Static Execution After Redirect Detector for Ruby on Rails
This is a tool to statically detect Execution After Redirect (EAR) bugs in Ruby on Rails applications. It was initially developed for a paper in progress.
What is an EAR?
How to compile?
These steps are for Ubuntu.
First need the following packages:
And get and compile the following package:
- libsyck (v 7.0) https://github.com/indeyets/syck
Now you have a fresh and new find_ear_rails to play with! To run, just supply a rails project directory as the first argument.