diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 2ee49fd8f..000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-before_install:
- - gem update bundler
-
-before_script:
- - |
- bash -c "
- if [ ! -z "$CC_TEST_REPORTER_ID" ]; then
- curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter && \
- chmod +x ./cc-test-reporter && \
- ./cc-test-reporter before-build
- fi
- "
-script:
- - "bundle exec ruby test/test.rb"
-
-after_script:
- - |
- bash -c "
- if [ ! -z "$CC_TEST_REPORTER_ID" ]; then
- ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT
- fi
- "
-
-matrix:
- include:
- - rvm: "ruby-head"
- - rvm: "1.9.3"
- - rvm: "2.3.5"
- - rvm: "2.4.2"
- - rvm: "2.5.1"
- env: CC_TEST_REPORTER_ID=521d341f3320acda1902d0db0a3a92fb16b11ebfe3d5ab730218d4fc0fb3db13
-
-branches:
- only:
- - master
-
-sudo: false
diff --git a/gem_common.rb b/gem_common.rb
index d24adba57..1f417fa94 100644
--- a/gem_common.rb
+++ b/gem_common.rb
@@ -2,23 +2,26 @@ module Brakeman
module GemDependencies
def self.dev_dependencies spec
spec.add_development_dependency "minitest"
+ spec.add_development_dependency "minitest-ci"
+ spec.add_development_dependency "simplecov"
+ spec.add_development_dependency "simplecov-html", "=0.10.2"
end
def self.base_dependencies spec
- spec.add_dependency "ruby_parser", "~>3.11.0"
+ spec.add_dependency "parallel", "~>1.20"
+ spec.add_dependency "ruby_parser", "~>3.20.2"
spec.add_dependency "sexp_processor", "~> 4.7"
spec.add_dependency "ruby2ruby", "~>2.4.0"
- spec.add_dependency "safe_yaml", ">= 1.0"
+ spec.add_dependency "racc"
end
def self.extended_dependencies spec
spec.add_dependency "terminal-table", "~>1.4"
spec.add_dependency "highline", ">=1.6.20", "<2.0"
spec.add_dependency "erubis", "~>2.6"
- spec.add_dependency "haml", ">=3.0", "<5.0"
- spec.add_dependency "sass", "~>3.0", "<3.5.0"
- spec.add_dependency "slim", ">=1.3.6", "<3.0.8"
- spec.add_dependency "rexml", "~>3.2.6"
+ spec.add_dependency "haml", "~>5.1"
+ spec.add_dependency "slim", ">=1.3.6", "<=4.1"
+ spec.add_dependency "rexml", "~>3.0"
end
end
end
diff --git a/lib/brakeman/checks/check_basic_auth.rb b/lib/brakeman/checks/check_basic_auth.rb
index b98247940..80c7c35e4 100644
--- a/lib/brakeman/checks/check_basic_auth.rb
+++ b/lib/brakeman/checks/check_basic_auth.rb
@@ -31,7 +31,8 @@ def check_basic_auth_filter
:message => "Basic authentication password stored in source code",
:code => call,
:confidence => :high,
- :file => controller.file
+ :file => controller.file,
+ :cwe => [259]
break
end
end
diff --git a/lib/brakeman/checks/check_basic_auth_timing_attack.rb b/lib/brakeman/checks/check_basic_auth_timing_attack.rb
index 3c4b1286b..68ac8b289 100644
--- a/lib/brakeman/checks/check_basic_auth_timing_attack.rb
+++ b/lib/brakeman/checks/check_basic_auth_timing_attack.rb
@@ -27,7 +27,8 @@ def check_basic_auth_call
:warning_code => :CVE_2015_7576,
:message => "Basic authentication in Rails #{rails_version} is vulnerable to timing attacks. Upgrade to #@upgrade",
:confidence => :high,
- :link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
+ :link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
+ :cwe => [1254]
end
end
end
diff --git a/lib/brakeman/checks/check_content_tag.rb b/lib/brakeman/checks/check_content_tag.rb
index 4a936737c..13266b616 100644
--- a/lib/brakeman/checks/check_content_tag.rb
+++ b/lib/brakeman/checks/check_content_tag.rb
@@ -106,7 +106,8 @@ def check_argument result, exp
:message => message,
:user_input => input,
:confidence => :high,
- :link_path => "content_tag"
+ :link_path => "content_tag",
+ :cwe => 79
elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(arg)
unless IGNORE_MODEL_METHODS.include? match.method
@@ -124,7 +125,8 @@ def check_argument result, exp
:message => "Unescaped model attribute in content_tag",
:user_input => match,
:confidence => confidence,
- :link_path => "content_tag"
+ :link_path => "content_tag",
+ :cwe => 79
end
elsif @matched
@@ -140,7 +142,8 @@ def check_argument result, exp
:message => message,
:user_input => @matched,
:confidence => :medium,
- :link_path => "content_tag"
+ :link_path => "content_tag",
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_create_with.rb b/lib/brakeman/checks/check_create_with.rb
index f24561974..6827a9a06 100644
--- a/lib/brakeman/checks/check_create_with.rb
+++ b/lib/brakeman/checks/check_create_with.rb
@@ -39,7 +39,8 @@ def process_result result
:result => result,
:message => @message,
:confidence => confidence,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ",
+ :cwe => 915
end
end
@@ -69,6 +70,7 @@ def generic_warning
:message => @message,
:gem_info => gemfile_or_environment,
:confidence => :medium,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ",
+ :cwe => 915
end
end
diff --git a/lib/brakeman/checks/check_cross_site_scripting.rb b/lib/brakeman/checks/check_cross_site_scripting.rb
index fbbc89d43..333d3c9ba 100644
--- a/lib/brakeman/checks/check_cross_site_scripting.rb
+++ b/lib/brakeman/checks/check_cross_site_scripting.rb
@@ -77,7 +77,8 @@ def check_for_immediate_xss exp
:warning_code => :cross_site_scripting,
:message => message,
:code => input.match,
- :confidence => :high
+ :confidence => :high,
+ :cwe => 79
elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(out)
method = if call? match
@@ -111,7 +112,8 @@ def check_for_immediate_xss exp
:message => message,
:code => match,
:confidence => confidence,
- :link_path => link_path
+ :link_path => link_path,
+ :cwe => 79
end
else
@@ -195,7 +197,8 @@ def process_call exp
:code => exp,
:user_input => @matched,
:confidence => confidence,
- :link_path => link_path
+ :link_path => link_path,
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_default_routes.rb b/lib/brakeman/checks/check_default_routes.rb
index 2a7cc1e52..c8685b9d4 100644
--- a/lib/brakeman/checks/check_default_routes.rb
+++ b/lib/brakeman/checks/check_default_routes.rb
@@ -22,7 +22,8 @@ def check_for_default_routes
:message => "All public methods in controllers are available as actions in routes.rb",
:line => tracker.routes[:allow_all_actions].line,
:confidence => :high,
- :file => "#{tracker.app_path}/config/routes.rb"
+ :file => "#{tracker.app_path}/config/routes.rb",
+ :cwe => 22
end
end
@@ -44,7 +45,8 @@ def check_for_action_globs
:message => "Any public method in #{name} can be used as an action for #{verb} requests.",
:line => actions[2],
:confidence => :medium,
- :file => "#{tracker.app_path}/config/routes.rb"
+ :file => "#{tracker.app_path}/config/routes.rb",
+ :cwe => 22
end
end
end
@@ -77,6 +79,7 @@ def check_for_cve_2014_0130
:message => "Rails #{rails_version} with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to #{upgrade}",
:confidence => confidence,
:file => "#{tracker.app_path}/config/routes.rb",
+ :cwe => 22,
:link => "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
end
diff --git a/lib/brakeman/checks/check_deserialize.rb b/lib/brakeman/checks/check_deserialize.rb
index f0c1ff9a0..5bc946aba 100644
--- a/lib/brakeman/checks/check_deserialize.rb
+++ b/lib/brakeman/checks/check_deserialize.rb
@@ -50,7 +50,8 @@ def check_deserialize result, target, arg = nil
:message => message,
:user_input => input,
:confidence => confidence,
- :link_path => "unsafe_deserialization"
+ :link_path => "unsafe_deserialization",
+ :cwe => 502
end
end
end
diff --git a/lib/brakeman/checks/check_detailed_exceptions.rb b/lib/brakeman/checks/check_detailed_exceptions.rb
index f4ff6c058..750d70984 100644
--- a/lib/brakeman/checks/check_detailed_exceptions.rb
+++ b/lib/brakeman/checks/check_detailed_exceptions.rb
@@ -19,7 +19,8 @@ def check_local_request_config
:warning_code => :local_request_config,
:message => "Detailed exceptions are enabled in production",
:confidence => :high,
- :file => "config/environments/production.rb"
+ :file => "config/environments/production.rb",
+ :cwe => 200
end
end
@@ -42,7 +43,8 @@ def check_detailed_exceptions
:message => "Detailed exceptions may be enabled in 'show_detailed_exceptions?'",
:confidence => confidence,
:code => src,
- :file => definition[:file]
+ :file => definition[:file],
+ :cwe => 200
end
end
end
diff --git a/lib/brakeman/checks/check_digest_dos.rb b/lib/brakeman/checks/check_digest_dos.rb
index a4326165a..bb3b5aee8 100644
--- a/lib/brakeman/checks/check_digest_dos.rb
+++ b/lib/brakeman/checks/check_digest_dos.rb
@@ -29,7 +29,8 @@ def run_check
:message => message,
:confidence => confidence,
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/vxJjrc15qYM/discussion",
- :gem_info => gemfile_or_environment
+ :gem_info => gemfile_or_environment,
+ :cwe => 287
end
def with_http_digest?
diff --git a/lib/brakeman/checks/check_divide_by_zero.rb b/lib/brakeman/checks/check_divide_by_zero.rb
index 11d413d25..de9929530 100644
--- a/lib/brakeman/checks/check_divide_by_zero.rb
+++ b/lib/brakeman/checks/check_divide_by_zero.rb
@@ -36,7 +36,8 @@ def check_division result
:warning_code => :divide_by_zero,
:message => "Potential division by zero",
:confidence => confidence,
- :user_input => denominator
+ :user_input => denominator,
+ :cwe => 369
end
end
end
diff --git a/lib/brakeman/checks/check_dynamic_finders.rb b/lib/brakeman/checks/check_dynamic_finders.rb
index 9c0e89640..a804aa00d 100644
--- a/lib/brakeman/checks/check_dynamic_finders.rb
+++ b/lib/brakeman/checks/check_dynamic_finders.rb
@@ -27,7 +27,8 @@ def process_result result
:warning_code => :sql_injection_dynamic_finder,
:message => "MySQL integer conversion may cause 0 to match any string",
:confidence => :medium,
- :user_input => arg
+ :user_input => arg,
+ :cwe => 89
break
end
diff --git a/lib/brakeman/checks/check_escape_function.rb b/lib/brakeman/checks/check_escape_function.rb
index d05b65d4b..ae45e8e39 100644
--- a/lib/brakeman/checks/check_escape_function.rb
+++ b/lib/brakeman/checks/check_escape_function.rb
@@ -8,14 +8,15 @@ class Brakeman::CheckEscapeFunction < Brakeman::BaseCheck
@description = "Checks for versions before 2.3.14 which have a vulnerable escape method"
def run_check
- if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0'
+ if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0'
warn :warning_type => 'Cross-Site Scripting',
:warning_code => :CVE_2011_2932,
:message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2932',
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion",
+ :cwe => 79
end
end
end
diff --git a/lib/brakeman/checks/check_evaluation.rb b/lib/brakeman/checks/check_evaluation.rb
index 4394d8cdb..c877554d0 100644
--- a/lib/brakeman/checks/check_evaluation.rb
+++ b/lib/brakeman/checks/check_evaluation.rb
@@ -29,7 +29,8 @@ def process_result result
:message => "User input in eval",
:code => result[:call],
:user_input => input,
- :confidence => :high
+ :confidence => :high,
+ :cwe => 95
end
end
end
diff --git a/lib/brakeman/checks/check_execute.rb b/lib/brakeman/checks/check_execute.rb
index 7db030333..ae1b3b90e 100644
--- a/lib/brakeman/checks/check_execute.rb
+++ b/lib/brakeman/checks/check_execute.rb
@@ -72,7 +72,8 @@ def process_result result
:message => "Possible command injection",
:code => call,
:user_input => failure,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 77
end
end
@@ -84,7 +85,8 @@ def check_open_calls
:warning_code => :command_injection,
:message => "Possible command injection in open()",
:user_input => match,
- :confidence => :high
+ :confidence => :high,
+ :cwe => 77
end
end
end
@@ -129,7 +131,8 @@ def process_backticks result
:message => "Possible command injection",
:code => exp,
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 77
end
# This method expects a :dstr or :evstr node
diff --git a/lib/brakeman/checks/check_file_access.rb b/lib/brakeman/checks/check_file_access.rb
index 6c0b3590c..1ffa62bbd 100644
--- a/lib/brakeman/checks/check_file_access.rb
+++ b/lib/brakeman/checks/check_file_access.rb
@@ -57,7 +57,8 @@ def process_result result
:message => message,
:confidence => confidence,
:code => call,
- :user_input => match
+ :user_input => match,
+ :cwe => 22
end
end
diff --git a/lib/brakeman/checks/check_file_disclosure.rb b/lib/brakeman/checks/check_file_disclosure.rb
index 0c86bfe51..52f3e2263 100644
--- a/lib/brakeman/checks/check_file_disclosure.rb
+++ b/lib/brakeman/checks/check_file_disclosure.rb
@@ -25,7 +25,8 @@ def run_check
:message => "Rails #{rails_version} has a file existence disclosure. Upgrade to #{fix_version} or disable serving static assets",
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/23fiuwb1NBA/MQVM1-5GkPMJ",
+ :cwe => 22
end
end
diff --git a/lib/brakeman/checks/check_filter_skipping.rb b/lib/brakeman/checks/check_filter_skipping.rb
index b2c797c2e..3b896b5d3 100644
--- a/lib/brakeman/checks/check_filter_skipping.rb
+++ b/lib/brakeman/checks/check_filter_skipping.rb
@@ -15,7 +15,8 @@ def run_check
:message => "Versions before 3.0.10 have a vulnerability which allows filters to be bypassed: CVE-2011-2929",
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/NCCsca7TEtY/discussion",
+ :cwe => 20
end
end
diff --git a/lib/brakeman/checks/check_forgery_setting.rb b/lib/brakeman/checks/check_forgery_setting.rb
index 426ec944e..69ae6c43c 100644
--- a/lib/brakeman/checks/check_forgery_setting.rb
+++ b/lib/brakeman/checks/check_forgery_setting.rb
@@ -52,7 +52,8 @@ def csrf_warning opts
opts = {
:controller => :ApplicationController,
:warning_type => "Cross-Site Request Forgery",
- :confidence => :high
+ :confidence => :high,
+ :cwe => 352
}.merge opts
warn opts
@@ -76,6 +77,7 @@ def check_cve_2011_0447
:message => "CSRF protection is flawed in unpatched versions of Rails #{rails_version} (CVE-2011-0447). Upgrade to #{new_version} or apply patches as needed",
:gem_info => gemfile_or_environment,
:file => nil,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion",
+ :cwe => 352
end
end
diff --git a/lib/brakeman/checks/check_header_dos.rb b/lib/brakeman/checks/check_header_dos.rb
index 83bc1e512..4692c517a 100644
--- a/lib/brakeman/checks/check_header_dos.rb
+++ b/lib/brakeman/checks/check_header_dos.rb
@@ -20,7 +20,8 @@ def run_check
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ",
+ :cwe => 20
end
end
diff --git a/lib/brakeman/checks/check_i18n_xss.rb b/lib/brakeman/checks/check_i18n_xss.rb
index 63418bb1b..91990621e 100644
--- a/lib/brakeman/checks/check_i18n_xss.rb
+++ b/lib/brakeman/checks/check_i18n_xss.rb
@@ -23,7 +23,8 @@ def run_check
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment(:i18n),
- :link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ",
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_jruby_xml.rb b/lib/brakeman/checks/check_jruby_xml.rb
index 7e3f2ccfd..abbd0681d 100644
--- a/lib/brakeman/checks/check_jruby_xml.rb
+++ b/lib/brakeman/checks/check_jruby_xml.rb
@@ -31,6 +31,7 @@ def run_check
:message => "Rails #{rails_version} with JRuby has a vulnerability in XML parser: upgrade to #{fix_version} or patch",
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ"
+ :link => "https://groups.google.com/d/msg/rubyonrails-security/KZwsQbYsOiI/5kUV7dSCJGwJ",
+ :cwe => 20
end
end
diff --git a/lib/brakeman/checks/check_json_encoding.rb b/lib/brakeman/checks/check_json_encoding.rb
index 91d49f71e..66e5a663c 100644
--- a/lib/brakeman/checks/check_json_encoding.rb
+++ b/lib/brakeman/checks/check_json_encoding.rb
@@ -26,7 +26,8 @@ def run_check
:message => message,
:confidence => confidence,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ",
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_json_parsing.rb b/lib/brakeman/checks/check_json_parsing.rb
index 244a65a2b..e50ae56a0 100644
--- a/lib/brakeman/checks/check_json_parsing.rb
+++ b/lib/brakeman/checks/check_json_parsing.rb
@@ -32,7 +32,8 @@ def check_cve_2013_0333
:message => message,
:confidence => :high,
:gem_info => gem_info,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion",
+ :cwe => 74
end
end
@@ -96,7 +97,8 @@ def check_json_version name, version
:message => message,
:confidence => confidence,
:gem_info => gemfile_or_environment(name),
- :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion"
+ :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion",
+ :cwe => 74
end
def uses_json_parse?
diff --git a/lib/brakeman/checks/check_link_to.rb b/lib/brakeman/checks/check_link_to.rb
index 82a305639..8561f4f8c 100644
--- a/lib/brakeman/checks/check_link_to.rb
+++ b/lib/brakeman/checks/check_link_to.rb
@@ -105,7 +105,8 @@ def warn_xss(result, message, user_input, confidence)
:message => message,
:user_input => user_input,
:confidence => confidence,
- :link_path => "link_to"
+ :link_path => "link_to",
+ :cwe => 79
true
end
diff --git a/lib/brakeman/checks/check_link_to_href.rb b/lib/brakeman/checks/check_link_to_href.rb
index aab28f2e2..f3f626925 100644
--- a/lib/brakeman/checks/check_link_to_href.rb
+++ b/lib/brakeman/checks/check_link_to_href.rb
@@ -53,7 +53,8 @@ def process_result result
:message => message,
:user_input => input,
:confidence => :high,
- :link_path => "link_to_href"
+ :link_path => "link_to_href",
+ :cwe => 79
end
elsif not tracker.options[:ignore_model_output] and input = has_immediate_model?(url_arg)
return if ignore_model_call? url_arg, input or duplicate? result
@@ -67,7 +68,8 @@ def process_result result
:message => message,
:user_input => input,
:confidence => :weak,
- :link_path => "link_to_href"
+ :link_path => "link_to_href",
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_mail_to.rb b/lib/brakeman/checks/check_mail_to.rb
index df9e3653e..cff246033 100644
--- a/lib/brakeman/checks/check_mail_to.rb
+++ b/lib/brakeman/checks/check_mail_to.rb
@@ -25,7 +25,8 @@ def run_check
:message => message,
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion",
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_mass_assignment.rb b/lib/brakeman/checks/check_mass_assignment.rb
index 63e3d1f7b..263bd161e 100644
--- a/lib/brakeman/checks/check_mass_assignment.rb
+++ b/lib/brakeman/checks/check_mass_assignment.rb
@@ -100,7 +100,8 @@ def process_result res
:message => "Unprotected mass assignment",
:code => call,
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 915
end
res
@@ -191,6 +192,7 @@ def warn_on_permit! result
:warning_type => "Mass Assignment",
:warning_code => :mass_assign_permit!,
:message => "Parameters should be whitelisted for mass assignment",
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 915
end
end
diff --git a/lib/brakeman/checks/check_mime_type_dos.rb b/lib/brakeman/checks/check_mime_type_dos.rb
index bc9e96f3b..617b9aae6 100644
--- a/lib/brakeman/checks/check_mime_type_dos.rb
+++ b/lib/brakeman/checks/check_mime_type_dos.rb
@@ -26,7 +26,8 @@ def run_check
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
+ :cwe => 399
end
def has_workaround?
diff --git a/lib/brakeman/checks/check_model_attr_accessible.rb b/lib/brakeman/checks/check_model_attr_accessible.rb
index 01207603d..0ffea4527 100644
--- a/lib/brakeman/checks/check_model_attr_accessible.rb
+++ b/lib/brakeman/checks/check_model_attr_accessible.rb
@@ -31,7 +31,8 @@ def run_check
:warning_code => :dangerous_attr_accessible,
:message => "Potentially dangerous attribute available for mass assignment",
:confidence => confidence,
- :code => Sexp.new(:lit, attribute)
+ :code => Sexp.new(:lit, attribute),
+ :cwe => 915
break # Prevent from matching single attr multiple times
end
end
diff --git a/lib/brakeman/checks/check_model_attributes.rb b/lib/brakeman/checks/check_model_attributes.rb
index 8315637bf..3832fa51d 100644
--- a/lib/brakeman/checks/check_model_attributes.rb
+++ b/lib/brakeman/checks/check_model_attributes.rb
@@ -31,7 +31,8 @@ def run_check
:warning_type => "Attribute Restriction",
:warning_code => :no_attr_accessible,
:message => "Mass assignment is not restricted using attr_accessible",
- :confidence => :high
+ :confidence => :high,
+ :cwe => 915
end
unless protected_names.empty?
@@ -48,7 +49,8 @@ def run_check
:warning_code => warning_code,
:message => message,
:confidence => confidence,
- :link => link
+ :link => link,
+ :cwe => 915
end
else #Output one warning per model
diff --git a/lib/brakeman/checks/check_model_serialize.rb b/lib/brakeman/checks/check_model_serialize.rb
index d4592ea6d..25843a663 100644
--- a/lib/brakeman/checks/check_model_serialize.rb
+++ b/lib/brakeman/checks/check_model_serialize.rb
@@ -61,7 +61,8 @@ def check_for_serialize model
:confidence => confidence,
:link => "https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion",
:file => model.file,
- :line => model.top_line
+ :line => model.top_line,
+ :cwe => 502
end
end
end
diff --git a/lib/brakeman/checks/check_nested_attributes.rb b/lib/brakeman/checks/check_nested_attributes.rb
index d2c9faf25..d91d7f084 100644
--- a/lib/brakeman/checks/check_nested_attributes.rb
+++ b/lib/brakeman/checks/check_nested_attributes.rb
@@ -24,7 +24,8 @@ def run_check
:message => message,
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/-fkT0yja_gw/discussion",
+ :cwe => 20
end
end
diff --git a/lib/brakeman/checks/check_nested_attributes_bypass.rb b/lib/brakeman/checks/check_nested_attributes_bypass.rb
index 6bffa22c7..dfcdf7f03 100644
--- a/lib/brakeman/checks/check_nested_attributes_bypass.rb
+++ b/lib/brakeman/checks/check_nested_attributes_bypass.rb
@@ -39,7 +39,8 @@ def warn_about_nested_attributes name, model, args
:file => model.file,
:line => args.line,
:confidence => :medium,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
+ :cwe => 284
end
def allow_destroy? arg
diff --git a/lib/brakeman/checks/check_number_to_currency.rb b/lib/brakeman/checks/check_number_to_currency.rb
index c79922b47..4479a5411 100644
--- a/lib/brakeman/checks/check_number_to_currency.rb
+++ b/lib/brakeman/checks/check_number_to_currency.rb
@@ -36,7 +36,8 @@ def generic_warning
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
+ :cwe => 79
end
def check_number_helper_usage
@@ -69,6 +70,7 @@ def warn_on_number_helper result, match
:message => "Format options in #{result[:call].method} are not safe in Rails #{rails_version}",
:confidence => :high,
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
- :user_input => match
+ :user_input => match,
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_permit_attributes.rb b/lib/brakeman/checks/check_permit_attributes.rb
index e055a4165..087491eba 100644
--- a/lib/brakeman/checks/check_permit_attributes.rb
+++ b/lib/brakeman/checks/check_permit_attributes.rb
@@ -38,6 +38,7 @@ def warn_on_permit_key result, key, confidence = nil
:warning_code => :dangerous_permit_key,
:message => "Potentially dangerous key allowed for mass assignment",
:confidence => (confidence || SUSPICIOUS_KEYS[key.value]),
- :user_input => key
+ :user_input => key,
+ :cwe => 915
end
end
diff --git a/lib/brakeman/checks/check_quote_table_name.rb b/lib/brakeman/checks/check_quote_table_name.rb
index 61c4f066a..6a7c70087 100644
--- a/lib/brakeman/checks/check_quote_table_name.rb
+++ b/lib/brakeman/checks/check_quote_table_name.rb
@@ -8,7 +8,7 @@ class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck
@description = "Checks for quote_table_name vulnerability in versions before 2.3.14 and 3.0.10"
def run_check
- if (version_between?('2.0.0', '2.3.13') or
+ if (version_between?('2.0.0', '2.3.13') or
version_between?('3.0.0', '3.0.9'))
if uses_quote_table_name?
@@ -28,7 +28,8 @@ def run_check
:message => message,
:confidence => confidence,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/ah5HN0S8OJs/discussion",
+ :cwe => 89
end
end
diff --git a/lib/brakeman/checks/check_redirect.rb b/lib/brakeman/checks/check_redirect.rb
index 0852a9c1e..7a6a6697a 100644
--- a/lib/brakeman/checks/check_redirect.rb
+++ b/lib/brakeman/checks/check_redirect.rb
@@ -55,7 +55,8 @@ def process_result result
:message => "Possible unprotected redirect",
:code => call,
:user_input => res,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 601
end
end
@@ -203,7 +204,7 @@ def model_target? exp
def friendly_model? exp
call? exp and model_name? exp.target and exp.method == :friendly
end
-
+
#Returns true if exp is (probably) a decorated model instance
#using the Draper gem
def decorated_model? exp
@@ -244,7 +245,7 @@ def safe_permit? exp
if call? exp and params? exp.target and exp.method == :permit
exp.each_arg do |opt|
if symbol? opt and DANGEROUS_KEYS.include? opt.value
- return false
+ return false
end
end
diff --git a/lib/brakeman/checks/check_regex_dos.rb b/lib/brakeman/checks/check_regex_dos.rb
index 29bb1da5d..7c045bce5 100644
--- a/lib/brakeman/checks/check_regex_dos.rb
+++ b/lib/brakeman/checks/check_regex_dos.rb
@@ -51,7 +51,8 @@ def process_result result
:warning_code => :regex_dos,
:message => message,
:confidence => confidence,
- :user_input => match
+ :user_input => match,
+ :cwe => 185
end
end
end
diff --git a/lib/brakeman/checks/check_render.rb b/lib/brakeman/checks/check_render.rb
index 7ae1f194a..7aecd033e 100644
--- a/lib/brakeman/checks/check_render.rb
+++ b/lib/brakeman/checks/check_render.rb
@@ -56,7 +56,8 @@ def check_for_dynamic_path result
:warning_code => :dynamic_render_path,
:message => message,
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 22
end
end
@@ -77,7 +78,8 @@ def check_for_rce result
:warning_code => :dynamic_render_path_rce,
:message => "Passing query parameters to render() is vulnerable in Rails #{rails_version} (CVE-2016-0752)",
:user_input => view,
- :confidence => :high
+ :confidence => :high,
+ :cwe => 22
end
end
end
@@ -94,4 +96,4 @@ def safe_param? exp
end
end
end
-end
+end
diff --git a/lib/brakeman/checks/check_render_dos.rb b/lib/brakeman/checks/check_render_dos.rb
index 74f8d14af..f276c8bdc 100644
--- a/lib/brakeman/checks/check_render_dos.rb
+++ b/lib/brakeman/checks/check_render_dos.rb
@@ -32,6 +32,7 @@ def warn_about_text_render
:message => message,
:confidence => :high,
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ",
- :gem_info => gemfile_or_environment
+ :gem_info => gemfile_or_environment,
+ :cwe => 20
end
end
diff --git a/lib/brakeman/checks/check_render_inline.rb b/lib/brakeman/checks/check_render_inline.rb
index 0e5393004..06b854b71 100644
--- a/lib/brakeman/checks/check_render_inline.rb
+++ b/lib/brakeman/checks/check_render_inline.rb
@@ -28,14 +28,16 @@ def check_render result
:warning_code => :cross_site_scripting_inline,
:message => "Unescaped #{friendly_type_of input} rendered inline",
:user_input => input,
- :confidence => :high
+ :confidence => :high,
+ :cwe => 79
elsif input = has_immediate_model?(render_value)
warn :result => result,
:warning_type => "Cross-Site Scripting",
:warning_code => :cross_site_scripting_inline,
:message => "Unescaped model attribute rendered inline",
:user_input => input,
- :confidence => :medium
+ :confidence => :medium,
+ :cwe => 79
end
end
end
diff --git a/lib/brakeman/checks/check_response_splitting.rb b/lib/brakeman/checks/check_response_splitting.rb
index 6fda456c4..09c18b0c8 100644
--- a/lib/brakeman/checks/check_response_splitting.rb
+++ b/lib/brakeman/checks/check_response_splitting.rb
@@ -15,7 +15,8 @@ def run_check
:message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers: CVE-2011-3186",
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion",
+ :cwe => 94
end
end
end
diff --git a/lib/brakeman/checks/check_route_dos.rb b/lib/brakeman/checks/check_route_dos.rb
index 4db305d98..606e364b3 100644
--- a/lib/brakeman/checks/check_route_dos.rb
+++ b/lib/brakeman/checks/check_route_dos.rb
@@ -23,7 +23,8 @@ def run_check
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
+ :cwe => 399
end
end
diff --git a/lib/brakeman/checks/check_safe_buffer_manipulation.rb b/lib/brakeman/checks/check_safe_buffer_manipulation.rb
index 63bf9a755..405627209 100644
--- a/lib/brakeman/checks/check_safe_buffer_manipulation.rb
+++ b/lib/brakeman/checks/check_safe_buffer_manipulation.rb
@@ -23,9 +23,10 @@ def run_check
message = "Rails #{rails_version} has a vulnerabilty in SafeBuffer. Upgrade to #{suggested_version} or apply patches."
warn :warning_type => "Cross-Site Scripting",
- :warning_code => :safe_buffer_vuln,
+ :warning_code => :safe_buffer_vuln,
:message => message,
:confidence => :medium,
- :gem_info => gemfile_or_environment
+ :gem_info => gemfile_or_environment,
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_sanitize_methods.rb b/lib/brakeman/checks/check_sanitize_methods.rb
index cb8162a98..949e0a7e2 100644
--- a/lib/brakeman/checks/check_sanitize_methods.rb
+++ b/lib/brakeman/checks/check_sanitize_methods.rb
@@ -51,7 +51,8 @@ def check_for_cve method, code, link
:warning_code => code,
:message => message,
:confidence => :high,
- :link_path => link
+ :link_path => link,
+ :cwe => 79
end
end
@@ -83,7 +84,8 @@ def check_cve_2018_8048
:message => message,
:gem_info => gemfile_or_environment(:loofah),
:confidence => confidence,
- :link_path => "https://github.com/flavorjones/loofah/issues/144"
+ :link_path => "https://github.com/flavorjones/loofah/issues/144",
+ :cwe => 79
end
end
@@ -107,6 +109,7 @@ def warn_sanitizer_cve cve, link, upgrade_version
:message => message,
:gem_info => gemfile_or_environment(:'rails-html-sanitizer'),
:confidence => confidence,
- :link_path => link
+ :link_path => link,
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_secrets.rb b/lib/brakeman/checks/check_secrets.rb
index 1e796e0da..70d4cece1 100644
--- a/lib/brakeman/checks/check_secrets.rb
+++ b/lib/brakeman/checks/check_secrets.rb
@@ -27,7 +27,8 @@ def check_constants
:message => "Hardcoded value for #{name} in source code",
:confidence => :medium,
:file => constant.file,
- :line => constant.line
+ :line => constant.line,
+ :cwe => 798
end
end
end
diff --git a/lib/brakeman/checks/check_select_tag.rb b/lib/brakeman/checks/check_select_tag.rb
index 96385e099..eb546b9bb 100644
--- a/lib/brakeman/checks/check_select_tag.rb
+++ b/lib/brakeman/checks/check_select_tag.rb
@@ -52,7 +52,8 @@ def process_result result
:message => @message,
:confidence => :high,
:user_input => input,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/fV3QUToSMSw/discussion",
+ :cwe => 79
end
end
end
diff --git a/lib/brakeman/checks/check_select_vulnerability.rb b/lib/brakeman/checks/check_select_vulnerability.rb
index 05ac3308a..259635476 100644
--- a/lib/brakeman/checks/check_select_vulnerability.rb
+++ b/lib/brakeman/checks/check_select_vulnerability.rb
@@ -54,7 +54,8 @@ def process_result result
:warning_code => :select_options_vuln,
:result => result,
:message => @message,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 79
end
end
end
diff --git a/lib/brakeman/checks/check_send.rb b/lib/brakeman/checks/check_send.rb
index 4b5a9ecf9..bade14f2f 100644
--- a/lib/brakeman/checks/check_send.rb
+++ b/lib/brakeman/checks/check_send.rb
@@ -30,7 +30,8 @@ def process_result result
:message => "User controlled method execution",
:code => result[:call],
:user_input => input,
- :confidence => :high
+ :confidence => :high,
+ :cwe => 77
end
end
diff --git a/lib/brakeman/checks/check_session_manipulation.rb b/lib/brakeman/checks/check_session_manipulation.rb
index 8e2aaf024..a050f047c 100644
--- a/lib/brakeman/checks/check_session_manipulation.rb
+++ b/lib/brakeman/checks/check_session_manipulation.rb
@@ -29,7 +29,8 @@ def process_result result
:message => "#{friendly_type_of(input).capitalize} used as key in session hash",
:code => result[:call],
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 20
end
end
end
diff --git a/lib/brakeman/checks/check_session_settings.rb b/lib/brakeman/checks/check_session_settings.rb
index 97a50f1b9..82da0fabe 100644
--- a/lib/brakeman/checks/check_session_settings.rb
+++ b/lib/brakeman/checks/check_session_settings.rb
@@ -17,7 +17,7 @@ def initialize *args
end
def run_check
- settings = tracker.config.session_settings
+ settings = tracker.config.session_settings
check_for_issues settings, @app_tree.expand_path("config/environment.rb")
@@ -139,7 +139,8 @@ def warn_about_http_only line, file
:message => "Session cookies should be set to HTTP only",
:confidence => :high,
:line => line,
- :file => file
+ :file => file,
+ :cwe => 1004
end
@@ -149,7 +150,8 @@ def warn_about_secret_token line, file
:message => "Session secret should not be included in version control",
:confidence => :high,
:line => line,
- :file => file
+ :file => file,
+ :cwe => 798
end
def warn_about_secure_only line, file
@@ -158,7 +160,8 @@ def warn_about_secure_only line, file
:message => "Session cookie should be set to secure only",
:confidence => :high,
:line => line,
- :file => file
+ :file => file,
+ :cwe => 614
end
def ignored? file
diff --git a/lib/brakeman/checks/check_simple_format.rb b/lib/brakeman/checks/check_simple_format.rb
index de20ecfe0..dd11a1290 100644
--- a/lib/brakeman/checks/check_simple_format.rb
+++ b/lib/brakeman/checks/check_simple_format.rb
@@ -23,7 +23,8 @@ def generic_warning
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"
+ :link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
+ :cwe => 79
end
def check_simple_format_usage
@@ -53,6 +54,7 @@ def warn_on_simple_format result, match
:message => "Values passed to simple_format are not safe in Rails #{rails_version}",
:confidence => :high,
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ",
- :user_input => match
+ :user_input => match,
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_single_quotes.rb b/lib/brakeman/checks/check_single_quotes.rb
index 20987c4e8..46f55ffc9 100644
--- a/lib/brakeman/checks/check_single_quotes.rb
+++ b/lib/brakeman/checks/check_single_quotes.rb
@@ -34,7 +34,8 @@ def run_check
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion",
+ :cwe => 79
end
#Process initializers to see if they use workaround
diff --git a/lib/brakeman/checks/check_skip_before_filter.rb b/lib/brakeman/checks/check_skip_before_filter.rb
index 9aa465baa..f837ab87f 100644
--- a/lib/brakeman/checks/check_skip_before_filter.rb
+++ b/lib/brakeman/checks/check_skip_before_filter.rb
@@ -29,7 +29,8 @@ def process_skip_filter filter, controller
:message => "Use whitelist (:only => [..]) when skipping CSRF check",
:code => filter,
:confidence => :medium,
- :file => controller.file
+ :file => controller.file,
+ :cwe => 352
when :login_required, :authenticate_user!, :require_user
warn :controller => controller.name,
@@ -39,7 +40,8 @@ def process_skip_filter filter, controller
:code => filter,
:confidence => :medium,
:link => "authentication_whitelist",
- :file => controller.file
+ :file => controller.file,
+ :cwe => 287
end
end
diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb
index b19d8d1b3..d05806c32 100644
--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -234,7 +234,8 @@ def process_result result
:warning_code => :sql_injection,
:message => "Possible SQL injection",
:user_input => user_input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 89
end
if check_for_limit_or_offset_vulnerability call.last_arg
@@ -248,7 +249,8 @@ def process_result result
:warning_type => "SQL Injection",
:warning_code => :sql_injection_limit_offset,
:message => "Upgrade to Rails >= 2.1.2 to escape :limit and :offset. Possible SQL injection",
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 89
end
end
diff --git a/lib/brakeman/checks/check_sql_cves.rb b/lib/brakeman/checks/check_sql_cves.rb
index b8d03bde9..3ff8df939 100644
--- a/lib/brakeman/checks/check_sql_cves.rb
+++ b/lib/brakeman/checks/check_sql_cves.rb
@@ -81,7 +81,8 @@ def cve_warning_for versions, cve, link
:message => "Rails #{rails_version} contains a SQL injection vulnerability (#{cve}). Upgrade to #{upgrade_version}",
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => link
+ :link_path => link,
+ :cwe => 89
end
def upgrade_version? versions
@@ -101,6 +102,7 @@ def check_cve_2014_0080
:message => "Rails #{rails_version} contains a SQL injection vulnerability (CVE-2014-0080) with PostgreSQL. Upgrade to 4.0.3",
:confidence => :high,
:gem_info => gemfile_or_environment(:pg),
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ",
+ :cwe => 89
end
end
diff --git a/lib/brakeman/checks/check_ssl_verify.rb b/lib/brakeman/checks/check_ssl_verify.rb
index 0c6a169be..2feedad68 100644
--- a/lib/brakeman/checks/check_ssl_verify.rb
+++ b/lib/brakeman/checks/check_ssl_verify.rb
@@ -43,6 +43,7 @@ def warn_about_ssl_verification_bypass result
:warning_type => "SSL Verification Bypass",
:warning_code => :ssl_verification_bypass,
:message => "SSL certificate verification was bypassed",
- :confidence => :high
+ :confidence => :high,
+ :cwe => 295
end
end
diff --git a/lib/brakeman/checks/check_strip_tags.rb b/lib/brakeman/checks/check_strip_tags.rb
index d0de9f7f2..4c54dec83 100644
--- a/lib/brakeman/checks/check_strip_tags.rb
+++ b/lib/brakeman/checks/check_strip_tags.rb
@@ -35,7 +35,8 @@ def cve_2011_2931
:message => message,
:gem_info => gemfile_or_environment,
:confidence => :high,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/K5EwdJt06hI/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/K5EwdJt06hI/discussion",
+ :cwe => 79
end
end
@@ -58,7 +59,8 @@ def cve_2012_3465
:message => message,
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/FgVEtBajcTY/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/FgVEtBajcTY/discussion",
+ :cwe => 79
end
def cve_2015_7579
@@ -76,7 +78,8 @@ def cve_2015_7579
:message => message,
:confidence => confidence,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/OU9ugTZcbjc/PjEP46pbFQAJ"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/OU9ugTZcbjc/PjEP46pbFQAJ",
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_symbol_dos.rb b/lib/brakeman/checks/check_symbol_dos.rb
index 5ec6171f1..1bbfe885d 100644
--- a/lib/brakeman/checks/check_symbol_dos.rb
+++ b/lib/brakeman/checks/check_symbol_dos.rb
@@ -45,7 +45,8 @@ def check_unsafe_symbol_creation result
:warning_code => :unsafe_symbol_creation,
:message => message,
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 20
end
end
diff --git a/lib/brakeman/checks/check_symbol_dos_cve.rb b/lib/brakeman/checks/check_symbol_dos_cve.rb
index 37c3f55eb..71a42aa3e 100644
--- a/lib/brakeman/checks/check_symbol_dos_cve.rb
+++ b/lib/brakeman/checks/check_symbol_dos_cve.rb
@@ -23,8 +23,8 @@ def run_check
:message => "Rails #{rails_version} has a denial of service vulnerability in ActiveRecord: upgrade to #{fix_version} or patch",
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link => "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ"
+ :link => "https://groups.google.com/d/msg/rubyonrails-security/jgJ4cjjS8FE/BGbHRxnDRTIJ",
+ :cwe => 20
end
end
end
-
diff --git a/lib/brakeman/checks/check_translate_bug.rb b/lib/brakeman/checks/check_translate_bug.rb
index 5d7c51b63..56834da21 100644
--- a/lib/brakeman/checks/check_translate_bug.rb
+++ b/lib/brakeman/checks/check_translate_bug.rb
@@ -33,7 +33,8 @@ def run_check
:message => message,
:confidence => confidence,
:gem_info => gemfile_or_environment,
- :link_path => "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5"
+ :link_path => "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5",
+ :cwe => 79
end
end
diff --git a/lib/brakeman/checks/check_unsafe_reflection.rb b/lib/brakeman/checks/check_unsafe_reflection.rb
index a83f4436c..9d8730c03 100644
--- a/lib/brakeman/checks/check_unsafe_reflection.rb
+++ b/lib/brakeman/checks/check_unsafe_reflection.rb
@@ -20,7 +20,7 @@ def run_check
def check_unsafe_reflection result
return unless original? result
- call = result[:call]
+ call = result[:call]
method = call.method
case method
@@ -44,7 +44,8 @@ def check_unsafe_reflection result
:warning_code => :unsafe_constantize,
:message => message,
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 470
end
end
end
diff --git a/lib/brakeman/checks/check_unscoped_find.rb b/lib/brakeman/checks/check_unscoped_find.rb
index 22a87157f..5e8ffdb75 100644
--- a/lib/brakeman/checks/check_unscoped_find.rb
+++ b/lib/brakeman/checks/check_unscoped_find.rb
@@ -40,7 +40,8 @@ def process_result result
:message => "Unscoped call to #{result[:target]}##{result[:method]}",
:code => result[:call],
:confidence => :weak,
- :user_input => input
+ :user_input => input,
+ :cwe => 285
end
def optional_belongs_to? exp
diff --git a/lib/brakeman/checks/check_validation_regex.rb b/lib/brakeman/checks/check_validation_regex.rb
index 69caf3172..872280f14 100644
--- a/lib/brakeman/checks/check_validation_regex.rb
+++ b/lib/brakeman/checks/check_validation_regex.rb
@@ -91,7 +91,8 @@ def check_regex value, validator
:warning_code => :validation_regex,
:message => "Insufficient validation for '#{get_name validator}' using #{regex.inspect}. Use \\A and \\z as anchors",
:line => value.line,
- :confidence => :high
+ :confidence => :high,
+ :cwe => 777
end
end
diff --git a/lib/brakeman/checks/check_weak_hash.rb b/lib/brakeman/checks/check_weak_hash.rb
index c019cee30..d81c6976d 100644
--- a/lib/brakeman/checks/check_weak_hash.rb
+++ b/lib/brakeman/checks/check_weak_hash.rb
@@ -54,7 +54,8 @@ def process_hash_result result
:warning_code => :weak_hash_digest,
:message => "Weak hashing algorithm#{alg} used",
:confidence => confidence,
- :user_input => input
+ :user_input => input,
+ :cwe => 328
end
def process_hmac_result result
@@ -75,7 +76,8 @@ def process_hmac_result result
:warning_type => "Weak Hash",
:warning_code => :weak_hash_hmac,
:message => "Weak hashing algorithm (#{alg}) used in HMAC",
- :confidence => :medium
+ :confidence => :medium,
+ :cwe => 328
end
def process_openssl_result result
@@ -91,7 +93,8 @@ def process_openssl_result result
:warning_type => "Weak Hash",
:warning_code => :weak_hash_digest,
:message => "Weak hashing algorithm (#{alg}) used",
- :confidence => :medium
+ :confidence => :medium,
+ :cwe => 328
end
end
end
diff --git a/lib/brakeman/checks/check_without_protection.rb b/lib/brakeman/checks/check_without_protection.rb
index e308c27a2..5fa3ddecc 100644
--- a/lib/brakeman/checks/check_without_protection.rb
+++ b/lib/brakeman/checks/check_without_protection.rb
@@ -18,8 +18,8 @@ def run_check
Brakeman.debug "Finding all mass assignments"
calls = tracker.find_call :targets => active_record_models.keys, :methods => [:new,
- :attributes=,
- :update_attributes,
+ :attributes=,
+ :update_attributes,
:update_attributes!,
:create,
:create!]
@@ -49,13 +49,14 @@ def process_result res
confidence = :medium
end
- warn :result => res,
- :warning_type => "Mass Assignment",
+ warn :result => res,
+ :warning_type => "Mass Assignment",
:warning_code => :mass_assign_without_protection,
:message => "Unprotected mass assignment",
- :code => call,
+ :code => call,
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe => 915
end
end
diff --git a/lib/brakeman/checks/check_xml_dos.rb b/lib/brakeman/checks/check_xml_dos.rb
index c0a993a1c..93fb7bc06 100644
--- a/lib/brakeman/checks/check_xml_dos.rb
+++ b/lib/brakeman/checks/check_xml_dos.rb
@@ -30,7 +30,8 @@ def run_check
:message => message,
:confidence => :medium,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"
+ :link_path => "https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J",
+ :cwe => 125
end
def has_workaround?
diff --git a/lib/brakeman/checks/check_yaml_parsing.rb b/lib/brakeman/checks/check_yaml_parsing.rb
index 4a0aa405c..c8da752b7 100644
--- a/lib/brakeman/checks/check_yaml_parsing.rb
+++ b/lib/brakeman/checks/check_yaml_parsing.rb
@@ -29,7 +29,8 @@ def run_check
:message => message,
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion",
+ :cwe => 20
end
#Warn if app accepts YAML
@@ -41,7 +42,8 @@ def run_check
:message => message,
:confidence => :high,
:gem_info => gemfile_or_environment,
- :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion"
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/61bkgvnSGTQ/discussion",
+ :cwe => 20
end
end
diff --git a/lib/brakeman/report/report_base.rb b/lib/brakeman/report/report_base.rb
index 230569713..a2207615d 100644
--- a/lib/brakeman/report/report_base.rb
+++ b/lib/brakeman/report/report_base.rb
@@ -89,7 +89,7 @@ def generate_warnings
render_warnings generic_warnings,
:warning,
'security_warnings',
- ["Confidence", "Class", "Method", "Warning Type", "Message"],
+ ["Confidence", "Class", "Method", "Warning Type", "CWE", "Message"],
'Class'
end
@@ -98,7 +98,7 @@ def generate_template_warnings
render_warnings template_warnings,
:template,
'view_warnings',
- ['Confidence', 'Template', 'Warning Type', 'Message'],
+ ['Confidence', 'Template', 'Warning Type', "CWE", 'Message'],
'Template'
end
@@ -108,7 +108,7 @@ def generate_model_warnings
render_warnings model_warnings,
:model,
'model_warnings',
- ['Confidence', 'Model', 'Warning Type', 'Message'],
+ ['Confidence', 'Model', 'Warning Type', "CWE", 'Message'],
'Model'
end
@@ -117,7 +117,7 @@ def generate_controller_warnings
render_warnings controller_warnings,
:controller,
'controller_warnings',
- ['Confidence', 'Controller', 'Warning Type', 'Message'],
+ ['Confidence', 'Controller', 'Warning Type', "CWE", 'Message'],
'Controller'
end
@@ -125,7 +125,7 @@ def generate_ignored_warnings
render_warnings ignored_warnings,
:ignored,
'ignored_warnings',
- ['Confidence', 'Warning Type', 'File', 'Message'],
+ ['Confidence', 'Warning Type', 'File', "CWE", 'Message'],
'Warning Type'
end
diff --git a/lib/brakeman/report/report_text.rb b/lib/brakeman/report/report_text.rb
index 018a47876..2615ef63d 100644
--- a/lib/brakeman/report/report_text.rb
+++ b/lib/brakeman/report/report_text.rb
@@ -19,7 +19,7 @@ def generate_report
add_chunk generate_controllers if tracker.options[:debug] or tracker.options[:report_routes]
add_chunk generate_templates if tracker.options[:debug]
add_chunk generate_obsolete
- add_chunk generate_errors
+ add_chunk generate_errors
add_chunk generate_warnings
end
@@ -35,7 +35,7 @@ def add_chunk chunk, out = @output_string
def generate_header
[
- header("Brakeman Report"),
+ header("Brakeman Report"),
label("Application Path", tracker.app_path),
label("Rails Version", rails_version),
label("Brakeman Version", Brakeman::Version),
@@ -133,6 +133,7 @@ def output_warning w
label('Confidence', confidence(w.confidence)),
label('Category', w.warning_type.to_s),
label('Check', w.check.gsub(/^Brakeman::Check/, '')),
+ label('CWE', w.cwe),
label('Message', w.message)
]
@@ -195,4 +196,3 @@ def render_array name, cols, values, locals
double_space "Controller Overview", controllers
end
end
-
diff --git a/lib/brakeman/report/templates/controller_warnings.html.erb b/lib/brakeman/report/templates/controller_warnings.html.erb
index 1195bab4a..1406d9933 100644
--- a/lib/brakeman/report/templates/controller_warnings.html.erb
+++ b/lib/brakeman/report/templates/controller_warnings.html.erb
@@ -14,6 +14,7 @@
| <%= warning['Confidence']%> |
<%= warning['Controller']%> |
<%= warning['Warning Type']%> |
+ <%= warning['CWE']%> |
<%= warning['Message']%> |
<% end %>
diff --git a/lib/brakeman/report/templates/ignored_warnings.html.erb b/lib/brakeman/report/templates/ignored_warnings.html.erb
index 123d5c603..22d725bc8 100644
--- a/lib/brakeman/report/templates/ignored_warnings.html.erb
+++ b/lib/brakeman/report/templates/ignored_warnings.html.erb
@@ -16,6 +16,7 @@
<%= warning['Confidence']%> |
<%= warning['File']%> |
<%= warning['Warning Type']%> |
+ <%= warning['CWE']%> |
<%= warning['Message']%> |
<%= warning['Note']%> |
diff --git a/lib/brakeman/report/templates/model_warnings.html.erb b/lib/brakeman/report/templates/model_warnings.html.erb
index 25cb6ca56..261119246 100644
--- a/lib/brakeman/report/templates/model_warnings.html.erb
+++ b/lib/brakeman/report/templates/model_warnings.html.erb
@@ -14,6 +14,7 @@
<%= warning['Confidence']%> |
<%= warning['Model']%> |
<%= warning['Warning Type']%> |
+ <%= warning['CWE']%> |
<%= warning['Message']%> |
<% end %>
diff --git a/lib/brakeman/report/templates/security_warnings.html.erb b/lib/brakeman/report/templates/security_warnings.html.erb
index c5abc30a9..b5ba3b483 100644
--- a/lib/brakeman/report/templates/security_warnings.html.erb
+++ b/lib/brakeman/report/templates/security_warnings.html.erb
@@ -16,6 +16,7 @@
<%= warning['Class']%> |
<%= warning['Method']%> |
<%= warning['Warning Type']%> |
+ <%= warning['CWE']%> |
<%= warning['Message']%> |
<% end %>
diff --git a/lib/brakeman/report/templates/view_warnings.html.erb b/lib/brakeman/report/templates/view_warnings.html.erb
index 896c4198d..9caf7cbbf 100644
--- a/lib/brakeman/report/templates/view_warnings.html.erb
+++ b/lib/brakeman/report/templates/view_warnings.html.erb
@@ -27,6 +27,7 @@
<% end %>
<%= warning['Warning Type']%> |
+ <%= warning['CWE']%> |
<%= warning['Message']%> |
<% end %>
diff --git a/lib/brakeman/warning.rb b/lib/brakeman/warning.rb
index 00a7f2451..2663f8a4b 100644
--- a/lib/brakeman/warning.rb
+++ b/lib/brakeman/warning.rb
@@ -4,7 +4,7 @@
#The Warning class stores information about warnings
class Brakeman::Warning
- attr_reader :called_from, :check, :class, :confidence, :controller,
+ attr_reader :called_from, :check, :class, :confidence, :controller, :cwe,
:line, :method, :model, :template, :user_input, :user_input_type,
:warning_code, :warning_set, :warning_type
@@ -30,6 +30,7 @@ class Brakeman::Warning
:class => :@class,
:code => :@code,
:controller => :@controller,
+ :cwe => :@cwe,
:file => :@file,
:gem_info => :@gem_info,
:line => :@line,
@@ -210,6 +211,7 @@ def link
def to_row type = :warning
@row = { "Confidence" => self.confidence,
"Warning Type" => self.warning_type.to_s,
+ "CWE" => self.cwe,
"Message" => self.format_message }
case type
@@ -275,7 +277,8 @@ def to_hash
:render_path => self.called_from,
:location => self.location(false),
:user_input => (@user_input && self.format_user_input(false)),
- :confidence => TEXT_CONFIDENCE[self.confidence]
+ :confidence => TEXT_CONFIDENCE[self.confidence],
+ :cwe => cwe
}
end
@@ -291,4 +294,3 @@ def format_ruby code, strip
formatted
end
end
-