Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
An execution after redirect (EAR) static analysis tool for Ruby on Rails applications
branch: master


Static Execution After Redirect Detector for Ruby on Rails

This is a tool to statically detect Execution After Redirect (EAR) bugs in Ruby on Rails applications. It was initially developed for a paper in progress.

What is an EAR?

Bryce Boe (my co-author) has a good description on his blog, and I have my own EAR explanation. But here's the short version:

How to compile?

These steps are for Ubuntu.

First need the following packages:

  • ocaml
  • omake
  • ocaml-findlib
  • ocaml-libs
  • ocaml-native-compilers
  • ocaml-tools
  • libgetopt-ocaml-dev
  • libocamlgraph-ocaml-dev
  • libounit-ocaml-dev

And get and compile the following package:

Run: omake

Now you have a fresh and new find_ear_rails to play with! To run, just supply a rails project directory as the first argument.

Something went wrong with that request. Please try again.