/
check_evaluation.rb
34 lines (28 loc) · 952 Bytes
/
check_evaluation.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
require 'brakeman/checks/base_check'
#This check looks for calls to +eval+, +instance_eval+, etc. which include
#user input.
class Brakeman::CheckEvaluation < Brakeman::BaseCheck
Brakeman::Checks.add self
@description = "Searches for evaluation of user input"
#Process calls
def run_check
Brakeman.debug "Finding eval-like calls"
calls = tracker.find_call methods: [:eval, :instance_eval, :class_eval, :module_eval], nested: true
Brakeman.debug "Processing eval-like calls"
calls.each do |call|
process_result call
end
end
#Warns if eval includes user input
def process_result result
return unless original? result
if input = include_user_input?(result[:call].arglist)
warn :result => result,
:warning_type => "Dangerous Eval",
:warning_code => :code_eval,
:message => "User input in eval",
:user_input => input,
:confidence => :high
end
end
end