class Brakeman::CheckSymbolDoS

Constants

UNSAFE_METHODS

Public Instance Methods

check_unsafe_symbol_creation(result) click to toggle source
# File lib/brakeman/checks/check_symbol_dos.rb, line 19
def check_unsafe_symbol_creation result
  return unless original? result

  call = result[:call]

  if result[:method] == :literal_to_sym
    args = call.select { |e| sexp? e }
  else
    args = [call.target]
  end

  if input = args.map{ |arg| has_immediate_user_input?(arg) }.compact.first
    confidence = :high
  elsif input = args.map{ |arg| include_user_input?(arg) }.compact.first
    confidence = :medium
  end


  if confidence
    return if safe_parameter? input.match
    return if symbolizing_attributes? input

    message = msg("Symbol conversion from unsafe string in ", msg_input(input))

    warn :result => result,
      :warning_type => "Denial of Service",
      :warning_code => :unsafe_symbol_creation,
      :message => message,
      :user_input => input,
      :confidence => confidence
  end
end
run_check() click to toggle source
# File lib/brakeman/checks/check_symbol_dos.rb, line 10
def run_check
  return if rails_version and rails_version >= "5.0.0"
  return if tracker.config.ruby_version >= "2.2"

  tracker.find_call(:methods => UNSAFE_METHODS, :nested => true).each do |result|
    check_unsafe_symbol_creation(result)
  end
end
safe_parameter?(input) click to toggle source
# File lib/brakeman/checks/check_symbol_dos.rb, line 52
def safe_parameter? input
  if call? input
    if node_type? input.target, :params
      input.method == :[] and
      symbol? input.first_arg and
      [:controller, :action].include? input.first_arg.value
    else
      safe_parameter? input.target
    end
  else
    false
  end
end
symbolizing_attributes?(input) click to toggle source
# File lib/brakeman/checks/check_symbol_dos.rb, line 66
def symbolizing_attributes? input
  input.type == :model and
    call? input.match and
    input.match.method == :attributes
end