codesake-dawn 0.50 → 0.60
Sign up to get free protection for your applications and to get access to all the features.
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/Competitive_matrix.md +148 -0
- data/README.md +105 -14
- data/Rakefile +24 -17
- data/Roadmap.md +166 -9
- data/TODO.md +59 -0
- data/bin/dawn +60 -7
- data/codesake_dawn.gemspec +4 -1
- data/features/dawn_complains_about_an_incorrect_command_line.feature +21 -0
- data/features/dawn_scan_a_secure_sinatra_app.feature +31 -0
- data/features/step_definition/dawn_steps.rb +13 -0
- data/features/support/env.rb +1 -0
- data/lib/codesake/dawn/engine.rb +30 -1
- data/lib/codesake/dawn/kb/basic_check.rb +37 -1
- data/lib/codesake/dawn/kb/cve_2011_2931.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2012_2660.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2012_2661.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2012_2694.rb +2 -1
- data/lib/codesake/dawn/kb/cve_2012_2695.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2012_3465.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2012_6496.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2012_6497.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2013_0155.rb +2 -1
- data/lib/codesake/dawn/kb/cve_2013_0156.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_0175.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_0233.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2013_0269.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2013_0276.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_0277.rb +27 -0
- data/lib/codesake/dawn/kb/cve_2013_0284.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_0285.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_0333.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2013_1655.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2013_1656.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_1800.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2013_1801.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_1802.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_1821.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_1854.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2013_1855.rb +11 -4
- data/lib/codesake/dawn/kb/cve_2013_1856.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2013_1857.rb +11 -4
- data/lib/codesake/dawn/kb/cve_2013_1875.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_1898.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_1911.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_1933.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_1947.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_1948.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_2615.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_2616.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_2617.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_3221.rb +29 -0
- data/lib/codesake/dawn/kb/dependency_check.rb +21 -4
- data/lib/codesake/dawn/kb/pattern_match_check.rb +1 -0
- data/lib/codesake/dawn/kb/ruby_version_check.rb +50 -0
- data/lib/codesake/dawn/knowledge_base.rb +59 -8
- data/lib/codesake/dawn/version.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +130 -0
- data/spec/lib/dawn/codesake_rails_engine_spec.rb +12 -0
- data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +4 -0
- data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +35 -0
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +39 -0
- data/spec/spec_helper.rb +1 -1
- metadata +100 -38
- data/.rvmrc +0 -48
- data/spec/lib/kb/codesake_cve_2013_1800_spec.rb +0 -66
- data/spec/lib/kb/codesake_cve_2013_1855_spec.rb +0 -16
- data/spec/lib/kb/cve_2011_2931_spec.rb +0 -7
- data/spec/lib/kb/cve_2012_2660_spec.rb +0 -9
- data/spec/lib/kb/cve_2012_2661_spec.rb +0 -7
- data/spec/lib/kb/cve_2012_2694_spec.rb +0 -7
- data/spec/lib/kb/cve_2012_2695_spec.rb +0 -7
- data/spec/lib/kb/cve_2012_3465_spec.rb +0 -7
- data/spec/lib/kb/cve_2012_6496_spec.rb +0 -7
- data/spec/lib/kb/cve_2012_6497_spec.rb +0 -7
- data/spec/lib/kb/cve_2013_0155_spec.rb +0 -7
- data/spec/lib/kb/cve_2013_0269_spec.rb +0 -7
- data/spec/lib/kb/cve_2013_0333_spec.rb +0 -7
- data/spec/lib/kb/cve_2013_1857_spec.rb +0 -13
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
codesake
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby-1.9.3-p429
|
@@ -0,0 +1,148 @@
|
|
1
|
+
# Competitive matrix between dawn and other security static code scanners
|
2
|
+
|
3
|
+
This is the point where I try to answer the very good question: _dawn? it is a
|
4
|
+
great tool but which are the differences between it and ( put your favorite
|
5
|
+
tool here )?_
|
6
|
+
|
7
|
+
Of course, as you may wonder, I'm the dawn author so I can be less impartial
|
8
|
+
than a third party review that it is strongly encouraged and that it will put
|
9
|
+
linked to this page (even in case you will make criticisms to my tool)
|
10
|
+
|
11
|
+
## The competitors
|
12
|
+
|
13
|
+
As [@presidentbeef](https://twitter.com/presidentbeef) pointed me out, there
|
14
|
+
are a couple of security source code static analyzers (lets'call them SAST from
|
15
|
+
this point) supporting ruby.
|
16
|
+
|
17
|
+
* [brakeman scanner](http://brakemanscanner.org/)
|
18
|
+
* [Excellent](https://github.com/simplabs/excellent)
|
19
|
+
* [ror-sec-scanner](http://gitorious.org/code-scanner/ror-sec-scanner/)
|
20
|
+
* [Scanny](https://github.com/openSUSE/scanny)
|
21
|
+
* [dawn](https://github.com/codesake/codesake\_dawn)
|
22
|
+
|
23
|
+
### Brakeman
|
24
|
+
|
25
|
+
[Brakeman](http://brakemanscanner.org) is a good tool, it is mature and it is
|
26
|
+
widespread among the community. It's approaching the second major release of
|
27
|
+
its history.
|
28
|
+
|
29
|
+
It is born to support [Ruby on Rails](http://rubyonrails.org) written web
|
30
|
+
applications.
|
31
|
+
|
32
|
+
### Dawn
|
33
|
+
|
34
|
+
Dawn is born to support the application security startup I'm building,
|
35
|
+
[codesake.com](http://codesake.com). Since community gives me a lot in all
|
36
|
+
these years, the statica analyzer will be opensource and **I won't change this
|
37
|
+
decision, ever**.
|
38
|
+
|
39
|
+
Dawn supports web applications written using
|
40
|
+
[Ruby on Rails](http://rubyonrails.org), [Sinatra](http://sinatrarb.com) and
|
41
|
+
[Padrino](http://padrinorb.com)
|
42
|
+
|
43
|
+
Since a lot of javascript code is used in the web applications nowadays, I'll
|
44
|
+
introduce a preliminary support for javascript before launching version 1.0.
|
45
|
+
Javascript support it will be focused on checking for reflected and DOM based
|
46
|
+
Cross site scripting attacks.
|
47
|
+
|
48
|
+
In a future (on version 1.5 accordingly to the Roadmap), node.js written web
|
49
|
+
applications will be supported as well.
|
50
|
+
|
51
|
+
## The comparison
|
52
|
+
|
53
|
+
### Basic features
|
54
|
+
|
55
|
+
|Feature | Dawn | Brakeman | Excellent | ror-sec-scanner | Scanny |
|
56
|
+
|-----------------------|---------------|-------------------|-------------|-------------------|-------------|
|
57
|
+
| Version | 0.51 | 1.9.5 | | | |
|
58
|
+
| Production ready? | NO | YES | | | |
|
59
|
+
| Sinatra support | YES | NO | | | |
|
60
|
+
| Padrino support | NO *planned* | NO | | | |
|
61
|
+
| Rails support | YES | YES | | | |
|
62
|
+
| Node.js support | NO *planned* | NO | | | |
|
63
|
+
| Plain text output | YES | YES | | | |
|
64
|
+
| Json output | YES | YES | | | |
|
65
|
+
| HTML output | NO | YES | | | |
|
66
|
+
|
67
|
+
### CVE security checks
|
68
|
+
|
69
|
+
| CVE Check | Dawn | Brakeman | Excellent | ror-sec-scanner | Scanny |
|
70
|
+
|-----------------------|---------------|-------------------|-------------|-------------------|-------------|
|
71
|
+
| CVE-2011-2931 | YES | YES | | | |
|
72
|
+
| CVE-2012-2660 | YES | YES | | | |
|
73
|
+
| CVE-2012-2661 | YES | YES | | | |
|
74
|
+
| CVE-2012-2694 | YES | YES | | | |
|
75
|
+
| CVE-2012-2695 | YES | YES | | | |
|
76
|
+
| CVE-2012-3465 | YES | YES | | | |
|
77
|
+
| CVE-2012-3464 | NO | YES | | | |
|
78
|
+
| CVE-2012-3463 | NO | YES | | | |
|
79
|
+
| CVE-2012-6496 | YES | NO | | | |
|
80
|
+
| CVE-2012-5664 | NO | YES | | | |
|
81
|
+
| CVE-2012-6497 | YES | NO | | | |
|
82
|
+
| CVE-2013-1855 | YES | YES | | | |
|
83
|
+
| CVE-2013-1800 | YES | NO | | | |
|
84
|
+
| CVE-2013-0333 | YES | YES | | | |
|
85
|
+
| CVE-2013-0269 | YES | YES | | | |
|
86
|
+
| CVE-2013-1857 | YES | YES | | | |
|
87
|
+
| CVE-2013-0155 | YES | YES | | | |
|
88
|
+
| CVE-2013-0333 | YES | YES | | | |
|
89
|
+
| CVE-2011-0447 | NO | YES | | | |
|
90
|
+
| CVE-2011-0446 | NO | YES | | | |
|
91
|
+
| CVE-2013-1854 | YES | YES | | | |
|
92
|
+
| CVE-2013-1856 | YES | YES | | | |
|
93
|
+
| CVE-2013-0276 | YES | YES | | | |
|
94
|
+
| CVE-2013-0277 | YES | YES | | | |
|
95
|
+
| CVE-2013-0156 | YES | YES | | | |
|
96
|
+
| CVE-2013-2090 [0] | NO | NO | | | |
|
97
|
+
| CVE-2013-2615 | YES | NO | | | |
|
98
|
+
| CVE-2013-1875 | YES | NO | | | |
|
99
|
+
| CVE-2013-1655 | YES | NO | | | |
|
100
|
+
| CVE-2013-1656 | YES | NO | | | |
|
101
|
+
| CVE-2013-0175 | YES | NO | | | |
|
102
|
+
| CVE-2013-0233 | YES | NO | | | |
|
103
|
+
| CVE-2013-0284 | YES | NO | | | |
|
104
|
+
| CVE-2013-0285 | YES | NO | | | |
|
105
|
+
| CVE-2013-1801 | YES | NO | | | |
|
106
|
+
| CVE-2013-1802 | YES | NO | | | |
|
107
|
+
| CVE-2013-1821 | YES | NO | | | |
|
108
|
+
| CVE-2013-1898 | YES | NO | | | |
|
109
|
+
| CVE-2013-1911 | YES | NO | | | |
|
110
|
+
| CVE-2013-1933 | YES | NO | | | |
|
111
|
+
| CVE-2013-1947 | YES | NO | | | |
|
112
|
+
| CVE-2013-1948 | YES | NO | | | |
|
113
|
+
| CVE-2013-2616 | YES | NO | | | |
|
114
|
+
| CVE-2013-2617 | YES | NO | | | |
|
115
|
+
| CVE-2013-3221 | YES | NO | | | |
|
116
|
+
|
117
|
+
[0] This CVE must be confirmed
|
118
|
+
|
119
|
+
### Quality checks
|
120
|
+
|
121
|
+
| Quality check | Dawn | Brakeman | Excellent | ror-sec-scanner | Scanny |
|
122
|
+
|-----------------------|---------------|-------------------|-------------|-------------------|-------------|
|
123
|
+
| Not revised code | YES | NO | | | |
|
124
|
+
|
125
|
+
|
126
|
+
### Application specific security checks
|
127
|
+
|
128
|
+
| Security check | Dawn | Brakeman | Excellent | ror-sec-scanner | Scanny |
|
129
|
+
|-----------------------------|---------------|------------|-------------|-------------------|-------------|
|
130
|
+
| Reflected XSS | NO | YES | | | |
|
131
|
+
| Stored XSS | NO | YES | | | |
|
132
|
+
| DOM Based XSS | NO | NO | | | |
|
133
|
+
| SQL injection | NO | YES | | | |
|
134
|
+
| Broken authentication | NO | NO | | | |
|
135
|
+
| Insecure object reference | NO | NO | | | |
|
136
|
+
| CSRF | NO | YES [1] | | | |
|
137
|
+
|
138
|
+
[1] Brakeman warns if an application does not use protect_from_forgery, but it
|
139
|
+
doesn't warn about vulnerable forms (e.g. those not using view helpers) -
|
140
|
+
[@presidentbeef](https://github.com/codesake/codesake_dawn/issues/2)
|
141
|
+
|
142
|
+
## Third party reviews
|
143
|
+
|
144
|
+
If you blogged, twitted or in any case if you compare dawn with other SAST
|
145
|
+
available out there supporting ruby, please tell me and I'll add your review
|
146
|
+
here.
|
147
|
+
|
148
|
+
|
data/README.md
CHANGED
@@ -1,25 +1,44 @@
|
|
1
1
|
# Codesake::Dawn - code review engine for ruby powered code
|
2
2
|
|
3
|
-
This is an ongoing roadmap for the dawn source code review tool.
|
4
|
-
|
5
3
|
Dawn is a static analysis security scanner for ruby written web applications.
|
6
4
|
It supports [Sinatra](http://www.sinatrarb.com),
|
7
5
|
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
8
6
|
frameworks.
|
9
7
|
|
8
|
+
## Useful links
|
9
|
+
|
10
|
+
www: [http://codesake.com](http://codesake.com)
|
11
|
+
|
12
|
+
twitter: [https://twitter.com/codesake](https://twitter.com/codesake) #dawn hashtag
|
13
|
+
|
14
|
+
github: [https://github.com/codesake/codesake\_dawn](https://github.com/codesake/codesake\_dawn)
|
15
|
+
|
10
16
|
## Installation
|
11
17
|
|
12
|
-
|
18
|
+
You can install dawn, directly using [Rubygems](https://rubygems.org) by typing:
|
13
19
|
|
14
|
-
gem '
|
20
|
+
gem 'codesake-dawn'
|
15
21
|
|
16
|
-
|
22
|
+
If you want to add dawn to your project Gemfile, you must add the following:
|
23
|
+
|
24
|
+
group :development do
|
25
|
+
gem 'codesake-dawn', :require=>false
|
26
|
+
end
|
17
27
|
|
18
|
-
|
28
|
+
And then upgrade your bundle
|
19
29
|
|
20
|
-
|
30
|
+
$ bundle install
|
21
31
|
|
22
|
-
|
32
|
+
You may want to build it from source, so you have to check it out from github first:
|
33
|
+
|
34
|
+
$ git clone https://github.com/codesake/codesake_dawn/codesake_dawn.git
|
35
|
+
$ cd codesake_dawn
|
36
|
+
$ rake install
|
37
|
+
|
38
|
+
And the codesake-dawn gem will be built in a pkg directory and then installed
|
39
|
+
on your system. Please note that you have to manage dependencies on your own
|
40
|
+
this way. It makes sense only if you want to hack the code or something like
|
41
|
+
that.
|
23
42
|
|
24
43
|
## Usage
|
25
44
|
|
@@ -35,6 +54,55 @@ dawn command line is in this form with options and the target.
|
|
35
54
|
$ dawn [options] target
|
36
55
|
```
|
37
56
|
|
57
|
+
The options you can specify tell down the MVC used in your application and some
|
58
|
+
triggers you may want to be active during the scan.
|
59
|
+
|
60
|
+
### Scanning a Sinatra web application
|
61
|
+
|
62
|
+
dawn will scan application stored in hello_world directory which is a Sinatra application
|
63
|
+
|
64
|
+
```
|
65
|
+
$ dawn -s hello_world
|
66
|
+
```
|
67
|
+
|
68
|
+
### Scanning a Ruby on Rails web application
|
69
|
+
|
70
|
+
dawn will scan application stored in hello_world directory which is a Ruby on Rails application
|
71
|
+
|
72
|
+
```
|
73
|
+
$ dawn -r hello_world
|
74
|
+
```
|
75
|
+
|
76
|
+
### Scanning a Padrino web application
|
77
|
+
|
78
|
+
dawn will scan application stored in hello_world directory which is a Padrino application
|
79
|
+
|
80
|
+
```
|
81
|
+
$ dawn -p hello_world
|
82
|
+
```
|
83
|
+
|
84
|
+
### As output you get
|
85
|
+
|
86
|
+
As output, dawn will put all security checks that are failed during the scan.
|
87
|
+
In example, this is the output of a scan performed over a very simple Sinatra
|
88
|
+
application:
|
89
|
+
|
90
|
+
```
|
91
|
+
$ bundle exec bin/dawn -s target
|
92
|
+
|
93
|
+
[*] dawn v0.51 (C) 2013 - paolo@armoredcode.com is starting up at 08:09:11
|
94
|
+
08:09:11: scanning target
|
95
|
+
08:09:11: sinatra vsinatra 1.4.2 detected
|
96
|
+
08:09:11: applying all security checks
|
97
|
+
08:09:11 [*] all security checks applied
|
98
|
+
08:09:11: 1 vulnerabilities found
|
99
|
+
08:09:11 [!] CVE-2013-1800 failed
|
100
|
+
08:09:11: Description: The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
|
101
|
+
08:09:11: Solution: Please use crack gem version 0.3.2 or above. Correct your gemfile
|
102
|
+
08:09:11 [!] Evidence:
|
103
|
+
08:09:11 [!] Vulnerable crack gem version found: 0.3.1
|
104
|
+
[*] dawn is shutting down at 08:09:11
|
105
|
+
```
|
38
106
|
|
39
107
|
|
40
108
|
You can also dump all security checks in the knowledge base by using the -k
|
@@ -44,11 +112,34 @@ flag:
|
|
44
112
|
$ dawn -k|--list-knowledge-base
|
45
113
|
```
|
46
114
|
|
115
|
+
## Thanks to
|
116
|
+
|
117
|
+
[saten](https://github.com/saten): first issue posted about a typo in the README
|
118
|
+
|
119
|
+
[presidentbeef](https://githbu.com/presidentbeef): for his outstanding work that inspired me creating dawn and for double check comparison matrix. Issue #2 is your :)
|
120
|
+
|
121
|
+
## LICENSE
|
122
|
+
|
123
|
+
Copyright (c) 2013 Paolo Perego
|
124
|
+
|
125
|
+
MIT License
|
126
|
+
|
127
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
128
|
+
a copy of this software and associated documentation files (the
|
129
|
+
"Software"), to deal in the Software without restriction, including
|
130
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
131
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
132
|
+
permit persons to whom the Software is furnished to do so, subject to
|
133
|
+
the following conditions:
|
134
|
+
|
135
|
+
The above copyright notice and this permission notice shall be
|
136
|
+
included in all copies or substantial portions of the Software.
|
47
137
|
|
48
|
-
|
138
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
139
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
140
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
141
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
142
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
143
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
144
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
49
145
|
|
50
|
-
1. Fork it
|
51
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
52
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
53
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
54
|
-
5. Create new Pull Request
|
data/Rakefile
CHANGED
@@ -1,12 +1,24 @@
|
|
1
1
|
require "bundler/gem_tasks"
|
2
2
|
require "rspec/core/rake_task"
|
3
|
+
# require "highline/import"
|
4
|
+
|
5
|
+
require 'cucumber'
|
6
|
+
require 'cucumber/rake/task'
|
3
7
|
|
4
8
|
require 'fileutils'
|
5
9
|
require "codesake/dawn/knowledge_base"
|
6
10
|
|
7
|
-
|
11
|
+
Cucumber::Rake::Task.new(:features) do |t|
|
12
|
+
t.cucumber_opts = "features --format pretty -x"
|
13
|
+
t.fork = false
|
14
|
+
end
|
15
|
+
|
16
|
+
RSpec::Core::RakeTask.new do |t|
|
17
|
+
t.rspec_opts = ["--color"]
|
18
|
+
end
|
19
|
+
|
8
20
|
|
9
|
-
task :default => :spec
|
21
|
+
task :default => [ :spec, :features ]
|
10
22
|
task :test => :spec
|
11
23
|
|
12
24
|
desc "Create a new CVE test"
|
@@ -32,12 +44,10 @@ task :new_cve, :name do |t,args|
|
|
32
44
|
file.puts "\t\tmodule Kb"
|
33
45
|
file.puts "\t\t\t# Automatically created with rake on #{Time.now.strftime('%Y-%m-%d')}"
|
34
46
|
file.puts "\t\t\tclass #{class_name}"
|
35
|
-
file.puts "\t\t\t\t#"
|
36
47
|
file.puts "\t\t\t\t# Include the testing skeleton for this CVE"
|
37
48
|
file.puts "\t\t\t\t# include PatternMatchCheck"
|
38
49
|
file.puts "\t\t\t\t# include DependencyCheck"
|
39
|
-
file.puts "\t\t\t\t#"
|
40
|
-
file.puts ""
|
50
|
+
file.puts "\t\t\t\t# include RubyVersionCheck"
|
41
51
|
file.puts ""
|
42
52
|
file.puts "\t\t\t\tdef initialize"
|
43
53
|
file.puts "\t\t\t\tend"
|
@@ -48,17 +58,14 @@ task :new_cve, :name do |t,args|
|
|
48
58
|
end
|
49
59
|
puts "#{rb_filename} created"
|
50
60
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
puts "#{spec_filename} created"
|
61
|
+
puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
|
62
|
+
puts "*** PLEASE ADD THIS CODE IN lib/codesake/dawn/knowledge_base.rb in order to reflect changes"
|
63
|
+
puts "require \"codesake/dawn/kb/#{class_name.downcase}\""
|
64
|
+
puts "it \"must have test for #{name}\" do"
|
65
|
+
puts " sc = kb.find(\"#{name}\")"
|
66
|
+
puts " sc.should_not be_nil"
|
67
|
+
puts " sc.class.should == Codesake::Dawn::Kb::#{class_name}"
|
68
|
+
puts "end"
|
69
|
+
|
61
70
|
|
62
|
-
puts "*** PLEASE ADD #{name} to spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
|
63
|
-
puts "*** PLEASE ADD #{name} to lib/codesake/dawn/knowledge_base.rb in order to reflect changes"
|
64
71
|
end
|
data/Roadmap.md
CHANGED
@@ -1,44 +1,201 @@
|
|
1
1
|
# Codesake Dawn - roadmap
|
2
2
|
|
3
|
-
This is an ongoing roadmap for the dawn source code review tool.
|
4
|
-
|
5
3
|
Dawn is a static analysis security scanner for ruby written web applications.
|
6
4
|
It supports [Sinatra](http://www.sinatrarb.com),
|
7
5
|
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
8
6
|
frameworks.
|
9
7
|
|
10
|
-
This is an ongoing roadmap for the
|
8
|
+
This is an ongoing roadmap for the dawn source code review tool.
|
11
9
|
|
12
|
-
_latest update: Fri May
|
10
|
+
_latest update: Fri 17 May 2013 15:29:55 CEST_
|
13
11
|
|
14
|
-
## Version 0.50 (First public release
|
12
|
+
## Version 0.50 (2013-05-13) - First public release
|
15
13
|
|
16
14
|
* adding test for CVE\_2013\_0269
|
17
15
|
* adding test for CVE\_2013\_0155
|
18
16
|
* adding test for CVE\_2011\_2931
|
19
17
|
* adding test for CVE\_2012\_3465
|
20
18
|
|
21
|
-
## Version 0.60
|
19
|
+
## Version 0.60 (2013-05-28)
|
22
20
|
|
21
|
+
* adding cucumber dependency
|
22
|
+
* adding test for CVE-2013-1854
|
23
|
+
* adding test for CVE-2013-1856
|
24
|
+
* adding test for CVE-2013-0276
|
25
|
+
* adding test for CVE-2013-0277
|
26
|
+
* adding test for CVE-2013-0156
|
27
|
+
* adding test for CVE-2013-2615
|
28
|
+
* adding test for CVE-2013-1875
|
29
|
+
* adding test for CVE-2013-1655
|
30
|
+
* adding test for CVE-2013-1656
|
31
|
+
* adding test for CVE-2013-0175
|
32
|
+
* adding test for CVE-2013-0233
|
33
|
+
* adding test for CVE-2013-0284
|
34
|
+
* adding test for CVE-2013-0285
|
35
|
+
* adding test for CVE-2013-1801
|
36
|
+
* adding test for CVE-2013-1802
|
37
|
+
* adding test for CVE-2013-1821
|
38
|
+
* adding test for CVE-2013-1898
|
39
|
+
* adding test for CVE-2013-1911
|
40
|
+
* adding test for CVE-2013-1933
|
41
|
+
* adding test for CVE-2013-1947
|
42
|
+
* adding test for CVE-2013-1948
|
43
|
+
* adding test for CVE-2013-2616
|
44
|
+
* adding test for CVE-2013-2617
|
45
|
+
* adding test for CVE-2013-3221
|
23
46
|
* make output less verbose. Only vulnerabilities and severity will be shown
|
24
47
|
* adding a '--verbose' option to see also the whole knowledge base info about each findings
|
25
|
-
*
|
48
|
+
* adding a '--output' option
|
49
|
+
* adding a '--count-only' option
|
50
|
+
* support JSON output
|
26
51
|
|
27
52
|
## Version 0.70
|
28
53
|
|
54
|
+
* adding test for CVE-2011-0447
|
55
|
+
* adding test for CVE-2011-3186
|
56
|
+
* adding test for CVE-2012-1099
|
57
|
+
* adding test for CVE-2012-1241
|
58
|
+
* adding test for CVE-2012-2140
|
59
|
+
* adding test for CVE-2012-5370
|
60
|
+
* adding test for CVE-2012-5371
|
61
|
+
* adding test for CVE-2011-2197
|
62
|
+
* adding test for CVE-2011-2932
|
63
|
+
* adding test for CVE-2012-3463
|
64
|
+
* adding test for CVE-2012-3464
|
65
|
+
* adding test for CVE-2012-4464
|
66
|
+
* adding test for CVE-2012-4466
|
67
|
+
* adding test for CVE-2012-4481
|
68
|
+
* adding test for CVE-2012-5664
|
69
|
+
* adding test for CVE-2012-6134
|
29
70
|
* add ruby\_parser dependency
|
71
|
+
* parsing HAML for XSS
|
72
|
+
* write '--help'
|
30
73
|
* support sinatra application controllers parsing for XSS
|
31
|
-
*
|
74
|
+
* Fix issue #1. You can read more about it in TODO.md
|
32
75
|
|
33
76
|
## Version 0.80
|
34
77
|
|
78
|
+
* adding test for CVE-2013-2090 _if CVE will be approved_
|
79
|
+
* adding test for CVE-2010-1330
|
80
|
+
* adding test for CVE-2011-0447
|
81
|
+
* adding test for CVE-2011-0446
|
82
|
+
* adding test for CVE-2011-0995
|
83
|
+
* adding test for CVE-2011-2197
|
84
|
+
* adding test for CVE-2011-2929
|
85
|
+
* adding test for CVE-2011-2932
|
86
|
+
* adding test for CVE-2011-3186
|
87
|
+
* adding test for CVE-2011-4815
|
88
|
+
* adding test for CVE-2012-5370
|
89
|
+
* adding test for CVE-2012-3424
|
90
|
+
* adding test for CVE-2012-1241
|
91
|
+
* adding test for CVE-2012-2140
|
92
|
+
* adding test for CVE-2012-1099
|
93
|
+
* adding test for CVE-2012-5380
|
94
|
+
* adding test for CVE-2012-2694
|
95
|
+
* adding test for CVE-2012-4522
|
96
|
+
* adding test for CVE-2012-3464
|
97
|
+
* adding test for CVE-2012-3463
|
35
98
|
* support sinatra application controllers parsing for SQLi
|
36
99
|
* support rails application controllers parsing for XSS
|
37
|
-
*
|
100
|
+
* parsing ERB for XSS
|
101
|
+
|
102
|
+
## Version 0.90
|
103
|
+
|
104
|
+
* adding test for CVE-2011-3186
|
105
|
+
* adding test for CVE-2011-2197
|
106
|
+
* adding test for CVE-2011-2932
|
107
|
+
* adding test for CVE-2011-0447
|
108
|
+
* adding test for CVE-2011-0995
|
109
|
+
* adding test for CVE-2011-0446
|
110
|
+
* adding test for CVE-2011-2929
|
111
|
+
* adding test for CVE-2011-1005
|
112
|
+
* adding test for CVE-2010-3933
|
113
|
+
* adding test for CVE-2011-4319
|
114
|
+
* adding test for CVE-2011-3009
|
115
|
+
* adding test for CVE-2011-1004
|
116
|
+
* adding test for CVE-2010-3119
|
117
|
+
* adding test for CVE-2011-2930
|
118
|
+
* adding test for CVE-2011-2854
|
119
|
+
* adding test for CVE-2011-3187
|
120
|
+
* adding test for CVE-2011-2686
|
121
|
+
* adding test for CVE-2011-2705
|
122
|
+
* adding test for CVE-2011-0188
|
123
|
+
* adding test for CVE-2011-0446
|
124
|
+
* adding test for CVE-2010-3933
|
125
|
+
* adding test for CVE-2011-0739
|
126
|
+
* adding test for CVE-2010-3928
|
127
|
+
* adding test for CVE-2008-7248
|
128
|
+
* adding test for CVE-2009-4124
|
129
|
+
* adding test for CVE-2010-0541
|
130
|
+
* adding test for CVE-2010-2489
|
131
|
+
* adding test for CVE-2009-3857
|
132
|
+
* adding test for CVE-2009-4078
|
133
|
+
* adding test for CVE-2009-4214
|
134
|
+
* adding test for CVE-2008-4310
|
135
|
+
* adding test for CVE-2009-0161
|
136
|
+
* adding test for CVE-2008-5189
|
137
|
+
* adding test for CVE-2008-3657
|
138
|
+
* adding test for CVE-2008-2376
|
139
|
+
* adding test for CVE-2008-3655
|
140
|
+
* adding test for CVE-2008-1145
|
141
|
+
* adding test for CVE-2008-1891
|
142
|
+
* adding test for CVE-2008-2725
|
143
|
+
* preliminary javascript support
|
144
|
+
* adding test for CVE-2011-4969 XSS in jquery < 1.6.2
|
38
145
|
|
39
146
|
## Version 1.00
|
40
147
|
|
148
|
+
* adding test for CVE-2008-4310
|
149
|
+
* adding test for CVE-2008-3657
|
150
|
+
* adding test for CVE-2008-1891
|
151
|
+
* adding test for CVE-2007-5162
|
152
|
+
* adding test for CVE-2006-5467
|
153
|
+
* adding test for CVE-2004-0983
|
154
|
+
* adding test for CVE-2008-4094
|
155
|
+
* adding test for CVE-2008-1447
|
156
|
+
* adding test for CVE-2007-6612
|
157
|
+
* adding test for CVE-2007-2666
|
158
|
+
* adding test for CVE-2006-4112
|
159
|
+
* adding test for CVE-2008-3905
|
160
|
+
* adding test for CVE-2008-2662
|
161
|
+
* adding test for CVE-2007-6183
|
162
|
+
* adding test for CVE-2007-2383
|
163
|
+
* adding test for CVE-2006-3694
|
164
|
+
* adding test for CVE-2008-3790
|
165
|
+
* adding test for CVE-2008-2663
|
166
|
+
* adding test for CVE-2007-6077
|
167
|
+
* adding test for CVE-2006-6979
|
168
|
+
* adding test for CVE-2007-6183
|
169
|
+
* adding test for CVE-2007-2383
|
170
|
+
* adding test for CVE-2006-3694
|
171
|
+
* adding test for CVE-2007-2666
|
172
|
+
* adding test for CVE-2006-4112
|
173
|
+
* adding test for CVE-2007-5770
|
174
|
+
* adding test for CVE-2007-0469
|
175
|
+
* adding test for CVE-2006-1931
|
176
|
+
* adding test for CVE-2007-5380
|
177
|
+
* adding test for CVE-2006-6303
|
178
|
+
* adding test for CVE-2005-1992
|
179
|
+
* adding test for CVE-2007-6077
|
180
|
+
* adding test for CVE-2006-6979
|
181
|
+
* adding test for CVE-2006-2582
|
182
|
+
* adding test for CVE-2007-5162
|
183
|
+
* adding test for CVE-2006-5467
|
184
|
+
* adding test for CVE-2004-0983
|
185
|
+
* adding test for CVE-2007-5379
|
186
|
+
* adding test for CVE-2006-6852
|
187
|
+
* adding test for CVE-2005-2337
|
188
|
+
* adding test for CVE-2005-1992
|
189
|
+
* adding test for CVE-2004-0755
|
190
|
+
* adding test for CVE-2004-0983
|
41
191
|
* dedicated web site under dawn.codesake.com
|
42
192
|
* support rails application controllers parsing for SQLi
|
43
193
|
* support padrino application controllers parsing for XSS
|
44
194
|
* support padrino application controllers parsing for SQLi
|
195
|
+
* integration with [codesake.com](http://codesake.com) with a public available
|
196
|
+
APIs to be consumed by codesake users.
|
197
|
+
* automatic mitigation patch generation
|
198
|
+
|
199
|
+
## Version 1.50
|
200
|
+
|
201
|
+
* support for node.js
|