Class: Brakeman::CheckRender
- Inherits:
-
BaseCheck
- Object
- SexpProcessor
- BaseCheck
- Brakeman::CheckRender
- Defined in:
- lib/brakeman/checks/check_render.rb
Overview
Check calls to render() for dangerous values
Constant Summary
Constants inherited from BaseCheck
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::PARAMETERS, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseCheck
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#check_for_dynamic_path(result) ⇒ Object
Check if path to action or file is determined dynamically.
- #process_render(result) ⇒ Object
- #run_check ⇒ Object
Methods inherited from BaseCheck
#add_result, #initialize, #process_call, #process_cookies, #process_default, #process_if, #process_params
Methods included from Util
#array?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #node_type?, #number?, #params?, #pluralize, #regexp?, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #initialize, #process, #process_dummy, #scope
Constructor Details
This class inherits a constructor from Brakeman::BaseCheck
Instance Method Details
#check_for_dynamic_path(result) ⇒ Object
Check if path to action or file is determined dynamically
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/brakeman/checks/check_render.rb', line 31 def check_for_dynamic_path result view = result[:call][2] if sexp? view and not duplicate? result add_result result if input = has_immediate_user_input?(view) confidence = CONFIDENCE[:high] elsif input = include_user_input?(view) if node_type? view, :string_interp, :dstr confidence = CONFIDENCE[:med] else confidence = CONFIDENCE[:low] end else return end = "Render path contains " case input.type when :params << "parameter value" when :cookies << "cookie value" when :request << "request value" when :model #Skip models return else << "user input value" end warn :result => result, :warning_type => "Dynamic Render Path", :message => , :user_input => input.match, :confidence => confidence end end |
#process_render(result) ⇒ Object
15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'lib/brakeman/checks/check_render.rb', line 15 def process_render result return unless node_type? result[:call], :render case result[:call].render_type when :partial, :template, :action, :file check_for_dynamic_path result when :inline when :js when :json when :text when :update when :xml end end |
#run_check ⇒ Object
9 10 11 12 13 |
# File 'lib/brakeman/checks/check_render.rb', line 9 def run_check tracker.find_call(:target => nil, :method => :render).each do |result| process_render result end end |