Check calls to +render()+ for dangerous values
Check if path to action or file is determined dynamically
# File lib/brakeman/checks/check_render.rb, line 31 def check_for_dynamic_path result view = result[:call][2] if sexp? view and not duplicate? result add_result result if input = has_immediate_user_input?(view) confidence = CONFIDENCE[:high] elsif input = include_user_input?(view) if node_type? view, :string_interp, :dstr confidence = CONFIDENCE[:med] else confidence = CONFIDENCE[:low] end else return end message = "Render path contains " case input.type when :params message << "parameter value" when :cookies message << "cookie value" when :request message << "request value" when :model #Skip models return else message << "user input value" end warn :result => result, :warning_type => "Dynamic Render Path", :message => message, :user_input => input.match, :confidence => confidence end end
# File lib/brakeman/checks/check_render.rb, line 15 def process_render result return unless node_type? result[:call], :render case result[:call].render_type when :partial, :template, :action, :file check_for_dynamic_path result when :inline when :js when :json when :text when :update when :xml end end
Generated with the Darkfish Rdoc Generator 2.