Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
An execution after redirect (EAR) static analysis tool for Ruby on Rails applications
OCaml Ruby Other
Branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
diamondback-ruby-0.20090726
tests
.gitignore
LICENSE
OMakefile
OMakeroot
README.markdown
find_ear_rails.ml
parse_ruby_methods.ml

README.markdown

Static Execution After Redirect Detector for Ruby on Rails

This is a tool to statically detect Execution After Redirect (EAR) bugs in Ruby on Rails applications. It was initially developed for a paper in progress.

What is an EAR?

Bryce Boe (my co-author) has a good description on his blog, and I have my own EAR explanation. But here's the short version:

How to compile?

These steps are for Ubuntu.

First need the following packages:

  • ocaml
  • omake
  • ocaml-findlib
  • ocaml-libs
  • ocaml-native-compilers
  • ocaml-tools
  • libgetopt-ocaml-dev
  • libocamlgraph-ocaml-dev
  • libounit-ocaml-dev

And get and compile the following package:

Run: omake

Now you have a fresh and new find_ear_rails to play with! To run, just supply a rails project directory as the first argument.

Something went wrong with that request. Please try again.