class Brakeman::CheckSSLVerify

Checks if verify_mode= is called with OpenSSL::SSL::VERIFY_NONE

Constants

SSL_VERIFY_NONE

Public Instance Methods

check_http_start() click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 27
def check_http_start
  tracker.find_call(:target => :'Net::HTTP', :method => :start).each { |call| process_http_start_result call }
end
check_open_ssl_verify_none() click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 17
def check_open_ssl_verify_none
  tracker.find_call(:method => :verify_mode=).each {|call| process_verify_mode_result(call) }
end
process_http_start_result(result) click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 31
def process_http_start_result result
  arg = result[:call].last_arg

  if hash? arg and hash_access(arg, :verify_mode) == SSL_VERIFY_NONE
    warn_about_ssl_verification_bypass result
  end
end
process_verify_mode_result(result) click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 21
def process_verify_mode_result result
  if result[:call].last_arg == SSL_VERIFY_NONE
    warn_about_ssl_verification_bypass result
  end
end
run_check() click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 12
def run_check
  check_open_ssl_verify_none
  check_http_start
end
warn_about_ssl_verification_bypass(result) click to toggle source
# File lib/brakeman/checks/check_ssl_verify.rb, line 39
def warn_about_ssl_verification_bypass result
  return unless original? result

  warn :result => result,
    :warning_type => "SSL Verification Bypass",
    :warning_code => :ssl_verification_bypass,
    :message => "SSL certificate verification was bypassed",
    :confidence => :high,
    :cwe_id => [295]
end