-
Notifications
You must be signed in to change notification settings - Fork 0
4 Execution Output
Lazaro Herrera edited this page May 28, 2017
·
8 revisions
This is the fourth page of the wiki, and will deal with the raw output of the tools used in this project.
This page has been written at the "informational" level, with the assumptions that
- "no commands will be executed"
- "no explanations will be given since they exist in the original code"
Care will be taken to provide "plain English" documentation, but this is really just a raw dump of the output of the tools. Aside from running the tools, it is recommended to search through the code (sections that are compromised will be clearly marked with "XXX").
Lazaros-MBP:darnbrokenrails lazaroherrera$ bundle-audit
Name: devise
Version: 2.2.8
Advisory: CVE-2015-8314
Criticality: Unknown
URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Solution: upgrade to >= 3.5.4
Name: mail
Version: 2.5.4
Advisory: 131677
Criticality: Unknown
URL: http://www.mbsd.jp/Whitepaper/smtpi.pdf
Title: Mail Gem for Ruby vulnerable to SMTP Injection via recipient email addresses
Solution: upgrade to >= 2.6.0
Name: paperclip
Version: 4.1.0
Advisory: CVE-2015-2963
Criticality: Medium
URL: https://robots.thoughtbot.com/paperclip-security-release
Title: Paperclip Gem for Ruby vulnerable to content type spoofing
Solution: upgrade to >= 4.2.2
Vulnerabilities found!
Lazaros-MBP:darnbrokenrails lazaroherrera$ brakeman
Loading scanner...
Processing application in /Users/lazaroherrera/Documents/GitHub/darnbrokenrails
Processing gems...
[Notice] Detected Rails 3 application
Processing configuration...
[Notice] Escaping HTML by default
Parsing files...
Processing initializers...
Processing libs...ed
Processing routes...
Processing templates...
Processing data flow in templates...
Processing models...
Processing controllers...
Processing data flow in controllers...
Indexing call sites...
Running checks in parallel...
- CheckBasicAuth
- CheckBasicAuthTimingAttack
- CheckCrossSiteScripting
- CheckContentTag
- CheckCreateWith
- CheckDefaultRoutes
- CheckDeserialize
- CheckDetailedExceptions
- CheckDigestDoS
- CheckDynamicFinders
- CheckEscapeFunction
- CheckEvaluation
- CheckExecute
- CheckFileAccess
- CheckFileDisclosure
- CheckFilterSkipping
- CheckForgerySetting
- CheckHeaderDoS
- CheckI18nXSS
- CheckJRubyXML
- CheckJSONEncoding
- CheckJSONParsing
- CheckLinkTo
- CheckLinkToHref
- CheckMailTo
- CheckMassAssignment
- CheckMimeTypeDoS
- CheckModelAttrAccessible
- CheckModelAttributes
- CheckModelSerialize
- CheckNestedAttributes
- CheckNestedAttributesBypass
- CheckNumberToCurrency
- CheckQuoteTableName
- CheckRedirect
- CheckRegexDoS
- CheckRender
- CheckRenderDoS
- CheckRenderInline
- CheckResponseSplitting
- CheckRouteDoS
- CheckSafeBufferManipulation
- CheckSanitizeMethods
- CheckSelectTag
- CheckSelectVulnerability
- CheckSend
- CheckSendFile
- CheckSessionManipulation
- CheckSessionSettings
- CheckSimpleFormat
- CheckSingleQuotes
- CheckSkipBeforeFilter
- CheckSQL
- CheckSQLCVEs
- CheckSSLVerify
- CheckStripTags
- CheckSymbolDoSCVE
- CheckTranslateBug
- CheckUnsafeReflection
- CheckValidationRegex
- CheckWithoutProtection
- CheckXMLDoS
- CheckYAMLParsing
Checks finished, collecting results...
Generating report...
+BRAKEMAN REPORT+
Application path: /Users/lazaroherrera/Documents/GitHub/darnbrokenrails
Rails version: 3.2.22.5
Brakeman version: 3.6.2
Started at 2017-05-28 00:22:45 -0400
Duration: 0.136566 seconds
Checks run: BasicAuth, BasicAuthTimingAttack, ContentTag, CreateWith, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, DynamicFinders, EscapeFunction, Evaluation, Execute, FileAccess, FileDisclosure, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONEncoding, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, MimeTypeDoS, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NestedAttributesBypass, NumberToCurrency, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, RenderInline, ResponseSplitting, RouteDoS, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionManipulation, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, StripTags, SymbolDoSCVE, TranslateBug, UnsafeReflection, ValidationRegex, WithoutProtection, XMLDoS, YAMLParsing
+SUMMARY+
+-------------------+---------+
| Scanned/Reported | Total |
+-------------------+---------+
| Controllers | 2 |
| Models | 4 |
| Templates | 7 |
| Errors | 0 |
| Security Warnings | 22 (19) |
+-------------------+---------+
+----------------------------+-------+
| Warning Type | Total |
+----------------------------+-------+
| Attribute Restriction | 4 |
| Basic Auth | 1 |
| Command Injection | 1 |
| Cross Site Scripting | 1 |
| Cross-Site Request Forgery | 1 |
| Dangerous Eval | 1 |
| Dangerous Send | 1 |
| Default Routes | 1 |
| File Access | 2 |
| Format Validation | 1 |
| Information Disclosure | 1 |
| Mass Assignment | 1 |
| Redirect | 1 |
| Remote Code Execution | 2 |
| SQL Injection | 1 |
| SSL Verification Bypass | 1 |
| Session Setting | 1 |
+----------------------------+-------+
+SECURITY WARNINGS+
+------------+--------------------+--------------------------------+---------->>
| Confidence | Class | Method | Warning T>>
+------------+--------------------+--------------------------------+---------->>
| High | SoftwareController | index | Command I>>
| High | SoftwareController | show | Dangerous>>
| High | SoftwareController | execute_method | Dangerous>>
| High | | | Default R>>
| High | SoftwareController | upload_new_software_file | File Acce>>
| High | | | Informati>>
| High | SoftwareController | get_cloud_link | Redirect >>
| High | SoftwareController | upload_yaml_software_file | Remote Co>>
| High | SoftwareController | upload_marshaled_software_file | Remote Co>>
| High | SoftwareController | index | SQL Injec>>
| High | SoftwareController | confirm_software_expiration | SSL Verif>>
| High | | | Session S>>
| Medium | SoftwareController | new | Mass Assi>>
| Weak | SoftwareController | confirm_software_expiration | File Acce>>
+------------+--------------------+--------------------------------+---------->>
Controller Warnings:
+------------+-----------------------+----------------------------+----------->>
| Confidence | Controller | Warning Type | Message >>
+------------+-----------------------+----------------------------+----------->>
| High | SoftwareController | Basic Auth | Basic auth>>
| High | ApplicationController | Cross-Site Request Forgery | 'protect_f>>
+------------+-----------------------+----------------------------+----------->>
Model Warnings:
+------------+-------------------+-----------------------+-------------------->>
| Confidence | Model | Warning Type | Message >>
+------------+-------------------+-----------------------+-------------------->>
| High | ApplicationRecord | Attribute Restriction | Mass assignment is >>
| High | CloudSoftware | Attribute Restriction | Mass assignment is >>
| High | Purchaser | Attribute Restriction | Mass assignment is >>
| High | Software | Format Validation | Insufficient valida>>
| Medium | Software | Attribute Restriction | attr_accessible is >>
+------------+-------------------+-----------------------+-------------------->>
View Warnings:
+------------+-----------------------------------------+---------------------->>
| Confidence | Template | Warning Type >>
+------------+-----------------------------------------+---------------------->>
| High | software/show (SoftwareController#show) | Cross Site Scripting >>
+------------+-----------------------------------------+---------------------->>
You should really read the rails-best-practices site. This tool is a little unpredictable (certain things I did are not picked up), so you should read the whole thing (it's nine pages, a decent weekend's worth of reading).
Lazaros-MBP:darnbrokenrails lazaroherrera$ rails_best_practices .
Source Code: |======================================================================================================|
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/db/schema.rb:30 - always add db index (softwares => [purchaser_id])
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/views/software/show.html.erb:11 - law of demeter
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/controllers/software_controller.rb:33 - move model logic into model (Software use_count > 4)
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/controllers/software_controller.rb:138 - move model logic into model (uri use_count > 4)
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/controllers/software_controller.rb:156 - Don't rescue Exception
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/config/routes.rb:14 - not use default route
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/models/application_record.rb:1 - protect mass assignment
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/models/purchaser.rb:4 - protect mass assignment
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/helpers/software_helper.rb:1 - remove empty helpers
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/controllers/software_controller.rb:122 - remove unused methods (SoftwareController#upload_yaml_software_file)
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/models/software.rb:28 - remove unused methods (Software#get_link)
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/Gemfile:8 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/models/software.rb:7 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/controllers/software_controller.rb:4 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/config/environments/production.rb:19 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/config/routes.rb:4 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/db/migrate/20170526183721_add_cloud_to_software.rb:4 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/views/layouts/application.html.erb:7 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/views/software/_core.html.erb:5 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/views/software/edit.html.erb:7 - remove trailing whitespace
/Users/lazaroherrera/Documents/GitHub/darnbrokenrails/app/views/software/new.html.erb:7 - remove trailing whitespace
Please go to http://rails-bestpractices.com to see more useful Rails Best Practices.
Found 21 warnings.