Security Vulnerabilities #127
Description
I ran a Brakman scan. The result of the scan is below.
I want to assist in moving toward security scans being a part of Project Monitor's CI pipeline once the issues have been resolved.
== Warning Types ==
Command Injection: 5
Cross-Site Request Forgery: 1
Cross-Site Scripting: 1
Remote Code Execution: 3
SQL Injection: 3
Session Setting: 1
== Warnings ==
Confidence: High
Category: Cross-Site Scripting
Check: ContentTag
Message: Rails 4.2.7 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 4.2.7.1
File: Gemfile.lock
Line: 290
Confidence: High
Category: Remote Code Execution
Check: UnsafeReflection
Message: Unsafe reflection method constantize called with parameter value
Code: params[:project][:type].constantize
File: app/controllers/projects_controller.rb
Line: 81
Confidence: High
Category: Remote Code Execution
Check: UnsafeReflection
Message: Unsafe reflection method constantize called with parameter value
Code: params[:project][:type].constantize
File: app/controllers/projects_controller.rb
Line: 52
Confidence: High
Category: Remote Code Execution
Check: UnsafeReflection
Message: Unsafe reflection method constantize called with parameter value
Code: params[:project][:type].constantize
File: app/controllers/projects_controller.rb
Line: 28
Confidence: High
Category: SQL Injection
Check: SQLCVEs
Message: Rails 4.2.7 contains a SQL injection vulnerability (CVE-2016-6317). Upgrade to 4.2.7.1
File: Gemfile.lock
Line: 290
Confidence: High
Category: Session Setting
Check: SessionSettings
Message: Session secret should not be included in version control
File: config/initializers/secret_token.rb
Line: 7
Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: cf auth #{username} #{password}
File: lib/cf_authenticator.rb
Line: 7
Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: cf push #{env}
File: lib/cf_deploy.rb
Line: 70
Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: git tag #{tag} #{commit_sha} -m "#{message}"
File: lib/cf_git_tagger.rb
Line: 5
Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: cf t -o #{org} -s #{space}
File: lib/cf_authenticator.rb
Line: 16
Confidence: Medium
Category: Command Injection
Check: Execute
Message: Possible command injection
Code: git push origin #{tag}
File: lib/cf_git_tagger.rb
Line: 6
Confidence: Medium
Category: Cross-Site Request Forgery
Check: ForgerySetting
Message: protect_from_forgery should be configured with 'with: :exception'
File: app/controllers/application_controller.rb
Confidence: Medium
Category: SQL Injection
Check: SQL
Message: Possible SQL injection
Code: joins("INNER JOIN (#{" SELECT id,\n (CASE project_statuses.project_id\n WHEN @curType\n THEN @currow := @currow + 1\n ELSE @currow := 1 AND @curType := project_statuses.project_id END\n ) AS rank\n FROM project_statuses,\n (SELECT @currow := 0, @curType := '') r\n ORDER BY project_statuses.published_at desc, project_statuses.build_id desc\n".strip_heredoc}) rankings ON rankings.id = project_statuses.id")
File: app/models/project_status.rb
Line: 20
Confidence: Medium
Category: SQL Injection
Check: SQL
Message: Possible SQL injection
Code: joins("INNER JOIN (#{" SELECT id,\n (CASE payload_log_entries.project_id\n WHEN @curType\n THEN @currow := @currow + 1\n ELSE @currow := 1 AND @curType := payload_log_entries.project_id END\n ) AS rank\n FROM payload_log_entries,\n (SELECT @currow := 0, @curType := '') r\n ORDER BY payload_log_entries.created_at desc\n".strip_heredoc}) rankings ON rankings.id = payload_log_entries.id")
File: app/models/payload_log_entry.rb
Line: 20