Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add version check for CVE-2013-0155

  • Loading branch information...
commit 1f2402b3f473eb47a8b96a85e78e3adaddcd938a 1 parent f0fd697
@presidentbeef authored
View
13 lib/brakeman/checks/check_sql.rb
@@ -49,6 +49,9 @@ def run_check
Brakeman.debug "Checking version of Rails for CVE-2012-5664"
check_rails_version_for_cve_2012_5664
+ Brakeman.debug "Checking version of Rails for CVE-2013-0155"
+ check_rails_version_for_cve_2013_0155
+
Brakeman.debug "Processing possible SQL calls"
calls.each do |c|
process_result c
@@ -134,6 +137,16 @@ def check_rails_version_for_cve_2012_5664
end
end
+ def check_rails_version_for_cve_2013_0155
+ if version_between?("2.0.0", "2.3.15") || version_between?("3.0.0", "3.0.18") || version_between?("3.1.0", "3.1.9") || version_between?("3.2.0", "3.2.10")
+ warn :warning_type => 'SQL Injection',
+ :message => 'All versions of Rails before 3.0.19, 3.1.10, and 3.2.11 contain a SQL Injection Vulnerability: CVE-2013-0155; Upgrade to 3.2.11, 3.1.10, 3.0.19',
+ :confidence => CONFIDENCE[:high],
+ :file => gemfile_or_environment,
+ :link_path => "https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion"
+ end
+ end
+
def process_scope_with_block model_name, args
scope_name = args[1][1]
block = args[-1][-1]
View
12 test/tests/test_rails2.rb
@@ -12,13 +12,13 @@ def expected
:controller => 1,
:model => 2,
:template => 41,
- :warning => 34 }
+ :warning => 35 }
else
@expected ||= {
:controller => 1,
:model => 2,
:template => 41,
- :warning => 35 }
+ :warning => 36 }
end
end
@@ -786,6 +786,14 @@ def test_sql_injection_CVE_2012_5664
:file => /environment\.rb/
end
+ def test_sql_injection_CVE_2013_0155
+ assert_warning :type => :warning,
+ :warning_type => "SQL Injection",
+ :message => /^All\ versions\ of\ Rails\ before\ 3\.0\.19,\ 3\.1/,
+ :confidence => 0,
+ :file => /environment\.rb/
+ end
+
def test_remote_code_execution_CVE_2013_0156
assert_warning :type => :warning,
:warning_type => "Remote Code Execution",
View
10 test/tests/test_rails3.rb
@@ -15,7 +15,7 @@ def expected
:controller => 1,
:model => 5,
:template => 32,
- :warning => 42
+ :warning => 43
}
end
@@ -806,6 +806,14 @@ def test_mail_link_CVE_2011_0446
:file => /Gemfile/
end
+ def test_sql_injection_CVE_2013_0155
+ assert_warning :type => :warning,
+ :warning_type => "SQL Injection",
+ :message => /^All\ versions\ of\ Rails\ before\ 3\.0\.19,\ 3\.1/,
+ :confidence => 0,
+ :file => /Gemfile/
+ end
+
def test_remote_code_execution_CVE_2013_0156_fix
assert_no_warning :type => :warning,
:warning_type => "Remote Code Execution",
View
10 test/tests/test_rails31.rb
@@ -15,7 +15,7 @@ def expected
:model => 3,
:template => 22,
:controller => 1,
- :warning => 50 }
+ :warning => 51 }
end
def test_without_protection
@@ -712,6 +712,14 @@ def test_strip_tags_CVE_2012_3465
:file => /Gemfile/
end
+ def test_sql_injection_CVE_2013_0155
+ assert_warning :type => :warning,
+ :warning_type => "SQL Injection",
+ :message => /^All\ versions\ of\ Rails\ before\ 3\.0\.19,\ 3\.1/,
+ :confidence => 0,
+ :file => /Gemfile/
+ end
+
def test_remove_code_execution_CVE_2013_0156_fix
assert_no_warning :type => :warning,
:warning_type => "Remote Code Execution",
View
10 test/tests/test_rails32.rb
@@ -11,7 +11,7 @@ def expected
:controller => 0,
:model => 0,
:template => 6,
- :warning => 4 }
+ :warning => 5 }
end
def report
@@ -30,6 +30,14 @@ def test_sql_injection_CVE_2012_5664
:file => /Gemfile/
end
+ def test_sql_injection_CVE_2013_0155
+ assert_warning :type => :warning,
+ :warning_type => "SQL Injection",
+ :message => /^All\ versions\ of\ Rails\ before\ 3\.0\.19,\ 3\.1/,
+ :confidence => 0,
+ :file => /Gemfile/
+ end
+
def test_remote_code_execution_CVE_2013_0156
assert_warning :type => :warning,
:warning_type => "Remote Code Execution",
View
10 test/tests/test_rails_with_xss_plugin.rb
@@ -11,7 +11,7 @@ def expected
:controller => 1,
:model => 3,
:template => 2,
- :warning => 17 }
+ :warning => 18 }
end
def report
@@ -284,6 +284,14 @@ def test_session_secret_token
:file => /session_store\.rb/
end
+ def test_sql_injection_CVE_2013_0155
+ assert_warning :type => :warning,
+ :warning_type => "SQL Injection",
+ :message => /^All\ versions\ of\ Rails\ before\ 3\.0\.19,\ 3\.1/,
+ :confidence => 0,
+ :file => /Gemfile/
+ end
+
def test_parsing_disable_CVE_2013_0156
assert_no_warning :type => :warning,
:warning_type => "Remote Code Execution",
Please sign in to comment.
Something went wrong with that request. Please try again.