Class: LintFu::Plugins::Rails::SqlInjectionChecker

Inherits:

Checker

Object
Checker
LintFu::Plugins::Rails::SqlInjectionChecker

show all

Defined in:: lib/lint_fu/plugins/rails/sql_injection_checker.rb

Overview

Visit a Rails controller looking for ActiveRecord queries that contain interpolated strings.

Constant Summary collapse

FINDER_REGEXP =

/^(find|first|all)(_or_initialize)?(_by_.*_id)?/

SINK_OPTIONS =

Set.new([:conditions, :select, :order, :group, :from, :include, :join])

Constants inherited from Checker

Checker::SUPPRESSION_COMMENT

Instance Attribute Summary

Attributes inherited from Checker

#context, #file, #scan

Instance Method Summary collapse

#initialize(scan, context, filename, base_confidence = 1.0) ⇒ SqlInjectionChecker constructor

A new instance of SqlInjectionChecker.
#observe_call(sexp) ⇒ Object
#observe_class_begin(sexp) ⇒ Object
#observe_class_end(sexp) ⇒ Object
#observe_defn_begin(sexp) ⇒ Object
#observe_defn_end(sexp) ⇒ Object

Methods inherited from Checker

#method_missing

Constructor Details

#initialize(scan, context, filename, base_confidence = 1.0) ⇒ `SqlInjectionChecker`

Returns a new instance of SqlInjectionChecker.

# File 'lib/lint_fu/plugins/rails/sql_injection_checker.rb', line 51

def initialize(scan, context, filename, base_confidence=1.0)
  super(scan, context, filename)
  @class_definition_scope = []
  @base_confidence = base_confidence
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class LintFu::Checker

Instance Method Details

#observe_call(sexp) ⇒ `Object`

# File 'lib/lint_fu/plugins/rails/sql_injection_checker.rb', line 77

def observe_call(sexp)
  super(sexp)
  return if @class_definition_scope.empty? || !@in_method

  call    = sexp[2].to_s
  arglist = sexp[3]

  tp = tainted_params(arglist)
  if finder?(call) && !tp.empty? && !suppressed?(UnsafeFind)
    scan.issues << SqlInjection.new(scan, self.file, sexp, tp[0].to_ruby_string, @base_confidence)
  end
end

#observe_class_begin(sexp) ⇒ `Object`

# File 'lib/lint_fu/plugins/rails/sql_injection_checker.rb', line 57

def observe_class_begin(sexp)
  super(sexp)
  @class_definition_scope.push sexp
end

#observe_class_end(sexp) ⇒ `Object`

# File 'lib/lint_fu/plugins/rails/sql_injection_checker.rb', line 62

def observe_class_end(sexp)
  super(sexp)
  @class_definition_scope.pop
end

#observe_defn_begin(sexp) ⇒ `Object`

# File 'lib/lint_fu/plugins/rails/sql_injection_checker.rb', line 67

def observe_defn_begin(sexp)
  super(sexp)
  @in_method = true
end

#observe_defn_end(sexp) ⇒ `Object`

# File 'lib/lint_fu/plugins/rails/sql_injection_checker.rb', line 72

def observe_defn_end(sexp)
  super(sexp)
  @in_method = false
end