Created
April 22, 2011 04:09
-
-
Save yuiseki/936000 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hi yuiseki, | |
I found a potential bug in your GitHub project, https://github.com/yuiseki/junkure/ | |
I'm a PhD student in computer security of the University of California, Santa Barbara, and I'm researching Execution After Redirect (more information here: http://adamdoupe.com/overview-of-execution-after-redirect-web-appl) vulnerabilities. I created a tool to analyze Ruby on Rails applications for EAR vulnerabilities and it found EARs in your project junkure. | |
Here's the output from the tool: | |
Regular EAR found in ./app/controllers/index_controller.rb:12. | |
With the call graph: check_admin_without_render -> redirect_to | |
Regular EAR found in ./app/controllers/index_controller.rb:17. | |
With the call graph: check_admin_without_render -> redirect_to | |
Regular EAR found in ./app/controllers/index_controller.rb:40. | |
With the call graph: check_admin_without_render -> redirect_to | |
Quick EAR overview: | |
Calling redirect_to doesn't end execution of a controller. It is possible that other, unintended, methods can be called after a redirect_to. | |
The easy fix for this is to add a "return" after the redirect_to (or after a function that calls redirect_to). | |
The tool is open-source and is hosted on GitHub at https://github.com/adamdoupe/find_ear_rails | |
I would appreciate it if you could give me any feedback about the tool. | |
Thanks for your help, and feel free to email me with any questions! | |
- Adam Doupe |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Delivered-To: yuiseki@gmail.com | |
Received: by 10.213.108.212 with SMTP id g20cs29844ebp; | |
Thu, 21 Apr 2011 17:39:48 -0700 (PDT) | |
Received: by 10.142.132.3 with SMTP id f3mr312595wfd.36.1303432787400; | |
Thu, 21 Apr 2011 17:39:47 -0700 (PDT) | |
Return-Path: <adamdoupe@gmail.com> | |
Received: from mail-px0-f180.google.com (mail-px0-f180.google.com [209.85.212.180]) | |
by mx.google.com with ESMTPS id d29si7395684wfj.88.2011.04.21.17.39.45 | |
(version=TLSv1/SSLv3 cipher=OTHER); | |
Thu, 21 Apr 2011 17:39:46 -0700 (PDT) | |
Received-SPF: pass (google.com: domain of adamdoupe@gmail.com designates 209.85.212.180 as permitted sender) client-ip=209.85.212.180; | |
Authentication-Results: mx.google.com; spf=pass (google.com: domain of adamdoupe@gmail.com designates 209.85.212.180 as permitted sender) smtp.mail=adamdoupe@gmail.com; dkim=pass (test mode) header.i=@gmail.com | |
Received: by mail-px0-f180.google.com with SMTP id 25so139621pxj.11 | |
for <yuiseki@gmail.com>; Thu, 21 Apr 2011 17:39:45 -0700 (PDT) | |
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; | |
d=gmail.com; s=gamma; | |
h=domainkey-signature:sender:from:to:subject:date:message-id | |
:mime-version:content-type; | |
bh=+nb4CHyqImE3UrgeQxGRk5JHrn5FEe8hYBM8mRe8iF0=; | |
b=WxCxN6bchJv9BKVhb/ntZtPR5kvKDP4e7WxiGd/GsNrCFp+caGA2KwcOIC6kp922VL | |
bCPdZOSVFguw+y61sPerJYADrNmCBwKAA+9+MhNGijg4PWs89eaI574sBOQnatZy4baL | |
6h7bwe1RNScUi6Xq2twGpEOVtAzjppki0/JQo= | |
DomainKey-Signature: a=rsa-sha1; c=nofws; | |
d=gmail.com; s=gamma; | |
h=sender:from:to:subject:date:message-id:mime-version:content-type; | |
b=ohyey1o6/LuiH+2e48KVmXNIzsaCAUKZUwyMo1q+28HlfRK3MFi7qyKZBhoprp0Gj/ | |
AIOnwBDzk5kaXXrDS+YosDzLcXj1JJ8TKE0UcCy6zezKQU5z96RxvjRVewNYWqfyZJOg | |
+EbgDzW8R+T6WQb7nzxYrKnE+pje/zWMyuO5k= | |
Received: by 10.142.212.15 with SMTP id k15mr303319wfg.127.1303432784741; | |
Thu, 21 Apr 2011 17:39:44 -0700 (PDT) | |
Return-Path: <adamdoupe@gmail.com> | |
Received: from grindelwald ([128.111.48.6]) | |
by mx.google.com with ESMTPS id o1sm3188130wfl.9.2011.04.21.17.39.42 | |
(version=TLSv1/SSLv3 cipher=OTHER); | |
Thu, 21 Apr 2011 17:39:43 -0700 (PDT) | |
Sender: =?UTF-8?Q?Adam_Doup=C3=A9?= <adamdoupe@gmail.com> | |
From: adoupe@cs.ucsb.edu(Adam =?utf-8?Q?Doup=C3=A9?=) | |
To: yuiseki@gmail.com | |
Subject: Potential Security Vulnerability found in junkure on GitHub | |
Date: Thu, 21 Apr 2011 17:40:38 -0700 | |
Message-ID: <8739lbyv7d.fsf@gmail.com> | |
MIME-Version: 1.0 | |
Content-Type: text/plain; charset=us-ascii |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment