Class/Module Index [+]

Quicksearch

Brakeman::CheckEvaluation

This check looks for calls to eval, instance_eval, etc. which include user input.

Public Instance Methods

process_result(result) click to toggle source

Warns if eval includes user input

# File lib/brakeman/checks/check_evaluation.rb, line 22
def process_result result
  if input = include_user_input?(result[:call].arglist)
    warn :result => result,
      :warning_type => "Dangerous Eval",
      :message => "User input in eval",
      :code => result[:call],
      :user_input => input.match,
      :confidence => CONFIDENCE[:high]
  end
end
run_check() click to toggle source

Process calls

# File lib/brakeman/checks/check_evaluation.rb, line 11
def run_check
  Brakeman.debug "Finding eval-like calls"
  calls = tracker.find_call :method => [:eval, :instance_eval, :class_eval, :module_eval]

  Brakeman.debug "Processing eval-like calls"
  calls.each do |call|
    process_result call
  end
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.