codesake-dawn 0.72 → 0.75
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.ruby-version +1 -1
- data/.travis.yml +8 -0
- data/Competitive_matrix.md +8 -2
- data/Rakefile +1 -0
- data/Roadmap.md +28 -22
- data/bin/dawn +42 -34
- data/codesake-dawn.gemspec +1 -0
- data/lib/codesake-dawn.rb +1 -0
- data/lib/codesake/dawn/engine.rb +31 -13
- data/lib/codesake/dawn/kb/basic_check.rb +10 -1
- data/lib/codesake/dawn/kb/combo_check.rb +63 -0
- data/lib/codesake/dawn/kb/cve_2010_1330.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_0446.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_0995.rb +63 -0
- data/lib/codesake/dawn/kb/cve_2011_2929.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_4815.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2012_3424.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2012_4522.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_5380.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_1655.rb +48 -12
- data/lib/codesake/dawn/kb/dependency_check.rb +2 -0
- data/lib/codesake/dawn/kb/operating_system_check.rb +97 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet.rb +39 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +26 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb +28 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +30 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +37 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +28 -0
- data/lib/codesake/dawn/kb/pattern_match_check.rb +21 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +31 -7
- data/lib/codesake/dawn/knowledge_base.rb +24 -0
- data/lib/codesake/dawn/sinatra.rb +2 -2
- data/lib/codesake/dawn/utils.rb +10 -0
- data/lib/codesake/dawn/version.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +47 -0
- data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +1 -0
- data/spec/lib/kb/codesake_cve_2013_1655_spec.rb +31 -0
- data/spec/lib/kb/owasp_ror_cheatsheet_spec.rb +56 -0
- data/spec/spec_helper.rb +3 -0
- data/spec/support/hello_world_3.2.13/app/helpers/application_helper.rb +8 -0
- data/spec/support/hello_world_3.2.13/app/models/test.rb +3 -0
- metadata +69 -63
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'codesake/dawn/kb/owasp_ror_cheatsheet/command_injection'
|
2
|
+
require 'codesake/dawn/kb/owasp_ror_cheatsheet/csrf'
|
3
|
+
require 'codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database'
|
4
|
+
require 'codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model'
|
5
|
+
require 'codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers'
|
6
|
+
|
7
|
+
module Codesake
|
8
|
+
module Dawn
|
9
|
+
module Kb
|
10
|
+
class OwaspRorCheatsheet
|
11
|
+
include ComboCheck
|
12
|
+
|
13
|
+
def initialize
|
14
|
+
message = "This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from rails core. The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, those unfamiliar with the inner-workings of Rails, likely need a basic set of guidelines to secure fundamental aspects of their application. The intended purpose of this doc is to be that guide."
|
15
|
+
|
16
|
+
super({
|
17
|
+
:name=>"Owasp Ror Cheatsheet",
|
18
|
+
:applies=>["rails"],
|
19
|
+
:kind=>Codesake::Dawn::KnowledgeBase::COMBO_CHECK,
|
20
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
21
|
+
:checks=>[
|
22
|
+
Codesake::Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new,
|
23
|
+
Codesake::Dawn::Kb::OwaspRorCheatSheet::Csrf.new,
|
24
|
+
Codesake::Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
|
25
|
+
Codesake::Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new,
|
26
|
+
Codesake::Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new,
|
27
|
+
|
28
|
+
|
29
|
+
],
|
30
|
+
:vuln_if_all_fails => false
|
31
|
+
})
|
32
|
+
|
33
|
+
@debug = true
|
34
|
+
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
module OwaspRorCheatSheet
|
5
|
+
class CommandInjection
|
6
|
+
include PatternMatchCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Ruby offers a function called “eval” which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>"Owasp Ror CheatSheet: Command Injection",
|
13
|
+
:kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
14
|
+
:applies=>["rails"],
|
15
|
+
:glob=>"*.rb",
|
16
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
17
|
+
:message=>message,
|
18
|
+
:attack_pattern => ["eval", "System", "\`", "Kernel.exec"]
|
19
|
+
})
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
module OwaspRorCheatSheet
|
5
|
+
class Csrf
|
6
|
+
include PatternMatchCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>"Owasp Ror CheatSheet: Cross Site Request Forgery",
|
13
|
+
:kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
14
|
+
:applies=>["rails"],
|
15
|
+
:glob=>"application_controller.rb",
|
16
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
17
|
+
:message=>message,
|
18
|
+
:attack_pattern => ["protect_from_forgery"],
|
19
|
+
:negative_search=>true
|
20
|
+
})
|
21
|
+
# @debug = true
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
module OwaspRorCheatSheet
|
5
|
+
|
6
|
+
class MassAssignmentInModel
|
7
|
+
|
8
|
+
include PatternMatchCheck
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
message = "Although the major issue with Mass Assignment has been fixed by default in base Rails specifically when generating new projects, it still applies to older and upgraded projects so it is important to understand the issue and to ensure that only attributes that are intended to be modifiable are exposed."
|
12
|
+
|
13
|
+
super({
|
14
|
+
:name=>"Owasp Ror CheatSheet: Mass Assignement in model",
|
15
|
+
:kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
16
|
+
:applies=>["rails"],
|
17
|
+
:glob=>"**/model/*.rb",
|
18
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
19
|
+
:message=>message,
|
20
|
+
:attack_pattern => ["attr_accessor"],
|
21
|
+
:negative_search=>true
|
22
|
+
})
|
23
|
+
@debug = true
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
module OwaspRorCheatSheet
|
5
|
+
class SecurityRelatedHeaders
|
6
|
+
include PatternMatchCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the \"default_headers\" functionality that will automatically apply the values supplied. This works for most headers in almost all cases."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>"Owasp Ror CheatSheet: Security Related Headers",
|
13
|
+
:kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
14
|
+
:applies=>["rails"],
|
15
|
+
:glob=>"**/controllers/*.rb",
|
16
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
17
|
+
:message=>message,
|
18
|
+
:attack_pattern => [
|
19
|
+
"response.headers\\['X-Frame-Options'\\] = 'DENY'",
|
20
|
+
"response.headers\\['X-Content-Type-Options'\\] = 'nosniff'",
|
21
|
+
"response.headers\\['X-XSS-Protection'\\] = '1'",
|
22
|
+
"ActionDispatch::Response.default_headers = {
|
23
|
+
'X-Frame-Options' => 'DENY',
|
24
|
+
'X-Content-Type-Options' => 'nosniff',
|
25
|
+
'X-XSS-Protection' => '1;'
|
26
|
+
}"],
|
27
|
+
:negative_search=>true
|
28
|
+
})
|
29
|
+
|
30
|
+
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
module OwaspRorCheatSheet
|
5
|
+
|
6
|
+
class SessionStoredInDatabase
|
7
|
+
include PatternMatchCheck
|
8
|
+
|
9
|
+
def initialize
|
10
|
+
message = "By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session."
|
11
|
+
|
12
|
+
super({
|
13
|
+
:name=>"Owasp Ror CheatSheet: Session management",
|
14
|
+
:kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
15
|
+
:applies=>["rails"],
|
16
|
+
:glob=>"session_store.rb",
|
17
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
18
|
+
:message=>message,
|
19
|
+
:attack_pattern => ["Application.config.session_store :active_record_store"],
|
20
|
+
:negative_search=>true
|
21
|
+
})
|
22
|
+
@debug = true
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -10,13 +10,22 @@ module Codesake
|
|
10
10
|
attr_reader :attack_pattern
|
11
11
|
attr_accessor :root_dir
|
12
12
|
|
13
|
+
# This attribute is false by default. If true, the vuln? method check
|
14
|
+
# if pattern attack is nor present.
|
15
|
+
attr_reader :negative_search
|
16
|
+
|
13
17
|
def initialize(options={})
|
14
18
|
super(options)
|
15
|
-
@attack_pattern
|
19
|
+
@attack_pattern = options[:attack_pattern]
|
20
|
+
@negative_search = false
|
21
|
+
@negative_search = options[:negative_search] unless options[:negative_search].nil?
|
22
|
+
@glob = "**"
|
23
|
+
@glob = File.join(@glob, options[:glob]) unless options[:glob].nil?
|
16
24
|
end
|
17
25
|
|
18
26
|
def vuln?
|
19
|
-
Dir.glob(File.join("#{root_dir}",
|
27
|
+
Dir.glob(File.join("#{root_dir}", @glob)).each do |filename|
|
28
|
+
debug_me("#{File.basename(__FILE__)}@#{__LINE__}: analyzing #{filename}: search is #{@negative_search}")
|
20
29
|
matches = []
|
21
30
|
begin
|
22
31
|
matches = run(load_file(filename)) if File.exists?(filename) and File.file?(filename) and ! File.binary?(filename)
|
@@ -25,7 +34,16 @@ module Codesake
|
|
25
34
|
end
|
26
35
|
@evidences << {:filename=>filename, :matches=>matches} unless matches.empty?
|
27
36
|
end
|
28
|
-
|
37
|
+
|
38
|
+
ret_value = ! @evidences.empty? unless @negative_search
|
39
|
+
ret_value = @evidences.empty? if @negative_search
|
40
|
+
|
41
|
+
debug_me("#{File.basename(__FILE__)}@#{__LINE__}: evidences #=> #{@evidences}")
|
42
|
+
debug_me("#{File.basename(__FILE__)}@#{__LINE__}: ret_value #=> #{ret_value}")
|
43
|
+
|
44
|
+
@status = ret_value
|
45
|
+
|
46
|
+
return ret_value
|
29
47
|
end
|
30
48
|
|
31
49
|
private
|
@@ -21,32 +21,56 @@ module Codesake
|
|
21
21
|
vv_a << ss[:version]
|
22
22
|
vv_p << ss[:patchlevel].split("p")[1].to_i
|
23
23
|
end
|
24
|
+
|
24
25
|
vengine = self.is_vulnerable_engine?(detected_ruby[:engine], vv_e)
|
25
26
|
vv = self.is_vulnerable_version?(detected_ruby[:version], vv_a)
|
27
|
+
ve = false
|
28
|
+
|
29
|
+
ve = self.is_same_version?(detected_ruby[:version], vv_a)
|
30
|
+
vp = is_vulnerable_patchlevel?(detected_ruby[:patchlevel], detected_ruby[:version])
|
31
|
+
|
32
|
+
# XXX Debug statements to be replaced with logger call
|
33
|
+
debug_me("D:#{self.name}, VENGINE=#{vengine}, VV=#{vv}, VE=#{ve}, VP=#{vp}->#{vv && vengine}, #{(ve && vp && vengine )}")
|
34
|
+
debug_me("S:#{@safe_rubies}")
|
35
|
+
debug_me("DD:#{@detected_ruby}")
|
36
|
+
|
37
|
+
|
38
|
+
if ( vv && vengine)
|
39
|
+
@status = vp if ve
|
40
|
+
@status = true unless ve
|
41
|
+
else
|
42
|
+
@status = (ve && vp && vengine )
|
43
|
+
end
|
26
44
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
vp = is_vulnerable_patchlevel?(detected_ruby[:patchlevel], vv_p) if ve
|
45
|
+
debug_me("STATUS:#{@status}")
|
46
|
+
|
47
|
+
return @status
|
31
48
|
|
32
|
-
return true if ( vv
|
33
|
-
return (ve
|
49
|
+
# return true if ( vv && vengine )
|
50
|
+
# return (ve && vp && vengine )
|
34
51
|
end
|
35
52
|
|
36
53
|
def is_vulnerable_engine?(target, fixes = [])
|
37
54
|
fixes.each do |f|
|
38
55
|
return true if f == target
|
39
56
|
end
|
57
|
+
false
|
40
58
|
end
|
41
59
|
|
42
60
|
def is_same_version?(target, fixes = [])
|
43
61
|
fixes.each do |f|
|
62
|
+
debug_me("F=#{f}, TARGET=#{target}")
|
44
63
|
return true if f == target
|
45
64
|
end
|
46
65
|
false
|
47
66
|
end
|
48
67
|
|
49
|
-
def is_vulnerable_patchlevel?(target,
|
68
|
+
def is_vulnerable_patchlevel?(target, version)
|
69
|
+
fixes = []
|
70
|
+
@safe_rubies.each do |ss|
|
71
|
+
fixes << ss[:patchlevel].split("p")[1].to_i if ss[:version] == version
|
72
|
+
end
|
73
|
+
|
50
74
|
t = target.split("p")[1].to_i
|
51
75
|
fixes.each do |f|
|
52
76
|
return true if f > t
|
@@ -3,16 +3,26 @@ require "codesake/dawn/kb/basic_check"
|
|
3
3
|
require "codesake/dawn/kb/pattern_match_check"
|
4
4
|
require "codesake/dawn/kb/dependency_check"
|
5
5
|
require "codesake/dawn/kb/ruby_version_check"
|
6
|
+
require "codesake/dawn/kb/operating_system_check"
|
7
|
+
require "codesake/dawn/kb/combo_check"
|
6
8
|
|
7
9
|
# Q&A related checks
|
8
10
|
require "codesake/dawn/kb/not_revised_code"
|
11
|
+
require "codesake/dawn/kb/owasp_ror_cheatsheet"
|
12
|
+
|
13
|
+
# CVE - 2010
|
14
|
+
require "codesake/dawn/kb/cve_2010_1330"
|
9
15
|
|
10
16
|
# CVE - 2011
|
17
|
+
require "codesake/dawn/kb/cve_2011_0446"
|
11
18
|
require "codesake/dawn/kb/cve_2011_0447"
|
19
|
+
require "codesake/dawn/kb/cve_2011_0995"
|
12
20
|
require "codesake/dawn/kb/cve_2011_2197"
|
21
|
+
require "codesake/dawn/kb/cve_2011_2929"
|
13
22
|
require "codesake/dawn/kb/cve_2011_2931"
|
14
23
|
require "codesake/dawn/kb/cve_2011_2932"
|
15
24
|
require "codesake/dawn/kb/cve_2011_3186"
|
25
|
+
require "codesake/dawn/kb/cve_2011_4815"
|
16
26
|
|
17
27
|
# CVE - 2012
|
18
28
|
require "codesake/dawn/kb/cve_2012_1099"
|
@@ -22,14 +32,17 @@ require "codesake/dawn/kb/cve_2012_2660"
|
|
22
32
|
require "codesake/dawn/kb/cve_2012_2661"
|
23
33
|
require "codesake/dawn/kb/cve_2012_2694"
|
24
34
|
require "codesake/dawn/kb/cve_2012_2695"
|
35
|
+
require "codesake/dawn/kb/cve_2012_3424"
|
25
36
|
require "codesake/dawn/kb/cve_2012_3463"
|
26
37
|
require "codesake/dawn/kb/cve_2012_3464"
|
27
38
|
require "codesake/dawn/kb/cve_2012_3465"
|
28
39
|
require "codesake/dawn/kb/cve_2012_4464"
|
29
40
|
require "codesake/dawn/kb/cve_2012_4466"
|
30
41
|
require "codesake/dawn/kb/cve_2012_4481"
|
42
|
+
require "codesake/dawn/kb/cve_2012_4522"
|
31
43
|
require "codesake/dawn/kb/cve_2012_5370"
|
32
44
|
require "codesake/dawn/kb/cve_2012_5371"
|
45
|
+
require "codesake/dawn/kb/cve_2012_5380"
|
33
46
|
require "codesake/dawn/kb/cve_2012_6134"
|
34
47
|
require "codesake/dawn/kb/cve_2012_6496"
|
35
48
|
require "codesake/dawn/kb/cve_2012_6497"
|
@@ -75,6 +88,8 @@ module Codesake
|
|
75
88
|
DEPENDENCY_CHECK = :dependency_check
|
76
89
|
PATTERN_MATCH_CHECK = :pattern_match_check
|
77
90
|
RUBY_VERSION_CHECK = :ruby_version_check
|
91
|
+
OS_CHECK = :os_check
|
92
|
+
COMBO_CHECK = :combo_check
|
78
93
|
|
79
94
|
def initialize
|
80
95
|
@security_checks = Codesake::Dawn::KnowledgeBase.load_security_checks
|
@@ -125,11 +140,17 @@ module Codesake
|
|
125
140
|
def self.load_security_checks
|
126
141
|
[
|
127
142
|
Codesake::Dawn::Kb::NotRevisedCode.new,
|
143
|
+
Codesake::Dawn::Kb::OwaspRorCheatsheet.new,
|
144
|
+
Codesake::Dawn::Kb::CVE_2010_1330.new,
|
145
|
+
Codesake::Dawn::Kb::CVE_2011_0446.new,
|
128
146
|
Codesake::Dawn::Kb::CVE_2011_0447.new,
|
147
|
+
Codesake::Dawn::Kb::CVE_2011_0995.new,
|
129
148
|
Codesake::Dawn::Kb::CVE_2011_2197.new,
|
149
|
+
Codesake::Dawn::Kb::CVE_2011_2929.new,
|
130
150
|
Codesake::Dawn::Kb::CVE_2011_2931.new,
|
131
151
|
Codesake::Dawn::Kb::CVE_2011_2932.new,
|
132
152
|
Codesake::Dawn::Kb::CVE_2011_3186.new,
|
153
|
+
Codesake::Dawn::Kb::CVE_2011_4815.new,
|
133
154
|
Codesake::Dawn::Kb::CVE_2012_1099.new,
|
134
155
|
Codesake::Dawn::Kb::CVE_2012_1241.new,
|
135
156
|
Codesake::Dawn::Kb::CVE_2012_2140.new,
|
@@ -137,14 +158,17 @@ module Codesake
|
|
137
158
|
Codesake::Dawn::Kb::CVE_2012_2661.new,
|
138
159
|
Codesake::Dawn::Kb::CVE_2012_2694.new,
|
139
160
|
Codesake::Dawn::Kb::CVE_2012_2695.new,
|
161
|
+
Codesake::Dawn::Kb::CVE_2012_3424.new,
|
140
162
|
Codesake::Dawn::Kb::CVE_2012_3463.new,
|
141
163
|
Codesake::Dawn::Kb::CVE_2012_3464.new,
|
142
164
|
Codesake::Dawn::Kb::CVE_2012_3465.new,
|
143
165
|
Codesake::Dawn::Kb::CVE_2012_4464.new,
|
144
166
|
Codesake::Dawn::Kb::CVE_2012_4466.new,
|
145
167
|
Codesake::Dawn::Kb::CVE_2012_4481.new,
|
168
|
+
Codesake::Dawn::Kb::CVE_2012_4522.new,
|
146
169
|
Codesake::Dawn::Kb::CVE_2012_5370.new,
|
147
170
|
Codesake::Dawn::Kb::CVE_2012_5371.new,
|
171
|
+
Codesake::Dawn::Kb::CVE_2012_5380.new,
|
148
172
|
Codesake::Dawn::Kb::CVE_2012_6134.new,
|
149
173
|
Codesake::Dawn::Kb::CVE_2012_6496.new,
|
150
174
|
Codesake::Dawn::Kb::CVE_2012_6497.new,
|
@@ -13,6 +13,7 @@ module Codesake
|
|
13
13
|
super(dir, "sinatra")
|
14
14
|
@appname = detect_appname(self.target)
|
15
15
|
error! if self.appname == ""
|
16
|
+
@views = detect_views
|
16
17
|
@sinks = detect_sinks(self.appname) unless self.appname == ""
|
17
18
|
@reflected_xss = detect_reflected_xss unless self.appname == ""
|
18
19
|
end
|
@@ -107,8 +108,7 @@ module Codesake
|
|
107
108
|
end
|
108
109
|
|
109
110
|
def detect_views
|
110
|
-
build_view_array(File.join(self.target, "views")) if File.exist?(File.join(self.target, "views"))
|
111
|
-
[]
|
111
|
+
return build_view_array(File.join(self.target, "views")) if File.exist?(File.join(self.target, "views"))
|
112
112
|
end
|
113
113
|
|
114
114
|
# e = Haml::Engine.new(File.read(template))
|
@@ -313,5 +313,52 @@ describe "The Codesake Dawn knowledge base" do
|
|
313
313
|
sc.class.should == Codesake::Dawn::Kb::CVE_2012_6497
|
314
314
|
end
|
315
315
|
|
316
|
+
it "must have test for CVE-2010-1330" do
|
317
|
+
sc = kb.find("CVE-2010-1330")
|
318
|
+
sc.should_not be_nil
|
319
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2010_1330
|
320
|
+
end
|
321
|
+
|
322
|
+
it "must have test for CVE-2011-0446" do
|
323
|
+
sc = kb.find("CVE-2011-0446")
|
324
|
+
sc.should_not be_nil
|
325
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_0446
|
326
|
+
end
|
327
|
+
|
328
|
+
it "must have test for CVE-2011-0995" do
|
329
|
+
sc = kb.find("CVE-2011-0995")
|
330
|
+
sc.should_not be_nil
|
331
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_0995
|
332
|
+
end
|
333
|
+
|
334
|
+
it "must have test for CVE-2011-2929" do
|
335
|
+
sc = kb.find("CVE-2011-2929")
|
336
|
+
sc.should_not be_nil
|
337
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_2929
|
338
|
+
end
|
339
|
+
|
340
|
+
it "must have test for CVE-2011-4815" do
|
341
|
+
sc = kb.find("CVE-2011-4815")
|
342
|
+
sc.should_not be_nil
|
343
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_4815
|
344
|
+
end
|
345
|
+
|
346
|
+
it "must have test for CVE-2012-3424" do
|
347
|
+
sc = kb.find("CVE-2012-3424")
|
348
|
+
sc.should_not be_nil
|
349
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_3424
|
350
|
+
end
|
351
|
+
|
352
|
+
it "must have test for CVE-2012-5380" do
|
353
|
+
sc = kb.find("CVE-2012-5380")
|
354
|
+
sc.should_not be_nil
|
355
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_5380
|
356
|
+
end
|
357
|
+
|
358
|
+
it "must have test for CVE-2012-4522" do
|
359
|
+
sc = kb.find("CVE-2012-4522")
|
360
|
+
sc.should_not be_nil
|
361
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_4522
|
362
|
+
end
|
316
363
|
|
317
364
|
end
|