Class: Brakeman::CheckJSONParsing
- Inherits:
-
BaseCheck
- Object
- SexpProcessor
- BaseCheck
- Brakeman::CheckJSONParsing
- Defined in:
- lib/brakeman/checks/check_json_parsing.rb
Constant Summary
Constants inherited from BaseCheck
Constants included from Util
Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseCheck
Attributes inherited from SexpProcessor
Instance Method Summary collapse
- #check_cve_2013_0269 ⇒ Object
- #check_cve_2013_0333 ⇒ Object
- #check_json_version(name, version) ⇒ Object
-
#initialize(*args) ⇒ CheckJSONParsing
constructor
A new instance of CheckJSONParsing.
- #run_check ⇒ Object
-
#uses_gem_backend? ⇒ Boolean
Check for ‘ActiveSupport::JSON.backend = “JSONGem”`.
- #uses_json_parse? ⇒ Boolean
-
#uses_yajl? ⇒ Boolean
Check if ‘yajl` is included in Gemfile.
Methods inherited from BaseCheck
#add_result, inherited, #process_array, #process_call, #process_cookies, #process_default, #process_dstr, #process_if, #process_params
Methods included from Messages
#msg, #msg_code, #msg_cve, #msg_file, #msg_input, #msg_lit, #msg_plain, #msg_version
Methods included from Util
#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_env?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore
Methods included from ProcessorHelper
#current_file, #process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module
Methods inherited from SexpProcessor
#in_context, #process, processors, #scope
Constructor Details
#initialize(*args) ⇒ CheckJSONParsing
Returns a new instance of CheckJSONParsing.
8 9 10 11 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 8 def initialize *args super @uses_json_parse = nil end |
Instance Method Details
#check_cve_2013_0269 ⇒ Object
62 63 64 65 66 67 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 62 def check_cve_2013_0269 [:json, :json_pure].each do |name| gem_hash = tracker.config.get_gem name check_json_version name, gem_hash[:version] if gem_hash and gem_hash[:version] end end |
#check_cve_2013_0333 ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 18 def check_cve_2013_0333 return unless version_between? "0.0.0", "2.3.15" or version_between? "3.0.0", "3.0.19" unless uses_yajl? or uses_gem_backend? new_version = if version_between? "0.0.0", "2.3.14" "2.3.16" elsif version_between? "3.0.0", "3.0.19" "3.0.20" end = msg(msg_version(rails_version), " has a serious JSON parsing vulnerability. Upgrade to ", msg_version(new_version), " or patch") gem_info = gemfile_or_environment warn :warning_type => "Remote Code Execution", :warning_code => :CVE_2013_0333, :message => , :confidence => :high, :gem_info => gem_info, :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion" end end |
#check_json_version(name, version) ⇒ Object
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 69 def check_json_version name, version return if version >= "1.7.7" or (version >= "1.6.8" and version < "1.7.0") or (version >= "1.5.5" and version < "1.6.0") warning_type = "Denial of Service" confidence = :medium gem_name = "#{name} gem" = msg(msg_version(version, gem_name), " has a symbol creation vulnerablity. Upgrade to ") if version >= "1.7.0" confidence = :high warning_type = "Remote Code Execution" = msg(msg_version(version, "json gem"), " has a remote code execution vulnerability. Upgrade to ", msg_version("1.7.7", "json gem")) elsif version >= "1.6.0" << msg_version("1.6.8", gem_name) elsif version >= "1.5.0" << msg_version("1.5.5", gem_name) else confidence = :weak << msg_version("1.5.5", gem_name) end if confidence == :medium and uses_json_parse? confidence = :high end warn :warning_type => warning_type, :warning_code => :CVE_2013_0269, :message => , :confidence => confidence, :gem_info => gemfile_or_environment(name), :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion" end |
#run_check ⇒ Object
13 14 15 16 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 13 def run_check check_cve_2013_0333 check_cve_2013_0269 end |
#uses_gem_backend? ⇒ Boolean
Check for ‘ActiveSupport::JSON.backend = “JSONGem”`
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 46 def uses_gem_backend? matches = tracker.find_call(target: :'ActiveSupport::JSON', method: :backend=, chained: true) unless matches.empty? json_gem = s(:str, "JSONGem") matches.each do |result| if result[:call].first_arg == json_gem return true end end end false end |
#uses_json_parse? ⇒ Boolean
104 105 106 107 108 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 104 def uses_json_parse? return @uses_json_parse unless @uses_json_parse.nil? not tracker.find_call(:target => :JSON, :method => :parse).empty? end |
#uses_yajl? ⇒ Boolean
Check if ‘yajl` is included in Gemfile
41 42 43 |
# File 'lib/brakeman/checks/check_json_parsing.rb', line 41 def uses_yajl? tracker.config.has_gem? :yajl end |