Class: Spektr::Checks::JsonParsing

Inherits:

Base

• Object
• Base
• Spektr::Checks::JsonParsing

Defined in:

lib/spektr/checks/json_parsing.rb

Instance Attribute Summary

Attributes inherited from Base

#name

Instance Method Summary

• #check_cve_2013_0269 ⇒ Object
• #check_cve_2013_0333 ⇒ Object
• #initialize(app, target) ⇒ JsonParsing constructor

  A new instance of JsonParsing.

• #run ⇒ Object
• #uses_json_gem? ⇒ Boolean

Methods inherited from Base

#app_version_between?, #dupe?, #model_attribute?, #should_run?, #target_affected?, #user_input?, #version_affected, #version_between?, #warn!

Constructor Details

#initialize(app, target) ⇒ JsonParsing

Returns a new instance of JsonParsing.

# File 'lib/spektr/checks/json_parsing.rb', line 4

def initialize(app, target)
  super
  @name = "JSON parsing vulnerability"
  @type = "Remote Code Execution"
  @targets = ["Spektr::Targets::Base"]
end

Instance Method Details

#check_cve_2013_0269 ⇒ Object

# File 'lib/spektr/checks/json_parsing.rb', line 33

def check_cve_2013_0269
  ["json", "json_pure"].each do |gem_name|
    if g = @app.gem_specs&.find { |g| g.name == gem_name }
      if version_between?("1.7.0", "1.7.6", g.version)
        warn! "Gemfile", self, nil, "Unsafe Object Creation Vulnerability in the #{g.name} gem"
      end
      if version_between?("0", "1.5.4", g.version) || version_between?("1.6.0", "1.6.7", g.version)
        warn! "Gemfile", self, nil, "Unsafe Object Creation Vulnerability in the  #{g.name} gem"
      end
    end
  end
end

#check_cve_2013_0333 ⇒ Object

# File 'lib/spektr/checks/json_parsing.rb', line 17

def check_cve_2013_0333
  return unless app_version_between?("0.0.0", "2.3.15") || app_version_between?("3.0.0", "3.0.19")
  if @app.has_gem?("yajl")
    warn! "root", self, nil, "Remote Code Execution CVE_2013_0333"
  end
  uses_json_gem?
end

#run ⇒ Object

# File 'lib/spektr/checks/json_parsing.rb', line 11

def run
  return unless super
  check_cve_2013_0333
  check_cve_2013_0269
end

#uses_json_gem? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/spektr/checks/json_parsing.rb', line 25

def uses_json_gem?
  @target.find_calls(:backend=).each do |call|
    if call.receiver.expanded == "ActiveSupport.JSON" && call.arguments.first&.name == :JSONGem
      warn! @target, self, call.location, "Remote Code Execution CVE_2013_0333"
    end
  end
end