Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
An execution after redirect (EAR) static analysis tool for Ruby on Rails applications
OCaml Ruby Other
branch: master
Failed to load latest commit information.
diamondback-ruby-0.20090726 Fixed bug in diamonback ruby that changed the semantics of an excepti…
tests Adding support for detecting not functions
.gitignore Got a build working?
LICENSE Added the README and License
OMakefile
OMakeroot Initial check-in
README.markdown Typo fix.
find_ear_rails.ml Renamed the program
parse_ruby_methods.ml Properly parsing ruby methods for access control

README.markdown

Static Execution After Redirect Detector for Ruby on Rails

This is a tool to statically detect Execution After Redirect (EAR) bugs in Ruby on Rails applications. It was initially developed for a paper in progress.

What is an EAR?

Bryce Boe (my co-author) has a good description on his blog, and I have my own EAR explanation. But here's the short version:

How to compile?

These steps are for Ubuntu.

First need the following packages:

  • ocaml
  • omake
  • ocaml-findlib
  • ocaml-libs
  • ocaml-native-compilers
  • ocaml-tools
  • libgetopt-ocaml-dev
  • libocamlgraph-ocaml-dev
  • libounit-ocaml-dev

And get and compile the following package:

Run: omake

Now you have a fresh and new find_ear_rails to play with! To run, just supply a rails project directory as the first argument.

Something went wrong with that request. Please try again.