Current section

Files

Jump to
sobelow lib sobelow vuln cookie_rce.ex
Raw

lib/sobelow/vuln/cookie_rce.ex

defmodule Sobelow.Vuln.CookieRCE do
alias Sobelow.Config
alias Sobelow.Utils
alias Sobelow.Vuln
use Sobelow.Finding
@vuln_vsn ~w(1.3.1 1.3.0 1.2.2 1.2.1 1.2.0 1.1.6 1.1.5 1.1.4 1.1.3 1.1.2 1.1.1 1.1.0 1.0.3 1.0.2 1.0.1 1.0.0)
def run(root) do
plug_conf = root <> "/deps/plug/mix.exs"
if File.exists?(plug_conf) do
vsn = Utils.get_version(plug_conf)
if Enum.member?(@vuln_vsn, vsn) do
Vuln.print_finding(vsn, "Plug", "Arbitrary Code Execution in Cookie Serialization", "CVE-2017-1000053")
end
end
end
def print_finding(vsn) do
IO.puts IO.ANSI.red() <> "Arbitrary Code Execution in Cookie Serialization" <> IO.ANSI.reset()
if Sobelow.get_env(:with_code), do: IO.puts("Plug Version: #{vsn}")
IO.puts "\n-----------------------------------------------\n"
end
def get_details() do
Sobelow.Vuln.details()
end
end