Merge pull request #67 from LTe/checks_comments

Add comment before each pattern

lib/scanny/checks/access_control_check.rb

@@ -3,6 +3,7 @@ module Checks
     # Checks for use of "params[:id]" in parameters of certain methods that
     # requires authorizaton checks.
     class AccessControlCheck < Check
+      # User.new(params[:id])
       def pattern
         <<-EOT
           SendWithArguments<

lib/scanny/checks/backticks_check.rb

@@ -4,6 +4,7 @@ module Checks
     # expansion. This can cause unwanted code execution if the command includes
     # unescaped input.
     class BackticksCheck < Check
+      # `command`
       def pattern
         'ExecuteString | DynamicExecuteString'
       end

lib/scanny/checks/before_filters_check.rb

@@ -4,6 +4,7 @@ module Checks
     class BeforeFiltersCheck < Check
       FILTERS = [:login_required, :admin_required]
 
+      # before_filter :login_required
       def pattern
         <<-EOT
           SendWithArguments<

lib/scanny/checks/csrf_check.rb

@@ -2,6 +2,7 @@ module Scanny
   module Checks
     # Checks for use of the "protect_from_forgery" method.
     class CSRFCheck < Check
+      # protect_from_forgery
       def pattern
         "Send<receiver = Self, name = :protect_from_forgery>"
       end

lib/scanny/checks/denial_of_service_check.rb

@@ -16,6 +16,7 @@ def warning_message
         "the unavailability of the application"
       end
 
+      # User.find(:first, :conditions => "user LIKE %pattern%")
       def pattern_find_with_like
         <<-EOT
           SendWithArguments<

lib/scanny/checks/file_open_check.rb

@@ -19,6 +19,7 @@ def warning_message
         "unauthorized access to data"
       end
 
+      # File.open
       def pattern_file_open
         <<-EOT
           SendWithArguments<
@@ -28,6 +29,7 @@ def pattern_file_open
         EOT
       end
 
+      # FileUtils.any_method
       def pattern_fileutils
         <<-EOT
           SendWithArguments<

lib/scanny/checks/frameworks_check.rb

@@ -19,10 +19,12 @@ def warning_message
         "Using the methods from frameworks can lead to security problems"
       end
 
+      # xss_safe()
       def pattern_xss_safe
         "Send<name = :xss_safe>"
       end
 
+      # mark_as_xss_protected()
       def pattern_mark_as_safe
         <<-EOT
           Send<name =
@@ -33,6 +35,7 @@ def pattern_mark_as_safe
         EOT
       end
 
+      # env["HTTP_X_USERNAME"]
       def pattern_http_username
         "StringLiteral<string *= /HTTP_X_USERNAME/>"
       end

lib/scanny/checks/helpers.rb

@@ -1,6 +1,8 @@
 module Scanny
   module Checks
     module Helpers
+      # system("command")
+      # `command`
       def build_pattern_exec_command(command)
         command = command.to_s if command.is_a?(Symbol)
         result  = command.inspect

lib/scanny/checks/http_auth_check.rb

@@ -16,6 +16,7 @@ def warning_message
         "accept additional parameters from request"
       end
 
+      # verify :method => :post, :only => [:create]
       def pattern_verify
         <<-EOT
           SendWithArguments<

lib/scanny/checks/http_header/header_injection_check.rb

@@ -16,6 +16,8 @@ def warning_message
           "Directly use of the HTTP_* headers in code"
         end
 
+        # env["HTTP_HEADER"]
+        # headers["HTTP_HEADER"]
         def pattern_environment_params
           <<-EOT
             SendWithArguments<

lib/scanny/checks/http_redirect_check.rb

@@ -25,6 +25,7 @@ def warning_message
         "HTTP redirects can be emitted by the Application"
       end
 
+      # redirect_to params[:input]
       def pattern_redirect
         <<-EOT
           SendWithArguments<
@@ -41,6 +42,7 @@ def pattern_redirect
         EOT
       end
 
+      # save_file()
       def pattern_save_file
         <<-EOT
           Send<name = :save_file>
@@ -49,14 +51,17 @@ def pattern_save_file
         EOT
       end
 
+      # add_file_from_url("http://example.com/file.txt")
       def pattern_add_file_from_url
         "SendWithArguments<name = :add_file_from_url>"
       end
 
+      # require 'open-uri'
       def pattern_open_uri
         "StringLiteral<string = 'open-uri'>"
       end
 
+      # OpenStruct.new(key: value)
       def pattern_open_struct
         <<-EOT
           Send<

lib/scanny/checks/http_request_check.rb

@@ -16,9 +16,10 @@ def check(node)
 
       def warning_message
         "Connecting to the server without encryption" +
-            "can facilitate sniffing traffic"
+        "can facilitate sniffing traffic"
       end
 
+      # Net::HTTP.new
       def pattern_net_http
         <<-EOT
           SendWithArguments<
@@ -31,6 +32,7 @@ def pattern_net_http
         EOT
       end
 
+      # Net::HTTP::Proxy('proxy.example.com', 8080)
       def pattern_net_http_proxy
         <<-EOT
           Send | SendWithArguments

lib/scanny/checks/http_usage_check.rb

@@ -16,6 +16,7 @@ def warning_message
         "can facilitate sniffing traffic"
       end
 
+      # "http://example.com"
       def pattern_http_url
         <<-EOT
           StringLiteral<string *= "http://">

lib/scanny/checks/information_leak_check.rb

@@ -18,6 +18,7 @@ def warning_message
         "There is a possibility of data leakage"
       end
 
+      # filter_parameter_logging()
       def pattern_logger_filter
         <<-EOT
           Send<name = :filter_parameter_logging>
@@ -26,6 +27,7 @@ def pattern_logger_filter
         EOT
       end
 
+      # find_by_id(params[:input])
       def pattern_find
         <<-EOT
           SendWithArguments<

lib/scanny/checks/input_filtering_check.rb

@@ -19,6 +19,7 @@ def warning_message
         "Possible injection vulnerabilities"
       end
 
+      # logger(params[:password])
       def pattern_logger_with_params
         <<-EOT
           SendWithArguments<
@@ -35,6 +36,7 @@ def pattern_logger_with_params
         EOT
       end
 
+      # params[:input]
       def pattern_params
         <<-EOT
           SendWithArguments<
@@ -44,6 +46,8 @@ def pattern_params
         EOT
       end
 
+      # env["HTTP_HEADER"]
+      # headers["HTTP_HEADER"]
       def pattern_env_http
         <<-EOT
           SendWithArguments<

lib/scanny/checks/insecure_config/set_rails_env_check.rb

@@ -2,6 +2,7 @@ module Scanny
   module Checks
     # Checks for places where ENV["RAILS_ENV"] is set.
     class SetRailsEnvCheck < Check
+      # ENV["RAILS_ENV"] = "test"
       def pattern
         <<-EOT
           ElementAssignment<

lib/scanny/checks/insecure_config/set_secret_check.rb

@@ -2,6 +2,7 @@ module Scanny
   module Checks
     # Checks for places where :secret hash key is set.
     class SetSecretCheck < Check
+      # :secret
       def pattern
         <<-EOT
           HashLiteral<

lib/scanny/checks/insecure_config/set_session_key_check.rb

@@ -2,6 +2,7 @@ module Scanny
   module Checks
     # Checks for places where :session_key hash key is set.
     class SetSessionKeyCheck < Check
+      # :session_key
       def pattern
         <<-EOT
           HashLiteral<

lib/scanny/checks/insecure_method/deserialize_method_check.rb

@@ -16,6 +16,7 @@ def warning_message
           "Execute deserialize method can load to memory dangerous object"
         end
 
+        # deserialize()
         def pattern_deserialize_call
           <<-EOT
             SendWithArguments | Send

lib/scanny/checks/insecure_method/eval_method_check.rb

@@ -16,6 +16,7 @@ def warning_message
           "Execute eval method can lead the ruby interpreter to run dangerous code"
         end
 
+        # eval("ruby_code")
         def pattern_eval_call
           <<-EOT
             SendWithArguments | Send

lib/scanny/checks/insecure_method/shellwords_escape_check.rb

@@ -20,6 +20,7 @@ def warning_message
           "can lead incomplete input filtering"
         end
 
+        # Shellwords.escape("string")
         def pattern_shellwords_escape
           <<-EOT
             SendWithArguments<
@@ -29,6 +30,7 @@ def pattern_shellwords_escape
           EOT
         end
 
+        # shell_escape("string")
         def pattern_shell_escape
           "SendWithArguments<name = :shell_escape>"
         end

lib/scanny/checks/insecure_method/system_method_check.rb

@@ -20,6 +20,7 @@ def warning_message
           "Execute system commands can lead the system to run dangerous code"
         end
 
+        # system("rm -rf /")
         def pattern_system_calls
           <<-EOT
             SendWithArguments | Send
@@ -33,6 +34,7 @@ def pattern_system_calls
           EOT
         end
 
+        # FileUtils.mv("one_file", "sec_file")
         def pattern_file_utils_methods
           <<-EOT
             SendWithArguments<
@@ -42,6 +44,7 @@ def pattern_file_utils_methods
           EOT
         end
 
+        # `system_command`
         def pattern_execute_string
           "ExecuteString"
         end

lib/scanny/checks/mass_assignment_check.rb

@@ -16,6 +16,7 @@ def warning_message
         "can cause dangerous errors in the database"
       end
 
+      # User.new(params[:user])
       def pattern_create_object_from_params
         <<-EOT
           SendWithArguments<

lib/scanny/checks/random_numbers_check.rb

@@ -20,6 +20,8 @@ def warning_message
         "This action indicates using low-entropy random number generator"
       end
 
+      # Kernel.srand
+      # Kernel.rand
       def pattern_rand
         <<-EOT
           Send<
@@ -34,6 +36,7 @@ def pattern_rand
         EOT
       end
 
+      # seed()
       def pattern_seed
         <<-EOT
           Send<name = :seed>
@@ -42,6 +45,7 @@ def pattern_seed
         EOT
       end
 
+      # File.open("/dev/urandom", "r").read(100)
       def pattern_urandom
         "StringLiteral<string *= /urandom/>"
       end

lib/scanny/checks/redirect_with_params_check.rb

@@ -16,6 +16,7 @@ def warning_message
         "can lead to unauthorized redirects"
       end
 
+      # redirect_to params[:input]
       def pattern_redirect
         <<-EOT
           SendWithArguments<

lib/scanny/checks/reset_session_check.rb

@@ -15,6 +15,7 @@ def warning_message
         "Improper resetting the session may lead to security problems"
       end
 
+      # reset_session()
       def pattern_reset_session
         "Send<name = :reset_session>"
       end

lib/scanny/checks/session/access_to_session_check.rb

@@ -17,9 +17,10 @@ def check(node)
 
         def warning_message
           "Referring to a session in the wrong way" +
-              "can lead to errors that reduce security level"
+          "can lead to errors that reduce security level"
         end
 
+        # session[:password]
         def pattern_session_access
           <<-EOT
           SendWithArguments<
@@ -29,6 +30,7 @@ def pattern_session_access
           EOT
         end
 
+        # session[:admin] = true
         def pattern_session_assignment
           <<-EOT
           ElementAssignment<

lib/scanny/checks/session/session_secure_check.rb

@@ -40,6 +40,7 @@ def pattern_session_settings
           EOT
         end
 
+        # :session_secure
         def pattern_session_secure
           "SymbolLiteral<value = :session_secure | :secure>"
         end

lib/scanny/checks/shell_expanding_methods_check.rb

@@ -4,6 +4,7 @@ module Checks
     # through shell expansion. This can cause unwanted code execution if the
     # command includes unescaped input.
     class ShellExpandingMethodsCheck < Check
+      # system("command")
       def pattern
         <<-EOT
           SendWithArguments<

lib/scanny/checks/skip_before_filters_check.rb

@@ -9,6 +9,7 @@ class SkipBeforeFiltersCheck < Check
         :authenticate
       ]
 
+      # skip_before_filer :login_required
       def pattern
         <<-EOT
           SendWithArguments<

lib/scanny/checks/sql_injection/sanitize_sql_check.rb

@@ -15,6 +15,7 @@ def check(node)
 
         private
 
+        # sanitize_sql()
         def pattern_sanitize_sql
           "Send<name = :sanitize_sql>"
         end