Create a check for `tap` #1507

gavingmiller · 2020-08-20T14:20:44Z

There was a lovely blog post on the 12 ways to call a method in Ruby. And it turns out some of these do not get caught by the brakeman scanner and could be abused.

The first example that I found was tap (way # 8 in the reference post):

Kernel.tap(&params[:method].to_sym)

The above when called with method=gets will DOS the application and does not currently get caught by brakeman.

Related issue: #1508

The text was updated successfully, but these errors were encountered:

Fixes #1507

gavingmiller mentioned this issue Aug 20, 2020

Create check for to_proc #1508

Closed

presidentbeef added this to the 5.0 milestone Sep 18, 2020

presidentbeef added the new check label Sep 18, 2020

presidentbeef added a commit that referenced this issue Oct 30, 2020

Add check for user input with #tap

2c3df18

Fixes #1507

presidentbeef mentioned this issue Oct 31, 2020

Add check for unsafe reflection to access methods #1527

Merged

presidentbeef closed this as completed in 95eb33f Nov 12, 2020

This was referenced Mar 17, 2021

Bump brakeman from 4.10.1 to 5.0.0 postxiami/mastodon#27

Closed

Bump brakeman from 4.10.0 to 5.0.0 YoheiZuho/mastodon#417

Closed

Repository owner locked and limited conversation to collaborators Jan 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create a check for `tap` #1507

Create a check for `tap` #1507

gavingmiller commented Aug 20, 2020 •

edited

Loading

Create a check for tap #1507

Create a check for tap #1507

Comments

gavingmiller commented Aug 20, 2020 • edited Loading

Create a check for `tap` #1507

Create a check for `tap` #1507

gavingmiller commented Aug 20, 2020 •

edited

Loading