Class: Brakeman::BaseCheck

Inherits:
SexpProcessor show all
Includes:
ProcessorHelper, Util
Defined in:
lib/brakeman/checks/base_check.rb

Overview

Basis of vulnerability checks.

Direct Known Subclasses

CheckBasicAuth, CheckCrossSiteScripting, CheckDefaultRoutes, CheckDeserialize, CheckDetailedExceptions, CheckDigestDoS, CheckEscapeFunction, CheckEvaluation, CheckExecute, CheckFileAccess, CheckFilterSkipping, CheckForgerySetting, CheckHeaderDoS, CheckI18nXSS, CheckJRubyXML, CheckJSONParsing, CheckMailTo, CheckMassAssignment, CheckModelAttrAccessible, CheckModelAttributes, CheckModelSerialize, CheckNestedAttributes, CheckNumberToCurrency, CheckQuoteTableName, CheckRedirect, CheckRegexDoS, CheckRender, CheckRenderDoS, CheckResponseSplitting, CheckSQL, CheckSQLCVEs, CheckSSLVerify, CheckSafeBufferManipulation, CheckSanitizeMethods, CheckSelectTag, CheckSelectVulnerability, CheckSend, CheckSessionSettings, CheckSingleQuotes, CheckSkipBeforeFilter, CheckStripTags, CheckSymbolDoS, CheckTranslateBug, CheckUnsafeReflection, CheckValidationRegex, CheckWithoutProtection, CheckYAMLParsing

Defined Under Namespace

Classes: Match

Constant Summary

CONFIDENCE =
{ :high => 0, :med => 1, :low => 2 }

Constants included from Util

Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Class Attribute Summary (collapse)

Instance Attribute Summary (collapse)

Attributes inherited from SexpProcessor

#context, #env, #expected

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods included from Util

#array?, #block?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore

Methods included from ProcessorHelper

#class_name, #process_all, #process_all!, #process_call_args, #process_module

Methods inherited from SexpProcessor

#error_handler, #in_context, #process, #process_dummy, #scope

Constructor Details

- (BaseCheck) initialize(app_tree, tracker)

Initialize Check with Checks.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'lib/brakeman/checks/base_check.rb', line 25

def initialize(app_tree, tracker)
  super()
  @app_tree = app_tree
  @results = [] #only to check for duplicates
  @warnings = []
  @tracker = tracker
  @string_interp = false
  @current_set = nil
  @current_template = @current_module = @current_class = @current_method = nil
  @active_record_models = nil
  @mass_assign_disabled = nil
  @has_user_input = nil
  @safe_input_attributes = Set[:to_i, :to_f, :arel_table, :id]
end

Class Attribute Details

+ (Object) name

Returns the value of attribute name



17
18
19
# File 'lib/brakeman/checks/base_check.rb', line 17

def name
  @name
end

Instance Attribute Details

- (Object) tracker (readonly)

Returns the value of attribute tracker



10
11
12
# File 'lib/brakeman/checks/base_check.rb', line 10

def tracker
  @tracker
end

- (Object) warnings (readonly)

Returns the value of attribute warnings



10
11
12
# File 'lib/brakeman/checks/base_check.rb', line 10

def warnings
  @warnings
end

Class Method Details

+ (Object) inherited(subclass)



19
20
21
# File 'lib/brakeman/checks/base_check.rb', line 19

def inherited(subclass)
  subclass.name = subclass.to_s.match(/^Brakeman::(.*)$/)[1]
end

Instance Method Details

- (Object) add_result(result, location = nil)

Add result to result list, which is used to check for duplicates



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'lib/brakeman/checks/base_check.rb', line 41

def add_result result, location = nil
  location ||= (@current_template && @current_template[:name]) || @current_class || @current_module || @current_set || result[:location][:class] || result[:location][:template]
  location = location[:name] if location.is_a? Hash
  location = location.to_sym

  if result.is_a? Hash
    line = result[:call].original_line || result[:call].line
  elsif sexp? result
    line = result.original_line || result.line
  else
    raise ArgumentError
  end

  @results << [line, location, result]
end

- (Object) process_call(exp)

Process calls and check if they include user input



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# File 'lib/brakeman/checks/base_check.rb', line 72

def process_call exp
  process exp.target if sexp? exp.target
  process_call_args exp

  target = exp.target

  unless @safe_input_attributes.include? exp.method
    if params? target
      @has_user_input = Match.new(:params, exp)
    elsif cookies? target
      @has_user_input = Match.new(:cookies, exp)
    elsif request_env? target
      @has_user_input = Match.new(:request, exp)
    elsif sexp? target and model_name? target[1] #TODO: Can this be target.target?
      @has_user_input = Match.new(:model, exp)
    end
  end

  exp
end

- (Object) process_cookies(exp)

Note that cookies are included in current expression



112
113
114
115
# File 'lib/brakeman/checks/base_check.rb', line 112

def process_cookies exp
  @has_user_input = Match.new(:cookies, exp)
  exp
end

- (Object) process_default(exp)

Default Sexp processing. Iterates over each value in the Sexp and processes them if they are also Sexps.



59
60
61
62
63
64
65
66
67
68
69
# File 'lib/brakeman/checks/base_check.rb', line 59

def process_default exp
  exp.each_with_index do |e, i|
    if sexp? e
      process e
    else
      e
    end
  end

  exp
end

- (Object) process_if(exp)



93
94
95
96
97
98
99
100
101
102
103
# File 'lib/brakeman/checks/base_check.rb', line 93

def process_if exp
  #This is to ignore user input in condition
  current_user_input = @has_user_input
  process exp.condition
  @has_user_input = current_user_input

  process exp.then_clause if sexp? exp.then_clause
  process exp.else_clause if sexp? exp.else_clause

  exp
end

- (Object) process_params(exp)

Note that params are included in current expression



106
107
108
109
# File 'lib/brakeman/checks/base_check.rb', line 106

def process_params exp
  @has_user_input = Match.new(:params, exp)
  exp
end

- (Object) process_string_interp(exp)

Does not actually process string interpolation, but notes that it occurred.



118
119
120
121
# File 'lib/brakeman/checks/base_check.rb', line 118

def process_string_interp exp
  @string_interp = Match.new(:interp, exp)
  process_default exp
end