Class: Spektr::Checks::Csrf

Inherits:

Base

Object
Base
Spektr::Checks::Csrf

show all

Defined in:: lib/spektr/checks/csrf.rb

Instance Attribute Summary

Attributes inherited from Base

#name

Instance Method Summary collapse

#cve_2020_8186_check ⇒ Object
#initialize(app, target) ⇒ Csrf constructor

A new instance of Csrf.
#run ⇒ Object

Methods inherited from Base

#app_version_between?, #dupe?, #model_attribute?, #should_run?, #target_affected?, #user_input?, #version_affected, #version_between?, #warn!

Constructor Details

#initialize(app, target) ⇒ `Csrf`

Returns a new instance of Csrf.

# File 'lib/spektr/checks/csrf.rb', line 4

def initialize(app, target)
  super
  @name = "CSRF token forgery vulnerability (CVE-2020-8166)"
  @type = "Cross-Site Request Forgery"
  @targets = ["Spektr::Targets::Base"]
end

Instance Method Details

#cve_2020_8186_check ⇒ `Object`

# File 'lib/spektr/checks/csrf.rb', line 18

def cve_2020_8186_check
  if app_version_between?('0.0.0', '5.2.4.2') || app_version_between?('6.0.0', '6.0.3')
    warn! @target, self, nil, "Rails #{@app.rails_version} has a vulnerability that may allow CSRF token forgery"
  end
end

#run ⇒ `Object`

# File 'lib/spektr/checks/csrf.rb', line 11

def run
  # disable this
  return false
  return unless super
  cve_2020_8186_check
end

Class: Spektr::Checks::Csrf

Instance Attribute Summary

Attributes inherited from Base

Instance Method Summary collapse

Methods inherited from Base

Constructor Details

#initialize(app, target) ⇒ Csrf

Instance Method Details

#cve_2020_8186_check ⇒ Object

#run ⇒ Object

#initialize(app, target) ⇒ `Csrf`

#cve_2020_8186_check ⇒ `Object`

#run ⇒ `Object`