class Brakeman::CheckUnsafeReflectionMethods

Public Instance Methods

check_method() click to toggle source
# File lib/brakeman/checks/check_unsafe_reflection_methods.rb, line 14
def check_method
  tracker.find_call(method: :method, nested: true).each do |result|
    argument = result[:call].first_arg

    if user_input = include_user_input?(argument)
      warn_unsafe_reflection(result, user_input)
    end
  end
end
check_tap() click to toggle source
# File lib/brakeman/checks/check_unsafe_reflection_methods.rb, line 24
def check_tap
  tracker.find_call(method: :tap, nested: true).each do |result|
    argument = result[:call].first_arg

    # Argument is passed like a.tap(&argument)
    if node_type? argument, :block_pass
      argument = argument.value
    end

    if user_input = include_user_input?(argument)
      warn_unsafe_reflection(result, user_input)
    end
  end
end
check_to_proc() click to toggle source
# File lib/brakeman/checks/check_unsafe_reflection_methods.rb, line 39
def check_to_proc
  tracker.find_call(method: :to_proc, nested: true).each do |result|
    target = result[:call].target

    if user_input = include_user_input?(target)
      warn_unsafe_reflection(result, user_input)
    end
  end
end
run_check() click to toggle source
# File lib/brakeman/checks/check_unsafe_reflection_methods.rb, line 8
def run_check
  check_method
  check_tap
  check_to_proc
end
warn_unsafe_reflection(result, input) click to toggle source
# File lib/brakeman/checks/check_unsafe_reflection_methods.rb, line 49
def warn_unsafe_reflection result, input
  return unless original? result
  method = result[:call].method

  confidence = if input.type == :params
    :high
  else
    :medium
  end

  message = msg("Unsafe reflection method ", msg_code(method), " called with ", msg_input(input))

  warn :result => result,
    :warning_type => "Remote Code Execution",
    :warning_code => :unsafe_method_reflection,
    :message => message,
    :user_input => input,
    :confidence => confidence,
    :cwe_id => [470]
end