class Brakeman::CheckJSONParsing

Public Class Methods

new(*args) click to toggle source
Calls superclass method Brakeman::BaseCheck::new
# File lib/brakeman/checks/check_json_parsing.rb, line 8
def initialize *args
  super
  @uses_json_parse = nil
end

Public Instance Methods

check_cve_2013_0269() click to toggle source
# File lib/brakeman/checks/check_json_parsing.rb, line 62
def check_cve_2013_0269
  [:json, :json_pure].each do |name|
    gem_hash = tracker.config.get_gem name
    check_json_version name, gem_hash[:version] if gem_hash and gem_hash[:version]
  end
end
check_cve_2013_0333() click to toggle source
# File lib/brakeman/checks/check_json_parsing.rb, line 18
def check_cve_2013_0333
  return unless version_between? "0.0.0", "2.3.15" or version_between? "3.0.0", "3.0.19"

  unless uses_yajl? or uses_gem_backend?
    new_version = if version_between? "0.0.0", "2.3.14"
                    "2.3.16"
                  elsif version_between? "3.0.0", "3.0.19"
                    "3.0.20"
                  end

    message = msg(msg_version(rails_version), " has a serious JSON parsing vulnerability. Upgrade to ", msg_version(new_version), " or patch")
    gem_info = gemfile_or_environment

    warn :warning_type => "Remote Code Execution",
      :warning_code => :CVE_2013_0333,
      :message => message,
      :confidence => :high,
      :gem_info => gem_info,
      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion"
  end
end
check_json_version(name, version) click to toggle source
# File lib/brakeman/checks/check_json_parsing.rb, line 69
def check_json_version name, version
  return if version >= "1.7.7" or
            (version >= "1.6.8" and version < "1.7.0") or
            (version >= "1.5.5" and version < "1.6.0")

  warning_type = "Denial of Service"
  confidence = :medium
  gem_name = "#{name} gem"
  message = msg(msg_version(version, gem_name), " has a symbol creation vulnerability. Upgrade to ")

  if version >= "1.7.0"
    confidence = :high
    warning_type = "Remote Code Execution"
    message = msg(msg_version(version, "json gem"), " has a remote code execution vulnerability. Upgrade to ", msg_version("1.7.7", "json gem"))
  elsif version >= "1.6.0"
    message << msg_version("1.6.8", gem_name)
  elsif version >= "1.5.0"
    message << msg_version("1.5.5", gem_name)
  else
    confidence = :weak
    message << msg_version("1.5.5", gem_name)
  end

  if confidence == :medium and uses_json_parse?
    confidence = :high
  end

  warn :warning_type => warning_type,
    :warning_code => :CVE_2013_0269,
    :message => message,
    :confidence => confidence,
    :gem_info => gemfile_or_environment(name),
    :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion"
end
run_check() click to toggle source
# File lib/brakeman/checks/check_json_parsing.rb, line 13
def run_check
  check_cve_2013_0333
  check_cve_2013_0269
end
uses_gem_backend?() click to toggle source

Check for `ActiveSupport::JSON.backend = “JSONGem”`

# File lib/brakeman/checks/check_json_parsing.rb, line 46
def uses_gem_backend?
  matches = tracker.find_call(target: :'ActiveSupport::JSON', method: :backend=, chained: true)

  unless matches.empty?
    json_gem = s(:str, "JSONGem")

    matches.each do |result|
      if result[:call].first_arg == json_gem
        return true
      end
    end
  end

  false
end
uses_json_parse?() click to toggle source
# File lib/brakeman/checks/check_json_parsing.rb, line 104
def uses_json_parse?
  return @uses_json_parse unless @uses_json_parse.nil?

  not tracker.find_call(:target => :JSON, :method => :parse).empty?
end
uses_yajl?() click to toggle source

Check if `yajl` is included in Gemfile

# File lib/brakeman/checks/check_json_parsing.rb, line 41
def uses_yajl?
  tracker.config.has_gem? :yajl
end