This is a tool to statically detect Execution After Redirect (EAR) bugs in Ruby on Rails applications. It was initially developed for a paper in progress.
Bryce Boe (my co-author) has a good description on his blog, and I have my own EAR explanation. But here's the short version:
These steps are for Ubuntu.
First need the following packages:
- ocaml
- omake
- ocaml-findlib
- ocaml-libs
- ocaml-native-compilers
- ocaml-tools
- libgetopt-ocaml-dev
- libocamlgraph-ocaml-dev
- libounit-ocaml-dev
And get and compile the following package:
- libsyck (v 7.0) https://github.com/indeyets/syck
Run: omake
Now you have a fresh and new find_ear_rails to play with! To run, just supply a rails project directory as the first argument.