codesake-dawn 0.60 → 0.70
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/Competitive_matrix.md +18 -4
- data/README.md +26 -44
- data/Roadmap.md +25 -11
- data/bin/dawn +104 -34
- data/{codesake_dawn.gemspec → codesake-dawn.gemspec} +5 -0
- data/features/dawn_complains_about_an_incorrect_command_line.feature +2 -2
- data/features/dawn_scan_a_secure_sinatra_app.feature +4 -4
- data/features/dawn_scan_a_vulnerable_sinatra_app.feature +36 -0
- data/features/step_definition/dawn_steps.rb +8 -2
- data/lib/codesake-dawn.rb +1 -0
- data/lib/codesake/dawn/core.rb +22 -0
- data/lib/codesake/dawn/engine.rb +66 -1
- data/lib/codesake/dawn/kb/cve_2011_0447.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_2197.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_2932.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_3186.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2012_1099.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_1241.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_2140.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_3463.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_3464.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4464.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4466.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4481.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2012_5370.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_5371.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_6134.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_0333.rb +0 -3
- data/lib/codesake/dawn/kb/cve_2013_1821.rb +1 -1
- data/lib/codesake/dawn/kb/pattern_match_check.rb +4 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +14 -4
- data/lib/codesake/dawn/knowledge_base.rb +30 -0
- data/lib/codesake/dawn/sinatra.rb +105 -0
- data/lib/codesake/dawn/version.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +87 -0
- data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +44 -1
- data/spec/spec_helper.rb +3 -0
- data/spec/support/sinatra-vulnerable/application.rb +6 -0
- data/spec/support/sinatra-vulnerable/disabled.png +0 -0
- data/spec/support/sinatra-vulnerable/views/xss.haml +3 -0
- metadata +91 -15
- data/spec/support/hello_world_3.0.19/.gitignore +0 -4
- data/spec/support/hello_world_3.1.0/.gitignore +0 -5
- data/spec/support/hello_world_3.2.13/.gitignore +0 -15
- data/spec/support/sinatra-safe/.gitignore +0 -6
- data/spec/support/sinatra-vulnerable/.gitignore +0 -6
data/.gitignore
CHANGED
data/Competitive_matrix.md
CHANGED
@@ -54,7 +54,7 @@ applications will be supported as well.
|
|
54
54
|
|
55
55
|
|Feature | Dawn | Brakeman | Excellent | ror-sec-scanner | Scanny |
|
56
56
|
|-----------------------|---------------|-------------------|-------------|-------------------|-------------|
|
57
|
-
| Version | 0.
|
57
|
+
| Version | 0.70 | 1.9.5 | | | |
|
58
58
|
| Production ready? | NO | YES | | | |
|
59
59
|
| Sinatra support | YES | NO | | | |
|
60
60
|
| Padrino support | NO *planned* | NO | | | |
|
@@ -68,14 +68,27 @@ applications will be supported as well.
|
|
68
68
|
|
69
69
|
| CVE Check | Dawn | Brakeman | Excellent | ror-sec-scanner | Scanny |
|
70
70
|
|-----------------------|---------------|-------------------|-------------|-------------------|-------------|
|
71
|
+
| CVE-2011-0447 | YES | NO | | | |
|
72
|
+
| CVE-2011-2197 | YES | NO | | | |
|
71
73
|
| CVE-2011-2931 | YES | YES | | | |
|
74
|
+
| CVE-2011-2932 | YES | NO | | | |
|
75
|
+
| CVE-2011-3186 | YES | NO | | | |
|
76
|
+
| CVE-2012-1099 | YES | NO | | | |
|
77
|
+
| CVE-2012-1241 | YES | NO | | | |
|
78
|
+
| CVE-2012-2140 | YES | NO | | | |
|
72
79
|
| CVE-2012-2660 | YES | YES | | | |
|
73
80
|
| CVE-2012-2661 | YES | YES | | | |
|
74
81
|
| CVE-2012-2694 | YES | YES | | | |
|
75
82
|
| CVE-2012-2695 | YES | YES | | | |
|
83
|
+
| CVE-2012-3463 | YES | YES | | | |
|
84
|
+
| CVE-2012-3464 | YES | YES | | | |
|
76
85
|
| CVE-2012-3465 | YES | YES | | | |
|
77
|
-
| CVE-2012-
|
78
|
-
| CVE-2012-
|
86
|
+
| CVE-2012-4464 | YES | NO | | | |
|
87
|
+
| CVE-2012-4466 | YES | NO | | | |
|
88
|
+
| CVE-2012-4481 | YES | NO | | | |
|
89
|
+
| CVE-2012-5370 | YES | NO | | | |
|
90
|
+
| CVE-2012-5371 | YES | NO | | | |
|
91
|
+
| CVE-2012-6134 | YES | NO | | | |
|
79
92
|
| CVE-2012-6496 | YES | NO | | | |
|
80
93
|
| CVE-2012-5664 | NO | YES | | | |
|
81
94
|
| CVE-2012-6497 | YES | NO | | | |
|
@@ -93,6 +106,7 @@ applications will be supported as well.
|
|
93
106
|
| CVE-2013-0276 | YES | YES | | | |
|
94
107
|
| CVE-2013-0277 | YES | YES | | | |
|
95
108
|
| CVE-2013-0156 | YES | YES | | | |
|
109
|
+
| CVE-2013-2065 [0] | NO | NO | | | |
|
96
110
|
| CVE-2013-2090 [0] | NO | NO | | | |
|
97
111
|
| CVE-2013-2615 | YES | NO | | | |
|
98
112
|
| CVE-2013-1875 | YES | NO | | | |
|
@@ -127,7 +141,7 @@ applications will be supported as well.
|
|
127
141
|
|
128
142
|
| Security check | Dawn | Brakeman | Excellent | ror-sec-scanner | Scanny |
|
129
143
|
|-----------------------------|---------------|------------|-------------|-------------------|-------------|
|
130
|
-
| Reflected XSS |
|
144
|
+
| Reflected XSS | YES (sinatra) | YES | | | |
|
131
145
|
| Stored XSS | NO | YES | | | |
|
132
146
|
| DOM Based XSS | NO | NO | | | |
|
133
147
|
| SQL injection | NO | YES | | | |
|
data/README.md
CHANGED
@@ -5,6 +5,11 @@ It supports [Sinatra](http://www.sinatrarb.com),
|
|
5
5
|
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
6
6
|
frameworks.
|
7
7
|
|
8
|
+
[![Gem Version](https://badge.fury.io/rb/codesake-dawn.png)](http://badge.fury.io/rb/codesake-dawn)
|
9
|
+
[![Build Status](https://travis-ci.org/codesake/codesake_dawn.png?branch=master)](https://travis-ci.org/codesake/codesake_dawn)
|
10
|
+
[![Dependency Status](https://gemnasium.com/codesake/codesake_dawn.png)](https://gemnasium.com/codesake/codesake_dawn)
|
11
|
+
[![Coverage Status](https://coveralls.io/repos/codesake/codesake_dawn/badge.png)](https://coveralls.io/r/codesake/codesake_dawn)
|
12
|
+
|
8
13
|
## Useful links
|
9
14
|
|
10
15
|
www: [http://codesake.com](http://codesake.com)
|
@@ -43,44 +48,18 @@ that.
|
|
43
48
|
## Usage
|
44
49
|
|
45
50
|
You can start your code review with dawn very easily. Simply tell the tool
|
46
|
-
where the project root directory
|
47
|
-
write the web application.
|
51
|
+
where the project root directory.
|
48
52
|
|
49
|
-
|
50
|
-
|
53
|
+
Starting from an unofficial 0.68 release, underlying MVC framework is
|
54
|
+
autodetected by dawn using target Gemfile.lock file. If autodetect fails for
|
55
|
+
some reason, the tool will complain about it and you have to specify if it's a
|
56
|
+
rails, sinatra or padrino web application by hand.
|
51
57
|
|
52
58
|
dawn command line is in this form with options and the target.
|
53
59
|
```
|
54
60
|
$ dawn [options] target
|
55
61
|
```
|
56
62
|
|
57
|
-
The options you can specify tell down the MVC used in your application and some
|
58
|
-
triggers you may want to be active during the scan.
|
59
|
-
|
60
|
-
### Scanning a Sinatra web application
|
61
|
-
|
62
|
-
dawn will scan application stored in hello_world directory which is a Sinatra application
|
63
|
-
|
64
|
-
```
|
65
|
-
$ dawn -s hello_world
|
66
|
-
```
|
67
|
-
|
68
|
-
### Scanning a Ruby on Rails web application
|
69
|
-
|
70
|
-
dawn will scan application stored in hello_world directory which is a Ruby on Rails application
|
71
|
-
|
72
|
-
```
|
73
|
-
$ dawn -r hello_world
|
74
|
-
```
|
75
|
-
|
76
|
-
### Scanning a Padrino web application
|
77
|
-
|
78
|
-
dawn will scan application stored in hello_world directory which is a Padrino application
|
79
|
-
|
80
|
-
```
|
81
|
-
$ dawn -p hello_world
|
82
|
-
```
|
83
|
-
|
84
63
|
### As output you get
|
85
64
|
|
86
65
|
As output, dawn will put all security checks that are failed during the scan.
|
@@ -90,18 +69,17 @@ application:
|
|
90
69
|
```
|
91
70
|
$ bundle exec bin/dawn -s target
|
92
71
|
|
93
|
-
[*] dawn v0.
|
94
|
-
08:
|
95
|
-
08:
|
96
|
-
08:
|
97
|
-
08:
|
98
|
-
08:
|
99
|
-
08:
|
100
|
-
08:
|
101
|
-
08:
|
102
|
-
08:
|
103
|
-
|
104
|
-
[*] dawn is shutting down at 08:09:11
|
72
|
+
[*] dawn v0.67 (C) 2013 - paolo@armoredcode.com is starting up at 08:14:17
|
73
|
+
08:14:17: scanning /Users/thesp0nge/src/hacking/railsberry2013
|
74
|
+
08:14:17: sinatra v1.4.2 detected
|
75
|
+
08:14:17: applying all security checks
|
76
|
+
08:14:17: all security checks applied
|
77
|
+
08:14:17: 1 vulnerabilities found
|
78
|
+
08:14:17 [!] CVE-2013-1800 failed
|
79
|
+
08:14:17: Solution: Please use crack gem version 0.3.2 or above. Correct your gemfile
|
80
|
+
08:14:17 [!] Evidence:
|
81
|
+
08:14:17 [!] Vulnerable crack gem version found: 0.3.1
|
82
|
+
[*] dawn is shutting down at 08:14:17
|
105
83
|
```
|
106
84
|
|
107
85
|
|
@@ -116,7 +94,11 @@ $ dawn -k|--list-knowledge-base
|
|
116
94
|
|
117
95
|
[saten](https://github.com/saten): first issue posted about a typo in the README
|
118
96
|
|
119
|
-
[presidentbeef](https://
|
97
|
+
[presidentbeef](https://github.com/presidentbeef): for his outstanding work that inspired me creating dawn and for double check comparison matrix. Issue #2 is your :)
|
98
|
+
|
99
|
+
[marinerJB](https://github.com/marinerJB): for misc bug reports and further ideas
|
100
|
+
|
101
|
+
[Matteo](https://github.com/matteocollina): for ideas on API and their usage with [github.com](https://github.com) hooks
|
120
102
|
|
121
103
|
## LICENSE
|
122
104
|
|
data/Roadmap.md
CHANGED
@@ -49,7 +49,7 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
|
|
49
49
|
* adding a '--count-only' option
|
50
50
|
* support JSON output
|
51
51
|
|
52
|
-
## Version 0.70
|
52
|
+
## Version 0.70 (2013-06-19)
|
53
53
|
|
54
54
|
* adding test for CVE-2011-0447
|
55
55
|
* adding test for CVE-2011-3186
|
@@ -65,17 +65,20 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
|
|
65
65
|
* adding test for CVE-2012-4464
|
66
66
|
* adding test for CVE-2012-4466
|
67
67
|
* adding test for CVE-2012-4481
|
68
|
-
* adding test for CVE-2012-5664
|
69
68
|
* adding test for CVE-2012-6134
|
69
|
+
* Fix issue #4. PatternMatching complains when applied to binary files. We must
|
70
|
+
skip them
|
70
71
|
* add ruby\_parser dependency
|
71
|
-
*
|
72
|
+
* add haml dependency
|
73
|
+
* add target MVC autodetect
|
72
74
|
* write '--help'
|
73
|
-
*
|
74
|
-
*
|
75
|
+
* detect sinks for XSS in Sinatra applications
|
76
|
+
* detect reflected XSS in Sinatra applications
|
75
77
|
|
76
78
|
## Version 0.80
|
77
79
|
|
78
80
|
* adding test for CVE-2013-2090 _if CVE will be approved_
|
81
|
+
* adding test for CVE-2013-2065 _if CVE will be approved_
|
79
82
|
* adding test for CVE-2010-1330
|
80
83
|
* adding test for CVE-2011-0447
|
81
84
|
* adding test for CVE-2011-0446
|
@@ -95,9 +98,17 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
|
|
95
98
|
* adding test for CVE-2012-4522
|
96
99
|
* adding test for CVE-2012-3464
|
97
100
|
* adding test for CVE-2012-3463
|
98
|
-
*
|
99
|
-
*
|
100
|
-
*
|
101
|
+
* detect sinks for XSS in Padrino applications
|
102
|
+
* detect reflected XSS in Padrino applications
|
103
|
+
* detect stored XSS in Sinatra applications
|
104
|
+
* detect stored XSS in Padrino applications
|
105
|
+
* detect insecure direct object reference in Sinatra applications
|
106
|
+
* detect insecure direct object reference in Padrino applications
|
107
|
+
* support ERB for in detect\_views (for both Sinatra and Padrino)
|
108
|
+
* Fix issue #1. You can read more about it in TODO.md
|
109
|
+
* integration with [codesake.com](http://codesake.com) with a public available
|
110
|
+
APIs to be consumed by codesake beta users.
|
111
|
+
|
101
112
|
|
102
113
|
## Version 0.90
|
103
114
|
|
@@ -142,6 +153,11 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
|
|
142
153
|
* adding test for CVE-2008-2725
|
143
154
|
* preliminary javascript support
|
144
155
|
* adding test for CVE-2011-4969 XSS in jquery < 1.6.2
|
156
|
+
* detect stored XSS in Rails applications
|
157
|
+
* detect reflected XSS in Rails applications
|
158
|
+
* detect insecure direct object reference in Rails applications
|
159
|
+
* detect SQLi in Sinatra applications
|
160
|
+
* detect SQLi in Padrino applications
|
145
161
|
|
146
162
|
## Version 1.00
|
147
163
|
|
@@ -189,9 +205,7 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
|
|
189
205
|
* adding test for CVE-2004-0755
|
190
206
|
* adding test for CVE-2004-0983
|
191
207
|
* dedicated web site under dawn.codesake.com
|
192
|
-
*
|
193
|
-
* support padrino application controllers parsing for XSS
|
194
|
-
* support padrino application controllers parsing for SQLi
|
208
|
+
* detect SQLi in Rails applications
|
195
209
|
* integration with [codesake.com](http://codesake.com) with a public available
|
196
210
|
APIs to be consumed by codesake users.
|
197
211
|
* automatic mitigation patch generation
|
data/bin/dawn
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
3
|
require 'getoptlong'
|
4
|
+
require 'json'
|
4
5
|
|
5
6
|
require 'codesake_commons'
|
6
7
|
require 'codesake-dawn'
|
@@ -13,23 +14,70 @@ end
|
|
13
14
|
|
14
15
|
def output_json_run(target = "", engine = nil)
|
15
16
|
result = {}
|
16
|
-
return {:status=>"KO", :message=>"BUG at #{__FILE__}@#{__LINE__}: target is empty or engine is nil."} if target.empty? or engine.nil?
|
17
|
-
return {:status=>"KO", :message=>"#{target} doesn't exist"} if ! Dir.exist?(target)
|
17
|
+
return {:status=>"KO", :message=>"BUG at #{__FILE__}@#{__LINE__}: target is empty or engine is nil."}.to_json if target.empty? or engine.nil?
|
18
|
+
return {:status=>"KO", :message=>"#{target} doesn't exist"}.to_json if ! Dir.exist?(target)
|
18
19
|
check_applied = dry_run(target, engine)
|
19
|
-
return {:status=>"KO", :message=>"no security checks applied"} unless check_applied
|
20
|
+
return {:status=>"KO", :message=>"no security checks applied"}.to_json unless check_applied
|
20
21
|
|
21
22
|
result[:status]="OK"
|
22
23
|
result[:target]=target
|
23
24
|
result[:mvc]=engine.name
|
24
25
|
result[:mvc_version]=engine.get_mvc_version
|
25
|
-
result[:vulnerabilities_count]=engine.
|
26
|
-
result[:vulnerabilities]=
|
26
|
+
result[:vulnerabilities_count]=engine.count_vulnerabilities
|
27
|
+
result[:vulnerabilities]=[]
|
28
|
+
engine.vulnerabilities.each do |v|
|
29
|
+
result[:vulnerabilities] << v[:name]
|
30
|
+
end
|
27
31
|
result[:mitigated_vuln_count]=engine.mitigated_issues.count
|
28
32
|
result[:mitigated_vuln] = engine.mitigated_issues
|
33
|
+
result[:reflected_xss] = []
|
34
|
+
engine.reflected_xss.each do |r|
|
35
|
+
result[:reflected_xss] << "request parameter \"#{r[:sink_source]}\""
|
36
|
+
end
|
29
37
|
|
30
|
-
result
|
38
|
+
result.to_json
|
31
39
|
end
|
32
40
|
|
41
|
+
def dump_knowledge_base(verbose = false)
|
42
|
+
kb = Codesake::Dawn::KnowledgeBase.new
|
43
|
+
lines = []
|
44
|
+
lines << "Security checks currently supported:\n\n"
|
45
|
+
|
46
|
+
kb.all.each do |check|
|
47
|
+
if verbose
|
48
|
+
lines << "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}"
|
49
|
+
lines << "Description\n#{check.message}"
|
50
|
+
lines << "Remediation\n#{check.remediation}\n\n"
|
51
|
+
else
|
52
|
+
lines << "#{check.name}"
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
lines.empty? ? 0 : lines.compact.join("\n")
|
57
|
+
|
58
|
+
end
|
59
|
+
|
60
|
+
def help
|
61
|
+
puts "Usage: dawn [options] target_directory"
|
62
|
+
printf "\n\nExamples:"
|
63
|
+
puts "$ dawn a_sinatra_webapp_directory"
|
64
|
+
puts "$ dawn -C the_rails_blog_engine"
|
65
|
+
puts "$ dawn -C --output json a_sinatra_webapp_directory"
|
66
|
+
printf "\n -r, --rails\t\t\t\t\tforce dawn to consider the target a rails application"
|
67
|
+
printf "\n -s, --sinatra\t\t\t\tforce dawn to consider the target a sinatra application"
|
68
|
+
printf "\n -p, --padrino\t\t\t\tforce dawn to consider the target a padrino application"
|
69
|
+
printf "\n -f, --list-known-framework\t\t\tlist ruby MVC frameworks supported by dawn"
|
70
|
+
printf "\n -k, --list-knowledgebase\t\t\tlist dawn known security checks"
|
71
|
+
printf "\n -o, --output [console, json. csv, html]\tthe output will be in the specified format"
|
72
|
+
printf "\n -V, --verbose\t\t\t\tthe output will be more verbose"
|
73
|
+
printf "\n -C, --count-only\t\t\t\tdawn will only count vulnerabilities (useful for scripts)"
|
74
|
+
printf "\n -v, --version\t\t\t\tshow version information"
|
75
|
+
printf "\n -h, --help\t\t\t\t\tshow this help\n"
|
76
|
+
|
77
|
+
0
|
78
|
+
end
|
79
|
+
|
80
|
+
|
33
81
|
APPNAME = File.basename($0)
|
34
82
|
LIST_KNOWN_FRAMEWORK = %w(rails sinatra) #padrino)
|
35
83
|
VALID_OUTPUT_FORMAT = %w(console json csv html)
|
@@ -48,7 +96,7 @@ opts = GetoptLong.new(
|
|
48
96
|
[ '--help', '-h', GetoptLong::NO_ARGUMENT]
|
49
97
|
)
|
50
98
|
engine = nil
|
51
|
-
options = {:verbose=>false, :output=>"console", :count_only=>false}
|
99
|
+
options = {:verbose=>false, :output=>"console", :count_only=>false, :dump_kb=>false, :mvc=>nil}
|
52
100
|
|
53
101
|
trap("INT") { logger.die('[INTERRUPTED]') }
|
54
102
|
|
@@ -59,10 +107,11 @@ opts.each do |opt, val|
|
|
59
107
|
puts "#{Codesake::Dawn::VERSION}"
|
60
108
|
Kernel.exit(0)
|
61
109
|
when '--rails'
|
62
|
-
|
110
|
+
options[:mvc]=:force_rails
|
63
111
|
when '--sinatra'
|
64
|
-
|
112
|
+
options[:mvc]=:force_sinatra
|
65
113
|
when '--padrino'
|
114
|
+
options[:mvc]=:force_padrino
|
66
115
|
puts "sorry padrino is not yet supported"
|
67
116
|
Kernel.exit(1)
|
68
117
|
when '--verbose'
|
@@ -73,32 +122,43 @@ opts.each do |opt, val|
|
|
73
122
|
options[:count_only] = true
|
74
123
|
|
75
124
|
when '--list-knowledgebase'
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
kb.all.each do |check|
|
80
|
-
puts "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}"
|
81
|
-
puts "Description\n#{check.message}"
|
82
|
-
puts "Remediation\n#{check.remediation}\n\n"
|
83
|
-
end
|
84
|
-
Kernel.exit(0)
|
85
|
-
|
125
|
+
options[:dump_kb]=true
|
126
|
+
|
86
127
|
when '--list-known-framework'
|
87
128
|
puts "Ruby MVC framework supported by #{APPNAME}:"
|
88
129
|
LIST_KNOWN_FRAMEWORK.each do |mvc|
|
89
130
|
puts "* #{mvc}"
|
90
131
|
end
|
91
132
|
Kernel.exit(0)
|
133
|
+
when '--help'
|
134
|
+
Kernel.exit(help)
|
92
135
|
end
|
93
136
|
end
|
94
137
|
|
95
138
|
target=ARGV.shift
|
96
139
|
|
140
|
+
logger.die("missing target") if target.nil?
|
141
|
+
logger.die("invalid directory (#{target})") unless Codesake::Dawn::Core.is_good_target?(target)
|
142
|
+
|
143
|
+
|
144
|
+
## MVC auto detect
|
145
|
+
begin
|
146
|
+
engine = Codesake::Dawn::Core.detect_mvc(target) if options[:mvc].nil?
|
147
|
+
rescue ArgumentError => e
|
148
|
+
logger.die(e.message)
|
149
|
+
end
|
150
|
+
|
151
|
+
engine = Codesake::Dawn::Rails.new(target) if options[:mvc] == :force_rails
|
152
|
+
engine = Codesake::Dawn::Sinatra.new(target) if options[:mvc] == :force_sinatra
|
153
|
+
# engine = Codesake::Dawn::Padrino.new if options[:mvc] == :force_padrino
|
154
|
+
|
155
|
+
logger.die("ruby framework auto detect failed. Please force if rails, sinatra or padrino with -r, -s or -p flags") if engine.nil?
|
156
|
+
|
97
157
|
if options[:count_only]
|
98
158
|
ret = dry_run(target, engine)
|
99
159
|
|
100
160
|
puts (ret)? engine.vulnerabilities.count : "-1" unless options[:output] == "json"
|
101
|
-
puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.
|
161
|
+
puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json
|
102
162
|
Kernel.exit(0)
|
103
163
|
end
|
104
164
|
|
@@ -107,12 +167,15 @@ if options[:output] == "json"
|
|
107
167
|
Kernel.exit(0)
|
108
168
|
end
|
109
169
|
|
170
|
+
if options[:dump_kb]
|
171
|
+
puts dump_knowledge_base(options[:verbose])
|
172
|
+
Kernel.exit(0)
|
173
|
+
end
|
174
|
+
|
110
175
|
logger.helo "#{APPNAME} v#{Codesake::Dawn::VERSION} (C) 2013 - paolo@armoredcode.com is starting up"
|
111
176
|
logger.die "missing target framework option" if engine.nil?
|
112
|
-
logger.die "missing target" if target.nil?
|
113
|
-
logger.die "#{target} doesn't exist" unless Dir.exist?(target)
|
114
177
|
|
115
|
-
engine.set_target(target) unless engine.nil?
|
178
|
+
# engine.set_target(target) unless engine.nil?
|
116
179
|
engine.load_knowledge_base
|
117
180
|
|
118
181
|
logger.die "nothing to do on #{target}" unless engine.can_apply?
|
@@ -125,18 +188,24 @@ else
|
|
125
188
|
logger.err "no security checks in the knowledge base"
|
126
189
|
end
|
127
190
|
|
128
|
-
if engine.
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
191
|
+
if engine.count_vulnerabilities != 0
|
192
|
+
logger.log "#{engine.count_vulnerabilities} vulnerabilities found"
|
193
|
+
engine.vulnerabilities.each do |vuln|
|
194
|
+
logger.log "#{vuln[:name]} failed"
|
195
|
+
logger.log "Description: #{vuln[:message]}" if options[:verbose]
|
196
|
+
logger.log "Solution: #{vuln[:remediation]}"
|
197
|
+
logger.err "Evidence:"
|
198
|
+
vuln[:evidences].each do |evidence|
|
199
|
+
logger.err evidence
|
200
|
+
end
|
138
201
|
end
|
139
|
-
|
202
|
+
if engine.has_reflected_xss?
|
203
|
+
logger.log "#{engine.reflected_xss.count} reflected XSS found"
|
204
|
+
engine.reflected_xss.each do |vuln|
|
205
|
+
logger.log "request parameter \"#{vuln[:sink_source]}\""
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
140
209
|
else
|
141
210
|
logger.ok "no vulnerabilities found."
|
142
211
|
end
|
@@ -153,6 +222,7 @@ end
|
|
153
222
|
|
154
223
|
|
155
224
|
|
225
|
+
|
156
226
|
logger.helo "#{APPNAME} is shutting down"
|
157
227
|
Kernel.exit(0)
|
158
228
|
|