Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

An execution after redirect (EAR) static analysis tool for Ruby on Rails applications

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 diamondback-ruby-0.20090726
Octocat-spinner-32 tests
Octocat-spinner-32 .gitignore
Octocat-spinner-32 LICENSE
Octocat-spinner-32 OMakefile
Octocat-spinner-32 OMakeroot
Octocat-spinner-32 README.markdown
Octocat-spinner-32 find_ear_rails.ml
Octocat-spinner-32 parse_ruby_methods.ml
README.markdown

Static Execution After Redirect Detector for Ruby on Rails

This is a tool to statically detect Execution After Redirect (EAR) bugs in Ruby on Rails applications. It was initially developed for a paper in progress.

What is an EAR?

Bryce Boe (my co-author) has a good description on his blog, and I have my own EAR explanation. But here's the short version:

How to compile?

These steps are for Ubuntu.

First need the following packages:

  • ocaml
  • omake
  • ocaml-findlib
  • ocaml-libs
  • ocaml-native-compilers
  • ocaml-tools
  • libgetopt-ocaml-dev
  • libocamlgraph-ocaml-dev
  • libounit-ocaml-dev

And get and compile the following package:

Run: omake

Now you have a fresh and new find_ear_rails to play with! To run, just supply a rails project directory as the first argument.

Something went wrong with that request. Please try again.