Skip to content
This repository was archived by the owner on Mar 24, 2022. It is now read-only.
This repository was archived by the owner on Mar 24, 2022. It is now read-only.

Security Vulnerabilities  #127

Description

@soonernotfaster

I ran a Brakman scan. The result of the scan is below.

I want to assist in moving toward security scans being a part of Project Monitor's CI pipeline once the issues have been resolved.

== Warning Types ==

Command Injection: 5
Cross-Site Request Forgery: 1
Cross-Site Scripting: 1
Remote Code Execution: 3
SQL Injection: 3
Session Setting: 1

== Warnings ==

Confidence: High
Category: Cross-Site Scripting
Check: ContentTag
Message: Rails 4.2.7 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 4.2.7.1
File: Gemfile.lock
Line: 290

Confidence: High
Category: Remote Code Execution
Check: UnsafeReflection
Message: Unsafe reflection method constantize called with parameter value
Code: params[:project][:type].constantize
File: app/controllers/projects_controller.rb
Line: 81

Confidence: High
Category: Remote Code Execution
Check: UnsafeReflection
Message: Unsafe reflection method constantize called with parameter value
Code: params[:project][:type].constantize
File: app/controllers/projects_controller.rb
Line: 52

Confidence: High
Category: Remote Code Execution
Check: UnsafeReflection
Message: Unsafe reflection method constantize called with parameter value
Code: params[:project][:type].constantize
File: app/controllers/projects_controller.rb
Line: 28

Confidence: High
Category: SQL Injection
Check: SQLCVEs
Message: Rails 4.2.7 contains a SQL injection vulnerability (CVE-2016-6317). Upgrade to 4.2.7.1
File: Gemfile.lock
Line: 290

Confidence: High
Category: Session Setting
Check: SessionSettings
Message: Session secret should not be included in version control
File: config/initializers/secret_token.rb
Line: 7

Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: cf auth #{username} #{password}
File: lib/cf_authenticator.rb
Line: 7

Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: cf push #{env}
File: lib/cf_deploy.rb
Line: 70

Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: git tag #{tag} #{commit_sha} -m "#{message}"
File: lib/cf_git_tagger.rb
Line: 5

Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: cf t -o #{org} -s #{space}
File: lib/cf_authenticator.rb
Line: 16

Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: git push origin #{tag}
File: lib/cf_git_tagger.rb
Line: 6

Confidence: Medium
Category: Cross-Site Request Forgery
Check: ForgerySetting
Message: protect_from_forgery should be configured with 'with: :exception'
File: app/controllers/application_controller.rb

Confidence: Medium
Category: SQL Injection
Check: SQL
Message: Possible SQL injection
Code: joins("INNER JOIN (#{" SELECT id,\n (CASE project_statuses.project_id\n WHEN @curType\n THEN @currow := @currow + 1\n ELSE @currow := 1 AND @curType := project_statuses.project_id END\n ) AS rank\n FROM project_statuses,\n (SELECT @currow := 0, @curType := '') r\n ORDER BY project_statuses.published_at desc, project_statuses.build_id desc\n".strip_heredoc}) rankings ON rankings.id = project_statuses.id")
File: app/models/project_status.rb
Line: 20

Confidence: Medium
Category: SQL Injection
Check: SQL
Message: Possible SQL injection
Code: joins("INNER JOIN (#{" SELECT id,\n (CASE payload_log_entries.project_id\n WHEN @curType\n THEN @currow := @currow + 1\n ELSE @currow := 1 AND @curType := payload_log_entries.project_id END\n ) AS rank\n FROM payload_log_entries,\n (SELECT @currow := 0, @curType := '') r\n ORDER BY payload_log_entries.created_at desc\n".strip_heredoc}) rankings ON rankings.id = payload_log_entries.id")
File: app/models/payload_log_entry.rb
Line: 20

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions