Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Check for YAML file access methods specifically

because there are only two.

Fixes #142
  • Loading branch information...
commit bac1c2413c85b2dc1b94dd2520a58fceedd1b98b 1 parent 4e43232
@presidentbeef authored
Showing with 3 additions and 1 deletion.
  1. +3 −1 lib/brakeman/checks/check_file_access.rb
View
4 lib/brakeman/checks/check_file_access.rb
@@ -9,7 +9,9 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
def run_check
Brakeman.debug "Finding possible file access"
- methods = tracker.find_call :targets => [:Dir, :File, :IO, :Kernel, :"Net::FTP", :"Net::HTTP", :PStore, :Pathname, :Shell, :YAML], :methods => [:[], :chdir, :chroot, :delete, :entries, :foreach, :glob, :install, :lchmod, :lchown, :link, :load, :load_file, :makedirs, :move, :new, :open, :read, :readlines, :rename, :rmdir, :safe_unlink, :symlink, :syscopy, :sysopen, :truncate, :unlink]
+ methods = tracker.find_call :targets => [:Dir, :File, :IO, :Kernel, :"Net::FTP", :"Net::HTTP", :PStore, :Pathname, :Shell], :methods => [:[], :chdir, :chroot, :delete, :entries, :foreach, :glob, :install, :lchmod, :lchown, :link, :load, :load_file, :makedirs, :move, :new, :open, :read, :readlines, :rename, :rmdir, :safe_unlink, :symlink, :syscopy, :sysopen, :truncate, :unlink]
+
+ methods.concat tracker.find_call :target => :YAML, :methods => [:load_file, :parse_file]
Brakeman.debug "Finding calls to load()"
methods.concat tracker.find_call :target => false, :method => :load
Please sign in to comment.
Something went wrong with that request. Please try again.