Class: Spektr::Checks::FileAccess

Inherits:

Base

• Object
• Base
• Spektr::Checks::FileAccess

Defined in:

lib/spektr/checks/file_access.rb

Instance Method Summary

• #check_calls_for_user_input(calls) ⇒ Object
• #initialize(app, target) ⇒ FileAccess constructor

  A new instance of FileAccess.

• #name ⇒ Object
• #run ⇒ Object

Methods inherited from Base

#app_version_between?, #dupe?, #model_attribute?, #should_run?, #target_affected?, #user_input?, #version_affected, #version_between?, #warn!

Constructor Details

#initialize(app, target) ⇒ FileAccess

Returns a new instance of FileAccess.

# File 'lib/spektr/checks/file_access.rb', line 9

def initialize(app, target)
  super
  @name = "File access"
  @type = "Information Disclosure"
  @targets = ["Spektr::Targets::Base", "Spektr::Targets::Controller", "Spektr::Targets::Routes", "Spektr::Targets::View"]
end

Instance Method Details

#check_calls_for_user_input(calls) ⇒ Object

# File 'lib/spektr/checks/file_access.rb', line 27

def check_calls_for_user_input(calls)
  calls.each do |call|
    call.arguments.each do |argument|
      if user_input?(argument.type, argument.name, argument.ast)
        warn! @target, self, call.location, "#{argument.name} is used for a filename, which enables an attacker to access arbitrary files."
      end
    end
  end
end

#name ⇒ Object

# File 'lib/spektr/checks/file_access.rb', line 5

def name
  "File access"
end

#run ⇒ Object

# File 'lib/spektr/checks/file_access.rb', line 16

def run
  return unless super
  targets = ["Dir", "File", "IO", "Kernel", "Net::FTP", "Net::HTTP", "PStore", "Pathname", "Shell"]
  methods = [:[], :chdir, :chroot, :delete, :entries, :foreach, :glob, :install, :lchmod, :lchown, :link, :load, :load_file, :makedirs, :move, :new, :open, :read, :readlines, :rename, :rmdir, :safe_unlink, :symlink, :syscopy, :sysopen, :truncate, :unlink]
  targets.each do |target|
    methods.each do |method|
      check_calls_for_user_input(@target.find_calls(method, target))
    end
  end
end