Class: Brakeman::CheckRenderInline
- Inherits:
-
CheckCrossSiteScripting
- Object
- SexpProcessor
- BaseCheck
- CheckCrossSiteScripting
- Brakeman::CheckRenderInline
- Defined in:
- lib/brakeman/checks/check_render_inline.rb
Constant Summary collapse
- CONTENT_TYPES =
["text/html", "text/javascript", "application/javascript"]
Constants inherited from CheckCrossSiteScripting
Brakeman::CheckCrossSiteScripting::CGI, Brakeman::CheckCrossSiteScripting::FORM_BUILDER, Brakeman::CheckCrossSiteScripting::HAML_HELPERS, Brakeman::CheckCrossSiteScripting::IGNORE_LIKE, Brakeman::CheckCrossSiteScripting::IGNORE_MODEL_METHODS, Brakeman::CheckCrossSiteScripting::MODEL_METHODS, Brakeman::CheckCrossSiteScripting::URI, Brakeman::CheckCrossSiteScripting::XML_HELPER
Constants inherited from BaseCheck
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseCheck
Attributes inherited from SexpProcessor
Instance Method Summary collapse
Methods inherited from CheckCrossSiteScripting
#actually_process_call, #boolean_method?, #cgi_escaped?, #check_for_immediate_xss, #form_builder_method?, #haml_escaped?, #html_safe_call?, #ignore_call?, #ignored_method?, #ignored_model_method?, #likely_model_attribute?, #process_call, #process_case, #process_cookies, #process_dstr, #process_escaped_output, #process_format, #process_format_escaped, #process_if, #process_output, #process_params, #process_render, #raw_call?, #safe_input_attribute?, #setup, #xml_escaped?
Methods inherited from BaseCheck
#add_result, inherited, #initialize, #process_call, #process_cookies, #process_default, #process_dstr, #process_if, #process_params
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module
Methods inherited from SexpProcessor
#in_context, #initialize, #process, processors, #scope
Constructor Details
This class inherits a constructor from Brakeman::BaseCheck
Instance Method Details
#check_render(result) ⇒ Object
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lib/brakeman/checks/check_render_inline.rb', line 14 def check_render result return if duplicate? result add_result result call = result[:call] if node_type? call, :render and (call.render_type == :text or call.render_type == :inline) unless call.render_type == :text and content_type_set? call[3] render_value = call[2] if input = has_immediate_user_input?(render_value) warn :result => result, :warning_type => "Cross Site Scripting", :warning_code => :cross_site_scripting_inline, :message => "Unescaped #{friendly_type_of input} rendered inline", :user_input => input, :confidence => CONFIDENCE[:high] elsif input = has_immediate_model?(render_value) warn :result => result, :warning_type => "Cross Site Scripting", :warning_code => :cross_site_scripting_inline, :message => "Unescaped model attribute rendered inline", :user_input => input, :confidence => CONFIDENCE[:med] end end end end |
#content_type_set?(opts) ⇒ Boolean
47 48 49 50 51 52 53 |
# File 'lib/brakeman/checks/check_render_inline.rb', line 47 def content_type_set? opts if hash? opts content_type = hash_access(opts, :content_type) string? content_type and not CONTENT_TYPES.include? content_type.value end end |
#run_check ⇒ Object
6 7 8 9 10 11 12 |
# File 'lib/brakeman/checks/check_render_inline.rb', line 6 def run_check setup tracker.find_call(:target => nil, :method => :render).each do |result| check_render result end end |