Class: Brakeman::CheckSingleQuotes
- Inherits:
-
BaseCheck
- Object
- SexpProcessor
- BaseCheck
- Brakeman::CheckSingleQuotes
- Defined in:
- lib/brakeman/checks/check_single_quotes.rb
Overview
Checks for versions which do not escape single quotes. groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion
Constant Summary collapse
Constants inherited from BaseCheck
Constants included from Util
Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseCheck
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#initialize(*args) ⇒ CheckSingleQuotes
constructor
A new instance of CheckSingleQuotes.
-
#process_call(exp) ⇒ Object
Look for.
-
#process_class(exp) ⇒ Object
Look for.
-
#process_defn(exp) ⇒ Object
Look for.
-
#process_module(exp) ⇒ Object
Look for.
- #run_check ⇒ Object
-
#uses_rack_escape? ⇒ Boolean
Process initializers to see if they use workaround by replacing Erb::Util.html_escape.
Methods inherited from BaseCheck
#add_result, inherited, #process_cookies, #process_default, #process_dstr, #process_if, #process_params
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#current_file_name, #process_all, #process_all!, #process_call_args, #process_call_defn?
Methods inherited from SexpProcessor
#in_context, #process, processors, #scope
Constructor Details
#initialize(*args) ⇒ CheckSingleQuotes
Returns a new instance of CheckSingleQuotes.
11 12 13 14 |
# File 'lib/brakeman/checks/check_single_quotes.rb', line 11 def initialize *args super @inside_erb = @inside_util = @inside_html_escape = @uses_rack_escape = false end |
Instance Method Details
#process_call(exp) ⇒ Object
Look for
Rack::Utils.escape_html
92 93 94 95 96 97 98 99 100 |
# File 'lib/brakeman/checks/check_single_quotes.rb', line 92 def process_call exp if @inside_html_escape and exp.target == RACK_UTILS and exp.method == :escape_html @uses_rack_escape = true else process exp.target if exp.target end exp end |
#process_class(exp) ⇒ Object
Look for
class ERB
53 54 55 56 57 58 59 60 61 |
# File 'lib/brakeman/checks/check_single_quotes.rb', line 53 def process_class exp if exp.class_name == :ERB @inside_erb = true process_all exp.body @inside_erb = false end exp end |
#process_defn(exp) ⇒ Object
Look for
def html_escape
79 80 81 82 83 84 85 86 87 |
# File 'lib/brakeman/checks/check_single_quotes.rb', line 79 def process_defn exp if @inside_util and exp.method_name == :html_escape @inside_html_escape = true process_all exp.body @inside_html_escape = false end exp end |
#process_module(exp) ⇒ Object
Look for
module Util
66 67 68 69 70 71 72 73 74 |
# File 'lib/brakeman/checks/check_single_quotes.rb', line 66 def process_module exp if @inside_erb and exp.module_name == :Util @inside_util = true process_all exp.body @inside_util = false end exp end |
#run_check ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/brakeman/checks/check_single_quotes.rb', line 16 def run_check return if uses_rack_escape? case when version_between?('2.0.0', '2.3.14') = "All Rails 2.x versions do not escape single quotes (CVE-2012-3464)" when version_between?('3.0.0', '3.0.16') = "Rails #{rails_version} does not escape single quotes (CVE-2012-3464). Upgrade to 3.0.17" when version_between?('3.1.0', '3.1.7') = "Rails #{rails_version} does not escape single quotes (CVE-2012-3464). Upgrade to 3.1.8" when version_between?('3.2.0', '3.2.7') = "Rails #{rails_version} does not escape single quotes (CVE-2012-3464). Upgrade to 3.2.8" else return end warn :warning_type => "Cross-Site Scripting", :warning_code => :CVE_2012_3464, :message => , :confidence => :medium, :gem_info => gemfile_or_environment, :link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion" end |
#uses_rack_escape? ⇒ Boolean
Process initializers to see if they use workaround by replacing Erb::Util.html_escape
42 43 44 45 46 47 48 |
# File 'lib/brakeman/checks/check_single_quotes.rb', line 42 def uses_rack_escape? @tracker.initializers.each do |_name, src| process src end @uses_rack_escape end |