bundler-audit 0.1.2 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +1 -1
- data/ChangeLog.md +10 -0
- data/Gemfile +1 -1
- data/README.md +50 -34
- data/Rakefile +15 -2
- data/data/ruby-advisory-db/CONTRIBUTING.md +6 -0
- data/data/ruby-advisory-db/CONTRIBUTORS.md +13 -0
- data/data/ruby-advisory-db/Gemfile +3 -0
- data/data/ruby-advisory-db/LICENSE.txt +5 -0
- data/data/ruby-advisory-db/README.md +29 -7
- data/data/ruby-advisory-db/Rakefile +27 -0
- data/data/ruby-advisory-db/gems/actionpack/{2012-1099.yml → OSVDB-79727.yml} +3 -0
- data/data/ruby-advisory-db/gems/actionpack/{2012-3424.yml → OSVDB-84243.yml} +7 -0
- data/data/ruby-advisory-db/gems/actionpack/{2012-3465.yml → OSVDB-84513.yml} +3 -0
- data/data/ruby-advisory-db/gems/actionpack/{2012-3463.yml → OSVDB-84515.yml} +6 -0
- data/data/ruby-advisory-db/gems/actionpack/{2013-0156.yml → OSVDB-89026.yml} +3 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-91452.yml +20 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml +23 -0
- data/data/ruby-advisory-db/gems/activerecord/{2012-2661.yml → OSVDB-82403.yml} +6 -0
- data/data/ruby-advisory-db/gems/activerecord/{2012-2660.yml → OSVDB-82610.yml} +3 -0
- data/data/ruby-advisory-db/gems/activerecord/{2013-0155.yml → OSVDB-89025.yml} +3 -0
- data/data/ruby-advisory-db/gems/activerecord/{2013-0276.yml → OSVDB-90072.yml} +3 -0
- data/data/ruby-advisory-db/gems/activerecord/{2013-0277.yml → OSVDB-90073.yml} +3 -0
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml +26 -0
- data/data/ruby-advisory-db/gems/activesupport/{2012-1098.yml → OSVDB-79726.yml} +6 -0
- data/data/ruby-advisory-db/gems/activesupport/{2012-3464.yml → OSVDB-84516.yml} +3 -0
- data/data/ruby-advisory-db/gems/activesupport/{2013-0333.yml → OSVDB-89594.yml} +3 -0
- data/data/ruby-advisory-db/gems/activesupport/OSVDB-91451.yml +28 -0
- data/data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml +10 -0
- data/data/ruby-advisory-db/gems/crack/OSVDB-90742.yml +17 -0
- data/data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml +11 -0
- data/data/ruby-advisory-db/gems/curl/OSVDB-91230.yml +12 -0
- data/data/ruby-advisory-db/gems/devise/{2013-0233.yml → OSVDB-89642.yml} +2 -0
- data/data/ruby-advisory-db/gems/dragonfly/OSVDB-90647.yml +19 -0
- data/data/ruby-advisory-db/gems/enum_column3/OSVDB-94679.yml +9 -0
- data/data/ruby-advisory-db/gems/extlib/OSVDB-90740.yml +18 -0
- data/data/ruby-advisory-db/gems/fastreader/OSVDB-91232.yml +12 -0
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90715.yml +10 -0
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90716.yml +10 -0
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90717.yml +10 -0
- data/data/ruby-advisory-db/gems/flash_tool/OSVDB-90829.yml +9 -0
- data/data/ruby-advisory-db/gems/ftpd/OSVDB-90784.yml +18 -0
- data/data/ruby-advisory-db/gems/gtk2/{2007-6183.yml → OSVDB-40774.yml} +2 -0
- data/data/ruby-advisory-db/gems/httparty/OSVDB-90741.yml +19 -0
- data/data/ruby-advisory-db/gems/json/{2013-0269.yml → OSVDB-90074.yml} +4 -2
- data/data/ruby-advisory-db/gems/karteek-docsplit/OSVDB-92117.yml +10 -0
- data/data/ruby-advisory-db/gems/kelredd-pruview/OSVDB-92228.yml +10 -0
- data/data/ruby-advisory-db/gems/ldoce/OSVDB-91870.yml +10 -0
- data/data/ruby-advisory-db/gems/loofah/OSVDB-90945.yml +21 -0
- data/data/ruby-advisory-db/gems/mail/{2011-0739.yml → OSVDB-70667.yml} +2 -0
- data/data/ruby-advisory-db/gems/mail/{2012-2139.yml → OSVDB-81631.yml} +3 -0
- data/data/ruby-advisory-db/gems/mail/{2012-2140.yml → OSVDB-81632.yml} +7 -2
- data/data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml +10 -0
- data/data/ruby-advisory-db/gems/mini_magick/OSVDB-91231.yml +15 -0
- data/data/ruby-advisory-db/gems/multi_xml/{2013-0175.yml → OSVDB-89148.yml} +2 -0
- data/data/ruby-advisory-db/gems/newrelic_rpm/{2013-0284.yml → OSVDB-90189.yml} +4 -2
- data/data/ruby-advisory-db/gems/nori/{2013-0285.yml → OSVDB-90196.yml} +4 -2
- data/data/ruby-advisory-db/gems/omniauth-oauth2/{2012-6134.yml → OSVDB-90264.yml} +4 -2
- data/data/ruby-advisory-db/gems/pdfkit/OSVDB-90867.yml +11 -0
- data/data/ruby-advisory-db/gems/rack-cache/{2012-267.yml → OSVDB-83077.yml} +3 -1
- data/data/ruby-advisory-db/gems/rack/{2013-0263.yml → OSVDB-89939.yml} +2 -0
- data/data/ruby-advisory-db/gems/rdoc/{2013-0256.yml → OSVDB-90004.yml} +2 -0
- data/data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml +13 -0
- data/data/ruby-advisory-db/gems/ruby_parser/OSVDB-90561.yml +11 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-91216.yml +10 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-91217.yml +10 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-91218.yml +10 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-91219.yml +10 -0
- data/data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml +10 -0
- data/data/ruby-advisory-db/lib/scrape.rb +87 -0
- data/data/ruby-advisory-db/spec/advisory_example.rb +97 -12
- data/gemspec.yml +3 -1
- data/lib/bundler/audit/advisory.rb +46 -16
- data/lib/bundler/audit/cli.rb +23 -19
- data/lib/bundler/audit/scanner.rb +97 -0
- data/lib/bundler/audit/version.rb +1 -1
- data/spec/advisory_spec.rb +66 -6
- data/spec/bundle/insecure_sources/Gemfile +39 -0
- data/spec/bundle/secure/Gemfile +1 -1
- data/spec/bundle/{vuln → unpatched_gems}/Gemfile +0 -0
- data/spec/integration_spec.rb +75 -6
- data/spec/scanner_spec.rb +74 -0
- metadata +77 -40
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
gem: kelredd-pruview
|
3
|
+
cve: 2013-1947
|
4
|
+
osvdb: 92228
|
5
|
+
url: http://osvdb.org/show/osvdb/92228
|
6
|
+
title: kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
|
7
|
+
date: 2013-04-04
|
8
|
+
description: kelredd-pruview Gem for Ruby contains a flaw in /lib/pruview/document.rb. The issue is triggered during the handling of a specially crafted file name that contains injected shell metacharacters. This may allow a context-dependent attacker to potentially execute arbitrary commands.
|
9
|
+
cvss_v2: 9.3
|
10
|
+
patched_versions:
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
gem: ldoce
|
3
|
+
cve: 2013-1911
|
4
|
+
osvdb: 91870
|
5
|
+
url: http://osvdb.org/show/osvdb/91870
|
6
|
+
title: ldoce Gem for Ruby MP3 URL Shell Metacharacter Injection Arbitrary Command Execution
|
7
|
+
date: 2013-04-01
|
8
|
+
description: ldoce Gem for Ruby contains a flaw that is triggered during the handling of a specially crafted URL or filename for MP3 files that have shell metacharacters injected in to it. This may allow a context-dependent attacker to execute arbitrary commands.
|
9
|
+
cvss_v2: 6.8
|
10
|
+
patched_versions:
|
@@ -0,0 +1,21 @@
|
|
1
|
+
---
|
2
|
+
gem: loofah
|
3
|
+
osvdb: 90945
|
4
|
+
url: http://www.osvdb.org/show/osvdb/90945
|
5
|
+
title: Loofah HTML and XSS injection vulnerability
|
6
|
+
date: 2012-09-08
|
7
|
+
|
8
|
+
description: |
|
9
|
+
Loofah Gem for Ruby contains a flaw that allows a remote cross-site
|
10
|
+
scripting (XSS) attack. This flaw exists because the
|
11
|
+
Loofah::HTML::Document\#text function passes properly sanitized
|
12
|
+
user-supplied input to the Loofah::XssFoliate and
|
13
|
+
Loofah::Helpers\#strip_tags functions which convert input back to
|
14
|
+
text. This may allow an attacker to create a specially crafted
|
15
|
+
request that would execute arbitrary script code in a user's browser
|
16
|
+
within the trust relationship between their browser and the server.
|
17
|
+
|
18
|
+
cvss_v2: 5.0
|
19
|
+
|
20
|
+
patched_versions:
|
21
|
+
- ">= 0.4.6"
|
@@ -1,10 +1,12 @@
|
|
1
1
|
---
|
2
2
|
gem: mail
|
3
3
|
cve: 2011-0739
|
4
|
+
osvdb: 70667
|
4
5
|
url: http://www.osvdb.org/show/osvdb/70667
|
5
6
|
title: >
|
6
7
|
Mail Gem for Ruby lib/mail/network/delivery_methods/sendmail.rb Email From:
|
7
8
|
Address Arbitrary Shell Command Injection
|
9
|
+
date: 2011-01-25
|
8
10
|
|
9
11
|
description: |
|
10
12
|
Mail Gem for Ruby contains a flaw related to the failure to properly sanitise
|
@@ -1,8 +1,11 @@
|
|
1
1
|
---
|
2
2
|
gem: mail
|
3
3
|
cve: 2012-2139
|
4
|
+
osvdb: 81631
|
4
5
|
url: http://www.osvdb.org/show/osvdb/81631
|
5
6
|
title: Mail Gem for Ruby File Delivery Method to Parameter Traversal Arbitrary File Manipulation
|
7
|
+
date: 2012-03-14
|
8
|
+
|
6
9
|
description: |
|
7
10
|
Mail Gem for Ruby contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'to' parameter within the delivery method. This directory traversal attack would allow the attacker to modify arbitrary files.
|
8
11
|
|
@@ -1,10 +1,15 @@
|
|
1
1
|
---
|
2
2
|
gem: mail
|
3
3
|
cve: 2012-2140
|
4
|
+
osvdb: 81632
|
4
5
|
url: http://www.osvdb.org/show/osvdb/81632
|
5
|
-
title: Mail Gem for Ruby Multiple Delivery Method Remote Shell Command
|
6
|
+
title: Mail Gem for Ruby Multiple Delivery Method Remote Shell Command Execution
|
7
|
+
date: 2012-03-14
|
8
|
+
|
6
9
|
description: |
|
7
|
-
Mail Gem for Ruby contains a flaw that occurs within the sendmail and exim
|
10
|
+
Mail Gem for Ruby contains a flaw that occurs within the sendmail and exim
|
11
|
+
delivery methods, which may allow an attacker to execute arbitrary shell
|
12
|
+
commands..
|
8
13
|
|
9
14
|
cvss_v2: 7.5
|
10
15
|
patched_versions:
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
gem: md2pdf
|
3
|
+
cve: 2013-1948
|
4
|
+
osvdb: 92290
|
5
|
+
url: http://osvdb.org/show/osvdb/92290
|
6
|
+
title: md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
|
7
|
+
date: 2013-04-13
|
8
|
+
description: md2pdf Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to md2pdf/converter.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands
|
9
|
+
cvss_v2: 10.0
|
10
|
+
patched_versions:
|
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
gem: mini_magick
|
3
|
+
cve: 2013-2616
|
4
|
+
osvdb: 91231
|
5
|
+
url: http://osvdb.org/show/osvdb/91231
|
6
|
+
title: MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
|
7
|
+
date: 2013-03-12
|
8
|
+
|
9
|
+
description: MiniMagick Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input from an untrusted source passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands.
|
10
|
+
|
11
|
+
cvss_v2: 9.3
|
12
|
+
|
13
|
+
patched_versions:
|
14
|
+
- ">= 3.6.0"
|
15
|
+
|
@@ -1,8 +1,10 @@
|
|
1
1
|
---
|
2
2
|
gem: multi_xml
|
3
3
|
cve: 2013-0175
|
4
|
+
osvdb: 89148
|
4
5
|
url: http://osvdb.org/show/osvdb/89148
|
5
6
|
title: multi_xml Gem for Ruby XML Parameter Parsing Remote Command Execution
|
7
|
+
date: 2013-01-11
|
6
8
|
|
7
9
|
description: |
|
8
10
|
The multi_xml Gem for Ruby contains a flaw that is triggered when an error
|
@@ -1,15 +1,17 @@
|
|
1
1
|
---
|
2
2
|
gem: newrelic_rpm
|
3
3
|
cve: 2013-0284
|
4
|
-
|
4
|
+
osvdb: 90189
|
5
|
+
url: http://osvdb.org/show/osvdb/90189
|
5
6
|
title: Ruby on Rails newrelic_rpm Gem Discloses Sensitive Information
|
7
|
+
date: 2012-12-06
|
6
8
|
|
7
9
|
description: |
|
8
10
|
A bug in the Ruby agent causes database connection information and raw SQL
|
9
11
|
statements to be transmitted to New Relic servers. The database connection
|
10
12
|
information includes the database IP address, username, and password
|
11
13
|
|
12
|
-
cvss_v2:
|
14
|
+
cvss_v2: 5.0
|
13
15
|
|
14
16
|
patched_versions:
|
15
17
|
- ">= 3.5.3.25"
|
@@ -1,15 +1,17 @@
|
|
1
1
|
---
|
2
2
|
gem: nori
|
3
3
|
cve: 2013-0285
|
4
|
-
|
4
|
+
osvdb: 90196
|
5
|
+
url: http://osvdb.org/show/osvdb/90196
|
5
6
|
title: Ruby Gem nori Parameter Parsing Remote Code Execution
|
7
|
+
date: 2013-01-10
|
6
8
|
|
7
9
|
description: |
|
8
10
|
The Ruby Gem nori has a parameter parsing error that may allow an attacker
|
9
11
|
to execute arbitrary code. This vulnerability has to do with type casting
|
10
12
|
during parsing, and is related to CVE-2013-0156.
|
11
13
|
|
12
|
-
cvss_v2:
|
14
|
+
cvss_v2: 10.0
|
13
15
|
|
14
16
|
patched_versions:
|
15
17
|
- ~> 1.0.3
|
@@ -1,14 +1,16 @@
|
|
1
1
|
---
|
2
2
|
gem: omniauth-oauth2
|
3
3
|
cve: 2012-6134
|
4
|
-
|
4
|
+
osvdb: 90264
|
5
|
+
url: http://www.osvdb.org/show/osvdb/90264
|
5
6
|
title: Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability
|
7
|
+
date: 2012-09-08
|
6
8
|
|
7
9
|
description: |
|
8
10
|
The omniauth-oauth2 Ruby Gem contains a flaw that allows an attacker to
|
9
11
|
inject values into a user's session through a CSRF attack.
|
10
12
|
|
11
|
-
cvss_v2:
|
13
|
+
cvss_v2: 6.8
|
12
14
|
|
13
15
|
patched_versions:
|
14
16
|
- ">= 1.1.1"
|
@@ -0,0 +1,11 @@
|
|
1
|
+
---
|
2
|
+
gem: pdfkit
|
3
|
+
cve: 2013-1607
|
4
|
+
osvdb: 90867
|
5
|
+
url: http://osvdb.org/show/osvdb/90867
|
6
|
+
title: PDFKit Gem for Ruby PDF File Generation Parameter Handling Remote Code Execution
|
7
|
+
date: 2013-02-21
|
8
|
+
description: PDFKit Gem for Ruby contains a flaw that is due to the program failing to properly validate input during the handling of parameters when generating PDF files. This may allow a remote attacker to potentially execute arbitrary code via the pdfkit generation options.
|
9
|
+
cvss_v2:
|
10
|
+
patched_versions:
|
11
|
+
- ">= 0.5.3"
|
@@ -1,8 +1,10 @@
|
|
1
1
|
---
|
2
2
|
gem: rack-cache
|
3
|
-
cve: 2012-
|
3
|
+
cve: 2012-2671
|
4
|
+
osvdb: 83077
|
4
5
|
url: http://osvdb.org/83077
|
5
6
|
title: rack-cache Rubygem Sensitive HTTP Header Caching Weakness
|
7
|
+
date: 2012-06-06
|
6
8
|
|
7
9
|
description: |
|
8
10
|
Rack::Cache (rack-cache) contains a flaw related to the rubygem caching
|
@@ -1,9 +1,11 @@
|
|
1
1
|
---
|
2
2
|
gem: rack
|
3
3
|
cve: 2013-0263
|
4
|
+
osvdb: 89939
|
4
5
|
url: http://osvdb.org/show/osvdb/89939
|
5
6
|
title: |
|
6
7
|
Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution
|
8
|
+
date: 2009-12-01
|
7
9
|
|
8
10
|
description: |
|
9
11
|
Rack contains a flaw that is due to an error in the Rack::Session::Cookie
|
@@ -0,0 +1,13 @@
|
|
1
|
+
---
|
2
|
+
gem: rgpg
|
3
|
+
osvdb: 95948
|
4
|
+
url: http://www.osvdb.org/show/osvdb/95948
|
5
|
+
title: Ruby rgpg Gem Shell Command Injection Vulnerabilities
|
6
|
+
date: 2013-08-02
|
7
|
+
description: |
|
8
|
+
rgpg Gem for Ruby contains a flaw in the GpgHelper module (lib/rgpg/gpg_helper.rb).
|
9
|
+
The issue is due to the program failing to properly sanitize user-supplied input before being used in the system() function for execution.
|
10
|
+
This may allow a remote attacker to execute arbitrary commands.
|
11
|
+
cvss_v2:
|
12
|
+
patched_versions:
|
13
|
+
- ">= 0.2.3"
|
@@ -0,0 +1,11 @@
|
|
1
|
+
---
|
2
|
+
gem: ruby_parser
|
3
|
+
cve: 2013-0162
|
4
|
+
osvdb: 90561
|
5
|
+
url: http://osvdb.org/show/osvdb/90561
|
6
|
+
title: RubyGems ruby_parser (RP) Temporary File Symlink Arbitrary File Overwrite
|
7
|
+
date: 2013-02-21
|
8
|
+
description: RubyGems ruby_parser (RP) contains a flaw as rubygem-ruby_parser creates temporary files insecurely. It is possible for a local attacker to use a symlink attack to cause the program to unexpectedly overwrite an arbitrary file.
|
9
|
+
cvss_v2: 2.1
|
10
|
+
patched_versions:
|
11
|
+
- ">= 3.1.2"
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
gem: spree
|
3
|
+
cve: 2013-1656
|
4
|
+
osvdb: 91216
|
5
|
+
url: http://osvdb.org/show/osvdb/91216
|
6
|
+
title: Spree promotion_actions_controller.rb promotion_action Parameter Arbitrary Ruby Object Instantiation Command Execution
|
7
|
+
date: 2013-02-21
|
8
|
+
description: Spree contains a flaw that is triggered when handling input passed via the 'promotion_action' parameter to promotion_actions_controller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands.
|
9
|
+
cvss_v2: 4.3
|
10
|
+
patched_versions:
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
gem: spree
|
3
|
+
cve: 2013-1656
|
4
|
+
osvdb: 91217
|
5
|
+
url: http://osvdb.org/show/osvdb/91217
|
6
|
+
title: Spree payment_methods_controller.rb payment_method Parameter Arbitrary Ruby Object Instantiation Command Execution
|
7
|
+
date: 2013-02-21
|
8
|
+
description: Spree contains a flaw that is triggered when handling input passed via the 'payment_method' parameter to payment_methods_controller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands.
|
9
|
+
cvss_v2: 4.3
|
10
|
+
patched_versions:
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
gem: spree
|
3
|
+
cve: 2013-1656
|
4
|
+
osvdb: 91218
|
5
|
+
url: http://osvdb.org/show/osvdb/91218
|
6
|
+
title: Spree promotions_controller.rb calculator_type Parameter Arbitrary Ruby Object Instantiation Command Execution
|
7
|
+
date: 2013-02-21
|
8
|
+
description: Spree contains a flaw that is triggered when handling input passed via the 'calculator_type' parameter to promotions_controller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands.
|
9
|
+
cvss_v2: 4.3
|
10
|
+
patched_versions:
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
gem: spree
|
3
|
+
cve: 2013-1656
|
4
|
+
osvdb: 91219
|
5
|
+
url: http://osvdb.org/show/osvdb/91219
|
6
|
+
title: Spree promotion_rules_controller.rb promotion_rule Parameter Arbitrary Ruby Object Instantiation Command Execution
|
7
|
+
date: 2013-02-21
|
8
|
+
description: Spree contains a flaw that is triggered when handling input passed via the 'promotion_rule' parameter to promotion_rules_controller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands.
|
9
|
+
cvss_v2: 4.3
|
10
|
+
patched_versions:
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
gem: thumbshooter
|
3
|
+
cve: 2013-1898
|
4
|
+
osvdb: 91839
|
5
|
+
url: http://osvdb.org/show/osvdb/91839
|
6
|
+
title: Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution
|
7
|
+
date: 2013-03-26
|
8
|
+
description: Thumbshooter Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to thumbshooter.rb. With a specially crafted URL that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands.
|
9
|
+
cvss_v2: 7.5
|
10
|
+
patched_versions:
|
@@ -0,0 +1,87 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler/setup'
|
3
|
+
|
4
|
+
require 'pry'
|
5
|
+
require 'mechanize'
|
6
|
+
require 'yaml'
|
7
|
+
require 'date'
|
8
|
+
|
9
|
+
class OSVDB
|
10
|
+
attr_accessor :osvdb, :cve, :title, :description, :date, :cvss_v2, :gem, :url, :patched_versions, :page
|
11
|
+
def initialize(url)
|
12
|
+
self.url = url
|
13
|
+
parse!
|
14
|
+
end
|
15
|
+
|
16
|
+
def parse!
|
17
|
+
mech = Mechanize.new
|
18
|
+
self.page = mech.get(url)
|
19
|
+
|
20
|
+
page.search(".show_vuln_table").search("td ul li").each do |li|
|
21
|
+
case li.children[0].text.strip
|
22
|
+
when "CVE ID:"
|
23
|
+
self.cve = li.children[1].text
|
24
|
+
when "Vendor URL:"
|
25
|
+
self.set_gem(li.children[1].text)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
self.description = page.search(".show_vuln_table").search("tr td tr .white_content p")[0].text
|
30
|
+
self.date = page.search(".show_vuln_table").search("tr td tr .white_content tr td")[0].text
|
31
|
+
self.title = page.search("title").text.gsub(/\d+: /, "")
|
32
|
+
self.osvdb = page.search("title").text.match(/\d+/)[0]
|
33
|
+
if cvss_p = page.search(".show_vuln_table").search("tr td tr .white_content div p")[0]
|
34
|
+
self.set_cvss(cvss_p.children[0].text)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def set_gem(vendortext)
|
39
|
+
["https://rubygems.org/gems/", "http://rubygems.org/gems/"].each do |str|
|
40
|
+
if vendortext.match(str)
|
41
|
+
self.gem = vendortext.gsub(str,"")
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def set_cvss(text)
|
47
|
+
self.cvss_v2 = text.strip.gsub("CVSSv2 Base Score = ", "")
|
48
|
+
end
|
49
|
+
|
50
|
+
def date
|
51
|
+
Date.parse(@date)
|
52
|
+
end
|
53
|
+
|
54
|
+
def cvss_v2
|
55
|
+
@cvss_v2.nil? ? nil : @cvss_v2.to_f
|
56
|
+
end
|
57
|
+
|
58
|
+
def gem
|
59
|
+
@gem.nil? ? "unknown" : @gem
|
60
|
+
end
|
61
|
+
|
62
|
+
def to_yaml
|
63
|
+
{ 'gem' => gem,
|
64
|
+
'cve' => cve,
|
65
|
+
'osvdb' => osvdb.to_i,
|
66
|
+
'url' => url,
|
67
|
+
'title' => title,
|
68
|
+
'date' => date,
|
69
|
+
'description' => description,
|
70
|
+
'cvss_v2' => cvss_v2,
|
71
|
+
'patched_versions' => patched_versions }.to_yaml
|
72
|
+
end
|
73
|
+
|
74
|
+
def filename
|
75
|
+
"OSVDB-#{osvdb}.yml"
|
76
|
+
end
|
77
|
+
|
78
|
+
def to_advisory!
|
79
|
+
gems_path = File.join(File.dirname(__FILE__), "..", "gems")
|
80
|
+
adv_path = File.absolute_path(File.join(gems_path, self.gem))
|
81
|
+
|
82
|
+
FileUtils.mkdir(adv_path) unless File.exists?(adv_path)
|
83
|
+
File.open(File.join(adv_path, filename), "w") do |io|
|
84
|
+
io.puts self.to_yaml
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
@@ -6,7 +6,24 @@ shared_examples_for 'Advisory' do |path|
|
|
6
6
|
|
7
7
|
describe path do
|
8
8
|
let(:gem) { File.basename(File.dirname(path)) }
|
9
|
-
let(:
|
9
|
+
let(:filename_cve) do
|
10
|
+
if File.basename(path).start_with?('CVE-')
|
11
|
+
File.basename(path).gsub('CVE-','').chomp('.yml')
|
12
|
+
else
|
13
|
+
nil
|
14
|
+
end
|
15
|
+
end
|
16
|
+
let(:filename_osvdb) do
|
17
|
+
if File.basename(path).start_with?('OSVDB-')
|
18
|
+
File.basename(path).gsub('OSVDB-','').chomp('.yml')
|
19
|
+
else
|
20
|
+
nil
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
it "should have CVE or OSVDB" do
|
25
|
+
(advisory['cve'] || advisory['osvdb']).should_not be_nil
|
26
|
+
end
|
10
27
|
|
11
28
|
describe "gem" do
|
12
29
|
subject { advisory['gem'] }
|
@@ -15,11 +32,45 @@ shared_examples_for 'Advisory' do |path|
|
|
15
32
|
it { should == gem }
|
16
33
|
end
|
17
34
|
|
35
|
+
describe "framework" do
|
36
|
+
subject { advisory['framework'] }
|
37
|
+
|
38
|
+
it "may be nil or a String" do
|
39
|
+
[NilClass, String].should include(subject.class)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
describe "platform" do
|
44
|
+
subject { advisory['platform'] }
|
45
|
+
|
46
|
+
it "may be nil or a String" do
|
47
|
+
[NilClass, String].should include(subject.class)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
18
51
|
describe "cve" do
|
19
52
|
subject { advisory['cve'] }
|
20
53
|
|
21
|
-
it
|
22
|
-
|
54
|
+
it "may be nil or a String" do
|
55
|
+
[NilClass, String].should include(subject.class)
|
56
|
+
end
|
57
|
+
it "should be id in filename if filename is CVE-XXX" do
|
58
|
+
if filename_cve
|
59
|
+
should == filename_cve
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
describe "osvdb" do
|
65
|
+
subject { advisory['osvdb'] }
|
66
|
+
it "may be nil or a Fixnum" do
|
67
|
+
[NilClass, Fixnum].should include(subject.class)
|
68
|
+
end
|
69
|
+
it "should be id in filename if filename is OSVDB-XXX" do
|
70
|
+
if filename_osvdb
|
71
|
+
should == filename_osvdb.to_i
|
72
|
+
end
|
73
|
+
end
|
23
74
|
end
|
24
75
|
|
25
76
|
describe "url" do
|
@@ -36,6 +87,12 @@ shared_examples_for 'Advisory' do |path|
|
|
36
87
|
it { should_not be_empty }
|
37
88
|
end
|
38
89
|
|
90
|
+
describe "date" do
|
91
|
+
subject { advisory['date'] }
|
92
|
+
|
93
|
+
it { should be_kind_of(Date) }
|
94
|
+
end
|
95
|
+
|
39
96
|
describe "description" do
|
40
97
|
subject { advisory['description'] }
|
41
98
|
|
@@ -61,17 +118,45 @@ shared_examples_for 'Advisory' do |path|
|
|
61
118
|
describe "patched_versions" do
|
62
119
|
subject { advisory['patched_versions'] }
|
63
120
|
|
64
|
-
it
|
65
|
-
|
121
|
+
it "may be nil or an Array" do
|
122
|
+
[NilClass, Array].should include(subject.class)
|
123
|
+
end
|
124
|
+
|
125
|
+
describe "each patched version" do
|
126
|
+
if advisory['patched_versions']
|
127
|
+
advisory['patched_versions'].each do |version|
|
128
|
+
describe version do
|
129
|
+
subject { version.split(', ') }
|
130
|
+
|
131
|
+
it "should contain valid RubyGem version requirements" do
|
132
|
+
lambda {
|
133
|
+
Gem::Requirement.new(*subject)
|
134
|
+
}.should_not raise_error(ArgumentError)
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
66
141
|
|
67
|
-
|
68
|
-
|
69
|
-
|
142
|
+
describe "unaffected_versions" do
|
143
|
+
subject { advisory['unaffected_versions'] }
|
144
|
+
|
145
|
+
it "may be nil or an Array" do
|
146
|
+
[NilClass, Array].should include(subject.class)
|
147
|
+
end
|
70
148
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
149
|
+
case advisory['unaffected_versions']
|
150
|
+
when Array
|
151
|
+
advisory['unaffected_versions'].each do |version|
|
152
|
+
describe version do
|
153
|
+
subject { version.split(', ') }
|
154
|
+
|
155
|
+
it "should contain valid RubyGem version requirements" do
|
156
|
+
lambda {
|
157
|
+
Gem::Requirement.new(*subject)
|
158
|
+
}.should_not raise_error(ArgumentError)
|
159
|
+
end
|
75
160
|
end
|
76
161
|
end
|
77
162
|
end
|