Merge pull request #2 from Nullify-Platform/add-cwe

added all cwes to brakeman

gem_common.rb

@@ -2,23 +2,26 @@ module Brakeman
   module GemDependencies
     def self.dev_dependencies spec
       spec.add_development_dependency "minitest"
+      spec.add_development_dependency "minitest-ci"
+      spec.add_development_dependency "simplecov"
+      spec.add_development_dependency "simplecov-html", "=0.10.2"
     end
 
     def self.base_dependencies spec
-      spec.add_dependency "ruby_parser", "~>3.11.0"
+      spec.add_dependency "parallel", "~>1.20"
+      spec.add_dependency "ruby_parser", "~>3.20.2"
       spec.add_dependency "sexp_processor", "~> 4.7"
       spec.add_dependency "ruby2ruby", "~>2.4.0"
-      spec.add_dependency "safe_yaml", ">= 1.0"
+      spec.add_dependency "racc"
     end
 
     def self.extended_dependencies spec
       spec.add_dependency "terminal-table", "~>1.4"
       spec.add_dependency "highline", ">=1.6.20", "<2.0"
       spec.add_dependency "erubis", "~>2.6"
-      spec.add_dependency "haml", ">=3.0", "<5.0"
-      spec.add_dependency "sass", "~>3.0", "<3.5.0"
-      spec.add_dependency "slim", ">=1.3.6", "<3.0.8"
-      spec.add_dependency "rexml", "~>3.2.6"
+      spec.add_dependency "haml", "~>5.1"
+      spec.add_dependency "slim", ">=1.3.6", "<=4.1"
+      spec.add_dependency "rexml", "~>3.0"
     end
   end
 end

lib/brakeman/checks/check_basic_auth.rb

@@ -31,7 +31,8 @@ def check_basic_auth_filter
               :message => "Basic authentication password stored in source code",
               :code => call,
               :confidence => :high,
-              :file => controller.file
+              :file => controller.file,
+              :cwe => [259]
           break
         end
       end

lib/brakeman/checks/check_basic_auth_timing_attack.rb

@@ -27,7 +27,8 @@ def check_basic_auth_call
         :warning_code => :CVE_2015_7576,
         :message => "Basic authentication in Rails #{rails_version} is vulnerable to timing attacks. Upgrade to #@upgrade",
         :confidence => :high,
-        :link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
+        :link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
+        :cwe => [1254]
     end
   end
 end

lib/brakeman/checks/check_content_tag.rb

@@ -106,7 +106,8 @@ def check_argument result, exp
         :message => message,
         :user_input => input,
         :confidence => :high,
-        :link_path => "content_tag"
+        :link_path => "content_tag",
+        :cwe => 79
 
     elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(arg)
       unless IGNORE_MODEL_METHODS.include? match.method
@@ -124,7 +125,8 @@ def check_argument result, exp
           :message => "Unescaped model attribute in content_tag",
           :user_input => match,
           :confidence => confidence,
-          :link_path => "content_tag"
+          :link_path => "content_tag",
+          :cwe => 79
       end
 
     elsif @matched
@@ -140,7 +142,8 @@ def check_argument result, exp
         :message => message,
         :user_input => @matched,
         :confidence => :medium,
-        :link_path => "content_tag"
+        :link_path => "content_tag",
+        :cwe => 79
     end
   end
 

lib/brakeman/checks/check_create_with.rb

@@ -39,7 +39,8 @@ def process_result result
         :result => result,
         :message => @message,
         :confidence => confidence,
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ",
+        :cwe => 915
     end
   end
 
@@ -69,6 +70,7 @@ def generic_warning
         :message => @message,
         :gem_info => gemfile_or_environment,
         :confidence => :medium,
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ",
+        :cwe => 915
   end
 end

lib/brakeman/checks/check_cross_site_scripting.rb

@@ -77,7 +77,8 @@ def check_for_immediate_xss exp
         :warning_code => :cross_site_scripting,
         :message => message,
         :code => input.match,
-        :confidence => :high
+        :confidence => :high,
+        :cwe => 79
 
     elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(out)
       method = if call? match
@@ -111,7 +112,8 @@ def check_for_immediate_xss exp
           :message => message,
           :code => match,
           :confidence => confidence,
-          :link_path => link_path
+          :link_path => link_path,
+          :cwe => 79
       end
 
     else
@@ -195,7 +197,8 @@ def process_call exp
             :code => exp,
             :user_input => @matched,
             :confidence => confidence,
-            :link_path => link_path
+            :link_path => link_path,
+            :cwe => 79
         end
       end
 

lib/brakeman/checks/check_default_routes.rb

@@ -22,7 +22,8 @@ def check_for_default_routes
         :message => "All public methods in controllers are available as actions in routes.rb",
         :line => tracker.routes[:allow_all_actions].line,
         :confidence => :high,
-        :file => "#{tracker.app_path}/config/routes.rb"
+        :file => "#{tracker.app_path}/config/routes.rb",
+        :cwe => 22
     end
   end
 
@@ -44,7 +45,8 @@ def check_for_action_globs
           :message => "Any public method in #{name} can be used as an action for #{verb} requests.",
           :line => actions[2],
           :confidence => :medium,
-          :file => "#{tracker.app_path}/config/routes.rb"
+          :file => "#{tracker.app_path}/config/routes.rb",
+          :cwe => 22
       end
     end
   end
@@ -77,6 +79,7 @@ def check_for_cve_2014_0130
       :message => "Rails #{rails_version} with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to #{upgrade}",
       :confidence => confidence,
       :file => "#{tracker.app_path}/config/routes.rb",
+      :cwe => 22,
       :link => "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
   end
 

lib/brakeman/checks/check_deserialize.rb

@@ -50,7 +50,8 @@ def check_deserialize result, target, arg = nil
         :message => message,
         :user_input => input,
         :confidence => confidence,
-        :link_path => "unsafe_deserialization"
+        :link_path => "unsafe_deserialization",
+        :cwe => 502
     end
   end
 end

lib/brakeman/checks/check_detailed_exceptions.rb

@@ -19,7 +19,8 @@ def check_local_request_config
            :warning_code => :local_request_config,
            :message => "Detailed exceptions are enabled in production",
            :confidence => :high,
-           :file => "config/environments/production.rb"
+           :file => "config/environments/production.rb",
+           :cwe => 200
     end
   end
 
@@ -42,7 +43,8 @@ def check_detailed_exceptions
                :message => "Detailed exceptions may be enabled in 'show_detailed_exceptions?'",
                :confidence => confidence,
                :code => src,
-               :file => definition[:file]
+               :file => definition[:file],
+               :cwe => 200
         end
       end
     end

lib/brakeman/checks/check_digest_dos.rb

@@ -29,7 +29,8 @@ def run_check
       :message => message,
       :confidence => confidence,
       :link_path => "https://groups.google.com/d/topic/rubyonrails-security/vxJjrc15qYM/discussion",
-      :gem_info => gemfile_or_environment
+      :gem_info => gemfile_or_environment,
+      :cwe => 287
   end
 
   def with_http_digest?

lib/brakeman/checks/check_divide_by_zero.rb

@@ -36,7 +36,8 @@ def check_division result
         :warning_code => :divide_by_zero,
         :message => "Potential division by zero",
         :confidence => confidence,
-        :user_input => denominator
+        :user_input => denominator,
+        :cwe => 369
     end
   end
 end

lib/brakeman/checks/check_dynamic_finders.rb

@@ -27,7 +27,8 @@ def process_result result
             :warning_code => :sql_injection_dynamic_finder,
             :message => "MySQL integer conversion may cause 0 to match any string",
             :confidence => :medium,
-            :user_input => arg
+            :user_input => arg,
+            :cwe => 89
 
           break
         end

lib/brakeman/checks/check_escape_function.rb

@@ -8,14 +8,15 @@ class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck
   @description = "Checks for versions before 2.3.14 which have a vulnerable escape method"
 
   def run_check
-    if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0' 
+    if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0'
 
       warn :warning_type => 'Cross-Site Scripting',
         :warning_code => :CVE_2011_2932,
         :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2932',
         :confidence => :high,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion",
+        :cwe => 79
     end
   end
 end

lib/brakeman/checks/check_evaluation.rb

@@ -29,7 +29,8 @@ def process_result result
         :message => "User input in eval",
         :code => result[:call],
         :user_input => input,
-        :confidence => :high
+        :confidence => :high,
+        :cwe => 95
     end
   end
 end

lib/brakeman/checks/check_execute.rb

@@ -72,7 +72,8 @@ def process_result result
         :message => "Possible command injection",
         :code => call,
         :user_input => failure,
-        :confidence => confidence
+        :confidence => confidence,
+        :cwe => 77
     end
   end
 
@@ -84,7 +85,8 @@ def check_open_calls
           :warning_code => :command_injection,
           :message => "Possible command injection in open()",
           :user_input => match,
-          :confidence => :high
+          :confidence => :high,
+          :cwe => 77
       end
     end
   end
@@ -129,7 +131,8 @@ def process_backticks result
       :message => "Possible command injection",
       :code => exp,
       :user_input => input,
-      :confidence => confidence
+      :confidence => confidence,
+      :cwe => 77
   end
 
   # This method expects a :dstr or :evstr node

lib/brakeman/checks/check_file_access.rb

@@ -57,7 +57,8 @@ def process_result result
         :message => message,
         :confidence => confidence,
         :code => call,
-        :user_input => match
+        :user_input => match,
+        :cwe => 22
     end
   end
 

lib/brakeman/checks/check_file_disclosure.rb

@@ -25,7 +25,8 @@ def run_check
         :message => "Rails #{rails_version} has a file existence disclosure. Upgrade to #{fix_version} or disable serving static assets",
         :confidence => :high,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ"
+        :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ",
+        :cwe => 22
     end
   end
 

lib/brakeman/checks/check_filter_skipping.rb

@@ -15,7 +15,8 @@ def run_check
         :message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed: CVE-2011-2929",
         :confidence => :high,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion"
+        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion",
+        :cwe => 20
     end
   end
 

lib/brakeman/checks/check_forgery_setting.rb

@@ -52,7 +52,8 @@ def csrf_warning opts
     opts = {
       :controller => :ApplicationController,
       :warning_type => "Cross-Site Request Forgery",
-      :confidence => :high
+      :confidence => :high,
+      :cwe => 352
     }.merge opts
 
     warn opts
@@ -76,6 +77,7 @@ def check_cve_2011_0447
       :message => "CSRF protection is flawed in unpatched versions of Rails #{rails_version} (CVE-2011-0447). Upgrade to #{new_version} or apply patches as needed",
       :gem_info => gemfile_or_environment,
       :file => nil,
-      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
+      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion",
+      :cwe => 352
   end
 end

lib/brakeman/checks/check_header_dos.rb

@@ -20,7 +20,8 @@ def run_check
         :message => message,
         :confidence => :medium,
         :gem_info => gemfile_or_environment,
-        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"
+        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ",
+        :cwe => 20
     end
   end
 

lib/brakeman/checks/check_i18n_xss.rb

@@ -23,7 +23,8 @@ def run_check
         :message => message,
         :confidence => :medium,
         :gem_info => gemfile_or_environment(:i18n),
-        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"
+        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ",
+        :cwe => 79
     end
   end
 

lib/brakeman/checks/check_jruby_xml.rb

@@ -31,6 +31,7 @@ def run_check
       :message => "Rails #{rails_version} with JRuby has a vulnerability in XML parser: upgrade to #{fix_version} or patch",
       :confidence => :high,
       :gem_info => gemfile_or_environment,
-      :link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ"
+      :link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ",
+      :cwe => 20
   end
 end