Test Rails apps against [Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58). Adapted from [Heroku's script](https://github.com/heroku/heroku-CVE-2013-0269) to work on generic Rails app.

json_vulnerability_tester.rb

#! /usr/bin/ruby

# Check for Denial of Service and Unsafe Object Creation Vulnerability in JSON
# [CVE-2013-0269]
# 
# Adapted from [Heroku's script](https://github.com/heroku/heroku-CVE-2013-0269) to work on generic Rails app. 
#
# cd into application path, (where the Gemfile.lock is), 
#  then run this script or simply `ruby -e "$(curl -fsSL http://bit.ly/CVE-2013-0269)"`.

require 'rubygems'

json15_max = Gem::Version.new("1.5.4")
json15_min = Gem::Version.new("1.5.0")
json16_max = Gem::Version.new("1.6.7")
json16_min = Gem::Version.new("1.6.0")
json17_max = Gem::Version.new("1.7.6")
json17_min = Gem::Version.new("1.7.0")

puts "JSON Versions Affected: <= #{json15_max}, > #{json16_min}, <= #{json16_max}, #{json17_min} <= #{json17_max}"

json_version_number = %x(bundle exec ruby -e "begin;File.stat 'Gemfile.lock';rescue;exit;end;require 'json';puts JSON::VERSION")

json_version_number = json_version_number.split("\n")[-1]
begin
  json_version        = Gem::Version.new(json_version_number)
  if json_version_number &&
      (json_version <= json15_max ||
       json_version >= json16_min && json_version <= json16_max ||
       json_version >= json17_min && json_version <= json17_max)
    puts "Uh oh! This app has JSON #{json_version_number}."
    puts "Read this for more information: "
    puts "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58"
  else
    puts "Running #{json_version_number}. We're good!"
  end
rescue ArgumentError => e
  puts "..."
end