Skip to content

Instantly share code, notes, and snippets.

@yuiseki
Created April 22, 2011 04:09
Show Gist options
  • Save yuiseki/936000 to your computer and use it in GitHub Desktop.
Save yuiseki/936000 to your computer and use it in GitHub Desktop.
Hi yuiseki,
I found a potential bug in your GitHub project, https://github.com/yuiseki/junkure/
I'm a PhD student in computer security of the University of California, Santa Barbara, and I'm researching Execution After Redirect (more information here: http://adamdoupe.com/overview-of-execution-after-redirect-web-appl) vulnerabilities. I created a tool to analyze Ruby on Rails applications for EAR vulnerabilities and it found EARs in your project junkure.
Here's the output from the tool:
Regular EAR found in ./app/controllers/index_controller.rb:12.
With the call graph: check_admin_without_render -> redirect_to
Regular EAR found in ./app/controllers/index_controller.rb:17.
With the call graph: check_admin_without_render -> redirect_to
Regular EAR found in ./app/controllers/index_controller.rb:40.
With the call graph: check_admin_without_render -> redirect_to
Quick EAR overview:
Calling redirect_to doesn't end execution of a controller. It is possible that other, unintended, methods can be called after a redirect_to.
The easy fix for this is to add a "return" after the redirect_to (or after a function that calls redirect_to).
The tool is open-source and is hosted on GitHub at https://github.com/adamdoupe/find_ear_rails
I would appreciate it if you could give me any feedback about the tool.
Thanks for your help, and feel free to email me with any questions!
- Adam Doupe
Delivered-To: yuiseki@gmail.com
Received: by 10.213.108.212 with SMTP id g20cs29844ebp;
Thu, 21 Apr 2011 17:39:48 -0700 (PDT)
Received: by 10.142.132.3 with SMTP id f3mr312595wfd.36.1303432787400;
Thu, 21 Apr 2011 17:39:47 -0700 (PDT)
Return-Path: <adamdoupe@gmail.com>
Received: from mail-px0-f180.google.com (mail-px0-f180.google.com [209.85.212.180])
by mx.google.com with ESMTPS id d29si7395684wfj.88.2011.04.21.17.39.45
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 21 Apr 2011 17:39:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of adamdoupe@gmail.com designates 209.85.212.180 as permitted sender) client-ip=209.85.212.180;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of adamdoupe@gmail.com designates 209.85.212.180 as permitted sender) smtp.mail=adamdoupe@gmail.com; dkim=pass (test mode) header.i=@gmail.com
Received: by mail-px0-f180.google.com with SMTP id 25so139621pxj.11
for <yuiseki@gmail.com>; Thu, 21 Apr 2011 17:39:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:sender:from:to:subject:date:message-id
:mime-version:content-type;
bh=+nb4CHyqImE3UrgeQxGRk5JHrn5FEe8hYBM8mRe8iF0=;
b=WxCxN6bchJv9BKVhb/ntZtPR5kvKDP4e7WxiGd/GsNrCFp+caGA2KwcOIC6kp922VL
bCPdZOSVFguw+y61sPerJYADrNmCBwKAA+9+MhNGijg4PWs89eaI574sBOQnatZy4baL
6h7bwe1RNScUi6Xq2twGpEOVtAzjppki0/JQo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=sender:from:to:subject:date:message-id:mime-version:content-type;
b=ohyey1o6/LuiH+2e48KVmXNIzsaCAUKZUwyMo1q+28HlfRK3MFi7qyKZBhoprp0Gj/
AIOnwBDzk5kaXXrDS+YosDzLcXj1JJ8TKE0UcCy6zezKQU5z96RxvjRVewNYWqfyZJOg
+EbgDzW8R+T6WQb7nzxYrKnE+pje/zWMyuO5k=
Received: by 10.142.212.15 with SMTP id k15mr303319wfg.127.1303432784741;
Thu, 21 Apr 2011 17:39:44 -0700 (PDT)
Return-Path: <adamdoupe@gmail.com>
Received: from grindelwald ([128.111.48.6])
by mx.google.com with ESMTPS id o1sm3188130wfl.9.2011.04.21.17.39.42
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 21 Apr 2011 17:39:43 -0700 (PDT)
Sender: =?UTF-8?Q?Adam_Doup=C3=A9?= <adamdoupe@gmail.com>
From: adoupe@cs.ucsb.edu(Adam =?utf-8?Q?Doup=C3=A9?=)
To: yuiseki@gmail.com
Subject: Potential Security Vulnerability found in junkure on GitHub
Date: Thu, 21 Apr 2011 17:40:38 -0700
Message-ID: <8739lbyv7d.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment