Created
May 22, 2014 01:58
-
-
Save brandonprry/c5805e4235a90f1e39a9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bperry@w00den-pickle:~/tmp/discourse$ brakeman | |
| WARNING: -------------------------------------------------------------------------- | |
| You are running an old version of bundler, please update by running: gem install bundler | |
| Loading scanner... | |
| [Notice] Detected Rails 3 application | |
| Processing application in /home/bperry/tmp/discourse | |
| Processing gems... | |
| Processing configuration... | |
| [Notice] Escaping HTML by default | |
| Processing initializers... | |
| Processing libs... | |
| Processing routes... | |
| Processing templates... | |
| Processing data flow in templates... | |
| Processing models... | |
| Processing controllers... | |
| Processing data flow in controllers... | |
| Indexing call sites... | |
| Running checks in parallel... | |
| - CheckBasicAuth | |
| - CheckCrossSiteScripting | |
| - CheckContentTag | |
| - CheckDefaultRoutes | |
| - CheckDeserialize | |
| - CheckDetailedExceptions | |
| - CheckDigestDoS | |
| - CheckEscapeFunction | |
| - CheckEvaluation | |
| - CheckExecute | |
| - CheckFileAccess | |
| - CheckFilterSkipping | |
| - CheckForgerySetting | |
| - CheckHeaderDoS | |
| - CheckI18nXSS | |
| - CheckJRubyXML | |
| - CheckJSONParsing | |
| - CheckLinkTo | |
| - CheckLinkToHref | |
| - CheckMailTo | |
| - CheckMassAssignment | |
| - CheckModelAttrAccessible | |
| - CheckModelAttributes | |
| - CheckModelSerialize | |
| - CheckNestedAttributes | |
| - CheckNumberToCurrency | |
| - CheckQuoteTableName | |
| - CheckRedirect | |
| - CheckRegexDoS | |
| - CheckRender | |
| - CheckRenderDoS | |
| - CheckResponseSplitting | |
| - CheckSafeBufferManipulation | |
| - CheckSanitizeMethods | |
| - CheckSelectTag | |
| - CheckSelectVulnerability | |
| - CheckSend | |
| - CheckSendFile | |
| - CheckSessionSettings | |
| - CheckSimpleFormat | |
| - CheckSingleQuotes | |
| - CheckSkipBeforeFilter | |
| - CheckSQL | |
| - CheckSQLCVEs | |
| - CheckSSLVerify | |
| - CheckStripTags | |
| - CheckSymbolDoS | |
| - CheckTranslateBug | |
| - CheckUnsafeReflection | |
| - CheckValidationRegex | |
| - CheckWithoutProtection | |
| - CheckYAMLParsing | |
| Checks finished, collecting results... | |
| Generating report... | |
| +BRAKEMAN REPORT+ | |
| Application path: /home/bperry/tmp/discourse | |
| Rails version: 4.1.1 | |
| Brakeman version: 2.5.0 | |
| Started at 2014-05-21 20:55:29 -0500 | |
| Duration: 11.86596967 seconds | |
| Checks run: BasicAuth, ContentTag, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, EscapeFunction, Evaluation, Execute, FileAccess, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NumberToCurrency, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, ResponseSplitting, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, StripTags, SymbolDoS, TranslateBug, UnsafeReflection, ValidationRegex, WithoutProtection, YAMLParsing | |
| +SUMMARY+ | |
| +-------------------+---------+ | |
| | Scanned/Reported | Total | | |
| +-------------------+---------+ | |
| | Controllers | 50 | | |
| | Models | 102 | | |
| | Templates | 34 | | |
| | Errors | 0 | | |
| | Security Warnings | 38 (14) | | |
| +-------------------+---------+ | |
| +-----------------------+-------+ | |
| | Warning Type | Total | | |
| +-----------------------+-------+ | |
| | Cross Site Scripting | 5 | | |
| | Dangerous Send | 1 | | |
| | Denial of Service | 5 | | |
| | Dynamic Render Path | 1 | | |
| | File Access | 7 | | |
| | Redirect | 8 | | |
| | Remote Code Execution | 1 | | |
| | SQL Injection | 10 | | |
| +-----------------------+-------+ | |
| +SECURITY WARNINGS+ | |
| +------------+-------------------------------+--------------------------------------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------->> | |
| | Confidence | Class | Method | Warning Type | Message >> | |
| +------------+-------------------------------+--------------------------------------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------->> | |
| | High | Admin::SiteSettingsController | update | Dangerous Send | User controlled method execution near line 14: SiteSetting.send(+params[:id]+) >> | |
| | High | TopicsController | bulk | Denial of Service | Symbol conversion from unsafe string (parameter value) near line 320: +params.require(:operation)+.symbolize_keys >> | |
| | High | StaticController | show | Dynamic Render Path | Render path contains parameter value near line 38: render(action => (("static/#{+params[:id]+}.#{I18n.locale}" or "static/#{+params[:id]+}.en") or ">> | |
| | High | ClicksController | track | Redirect | Possible unprotected redirect near line 24: redirect_to(+TopicLinkClick.create_from(track_params.merge(:ip => (request.remote_ip)))+) >> | |
| | High | InvitesController | show | Redirect | Possible unprotected redirect near line 21: redirect_to("#{Discourse.base_uri}#{+Invite.find_by(:invite_key => (params[:id])).topics.first.relative_>> | |
| | High | PostsController | short_link | Redirect | Possible unprotected redirect near line 25: redirect_to(+Post.find(params[:post_id].to_i).url+) >> | |
| | High | SessionController | sso | Redirect | Possible unprotected redirect near line 12: redirect_to(+DiscourseSingleSignOn.generate_url((params[:return_path] or "/"))+) >> | |
| | High | SessionController | sso_login | Redirect | Possible unprotected redirect near line 39: redirect_to(+DiscourseSingleSignOn.parse(request.query_string).return_path+) >> | |
| | High | StaticController | show | Redirect | Possible unprotected redirect near line 20: redirect_to(+SiteSetting.send({ "faq" => "faq_url", "tos" => "tos_url", "privacy" => "privacy_policy_url>> | |
| | High | TopicsController | show | Redirect | Possible unprotected redirect near line 48: redirect_to(+Topic.find_by(:slug => (params[:id])).relative_url+) >> | |
| | High | UsersController | avatar | Redirect | Possible unprotected redirect near line 320: redirect_to(+User.find_by(:username_lower => (params[:username].downcase)).avatar_template.gsub("{size}>> | |
| | High | SearchController | query | Remote Code Execution | Unsafe reflection method constantize called with parameter value near line 23: +params[:search_context][:type].classify+.constantize >> | |
| | High | PostAction | PostAction.update_flagged_posts_count | SQL Injection | Possible SQL injection near line 27: PostAction.joins(:post => :topic).where("defer = false or defer IS NULL").where("post_actions.post_action_type_>> | |
| | High | UserSearch | search | SQL Injection | Possible SQL injection near line 13: User.order(+User.sql_fragment("CASE WHEN username_lower = ? THEN 0 ELSE 1 END ASC", @term.downcase)+) >> | |
| | Medium | AdminDashboardData | default_logo_check | Denial of Service | Model attribute used in regex near line 153: /#{#{+SiteSetting.defaults[:logo_url].split("/").last+}}/ >> | |
| | Medium | AdminDashboardData | default_logo_check | Denial of Service | Model attribute used in regex near line 154: /#{#{+SiteSetting.defaults[:logo_small_url].split("/").last+}}/ >> | |
| | Medium | AdminDashboardData | default_logo_check | Denial of Service | Model attribute used in regex near line 155: /#{#{+SiteSetting.defaults[:favicon_url].split("/").last+}}/ >> | |
| | Medium | SearchController | query | Denial of Service | Symbol conversion from unsafe string (parameter value) near line 37: { :guardian => (guardian), :type_filter => (params[:type_filter]), :include_blu>> | |
| | Medium | Admin::BackupsController | upload_chunk | File Access | Model attribute used in file name near line 126: File.open(+Backup.chunk_path(params.fetch(:resumableIdentifier), params.fetch(:resumableFilename), >> | |
| | Medium | Admin::BackupsController | show | File Access | Model attribute used in file name near line 45: send_file(+Backup[params.fetch(:id)].path+) >> | |
| | Medium | ErrorLog | ErrorLog.clear_all! | File Access | Model attribute used in file name near line 18: File.delete(+ErrorLog.filename+) >> | |
| | Medium | Group | Group.refresh_automatic_group! | SQL Injection | Possible SQL injection near line 97: GroupUser.joins("RIGHT JOIN (#{+case (local name) when :admins then "SELECT u.id FROM users u WHERE u.admin" >> | |
| | Medium | ListController | ListController.best_period_for | SQL Injection | Possible SQL injection near line 329: TopTopic.where("#{+(local period)+}_score > 0") >> | |
| | Medium | PostAction | update_counters | SQL Injection | Possible SQL injection near line 236: Post.where(:id => (post_id)).update_all(["#{"#{+post_action_type_key+.to_s}_count"} = #{"#{+post_action_type_k>> | |
| | Medium | PostAction | update_counters | SQL Injection | Possible SQL injection near line 239: Topic.where(:id => (post.topic_id)).update_all(["#{"#{+post_action_type_key+.to_s}_count"} = #{"#{+post_action>> | |
| | Medium | SiteSetting | SiteSetting.has_enough_topics_to_redirect_to_top | SQL Injection | Possible SQL injection near line 91: TopTopic.where("#{+(local period)+}_score > 0") >> | |
| | Medium | Topic | secured | SQL Injection | Possible SQL injection near line 137: where("category_id IS NULL OR category_id IN (\n SELECT c.id FROM categories c\n WHERE #{+>> | |
| | Medium | Topic | update_action_counts | SQL Injection | Possible SQL injection near line 571: Post.where(:topic_id => (id)).sum("#{+(local type)+}_count") >> | |
| | Medium | UserAction | UserAction.private_messages_stats | SQL Injection | Possible SQL injection near line 80: Topic.where("topics.id IN (SELECT topic_id FROM topic_allowed_users WHERE user_id = #{+(local user_id)+})").joi>> | |
| | Weak | Admin::BackupsController | upload_chunk | File Access | Model attribute used in file name near line 124: FileUtils.mkdir_p(File.dirname(+Backup.chunk_path(params.fetch(:resumableIdentifier), params.fetch(>> | |
| | Weak | Backup | Backup.all | File Access | Model attribute used in file name near line 13: Dir.glob(File.join(+Backup.base_directory+, "*.tar.gz")) >> | |
| | Weak | StaticController | cdn_asset | File Access | Parameter value used in file name near line 71: send_file(((Rails.root + "public/assets/") + +params[:path].gsub(/[^a-zA-Z0-9_\-\.]/, "")+).to_s, :d>> | |
| | Weak | UploadsController | show | File Access | Model attribute used in file name near line 29: send_file(Discourse.store.path_for(+Upload.find_by(:id => (params[:id].to_i), :url => (request.fullp>> | |
| +------------+-------------------------------+--------------------------------------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------->> | |
| View Warnings: | |
| +------------+------------------------------------------------------------+----------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ | |
| | Confidence | Template | Warning Type | Message | | |
| +------------+------------------------------------------------------------+----------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ | |
| | Medium | layouts/application (Admin::AdminController#ensure_staff) | Cross Site Scripting | Unescaped model attribute near line 31: SiteContent.content_for(:head) | | |
| | Medium | layouts/crawler | Cross Site Scripting | Unescaped model attribute near line 18: SiteContent.content_for(:head) | | |
| | Medium | layouts/no_js (Users::OmniauthCallbacksController#failure) | Cross Site Scripting | Unescaped model attribute near line 13: SiteContent.content_for(:head) | | |
| | Medium | topics/show (TopicsController#feed) | Cross Site Scripting | Unsafe parameter value in link_to href near line 24: link_to(t(:prev_page), TopicView.new(+params+[:topic_id]).prev_page_path, :rel => "prev") | | |
| | Medium | topics/show (TopicsController#feed) | Cross Site Scripting | Unsafe parameter value in link_to href near line 27: link_to(t(:next_page), TopicView.new(+params+[:topic_id]).next_page_path, :rel => "next") | | |
| +------------+------------------------------------------------------------+----------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ | |
| bperry@w00den-pickle:~/tmp/discourse$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment