class Brakeman::CheckCookieSerialization
Public Instance Methods
run_check()
click to toggle source
# File lib/brakeman/checks/check_cookie_serialization.rb, line 8 def run_check tracker.find_call(target: :'Rails.application.config.action_dispatch', method: :cookies_serializer=).each do |result| setting = result[:call].first_arg if symbol? setting and [:marshal, :hybrid].include? setting.value warn :result => result, :warning_type => "Remote Code Execution", :warning_code => :unsafe_cookie_serialization, :message => msg("Use of unsafe cookie serialization strategy ", msg_code(setting.value.inspect), " might lead to remote code execution"), :confidence => :medium, :link_path => "unsafe_deserialization", :cwe_id => [565, 502] end end end