class Brakeman::CheckSSLVerify
Checks if verify_mode= is called with OpenSSL::SSL::VERIFY_NONE
Constants
- SSL_VERIFY_NONE
Public Instance Methods
check_http_start()
click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 27 def check_http_start tracker.find_call(:target => :'Net::HTTP', :method => :start).each { |call| process_http_start_result call } end
check_open_ssl_verify_none()
click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 17 def check_open_ssl_verify_none tracker.find_call(:method => :verify_mode=).each {|call| process_verify_mode_result(call) } end
process_http_start_result(result)
click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 31 def process_http_start_result result arg = result[:call].last_arg if hash? arg and hash_access(arg, :verify_mode) == SSL_VERIFY_NONE warn_about_ssl_verification_bypass result end end
process_verify_mode_result(result)
click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 21 def process_verify_mode_result result if result[:call].last_arg == SSL_VERIFY_NONE warn_about_ssl_verification_bypass result end end
run_check()
click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 12 def run_check check_open_ssl_verify_none check_http_start end
warn_about_ssl_verification_bypass(result)
click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 39 def warn_about_ssl_verification_bypass result return unless original? result warn :result => result, :warning_type => "SSL Verification Bypass", :warning_code => :ssl_verification_bypass, :message => "SSL certificate verification was bypassed", :confidence => :high, :cwe_id => [295] end