Skip to content
An execution after redirect (EAR) static analysis tool for Ruby on Rails applications
OCaml Ruby Other
Find file
New pull request
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Static Execution After Redirect Detector for Ruby on Rails

This is a tool to statically detect Execution After Redirect (EAR) bugs in Ruby on Rails applications. It was initially developed for a paper in progress.

What is an EAR?

Bryce Boe (my co-author) has a good description on his blog, and I have my own EAR explanation. But here's the short version:

How to compile?

These steps are for Ubuntu.

First need the following packages:

  • ocaml
  • omake
  • ocaml-findlib
  • ocaml-libs
  • ocaml-native-compilers
  • ocaml-tools
  • libgetopt-ocaml-dev
  • libocamlgraph-ocaml-dev
  • libounit-ocaml-dev

And get and compile the following package:

Run: omake

Now you have a fresh and new find_ear_rails to play with! To run, just supply a rails project directory as the first argument.

Something went wrong with that request. Please try again.