Class: Brakeman::BaseCheck
- Inherits:
-
SexpProcessor
- Object
- SexpProcessor
- Brakeman::BaseCheck
- Includes:
- ProcessorHelper, Util
- Defined in:
- lib/brakeman/checks/base_check.rb
Overview
Basis of vulnerability checks.
Direct Known Subclasses
CheckBasicAuth, CheckCrossSiteScripting, CheckDefaultRoutes, CheckDigestDoS, CheckEscapeFunction, CheckEvaluation, CheckExecute, CheckFileAccess, CheckFilterSkipping, CheckForgerySetting, CheckMailTo, CheckMassAssignment, CheckModelAttributes, CheckNestedAttributes, CheckQuoteTableName, CheckRedirect, CheckRender, CheckResponseSplitting, CheckSQL, CheckSafeBufferManipulation, CheckSelectTag, CheckSelectVulnerability, CheckSend, CheckSessionSettings, CheckSingleQuotes, CheckSkipBeforeFilter, CheckStripTags, CheckTranslateBug, CheckValidationRegex, CheckWithoutProtection
Defined Under Namespace
Classes: Match
Constant Summary collapse
- CONFIDENCE =
{ :high => 0, :med => 1, :low => 2 }
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::PARAMETERS, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION
Constants inherited from SexpProcessor
Instance Attribute Summary collapse
-
#tracker ⇒ Object
readonly
Returns the value of attribute tracker.
-
#warnings ⇒ Object
readonly
Returns the value of attribute warnings.
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#add_result(result, location = nil) ⇒ Object
Add result to result list, which is used to check for duplicates.
-
#initialize(tracker) ⇒ BaseCheck
constructor
Initialize Check with Checks.
-
#process_call(exp) ⇒ Object
Process calls and check if they include user input.
-
#process_cookies(exp) ⇒ Object
Note that cookies are included in current expression.
-
#process_default(exp) ⇒ Object
Default Sexp processing.
- #process_if(exp) ⇒ Object
-
#process_params(exp) ⇒ Object
Note that params are included in current expression.
Methods included from Util
#array?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #node_type?, #number?, #params?, #pluralize, #regexp?, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #process, #process_dummy, #scope
Constructor Details
#initialize(tracker) ⇒ BaseCheck
Initialize Check with Checks.
17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/brakeman/checks/base_check.rb', line 17 def initialize tracker super() @results = [] #only to check for duplicates @warnings = [] @tracker = tracker @string_interp = false @current_set = nil @current_template = @current_module = @current_class = @current_method = nil @mass_assign_disabled = nil @safe_input_attributes = Set[:to_i, :to_f, :arel_table] end |
Instance Attribute Details
#tracker ⇒ Object (readonly)
Returns the value of attribute tracker.
10 11 12 |
# File 'lib/brakeman/checks/base_check.rb', line 10 def tracker @tracker end |
#warnings ⇒ Object (readonly)
Returns the value of attribute warnings.
10 11 12 |
# File 'lib/brakeman/checks/base_check.rb', line 10 def warnings @warnings end |
Instance Method Details
#add_result(result, location = nil) ⇒ Object
Add result to result list, which is used to check for duplicates
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/brakeman/checks/base_check.rb', line 30 def add_result result, location = nil location ||= (@current_template && @current_template[:name]) || @current_class || @current_module || @current_set || result[:location][1] location = location[:name] if location.is_a? Hash location = location.to_sym if result.is_a? Hash line = result[:call].original_line || result[:call].line elsif sexp? result line = result.original_line || result.line else raise ArgumentError end @results << [line, location, result] end |
#process_call(exp) ⇒ Object
Process calls and check if they include user input
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/brakeman/checks/base_check.rb', line 61 def process_call exp process exp.target if sexp? exp.target process_all exp.args target = exp.target unless @safe_input_attributes.include? exp.method if params? target @has_user_input = Match.new(:params, exp) elsif target @has_user_input = Match.new(:cookies, exp) elsif request_env? target @has_user_input = Match.new(:request, exp) elsif sexp? target and model_name? target[1] @has_user_input = Match.new(:model, exp) end end exp end |
#process_cookies(exp) ⇒ Object
Note that cookies are included in current expression
101 102 103 104 |
# File 'lib/brakeman/checks/base_check.rb', line 101 def exp @has_user_input = Match.new(:cookies, exp) exp end |
#process_default(exp) ⇒ Object
Default Sexp processing. Iterates over each value in the Sexp and processes them if they are also Sexps.
48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/brakeman/checks/base_check.rb', line 48 def process_default exp exp.each_with_index do |e, i| if sexp? e process e else e end end exp end |
#process_if(exp) ⇒ Object
82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/brakeman/checks/base_check.rb', line 82 def process_if exp #This is to ignore user input in condition current_user_input = @has_user_input process exp.condition @has_user_input = current_user_input process exp.then_clause if sexp? exp.then_clause process exp.else_clause if sexp? exp.else_clause exp end |