Class: Brakeman::BaseCheck

Inherits:
SexpProcessor show all
Includes:
ProcessorHelper, Util
Defined in:
lib/brakeman/checks/base_check.rb

Overview

Basis of vulnerability checks.

Defined Under Namespace

Classes: Match

Constant Summary collapse

CONFIDENCE =
{ :high => 0, :med => 1, :low => 2 }

Constants included from Util

Util::ALL_PARAMETERS, Util::COOKIES, Util::PARAMETERS, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Instance Attribute Summary collapse

Attributes inherited from SexpProcessor

#context, #env, #expected

Instance Method Summary collapse

Methods included from Util

#array?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #node_type?, #number?, #params?, #pluralize, #regexp?, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore

Methods included from ProcessorHelper

#class_name, #process_all, #process_module

Methods inherited from SexpProcessor

#error_handler, #in_context, #process, #process_dummy, #scope

Constructor Details

#initialize(tracker) ⇒ BaseCheck

Initialize Check with Checks.



17
18
19
20
21
22
23
24
25
26
27
# File 'lib/brakeman/checks/base_check.rb', line 17

def initialize tracker
  super()
  @results = [] #only to check for duplicates
  @warnings = []
  @tracker = tracker
  @string_interp = false
  @current_set = nil
  @current_template = @current_module = @current_class = @current_method = nil
  @mass_assign_disabled = nil
  @safe_input_attributes = Set[:to_i, :to_f, :arel_table]
end

Instance Attribute Details

#trackerObject (readonly)

Returns the value of attribute tracker.



10
11
12
# File 'lib/brakeman/checks/base_check.rb', line 10

def tracker
  @tracker
end

#warningsObject (readonly)

Returns the value of attribute warnings.



10
11
12
# File 'lib/brakeman/checks/base_check.rb', line 10

def warnings
  @warnings
end

Instance Method Details

#add_result(result, location = nil) ⇒ Object

Add result to result list, which is used to check for duplicates



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# File 'lib/brakeman/checks/base_check.rb', line 30

def add_result result, location = nil
  location ||= (@current_template && @current_template[:name]) || @current_class || @current_module || @current_set || result[:location][1]
  location = location[:name] if location.is_a? Hash
  location = location.to_sym

  if result.is_a? Hash
    line = result[:call].original_line || result[:call].line
  elsif sexp? result
    line = result.original_line || result.line
  else
    raise ArgumentError
  end

  @results << [line, location, result]
end

#process_call(exp) ⇒ Object

Process calls and check if they include user input



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# File 'lib/brakeman/checks/base_check.rb', line 61

def process_call exp
  process exp.target if sexp? exp.target
  process_all exp.args

  target = exp.target

  unless @safe_input_attributes.include? exp.method
    if params? target
      @has_user_input = Match.new(:params, exp)
    elsif cookies? target
      @has_user_input = Match.new(:cookies, exp)
    elsif request_env? target
      @has_user_input = Match.new(:request, exp)
    elsif sexp? target and model_name? target[1]
      @has_user_input = Match.new(:model, exp)
    end
  end

  exp
end

#process_cookies(exp) ⇒ Object

Note that cookies are included in current expression



101
102
103
104
# File 'lib/brakeman/checks/base_check.rb', line 101

def process_cookies exp
  @has_user_input = Match.new(:cookies, exp)
  exp
end

#process_default(exp) ⇒ Object

Default Sexp processing. Iterates over each value in the Sexp and processes them if they are also Sexps.



48
49
50
51
52
53
54
55
56
57
58
# File 'lib/brakeman/checks/base_check.rb', line 48

def process_default exp
  exp.each_with_index do |e, i|
    if sexp? e
      process e
    else
      e
    end
  end

  exp
end

#process_if(exp) ⇒ Object



82
83
84
85
86
87
88
89
90
91
92
# File 'lib/brakeman/checks/base_check.rb', line 82

def process_if exp
  #This is to ignore user input in condition
  current_user_input = @has_user_input
  process exp.condition
  @has_user_input = current_user_input

  process exp.then_clause if sexp? exp.then_clause
  process exp.else_clause if sexp? exp.else_clause

  exp
end

#process_params(exp) ⇒ Object

Note that params are included in current expression



95
96
97
98
# File 'lib/brakeman/checks/base_check.rb', line 95

def process_params exp
  @has_user_input = Match.new(:params, exp)
  exp
end