakeman.rb @@ -162,7 +162,9 @@ module Brakeman require 'brakeman/scanner' $stderr.puts "Available Checks:" $stderr.puts "-" * 30 - $stderr.puts Checks.checks.map { |c| c.to_s.match(/^Brakeman::(.*)$/)[1] }.sort.join "\n" + $stderr.puts Checks.checks.map { |c| + c.to_s.match(/^Brakeman::(.*)$/)[1].ljust(27) << c.description + }.sort.join "\n" end #Installs Rake task for running Brakeman, diff --git a/lib/brakeman/checks/base_check.rb b/lib/brakeman/checks/base_check.rb index c572c709..bcb1279a 100644 --- a/lib/brakeman/checks/base_check.rb +++ b/lib/brakeman/checks/base_check.rb @@ -396,4 +396,8 @@ class Brakeman::BaseCheck < SexpProcessor "config/environment.rb" end end + + def self.description + @description + end end diff --git a/lib/brakeman/checks/check_basic_auth.rb b/lib/brakeman/checks/check_basic_auth.rb index b88bafb7..b210253b 100644 --- a/lib/brakeman/checks/check_basic_auth.rb +++ b/lib/brakeman/checks/check_basic_auth.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckBasicAuth < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for the use of http_basic_authenticate_with" + def run_check return if version_between? "0.0.0", "3.0.99" diff --git a/lib/brakeman/checks/check_cross_site_scripting.rb b/lib/brakeman/checks/check_cross_site_scripting.rb index 253ff491..ed501160 100644 --- a/lib/brakeman/checks/check_cross_site_scripting.rb +++ b/lib/brakeman/checks/check_cross_site_scripting.rb @@ -14,6 +14,8 @@ require 'set' class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for unescaped output in views" + #Model methods which are known to be harmless IGNORE_MODEL_METHODS = Set.new([:average, :count, :maximum, :minimum, :sum]) diff --git a/lib/brakeman/checks/check_default_routes.rb b/lib/brakeman/checks/check_default_routes.rb index f96c61c5..c26de39a 100644 --- a/lib/brakeman/checks/check_default_routes.rb +++ b/lib/brakeman/checks/check_default_routes.rb @@ -4,6 +4,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for default routes" + #Checks for :allow_all_actions globally and for individual routes #if it is not enabled globally. def run_check diff --git a/lib/brakeman/checks/check_escape_function.rb b/lib/brakeman/checks/check_escape_function.rb index e63e3755..29e6f8b8 100644 --- a/lib/brakeman/checks/check_escape_function.rb +++ b/lib/brakeman/checks/check_escape_function.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for versions before 2.3.14 which have a vulnerable escape method" + def run_check if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0' diff --git a/lib/brakeman/checks/check_evaluation.rb b/lib/brakeman/checks/check_evaluation.rb index 3158d52e..4685400c 100644 --- a/lib/brakeman/checks/check_evaluation.rb +++ b/lib/brakeman/checks/check_evaluation.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckEvaluation < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Searches for evaluation of user input" + #Process calls def run_check Brakeman.debug "Finding eval-like calls" diff --git a/lib/brakeman/checks/check_execute.rb b/lib/brakeman/checks/check_execute.rb index 73645218..d8d55b14 100644 --- a/lib/brakeman/checks/check_execute.rb +++ b/lib/brakeman/checks/check_execute.rb @@ -11,6 +11,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckExecute < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Finds instances of possible command injection" + #Check models, controllers, and views for command injection. def run_check Brakeman.debug "Finding system calls using ``" diff --git a/lib/brakeman/checks/check_file_access.rb b/lib/brakeman/checks/check_file_access.rb index 48f86826..2f97fb27 100644 --- a/lib/brakeman/checks/check_file_access.rb +++ b/lib/brakeman/checks/check_file_access.rb @@ -5,6 +5,8 @@ require 'brakeman/processors/lib/processor_helper' class Brakeman::CheckFileAccess < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Finds possible file access using user input" + def run_check Brakeman.debug "Finding possible file access" methods = tracker.find_call :targets => [:Dir, :File, :IO, :Kernel, :"Net::FTP", :"Net::HTTP", :PStore, :Pathname, :Shell, :YAML], :methods => [:[], :chdir, :chroot, :delete, :entries, :foreach, :glob, :install, :lchmod, :lchown, :link, :load, :load_file, :makedirs, :move, :new, :open, :read, :read_lines, :rename, :rmdir, :safe_unlink, :symlink, :syscopy, :sysopen, :truncate, :unlink] diff --git a/lib/brakeman/checks/check_filter_skipping.rb b/lib/brakeman/checks/check_filter_skipping.rb index 91ffc01b..9b13a4e0 100644 --- a/lib/brakeman/checks/check_filter_skipping.rb +++ b/lib/brakeman/checks/check_filter_skipping.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckFilterSkipping < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for versions 3.0-3.0.9 which had a vulnerability in filters" + def run_check if version_between?('3.0.0', '3.0.9') and uses_arbitrary_actions? diff --git a/lib/brakeman/checks/check_forgery_setting.rb b/lib/brakeman/checks/check_forgery_setting.rb index 05c8e4b8..b3783c58 100644 --- a/lib/brakeman/checks/check_forgery_setting.rb +++ b/lib/brakeman/checks/check_forgery_setting.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckForgerySetting < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Verifies that protect_from_forgery is enabled in ApplicationController" + def run_check app_controller = tracker.controllers[:ApplicationController] if tracker.config[:rails][:action_controller] and diff --git a/lib/brakeman/checks/check_link_to.rb b/lib/brakeman/checks/check_link_to.rb index a5d7c87e..f7834c1b 100644 --- a/lib/brakeman/checks/check_link_to.rb +++ b/lib/brakeman/checks/check_link_to.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/check_cross_site_scripting' class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting Brakeman::Checks.add self + @description = "Checks for XSS in link_to in versions before 3.0" + def run_check return unless version_between?("2.0.0", "2.9.9") and not tracker.config[:escape_html] diff --git a/lib/brakeman/checks/check_mail_to.rb b/lib/brakeman/checks/check_mail_to.rb index 5a297d5c..2f40d6a3 100644 --- a/lib/brakeman/checks/check_mail_to.rb +++ b/lib/brakeman/checks/check_mail_to.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckMailTo < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for mail_to XSS vulnerability in certain versions" + def run_check if (version_between? "2.3.0", "2.3.10" or version_between? "3.0.0", "3.0.3") and result = mail_to_javascript? message = "Vulnerability in mail_to using javascript encoding (CVE-2011-0446). Upgrade to Rails version " diff --git a/lib/brakeman/checks/check_mass_assignment.rb b/lib/brakeman/checks/check_mass_assignment.rb index 4109ec44..e13d15c5 100644 --- a/lib/brakeman/checks/check_mass_assignment.rb +++ b/lib/brakeman/checks/check_mass_assignment.rb @@ -7,6 +7,8 @@ require 'set' class Brakeman::CheckMassAssignment < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Finds instances of mass assignment" + def run_check return if mass_assign_disabled? diff --git a/lib/brakeman/checks/check_model_attributes.rb b/lib/brakeman/checks/check_model_attributes.rb index 3406e34e..0451876d 100644 --- a/lib/brakeman/checks/check_model_attributes.rb +++ b/lib/brakeman/checks/check_model_attributes.rb @@ -8,6 +8,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckModelAttributes < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Reports models which do not use attr_restricted and warns on models that use attr_protected" + def run_check return if mass_assign_disabled? diff --git a/lib/brakeman/checks/check_nested_attributes.rb b/lib/brakeman/checks/check_nested_attributes.rb index 1df79d25..142403db 100644 --- a/lib/brakeman/checks/check_nested_attributes.rb +++ b/lib/brakeman/checks/check_nested_attributes.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckNestedAttributes < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for nested attributes vulnerability in Rails 2.3.9 and 3.0.0" + def run_check version = tracker.config[:rails_version] diff --git a/lib/brakeman/checks/check_quote_table_name.rb b/lib/brakeman/checks/check_quote_table_name.rb index a817b216..93fbb349 100644 --- a/lib/brakeman/checks/check_quote_table_name.rb +++ b/lib/brakeman/checks/check_quote_table_name.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for quote_table_name vulnerability in versions before 2.3.14 and 3.0.10" + def run_check if (version_between?('2.0.0', '2.3.13') or version_between?('3.0.0', '3.0.9')) diff --git a/lib/brakeman/checks/check_redirect.rb b/lib/brakeman/checks/check_redirect.rb index ce795ff4..4baf4f2a 100644 --- a/lib/brakeman/checks/check_redirect.rb +++ b/lib/brakeman/checks/check_redirect.rb @@ -8,6 +8,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckRedirect < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Looks for calls to redirect_to with user input as arguments" + def run_check Brakeman.debug "Finding calls to redirect_to()" diff --git a/lib/brakeman/checks/check_render.rb b/lib/brakeman/checks/check_render.rb index 464691f4..c2cea5b8 100644 --- a/lib/brakeman/checks/check_render.rb +++ b/lib/brakeman/checks/check_render.rb @@ -4,6 +4,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckRender < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Finds calls to render that might allow file access" + def run_check tracker.find_call(:target => nil, :method => :render).each do |result| process_render result diff --git a/lib/brakeman/checks/check_response_splitting.rb b/lib/brakeman/checks/check_response_splitting.rb index 408c9cce..ec1efa1f 100644 --- a/lib/brakeman/checks/check_response_splitting.rb +++ b/lib/brakeman/checks/check_response_splitting.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckResponseSplitting < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Report response splitting in Rails 2.3.0 - 2.3.13" + def run_check if version_between?('2.3.0', '2.3.13') diff --git a/lib/brakeman/checks/check_send_file.rb b/lib/brakeman/checks/check_send_file.rb index 7cf05bf2..e45325ae 100644 --- a/lib/brakeman/checks/check_send_file.rb +++ b/lib/brakeman/checks/check_send_file.rb @@ -5,6 +5,8 @@ require 'brakeman/processors/lib/processor_helper' class Brakeman::CheckSendFile < Brakeman::CheckFileAccess Brakeman::Checks.add self + @description = "Check for user input in uses of send_file" + def run_check Brakeman.debug "Finding all calls to send_file()" diff --git a/lib/brakeman/checks/check_session_settings.rb b/lib/brakeman/checks/check_session_settings.rb index 894d708c..b3e7f6db 100644 --- a/lib/brakeman/checks/check_session_settings.rb +++ b/lib/brakeman/checks/check_session_settings.rb @@ -4,6 +4,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckSessionSettings < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Checks for session key length and http_only settings" + def initialize *args super diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb index 355d922a..466f6e25 100644 --- a/lib/brakeman/checks/check_sql.rb +++ b/lib/brakeman/checks/check_sql.rb @@ -11,6 +11,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckSQL < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Check for SQL injection" + def run_check @rails_version = tracker.config[:rails_version] diff --git a/lib/brakeman/checks/check_strip_tags.rb b/lib/brakeman/checks/check_strip_tags.rb index 1fdd5931..1b221c4a 100644 --- a/lib/brakeman/checks/check_strip_tags.rb +++ b/lib/brakeman/checks/check_strip_tags.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckStripTags < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Report strip_tags vulnerability in versions before 2.3.13 and 3.0.10" + def run_check if (version_between?('2.0.0', '2.3.12') or version_between?('3.0.0', '3.0.9')) and uses_strip_tags? diff --git a/lib/brakeman/checks/check_translate_bug.rb b/lib/brakeman/checks/check_translate_bug.rb index 9f7e0ba5..d77cafe2 100644 --- a/lib/brakeman/checks/check_translate_bug.rb +++ b/lib/brakeman/checks/check_translate_bug.rb @@ -5,6 +5,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckTranslateBug < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Report XSS vulnerability in translate helper" + def run_check if (version_between?('2.3.0', '2.3.99') and tracker.config[:escape_html]) or version_between?('3.0.0', '3.0.10') or diff --git a/lib/brakeman/checks/check_validation_regex.rb b/lib/brakeman/checks/check_validation_regex.rb index 6be68753..00f2a691 100644 --- a/lib/brakeman/checks/check_validation_regex.rb +++ b/lib/brakeman/checks/check_validation_regex.rb @@ -10,6 +10,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckValidationRegex < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Report uses of validates_format_of with improper anchors" + WITH = Sexp.new(:lit, :with) def run_check diff --git a/lib/brakeman/checks/check_without_protection.rb b/lib/brakeman/checks/check_without_protection.rb index ec7681f6..a725fb94 100644 --- a/lib/brakeman/checks/check_without_protection.rb +++ b/lib/brakeman/checks/check_without_protection.rb @@ -7,6 +7,8 @@ require 'brakeman/checks/base_check' class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck Brakeman::Checks.add self + @description = "Check for mass assignment using without_protection" + def run_check if version_between? "0.0.0", "3.0.99" return -- GitLab