Methods

Class/Module Index [+]

Quicksearch

Brakeman::CheckSafeBufferManipulation

Check for unsafe manipulation of strings Right now this is just a version check for groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1

Public Instance Methods

run_check() click to toggle source
# File lib/brakeman/checks/check_safe_buffer_manipulation.rb, line 11
def run_check

  if version_between? "3.0.0", "3.0.11"
    suggested_version = "3.0.12"
  elsif version_between? "3.1.0", "3.1.3"
    suggested_version = "3.1.4"
  elsif version_between? "3.2.0", "3.2.1"
    suggested_version = "3.2.2"
  else
    return
  end

  message = "Rails #{tracker.config[:rails_version]} has a vulnerabilty in SafeBuffer. Upgrade to #{suggested_version} or apply patches."

  warn :warning_type => "Cross Site Scripting",
    :message => message,
    :confidence => CONFIDENCE[:med],
    :file => gemfile_or_environment
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.