Class: Spektr::Checks::DefaultRoutes

Inherits:
Base
  • Object
show all
Defined in:
lib/spektr/checks/default_routes.rb

Instance Attribute Summary

Attributes inherited from Base

#name

Instance Method Summary collapse

Methods inherited from Base

#app_version_between?, #dupe?, #model_attribute?, #should_run?, #target_affected?, #user_input?, #version_affected, #version_between?, #warn!

Constructor Details

#initialize(app, target) ⇒ DefaultRoutes

Returns a new instance of DefaultRoutes.



4
5
6
7
8
 
# File 'lib/spektr/checks/default_routes.rb', line 4

def initialize(app, target)
  super
  @name = "Dangerous default routes"
  @targets = ["Spektr::Targets::Routes"]
end

Instance Method Details

#check_for_cve_2014_0130Object 



36
37
38
39
40
 
# File 'lib/spektr/checks/default_routes.rb', line 36

def check_for_cve_2014_0130
  if app_version_between?("2.0.0", "2.3.18") || app_version_between?("3.0.0", "3.2.17") || app_version_between?("4.0.0", "4.0.4") || app_version_between?("4.1.0", "4.1.0")
    warn! @target, self, nil, "#{@app.rails_version} with globbing routes is vulnerable to directory traversal and remote code execution."
  end
end

#check_for_default_routesObject 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/spektr/checks/default_routes.rb', line 18

def check_for_default_routes
  if app_version_between?(3, 4)
    calls = %w{ match get post put delete }.inject([]) do |memo, method|
      memo.concat @target.find_calls(method.to_sym)
      memo
    end
    calls.each do |call|
      if call.arguments.first.name == ":controller(/:action(/:id(.:format)))" or (call.arguments.first.name.include?(":controller") &&  (call.arguments.first.name.include?(":action") or call.arguments.first.name.include?("*action")) )
        warn! @target, self, call.location, "All public methods in controllers are available as actions"
      end

      if call.arguments.first.name.include?(":action") or call.arguments.first.name.include?("*action")
        warn! @target, self, call.location, "All public methods in controllers are available as actions"
      end
    end
  end
end

#runObject 



10
11
12
13
14
15
16
 
# File 'lib/spektr/checks/default_routes.rb', line 10

def run
  return unless super
  @type = "Remote Code Execution"
  check_for_cve_2014_0130
  @type = "Default routes"
  check_for_default_routes
end