class Brakeman::CheckCrossSiteScripting

def process_call exp

report the entire call chain.
to mark when a call is started. Any dangerous values inside will then
Since we want to report an entire call and not just part of one, use @mark

Check a call for user input

def process_call exp
  if @mark
    actually_process_call exp
  else
    @mark = true
    actually_process_call exp
    message = nil
    if @matched
      unless @matched.type and tracker.options[:ignore_model_output]
        message = msg("Unescaped ", msg_input(@matched))
      end
      if message and not duplicate? exp
        add_result exp
        link_path = "cross_site_scripting"
        warning_code = :cross_site_scripting
        if @known_dangerous.include? exp.method
          confidence = :high
          if exp.method == :to_json
            message << msg_plain(" in JSON hash")
            link_path += "_to_json"
            warning_code = :xss_to_json
          end
        else
          confidence = :weak
        end
        warn :template => @current_template,
          :warning_type => "Cross-Site Scripting",
          :warning_code => warning_code,
          :message => message,
          :code => exp,
          :user_input => @matched,
          :confidence => confidence,
          :link_path => link_path,
          :cwe_id => [79]
      end
    end
    @mark = @matched = false
  end
  exp
end

Modules

Classes

class Brakeman::CheckCrossSiteScripting

def process_call exp

Instance Methods