Methods

Class/Module Index [+]

Quicksearch

Brakeman::CheckEscapeFunction

Check for versions with vulnerable html escape method groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195

Public Instance Methods

run_check() click to toggle source
# File lib/brakeman/checks/check_escape_function.rb, line 10
def run_check
  if version_between?('2.0.0', '2.3.13') and RUBY_VERSION < '1.9.0' 

    warn :warning_type => 'Cross Site Scripting',
      :message => 'Versions before 2.3.14 have a vulnerability in escape method when used with Ruby 1.8: CVE-2011-2931',
      :confidence => CONFIDENCE[:high],
      :file => gemfile_or_environment,
      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/Vr_7WSOrEZU/discussion"
  end
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.