codesake-dawn 0.60 → 0.70
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/Competitive_matrix.md +18 -4
- data/README.md +26 -44
- data/Roadmap.md +25 -11
- data/bin/dawn +104 -34
- data/{codesake_dawn.gemspec → codesake-dawn.gemspec} +5 -0
- data/features/dawn_complains_about_an_incorrect_command_line.feature +2 -2
- data/features/dawn_scan_a_secure_sinatra_app.feature +4 -4
- data/features/dawn_scan_a_vulnerable_sinatra_app.feature +36 -0
- data/features/step_definition/dawn_steps.rb +8 -2
- data/lib/codesake-dawn.rb +1 -0
- data/lib/codesake/dawn/core.rb +22 -0
- data/lib/codesake/dawn/engine.rb +66 -1
- data/lib/codesake/dawn/kb/cve_2011_0447.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_2197.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_2932.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_3186.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2012_1099.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_1241.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_2140.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_3463.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_3464.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4464.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4466.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4481.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2012_5370.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_5371.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_6134.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_0333.rb +0 -3
- data/lib/codesake/dawn/kb/cve_2013_1821.rb +1 -1
- data/lib/codesake/dawn/kb/pattern_match_check.rb +4 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +14 -4
- data/lib/codesake/dawn/knowledge_base.rb +30 -0
- data/lib/codesake/dawn/sinatra.rb +105 -0
- data/lib/codesake/dawn/version.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +87 -0
- data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +44 -1
- data/spec/spec_helper.rb +3 -0
- data/spec/support/sinatra-vulnerable/application.rb +6 -0
- data/spec/support/sinatra-vulnerable/disabled.png +0 -0
- data/spec/support/sinatra-vulnerable/views/xss.haml +3 -0
- metadata +91 -15
- data/spec/support/hello_world_3.0.19/.gitignore +0 -4
- data/spec/support/hello_world_3.1.0/.gitignore +0 -5
- data/spec/support/hello_world_3.2.13/.gitignore +0 -15
- data/spec/support/sinatra-safe/.gitignore +0 -6
- data/spec/support/sinatra-vulnerable/.gitignore +0 -6
@@ -19,6 +19,11 @@ Gem::Specification.new do |gem|
|
|
19
19
|
|
20
20
|
gem.add_dependency 'codesake_commons', '>= 0.67.0'
|
21
21
|
gem.add_dependency 'cvss'
|
22
|
+
gem.add_dependency 'haml'
|
23
|
+
gem.add_dependency 'parser'
|
24
|
+
gem.add_dependency 'ptools'
|
25
|
+
|
26
|
+
gem.add_dependency ('coveralls')
|
22
27
|
|
23
28
|
gem.add_development_dependency 'rake'
|
24
29
|
gem.add_development_dependency 'rspec'
|
@@ -3,7 +3,7 @@ Feature: dawn complains on its command line when incomplete
|
|
3
3
|
|
4
4
|
Scenario: dawn complains if you don't specify the target framework
|
5
5
|
When I run `bundle exec dawn`
|
6
|
-
Then the stderr should contain "missing target
|
6
|
+
Then the stderr should contain "missing target"
|
7
7
|
|
8
8
|
Scenario: dawn complains if you don't specify the target
|
9
9
|
When I run `bundle exec dawn -s`
|
@@ -12,7 +12,7 @@ Feature: dawn complains on its command line when incomplete
|
|
12
12
|
Scenario: dawn complains if the target doesn't exist
|
13
13
|
Given the generic project "/tmp/this_is_foo" doesn't exist
|
14
14
|
When I run `bundle exec dawn -s /tmp/this_is_foo`
|
15
|
-
Then the stderr should contain "/tmp/this_is_foo
|
15
|
+
Then the stderr should contain "invalid directory (/tmp/this_is_foo)"
|
16
16
|
|
17
17
|
Scenario: dawn complains if the target uses a different framework than the one specified
|
18
18
|
Given the hello world rails project does exist
|
@@ -3,19 +3,19 @@ Feature: dawn reports no security issues
|
|
3
3
|
|
4
4
|
Scenario: dawn detects the sinatra version
|
5
5
|
Given a safe sinatra application exists
|
6
|
-
When I run `bundle exec dawn
|
6
|
+
When I run `bundle exec dawn /tmp/sinatra-safe`
|
7
7
|
Then the stdout should contain "1.4.2"
|
8
8
|
|
9
9
|
Scenario: dawn tells there are no vulnerabilities
|
10
10
|
Given a safe sinatra application exists
|
11
|
-
When I run `bundle exec dawn
|
11
|
+
When I run `bundle exec dawn /tmp/sinatra-safe`
|
12
12
|
Then the stdout should contain "no vulnerabilities found"
|
13
13
|
|
14
14
|
# Test for --output json
|
15
15
|
Scenario: dawn can give a brief json output as well
|
16
16
|
Given a safe sinatra application exists
|
17
17
|
When I run `bundle exec dawn -s /tmp/sinatra-safe --output json`
|
18
|
-
Then the stdout should contain "{
|
18
|
+
Then the stdout should contain "{\"status\":"OK",\"target\":"/tmp/sinatra-safe",\"mvc\":"sinatra",\"mvc_version\":"1.4.2",\"vulnerabilities_count\":0,\"vulnerabilities\":[],\"mitigated_vuln_count\":0,\"mitigated_vuln\":[],\"reflected_xss\":[]}"
|
19
19
|
|
20
20
|
|
21
21
|
# Tests for --count-only option
|
@@ -27,5 +27,5 @@ Feature: dawn reports no security issues
|
|
27
27
|
Scenario: dawn can give just the number of issues found as output
|
28
28
|
Given a safe sinatra application exists
|
29
29
|
When I run `bundle exec dawn --count-only -s /tmp/sinatra-safe --output json`
|
30
|
-
Then the stdout should contain "{
|
30
|
+
Then the stdout should contain "{\"status\":"OK",\"vulnerabilities_count\":0}"
|
31
31
|
|
@@ -0,0 +1,36 @@
|
|
1
|
+
Feature: dawn reports security issues
|
2
|
+
When it scans a sinatra application that it is not updated and it has XSS
|
3
|
+
|
4
|
+
Scenario: dawn detects the sinatra version
|
5
|
+
Given a vulnerable sinatra application exists
|
6
|
+
When I run `bundle exec dawn /tmp/sinatra-vulnerable`
|
7
|
+
Then the stdout should contain "1.2.6"
|
8
|
+
|
9
|
+
Scenario: dawn tells there are no vulnerabilities
|
10
|
+
Given a vulnerable sinatra application exists
|
11
|
+
When I run `bundle exec dawn /tmp/sinatra-vulnerable`
|
12
|
+
Then the stdout should contain "4 vulnerabilities found"
|
13
|
+
And the stdout should contain "Not revised code failed"
|
14
|
+
And the stdout should contain "CVE-2013-0269 failed"
|
15
|
+
And the stdout should contain "CVE-2013-1800 failed"
|
16
|
+
And the stdout should contain "1 reflected XSS found"
|
17
|
+
And the stdout should contain "request parameter \"name\""
|
18
|
+
|
19
|
+
# Test for --output json
|
20
|
+
Scenario: dawn can give a brief json output as well
|
21
|
+
Given a vulnerable sinatra application exists
|
22
|
+
When I run `bundle exec dawn -s /tmp/sinatra-vulnerable --output json`
|
23
|
+
Then the stdout should contain "{\"status\":"OK",\"target\":"/tmp/sinatra-vulnerable",\"mvc\":"sinatra",\"mvc_version\":"1.2.6",\"vulnerabilities_count\":4,\"vulnerabilities\":["Not revised code","CVE-2013-0269","CVE-2013-1800"],\"mitigated_vuln_count\":0,\"mitigated_vuln\":[],\"reflected_xss\":["request parameter \"name\""]}"
|
24
|
+
|
25
|
+
|
26
|
+
# Tests for --count-only option
|
27
|
+
Scenario: dawn can give just the number of issues found as output
|
28
|
+
Given a vulnerable sinatra application exists
|
29
|
+
When I run `bundle exec dawn --count-only -s /tmp/sinatra-vulnerable`
|
30
|
+
Then the stdout should contain "4"
|
31
|
+
|
32
|
+
Scenario: dawn can give just the number of issues found as output
|
33
|
+
Given a vulnerable sinatra application exists
|
34
|
+
When I run `bundle exec dawn --count-only -s /tmp/sinatra-vulnerable --output json`
|
35
|
+
Then the stdout should contain "{\"status\":"OK",\"vulnerabilities_count\":4}"
|
36
|
+
|
@@ -3,11 +3,17 @@ Given /^the generic project "(.*?)" doesn't exist$/ do |file|
|
|
3
3
|
end
|
4
4
|
|
5
5
|
Given /^the hello world rails project does exist$/ do
|
6
|
-
system("
|
6
|
+
system("rm -rf /tmp/hello_world_3.2.13")
|
7
|
+
system("cp -a ./spec/support/hello_world_3.2.13 /tmp")
|
7
8
|
end
|
8
9
|
|
9
10
|
Given /^a safe sinatra application exists$/ do
|
10
|
-
system("
|
11
|
+
system("rm -rf /tmp/sinatra-safe")
|
12
|
+
system("cp -a ./spec/support/sinatra-safe /tmp")
|
13
|
+
end
|
11
14
|
|
15
|
+
Given /^a vulnerable sinatra application exists$/ do
|
16
|
+
system("rm -rf /tmp/sinatra-vulnerable")
|
17
|
+
system("cp -a ./spec/support/sinatra-vulnerable /tmp")
|
12
18
|
end
|
13
19
|
|
data/lib/codesake-dawn.rb
CHANGED
@@ -0,0 +1,22 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
class Core
|
4
|
+
def self.detect_mvc(target)
|
5
|
+
gemfile_lock = File.join(target, "Gemfile.lock")
|
6
|
+
raise ArgumentError.new("no Gemfile.lock in #{target}") unless File.exist?(gemfile_lock)
|
7
|
+
|
8
|
+
lockfile = Bundler::LockfileParser.new(Bundler.read_file(gemfile_lock))
|
9
|
+
lockfile.specs.each do |s|
|
10
|
+
return Codesake::Dawn::Rails.new(target) if s.name == "rails"
|
11
|
+
# return Codesake::Dawn::Padrino.new if s.name == "padrino"
|
12
|
+
end
|
13
|
+
|
14
|
+
return Codesake::Dawn::Sinatra.new(target)
|
15
|
+
end
|
16
|
+
|
17
|
+
def self.is_good_target?(target)
|
18
|
+
(File.exist?(target) and File.directory?(target))
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
data/lib/codesake/dawn/engine.rb
CHANGED
@@ -13,6 +13,25 @@ module Codesake
|
|
13
13
|
attr_reader :mitigated_issues
|
14
14
|
attr_reader :ruby_version
|
15
15
|
|
16
|
+
attr_reader :engine_error
|
17
|
+
|
18
|
+
attr_reader :reflected_xss
|
19
|
+
|
20
|
+
# Typical MVC elements here
|
21
|
+
|
22
|
+
# Each view will be something like {:filename=>"target/views/index.haml", :language=>:haml}
|
23
|
+
attr_reader :views
|
24
|
+
|
25
|
+
# Each controller will be a little bit more complex. Of course for
|
26
|
+
# Sinatra, the controller filename will be the sole web application ruby
|
27
|
+
# file.
|
28
|
+
# {:filename=>"target/controllers/this_controller.rb", :actions=>[{:name=>"index", :method=>:get, :map=>"/"]}
|
29
|
+
attr_reader :controllers
|
30
|
+
|
31
|
+
# Models I don't know right now. Let them initialized as Array... we
|
32
|
+
# will see later
|
33
|
+
attr_reader :models
|
34
|
+
|
16
35
|
def initialize(dir=nil, name="")
|
17
36
|
@name = name
|
18
37
|
@mvc_version = ""
|
@@ -22,17 +41,54 @@ module Codesake
|
|
22
41
|
@vulnerabilities = []
|
23
42
|
@mitigated_issues = []
|
24
43
|
@applied = []
|
44
|
+
@engine_error = false
|
45
|
+
|
25
46
|
set_target(dir) unless dir.nil?
|
47
|
+
|
48
|
+
@views = detect_views
|
49
|
+
@controllers = detect_controllers
|
50
|
+
@models = detect_models
|
51
|
+
|
26
52
|
load_knowledge_base
|
27
53
|
end
|
28
54
|
|
55
|
+
def detect_views
|
56
|
+
[]
|
57
|
+
end
|
58
|
+
def error!
|
59
|
+
@error = true
|
60
|
+
end
|
61
|
+
def error?
|
62
|
+
@error
|
63
|
+
end
|
64
|
+
|
65
|
+
def build_view_array(dir)
|
66
|
+
|
67
|
+
return [] unless File.exist?(dir) and File.directory?(dir)
|
68
|
+
|
69
|
+
ret = []
|
70
|
+
Dir.glob(File.join("#{dir}", "*")).each do |filename|
|
71
|
+
ret << {:filename=>filename, :language=>:haml} if File.extname(filename) == ".haml"
|
72
|
+
end
|
73
|
+
|
74
|
+
ret
|
75
|
+
end
|
76
|
+
|
77
|
+
def detect_controllers
|
78
|
+
[]
|
79
|
+
end
|
80
|
+
|
81
|
+
def detect_models
|
82
|
+
[]
|
83
|
+
end
|
84
|
+
|
29
85
|
def get_ruby_version
|
30
86
|
# does target use rbenv?
|
31
87
|
ver = get_rbenv_ruby_ver
|
32
88
|
# does the target use rvm?
|
33
89
|
ver = get_rvm_ruby_ver if ver[:version].empty? and ver[:patchlevel].empty?
|
34
90
|
# take the running ruby otherwise
|
35
|
-
ver = {:version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} if ver[:version].empty? and ver[:patchlevel].empty?
|
91
|
+
ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} if ver[:version].empty? and ver[:patchlevel].empty?
|
36
92
|
|
37
93
|
ver
|
38
94
|
end
|
@@ -100,6 +156,7 @@ module Codesake
|
|
100
156
|
# otherwise
|
101
157
|
def apply(name)
|
102
158
|
load_knowledge_base if @checks.nil?
|
159
|
+
return false if @checks.empty?
|
103
160
|
|
104
161
|
@checks.each do |check|
|
105
162
|
if check.name == name
|
@@ -156,6 +213,14 @@ module Codesake
|
|
156
213
|
|
157
214
|
false
|
158
215
|
end
|
216
|
+
def has_reflected_xss?
|
217
|
+
(@reflected_xss.count != 0)
|
218
|
+
end
|
219
|
+
|
220
|
+
def count_vulnerabilities
|
221
|
+
@vulnerabilities.count + @reflected_xss.count
|
222
|
+
end
|
223
|
+
|
159
224
|
private
|
160
225
|
def get_rbenv_ruby_ver
|
161
226
|
return {:version=>"", :patchlevel=>""} unless File.exist?(File.join(@target, ".rbenv-version"))
|
@@ -0,0 +1,30 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-05-29
|
5
|
+
class CVE_2011_0447
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage \"combinations of browser plugins and HTTP redirects,\" a related issue to CVE-2011-0696."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>"CVE-2011-0447",
|
13
|
+
:cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
14
|
+
:release_date => Date.new(2011, 2, 14),
|
15
|
+
:cwe=>"352",
|
16
|
+
:owasp=>"A9",
|
17
|
+
:applies=>["rails"],
|
18
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
19
|
+
:message=>message,
|
20
|
+
:mitigation=>"Please upgrade rails version at least to 2.3.11 or 3.0.4. As a general rule, using the latest stable rails version is recommended.",
|
21
|
+
:aux_links=>["http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails"]
|
22
|
+
})
|
23
|
+
|
24
|
+
self.safe_dependencies = [{:name=>"rails", :version=>['2.1.9999', '2.2.9999', '2.3.11', '3.0.4']}]
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-05-30
|
5
|
+
class CVE_2011_2197
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message="The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method."
|
10
|
+
super({
|
11
|
+
:name=>"CVE-2011-2197",
|
12
|
+
:cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
13
|
+
:release_date => Date.new(2011, 6, 30),
|
14
|
+
:cwe=>"79",
|
15
|
+
:owasp=>"A3",
|
16
|
+
:applies=>["rails"],
|
17
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message=>message,
|
19
|
+
:mitigation=>"Please upgrade rails version at least to 2.3.12, 3.0.8, 3.1.0. As a general rule, using the latest stable rails version is recommended.",
|
20
|
+
:aux_links=>["http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications"]
|
21
|
+
})
|
22
|
+
|
23
|
+
self.safe_dependencies = [{:name=>"rails", :version=>['2.3.12', '3.0.8', '3.1.0']}]
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-05-30
|
5
|
+
class CVE_2011_2932
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a \"UTF-8 escaping vulnerability.\""
|
10
|
+
super({
|
11
|
+
:name=>"CVE-2011-2932",
|
12
|
+
:cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
13
|
+
:release_date => Date.new(2011, 8, 29),
|
14
|
+
:cwe=>"79",
|
15
|
+
:owasp=>"A3",
|
16
|
+
:applies=>["rails"],
|
17
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message=>message,
|
19
|
+
:mitigation=>"Please upgrade rails version at least to 2.3.13, 3.0.10, 3.1.0. As a general rule, using the latest stable rails version is recommended.",
|
20
|
+
:aux_links=>["http://secunia.com/advisories/45917"]
|
21
|
+
})
|
22
|
+
|
23
|
+
self.safe_dependencies = [{:name=>"rails", :version=>['2.3.13', '3.0.10', '3.1.0']}]
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-05-29
|
5
|
+
class CVE_2011_3186
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message="CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>"CVE-2011-3186",
|
13
|
+
:cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
14
|
+
:release_date => Date.new(2011, 8, 29),
|
15
|
+
:cwe=>"94",
|
16
|
+
:owasp=>"A9",
|
17
|
+
:applies=>["rails"],
|
18
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
19
|
+
:message=>message,
|
20
|
+
:mitigation=>"Please upgrade rails version at least to 2.3.13. As a general rule, using the latest stable rails version is recommended.",
|
21
|
+
:aux_links=>["https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9"]
|
22
|
+
})
|
23
|
+
|
24
|
+
self.safe_dependencies = [{:name=>"rails", :version=>['2.3.13']}]
|
25
|
+
|
26
|
+
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-05-30
|
5
|
+
class CVE_2012_1099
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements."
|
10
|
+
super({
|
11
|
+
:name=>"CVE-2012-1099",
|
12
|
+
:cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
13
|
+
:release_date => Date.new(2012, 3, 13),
|
14
|
+
:cwe=>"79",
|
15
|
+
:owasp=>"A3",
|
16
|
+
:applies=>["rails"],
|
17
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message=>message,
|
19
|
+
:mitigation=>"Please upgrade rails version at least to 3.0.12, 3.1.4 and 3.2.2. As a general rule, using the latest stable rails version is recommended.",
|
20
|
+
:aux_links=>["http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"]
|
21
|
+
})
|
22
|
+
|
23
|
+
self.safe_dependencies = [{:name=>"rails", :version=>['3.0.12', '3.1.4', '3.2.2']}]
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-05-30
|
5
|
+
class CVE_2012_1241
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message="GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document."
|
10
|
+
super({
|
11
|
+
:name=>"CVE-2012-1241",
|
12
|
+
:cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
13
|
+
:release_date => Date.new(2012, 4, 16),
|
14
|
+
:cwe=>"264",
|
15
|
+
:owasp=>"A9",
|
16
|
+
:applies=>["rails", "padrino", "sinatra"],
|
17
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message=>message,
|
19
|
+
:mitigation=>"Please upgrade ActiveScriptRuby to version 1.8.7. As a general rule, using the latest stable version is recommended.",
|
20
|
+
:aux_links=>["https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9"]
|
21
|
+
})
|
22
|
+
|
23
|
+
self.safe_dependencies = [{:name=>"activescriptruby", :version=>['1.8.7']}]
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-05-30
|
5
|
+
class CVE_2012_2140
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery."
|
10
|
+
super({
|
11
|
+
:name=>"CVE-2012-2140",
|
12
|
+
:cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
13
|
+
:release_date => Date.new(2012, 7, 18),
|
14
|
+
:cwe=>"20",
|
15
|
+
:owasp=>"A9",
|
16
|
+
:applies=>["rails"],
|
17
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message=>message,
|
19
|
+
:mitigation=>"Please upgrade Mail gem version to version 2.4.3. As a general rule, using the latest stable version is recommended.",
|
20
|
+
:aux_links=>["http://secunia.com/advisories/48970"]
|
21
|
+
})
|
22
|
+
|
23
|
+
self.safe_dependencies = [{:name=>"mail_gem", :version=>['2.4.3', '2.3.4']}]
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|