Class: Brakeman::BaseCheck

Inherits:
SexpProcessor show all
Includes:
ProcessorHelper, Util
Defined in:
lib/brakeman/checks/base_check.rb

Overview

Basis of vulnerability checks.

Defined Under Namespace

Classes: Match

Constant Summary collapse

CONFIDENCE =
{ :high => 0, :med => 1, :low => 2 }

Constants included from Util

Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Class Attribute Summary collapse

Instance Attribute Summary collapse

Attributes inherited from SexpProcessor

#context, #env, #expected

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Util

#array?, #block?, #call?, #camelize, #class_name, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore

Methods included from ProcessorHelper

#process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module

Methods inherited from SexpProcessor

#in_context, #process, processors, #scope

Constructor Details

#initialize(app_tree, tracker) ⇒ BaseCheck

Initialize Check with Checks.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'lib/brakeman/checks/base_check.rb', line 25

def initialize(app_tree, tracker)
  super()
  @app_tree = app_tree
  @results = [] #only to check for duplicates
  @warnings = []
  @tracker = tracker
  @string_interp = false
  @current_set = nil
  @current_template = @current_module = @current_class = @current_method = nil
  @active_record_models = nil
  @mass_assign_disabled = nil
  @has_user_input = nil
  @safe_input_attributes = Set[:to_i, :to_f, :arel_table, :id]
end

Class Attribute Details

.nameObject

Returns the value of attribute name.



17
18
19
# File 'lib/brakeman/checks/base_check.rb', line 17

def name
  @name
end

Instance Attribute Details

#trackerObject (readonly)

Returns the value of attribute tracker.



10
11
12
# File 'lib/brakeman/checks/base_check.rb', line 10

def tracker
  @tracker
end

#warningsObject (readonly)

Returns the value of attribute warnings.



10
11
12
# File 'lib/brakeman/checks/base_check.rb', line 10

def warnings
  @warnings
end

Class Method Details

.inherited(subclass) ⇒ Object



19
20
21
# File 'lib/brakeman/checks/base_check.rb', line 19

def inherited(subclass)
  subclass.name = subclass.to_s.match(/^Brakeman::(.*)$/)[1]
end

Instance Method Details

#add_result(result, location = nil) ⇒ Object

Add result to result list, which is used to check for duplicates



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/brakeman/checks/base_check.rb', line 41

def add_result result, location = nil
  location ||= (@current_template && @current_template.name) || @current_class || @current_module || @current_set || result[:location][:class] || result[:location][:template]
  location = location[:name] if location.is_a? Hash
  location = location.name if location.is_a? Brakeman::Collection
  location = location.to_sym

  if result.is_a? Hash
    line = result[:call].original_line || result[:call].line
  elsif sexp? result
    line = result.original_line || result.line
  else
    raise ArgumentError
  end

  @results << [line, location, result]
end

#process_call(exp) ⇒ Object

Process calls and check if they include user input



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'lib/brakeman/checks/base_check.rb', line 73

def process_call exp
  process exp.target if sexp? exp.target
  process_call_args exp

  target = exp.target

  unless @safe_input_attributes.include? exp.method
    if params? target
      @has_user_input = Match.new(:params, exp)
    elsif cookies? target
      @has_user_input = Match.new(:cookies, exp)
    elsif request_env? target
      @has_user_input = Match.new(:request, exp)
    elsif sexp? target and model_name? target[1] #TODO: Can this be target.target?
      @has_user_input = Match.new(:model, exp)
    end
  end

  exp
end

#process_cookies(exp) ⇒ Object

Note that cookies are included in current expression



113
114
115
116
# File 'lib/brakeman/checks/base_check.rb', line 113

def process_cookies exp
  @has_user_input = Match.new(:cookies, exp)
  exp
end

#process_default(exp) ⇒ Object

Default Sexp processing. Iterates over each value in the Sexp and processes them if they are also Sexps.



60
61
62
63
64
65
66
67
68
69
70
# File 'lib/brakeman/checks/base_check.rb', line 60

def process_default exp
  exp.each_with_index do |e, i|
    if sexp? e
      process e
    else
      e
    end
  end

  exp
end

#process_dstr(exp) ⇒ Object

Does not actually process string interpolation, but notes that it occurred.



119
120
121
122
# File 'lib/brakeman/checks/base_check.rb', line 119

def process_dstr exp
  @string_interp = Match.new(:interp, exp)
  process_default exp
end

#process_if(exp) ⇒ Object



94
95
96
97
98
99
100
101
102
103
104
# File 'lib/brakeman/checks/base_check.rb', line 94

def process_if exp
  #This is to ignore user input in condition
  current_user_input = @has_user_input
  process exp.condition
  @has_user_input = current_user_input

  process exp.then_clause if sexp? exp.then_clause
  process exp.else_clause if sexp? exp.else_clause

  exp
end

#process_params(exp) ⇒ Object

Note that params are included in current expression



107
108
109
110
# File 'lib/brakeman/checks/base_check.rb', line 107

def process_params exp
  @has_user_input = Match.new(:params, exp)
  exp
end