Methods

Class/Module Index [+]

Quicksearch

Brakeman::CheckResponseSplitting

Warn about response splitting in Rails versions before 2.3.13 groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768

Public Instance Methods

run_check() click to toggle source
# File lib/brakeman/checks/check_response_splitting.rb, line 10
def run_check
  if version_between?('2.3.0', '2.3.13')

    warn :warning_type => "Response Splitting",
      :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers: CVE-2011-3186",
      :confidence => CONFIDENCE[:med],
      :file => gemfile_or_environment,
      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/b_yTveAph2g/discussion"
  end
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.