-
Notifications
You must be signed in to change notification settings - Fork 384
/
check-dynamic-render-local-file-include.yaml
37 lines (37 loc) · 1.27 KB
/
check-dynamic-render-local-file-include.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
rules:
- id: check-dynamic-render-local-file-include
mode: search
paths:
include:
- '*.erb'
patterns:
- pattern: |
params[...]
- pattern-inside: |
render :file => ...
message: Found request parameters in a call to `render` in a dynamic context. This can allow end users
to request arbitrary local files which may result in leaking sensitive information persisted on disk.
languages:
- generic
severity: WARNING
metadata:
technology:
- ruby
- rails
category: security
cwe:
- "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
owasp:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
source-rule-url: https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/checks/check_render.rb
references:
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
- https://github.com/presidentbeef/brakeman/blob/f74cb53ead47f0af821d98b5b41e16d63100c240/test/apps/rails2/app/views/home/test_render.html.erb
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- vuln
likelihood: MEDIUM
impact: MEDIUM
confidence: MEDIUM