Class/Module Index [+]

Quicksearch

Brakeman::CheckSend

Checks if user supplied data is passed to send

Public Instance Methods

process_result(result) click to toggle source
# File lib/brakeman/checks/check_send.rb, line 18
def process_result result
  process_call_args result[:call]
  target = process result[:call].target

  if input = has_immediate_user_input?(result[:call].first_arg)
    warn :result => result,
      :warning_type => "Dangerous Send",
      :message => "User controlled method execution",
      :code => result[:call],
      :user_input => input.match,
      :confidence => CONFIDENCE[:high]
  end

  if input = has_immediate_user_input?(target)
    warn :result => result,
      :warning_type => "Dangerous Send",
      :message => "User defined target of method invocation",
      :code => result[:call],
      :user_input => input.match,
      :confidence => CONFIDENCE[:med]
  end
end
run_check() click to toggle source
# File lib/brakeman/checks/check_send.rb, line 9
def run_check
  Brakeman.debug("Finding instances of #send")
  calls = tracker.find_call :method => :send

  calls.each do |call|
    process_result call
  end
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.