Fixing issue #18. Owasp RoR Cheatsheet check was missing of message and

mitigation step.
thesp0nge · Jan 15, 2014 · 809fbc1 · 809fbc1
1 parent 3e66e7a
commit 809fbc1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/Changelog.md b/Changelog.md
@@ -31,6 +31,8 @@ _latest update: Fri Jan 10 08:53:06 CET 2014_
   (CVE-2012-6134). The patch is already merged in the git repository but there
   are no further gem releases. The suggested mitigation is to tell your Gemfile
   to fetch the code directly from github rather then using rubygems.org
+* Fixing issue #18. Owasp RoR Cheatsheet check was missing of message and
+  mitigation step.
 * Added a check for CVE-2004-0755
 * Added a check for CVE-2004-0983
 * Added a check for CVE-2005-1992

diff --git a/lib/codesake/dawn/kb/owasp_ror_cheatsheet.rb b/lib/codesake/dawn/kb/owasp_ror_cheatsheet.rb
@@ -18,6 +18,8 @@ def initialize
             :applies=>["rails"],
             :kind=>Codesake::Dawn::KnowledgeBase::COMBO_CHECK,
             :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
+            :message=>message,
+            :mitigation=>"Please refere to the Ruby on Rails cheatsheet available from owasp.org to mitigate this vulnerability",
             :checks=>[
               Codesake::Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new,
               Codesake::Dawn::Kb::OwaspRorCheatSheet::Csrf.new,