I'm a PhD student in computer security of the University of California, Santa Barbara, and I'm researching Execution After Redirect (more information here: http://adamdoupe.com/overview-of-execution-after-redirect-web-appl) vulnerabilities. I created a tool to analyze Ruby on Rails applications for EAR vulnerabilities and it found EARs in your project plas.
Here's the output from the tool:
Regular EAR found in ./app/controllers/registrations_controller.rb:82.
With the call graph: redirect_to
Severe EAR found in ./app/controllers/registrations_controller.rb:105.
With the call graph: redirect_to
Severe because of ./app/controllers/registrations_controller.rb:137.
Severe EAR found in ./app/controllers/users_controller.rb:81.
With the call graph: redirect_to
Severe because of ./app/controllers/users_controller.rb:85.
Regular EAR found in ./app/controllers/users_controller.rb:102.
With the call graph: redirect_to
Quick EAR overview:
Calling redirect_to doesn't end execution of a controller. It is possible that other, unintended, methods can be called after a redirect_to.
The easy fix for this is to add a "return" after the redirect_to (or after a function that calls redirect_to).
Received this today:
Hi colindean,
I found a potential bug in your GitHub project, https://github.com/colindean/plas/
I'm a PhD student in computer security of the University of California, Santa Barbara, and I'm researching Execution After Redirect (more information here: http://adamdoupe.com/overview-of-execution-after-redirect-web-appl) vulnerabilities. I created a tool to analyze Ruby on Rails applications for EAR vulnerabilities and it found EARs in your project plas.
Here's the output from the tool:
Regular EAR found in ./app/controllers/registrations_controller.rb:82. With the call graph: redirect_to Severe EAR found in ./app/controllers/registrations_controller.rb:105. With the call graph: redirect_to Severe because of ./app/controllers/registrations_controller.rb:137. Severe EAR found in ./app/controllers/users_controller.rb:81. With the call graph: redirect_to Severe because of ./app/controllers/users_controller.rb:85. Regular EAR found in ./app/controllers/users_controller.rb:102. With the call graph: redirect_to
Quick EAR overview: Calling redirect_to doesn't end execution of a controller. It is possible that other, unintended, methods can be called after a redirect_to.
The easy fix for this is to add a "return" after the redirect_to (or after a function that calls redirect_to).
The tool is open-source and is hosted on GitHub at https://github.com/adamdoupe/find_ear_rails
I would appreciate it if you could give me any feedback about the tool.
Thanks for your help, and feel free to email me with any questions!