Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

Static Execution After Redirect Detector for Ruby on Rails

This is a tool to statically detect Execution After Redirect (EAR) bugs in Ruby on Rails applications. It was initially developed for a paper in progress.

What is an EAR?

Bryce Boe (my co-author) has a good description on his blog, and I have my own EAR explanation. But here's the short version:

How to compile?

These steps are for Ubuntu.

First need the following packages:

  • ocaml
  • omake
  • ocaml-findlib
  • ocaml-libs
  • ocaml-native-compilers
  • ocaml-tools
  • libgetopt-ocaml-dev
  • libocamlgraph-ocaml-dev
  • libounit-ocaml-dev

And get and compile the following package:

Run: omake

Now you have a fresh and new find_ear_rails to play with! To run, just supply a rails project directory as the first argument.

About

An execution after redirect (EAR) static analysis tool for Ruby on Rails applications

Resources

License

Releases

No releases published

Packages

No packages published

Languages