codesake-dawn 0.72 → 0.75
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.ruby-version +1 -1
- data/.travis.yml +8 -0
- data/Competitive_matrix.md +8 -2
- data/Rakefile +1 -0
- data/Roadmap.md +28 -22
- data/bin/dawn +42 -34
- data/codesake-dawn.gemspec +1 -0
- data/lib/codesake-dawn.rb +1 -0
- data/lib/codesake/dawn/engine.rb +31 -13
- data/lib/codesake/dawn/kb/basic_check.rb +10 -1
- data/lib/codesake/dawn/kb/combo_check.rb +63 -0
- data/lib/codesake/dawn/kb/cve_2010_1330.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_0446.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_0995.rb +63 -0
- data/lib/codesake/dawn/kb/cve_2011_2929.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_4815.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2012_3424.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2012_4522.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_5380.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_1655.rb +48 -12
- data/lib/codesake/dawn/kb/dependency_check.rb +2 -0
- data/lib/codesake/dawn/kb/operating_system_check.rb +97 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet.rb +39 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +26 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb +28 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +30 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +37 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +28 -0
- data/lib/codesake/dawn/kb/pattern_match_check.rb +21 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +31 -7
- data/lib/codesake/dawn/knowledge_base.rb +24 -0
- data/lib/codesake/dawn/sinatra.rb +2 -2
- data/lib/codesake/dawn/utils.rb +10 -0
- data/lib/codesake/dawn/version.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +47 -0
- data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +1 -0
- data/spec/lib/kb/codesake_cve_2013_1655_spec.rb +31 -0
- data/spec/lib/kb/owasp_ror_cheatsheet_spec.rb +56 -0
- data/spec/spec_helper.rb +3 -0
- data/spec/support/hello_world_3.2.13/app/helpers/application_helper.rb +8 -0
- data/spec/support/hello_world_3.2.13/app/models/test.rb +3 -0
- metadata +69 -63
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 2e14d7d2bb102da1da3ef6f03f1f688d93459937
|
4
|
+
data.tar.gz: 9b33c3f62e7a99f5cabd9e25ea07d8b6aeeca526
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 27f20f4202f1cddba9cd9432ab45aa58c1204ef7d6b00afe2b09d50f5e83158e29459acfa5ce56a6b445af64ffb96ddd1df546bee0b8c8d77a97782f9c5cabe0
|
7
|
+
data.tar.gz: c33b21202f9e5f17b403e93bb8fedf0be735e2652d3d482d8980ce30de2d7fccf6ed3e2682cd9f017ba42fe2fccd8ca20409523204436daae5e638ea31a25646
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
ruby-
|
1
|
+
ruby-2.0.0-p247
|
data/.travis.yml
ADDED
data/Competitive_matrix.md
CHANGED
@@ -68,11 +68,16 @@ applications will be supported as well.
|
|
68
68
|
|
69
69
|
| CVE Check | Dawn | Brakeman | Excellent | ror-sec-scanner | Scanny |
|
70
70
|
|-----------------------|---------------|-------------------|-------------|-------------------|-------------|
|
71
|
+
| CVE-2010-1330 | YES | NO | | | |
|
72
|
+
| CVE-2011-0446 | YES | NO | | | |
|
71
73
|
| CVE-2011-0447 | YES | NO | | | |
|
74
|
+
| CVE-2011-0995 | YES | NO | | | |
|
72
75
|
| CVE-2011-2197 | YES | NO | | | |
|
76
|
+
| CVE-2011-2929 | YES | YES | | | |
|
73
77
|
| CVE-2011-2931 | YES | YES | | | |
|
74
78
|
| CVE-2011-2932 | YES | NO | | | |
|
75
79
|
| CVE-2011-3186 | YES | NO | | | |
|
80
|
+
| CVE-2011-4815 | YES | NO | | | |
|
76
81
|
| CVE-2012-1099 | YES | NO | | | |
|
77
82
|
| CVE-2012-1241 | YES | NO | | | |
|
78
83
|
| CVE-2012-2140 | YES | NO | | | |
|
@@ -80,14 +85,17 @@ applications will be supported as well.
|
|
80
85
|
| CVE-2012-2661 | YES | YES | | | |
|
81
86
|
| CVE-2012-2694 | YES | YES | | | |
|
82
87
|
| CVE-2012-2695 | YES | YES | | | |
|
88
|
+
| CVE-2012-3424 | YES | YES | | | |
|
83
89
|
| CVE-2012-3463 | YES | YES | | | |
|
84
90
|
| CVE-2012-3464 | YES | YES | | | |
|
85
91
|
| CVE-2012-3465 | YES | YES | | | |
|
86
92
|
| CVE-2012-4464 | YES | NO | | | |
|
87
93
|
| CVE-2012-4466 | YES | NO | | | |
|
88
94
|
| CVE-2012-4481 | YES | NO | | | |
|
95
|
+
| CVE-2012-4522 | YES | NO | | | |
|
89
96
|
| CVE-2012-5370 | YES | NO | | | |
|
90
97
|
| CVE-2012-5371 | YES | NO | | | |
|
98
|
+
| CVE-2012-5380 | YES | NO | | | |
|
91
99
|
| CVE-2012-6134 | YES | NO | | | |
|
92
100
|
| CVE-2012-6496 | YES | NO | | | |
|
93
101
|
| CVE-2012-5664 | NO | YES | | | |
|
@@ -99,8 +107,6 @@ applications will be supported as well.
|
|
99
107
|
| CVE-2013-1857 | YES | YES | | | |
|
100
108
|
| CVE-2013-0155 | YES | YES | | | |
|
101
109
|
| CVE-2013-0333 | YES | YES | | | |
|
102
|
-
| CVE-2011-0447 | NO | YES | | | |
|
103
|
-
| CVE-2011-0446 | NO | YES | | | |
|
104
110
|
| CVE-2013-1854 | YES | YES | | | |
|
105
111
|
| CVE-2013-1856 | YES | YES | | | |
|
106
112
|
| CVE-2013-0276 | YES | YES | | | |
|
data/Rakefile
CHANGED
data/Roadmap.md
CHANGED
@@ -77,27 +77,7 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
|
|
77
77
|
|
78
78
|
## Version 0.80
|
79
79
|
|
80
|
-
*
|
81
|
-
* adding test for CVE-2013-2065 _if CVE will be approved_
|
82
|
-
* adding test for CVE-2010-1330
|
83
|
-
* adding test for CVE-2011-0447
|
84
|
-
* adding test for CVE-2011-0446
|
85
|
-
* adding test for CVE-2011-0995
|
86
|
-
* adding test for CVE-2011-2197
|
87
|
-
* adding test for CVE-2011-2929
|
88
|
-
* adding test for CVE-2011-2932
|
89
|
-
* adding test for CVE-2011-3186
|
90
|
-
* adding test for CVE-2011-4815
|
91
|
-
* adding test for CVE-2012-5370
|
92
|
-
* adding test for CVE-2012-3424
|
93
|
-
* adding test for CVE-2012-1241
|
94
|
-
* adding test for CVE-2012-2140
|
95
|
-
* adding test for CVE-2012-1099
|
96
|
-
* adding test for CVE-2012-5380
|
97
|
-
* adding test for CVE-2012-2694
|
98
|
-
* adding test for CVE-2012-4522
|
99
|
-
* adding test for CVE-2012-3464
|
100
|
-
* adding test for CVE-2012-3463
|
80
|
+
* Fix issue #1. You can read more about it in TODO.md
|
101
81
|
* detect sinks for XSS in Padrino applications
|
102
82
|
* detect reflected XSS in Padrino applications
|
103
83
|
* detect stored XSS in Sinatra applications
|
@@ -105,13 +85,27 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
|
|
105
85
|
* detect insecure direct object reference in Sinatra applications
|
106
86
|
* detect insecure direct object reference in Padrino applications
|
107
87
|
* support ERB for in detect\_views (for both Sinatra and Padrino)
|
108
|
-
* Fix issue #1. You can read more about it in TODO.md
|
109
88
|
* integration with [codesake.com](http://codesake.com) with a public available
|
110
89
|
APIs to be consumed by codesake beta users.
|
111
90
|
|
91
|
+
* adding test for CVE-2010-1330
|
92
|
+
* adding test for CVE-2011-0446
|
93
|
+
* adding test for CVE-2011-0995
|
94
|
+
* adding test for CVE-2011-2929
|
95
|
+
* adding test for CVE-2011-4815
|
96
|
+
* adding test for CVE-2012-3424
|
97
|
+
* adding test for CVE-2012-5380
|
98
|
+
* adding test for CVE-2012-4522
|
99
|
+
* adding test for RoRCheatSheet\_1
|
100
|
+
* adding test for RoRCheatSheet\_4
|
101
|
+
* adding test for RoRCheatSheet\_7
|
102
|
+
* adding test for RoRCheatSheet\_8
|
103
|
+
|
112
104
|
|
113
105
|
## Version 0.90
|
114
106
|
|
107
|
+
* adding test for CVE-2013-2090 _if CVE will be approved_
|
108
|
+
* adding test for CVE-2013-2065 _if CVE will be approved_
|
115
109
|
* adding test for CVE-2011-3186
|
116
110
|
* adding test for CVE-2011-2197
|
117
111
|
* adding test for CVE-2011-2932
|
@@ -151,6 +145,18 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
|
|
151
145
|
* adding test for CVE-2008-1145
|
152
146
|
* adding test for CVE-2008-1891
|
153
147
|
* adding test for CVE-2008-2725
|
148
|
+
* adding test for RoRCheatSheet\_2
|
149
|
+
* adding test for RoRCheatSheet\_3
|
150
|
+
* adding test for RoRCheatSheet\_5
|
151
|
+
* adding test for RoRCheatSheet\_6
|
152
|
+
* adding test for RoRCheatSheet\_9
|
153
|
+
* adding test for RoRCheatSheet\_10
|
154
|
+
* adding test for RoRCheatSheet\_11
|
155
|
+
* adding test for RoRCheatSheet\_12
|
156
|
+
* adding test for RoRCheatSheet\_13
|
157
|
+
* adding test for RoRCheatSheet\_14
|
158
|
+
* adding test for RoRCheatSheet\_15
|
159
|
+
* adding test for RoRCheatSheet\_16
|
154
160
|
* preliminary javascript support
|
155
161
|
* adding test for CVE-2011-4969 XSS in jquery < 1.6.2
|
156
162
|
* detect stored XSS in Rails applications
|
data/bin/dawn
CHANGED
@@ -67,7 +67,7 @@ def help
|
|
67
67
|
printf "\n -s, --sinatra\t\t\t\tforce dawn to consider the target a sinatra application"
|
68
68
|
printf "\n -p, --padrino\t\t\t\tforce dawn to consider the target a padrino application"
|
69
69
|
printf "\n -f, --list-known-framework\t\t\tlist ruby MVC frameworks supported by dawn"
|
70
|
-
printf "\n -k, --list-knowledgebase\
|
70
|
+
printf "\n -k, --list-knowledgebase [check_name]\tlist dawn known security checks. If check_name is specified dawn says if check is present or not"
|
71
71
|
printf "\n -o, --output [console, json. csv, html]\tthe output will be in the specified format"
|
72
72
|
printf "\n -V, --verbose\t\t\t\tthe output will be more verbose"
|
73
73
|
printf "\n -C, --count-only\t\t\t\tdawn will only count vulnerabilities (useful for scripts)"
|
@@ -82,13 +82,13 @@ APPNAME = File.basename($0)
|
|
82
82
|
LIST_KNOWN_FRAMEWORK = %w(rails sinatra) #padrino)
|
83
83
|
VALID_OUTPUT_FORMAT = %w(console json csv html)
|
84
84
|
|
85
|
-
logger = Codesake::Commons::Logging.instance
|
85
|
+
$logger = Codesake::Commons::Logging.instance
|
86
86
|
opts = GetoptLong.new(
|
87
87
|
[ '--rails', '-r', GetoptLong::NO_ARGUMENT],
|
88
88
|
[ '--sinatra', '-s', GetoptLong::NO_ARGUMENT],
|
89
89
|
[ '--padrino', '-p', GetoptLong::NO_ARGUMENT],
|
90
90
|
[ '--list-known-framework', '-f', GetoptLong::NO_ARGUMENT ],
|
91
|
-
[ '--list-knowledgebase', '-k', GetoptLong::
|
91
|
+
[ '--list-knowledgebase', '-k', GetoptLong::OPTIONAL_ARGUMENT ],
|
92
92
|
[ '--output', '-o', GetoptLong::REQUIRED_ARGUMENT],
|
93
93
|
[ '--verbose', '-V', GetoptLong::NO_ARGUMENT],
|
94
94
|
[ '--count-only', '-C', GetoptLong::NO_ARGUMENT],
|
@@ -98,7 +98,8 @@ opts = GetoptLong.new(
|
|
98
98
|
engine = nil
|
99
99
|
options = {:verbose=>false, :output=>"console", :count_only=>false, :dump_kb=>false, :mvc=>nil}
|
100
100
|
|
101
|
-
trap("INT") { logger.die('[INTERRUPTED]') }
|
101
|
+
trap("INT") { $logger.die('[INTERRUPTED]') }
|
102
|
+
check = ""
|
102
103
|
|
103
104
|
|
104
105
|
opts.each do |opt, val|
|
@@ -123,6 +124,7 @@ opts.each do |opt, val|
|
|
123
124
|
|
124
125
|
when '--list-knowledgebase'
|
125
126
|
options[:dump_kb]=true
|
127
|
+
check = val unless val.nil?
|
126
128
|
|
127
129
|
when '--list-known-framework'
|
128
130
|
puts "Ruby MVC framework supported by #{APPNAME}:"
|
@@ -135,24 +137,35 @@ opts.each do |opt, val|
|
|
135
137
|
end
|
136
138
|
end
|
137
139
|
|
140
|
+
if options[:dump_kb]
|
141
|
+
puts dump_knowledge_base(options[:verbose]) if check.empty?
|
142
|
+
if ! check.empty?
|
143
|
+
found = Codesake::Dawn::KnowledgeBase.find(nil, check)
|
144
|
+
puts "#{check} found in knowledgebase." if found
|
145
|
+
puts "#{check} not found in knowledgebase" if ! found
|
146
|
+
end
|
147
|
+
|
148
|
+
Kernel.exit(0)
|
149
|
+
end
|
150
|
+
|
138
151
|
target=ARGV.shift
|
139
152
|
|
140
|
-
logger.die("missing target") if target.nil?
|
141
|
-
logger.die("invalid directory (#{target})") unless Codesake::Dawn::Core.is_good_target?(target)
|
153
|
+
$logger.die("missing target") if target.nil?
|
154
|
+
$logger.die("invalid directory (#{target})") unless Codesake::Dawn::Core.is_good_target?(target)
|
142
155
|
|
143
156
|
|
144
157
|
## MVC auto detect
|
145
158
|
begin
|
146
159
|
engine = Codesake::Dawn::Core.detect_mvc(target) if options[:mvc].nil?
|
147
160
|
rescue ArgumentError => e
|
148
|
-
logger.die(e.message)
|
161
|
+
$logger.die(e.message)
|
149
162
|
end
|
150
163
|
|
151
164
|
engine = Codesake::Dawn::Rails.new(target) if options[:mvc] == :force_rails
|
152
165
|
engine = Codesake::Dawn::Sinatra.new(target) if options[:mvc] == :force_sinatra
|
153
166
|
# engine = Codesake::Dawn::Padrino.new if options[:mvc] == :force_padrino
|
154
167
|
|
155
|
-
logger.die("ruby framework auto detect failed. Please force if rails, sinatra or padrino with -r, -s or -p flags") if engine.nil?
|
168
|
+
$logger.die("ruby framework auto detect failed. Please force if rails, sinatra or padrino with -r, -s or -p flags") if engine.nil?
|
156
169
|
|
157
170
|
if options[:count_only]
|
158
171
|
ret = dry_run(target, engine)
|
@@ -167,55 +180,50 @@ if options[:output] == "json"
|
|
167
180
|
Kernel.exit(0)
|
168
181
|
end
|
169
182
|
|
170
|
-
|
171
|
-
|
172
|
-
Kernel.exit(0)
|
173
|
-
end
|
174
|
-
|
175
|
-
logger.helo "#{APPNAME} v#{Codesake::Dawn::VERSION} (C) 2013 - paolo@armoredcode.com is starting up"
|
176
|
-
logger.die "missing target framework option" if engine.nil?
|
183
|
+
$logger.helo "#{APPNAME} v#{Codesake::Dawn::VERSION} (C) 2013 - paolo@armoredcode.com is starting up"
|
184
|
+
$logger.die "missing target framework option" if engine.nil?
|
177
185
|
|
178
186
|
# engine.set_target(target) unless engine.nil?
|
179
187
|
engine.load_knowledge_base
|
180
188
|
|
181
|
-
logger.die "nothing to do on #{target}" unless engine.can_apply?
|
182
|
-
logger.log "scanning #{target}"
|
183
|
-
logger.log "#{engine.name} v#{engine.get_mvc_version} detected"
|
184
|
-
logger.log "applying all security checks"
|
189
|
+
$logger.die "nothing to do on #{target}" unless engine.can_apply?
|
190
|
+
$logger.log "scanning #{target}"
|
191
|
+
$logger.log "#{engine.name} v#{engine.get_mvc_version} detected"
|
192
|
+
$logger.log "applying all security checks"
|
185
193
|
if engine.apply_all
|
186
|
-
logger.log "all security checks applied"
|
194
|
+
$logger.log "all security checks applied"
|
187
195
|
else
|
188
|
-
logger.err "no security checks in the knowledge base"
|
196
|
+
$logger.err "no security checks in the knowledge base"
|
189
197
|
end
|
190
198
|
|
191
199
|
if engine.count_vulnerabilities != 0
|
192
|
-
logger.log "#{engine.count_vulnerabilities} vulnerabilities found"
|
200
|
+
$logger.log "#{engine.count_vulnerabilities} vulnerabilities found"
|
193
201
|
engine.vulnerabilities.each do |vuln|
|
194
|
-
logger.log "#{vuln[:name]} failed"
|
195
|
-
logger.log "Description: #{vuln[:message]}" if options[:verbose]
|
196
|
-
logger.log "Solution: #{vuln[:remediation]}"
|
197
|
-
logger.err "Evidence:"
|
202
|
+
$logger.log "#{vuln[:name]} failed"
|
203
|
+
$logger.log "Description: #{vuln[:message]}" if options[:verbose]
|
204
|
+
$logger.log "Solution: #{vuln[:remediation]}"
|
205
|
+
$logger.err "Evidence:"
|
198
206
|
vuln[:evidences].each do |evidence|
|
199
|
-
logger.err evidence
|
207
|
+
$logger.err evidence
|
200
208
|
end
|
201
209
|
end
|
202
210
|
if engine.has_reflected_xss?
|
203
|
-
logger.log "#{engine.reflected_xss.count} reflected XSS found"
|
211
|
+
$logger.log "#{engine.reflected_xss.count} reflected XSS found"
|
204
212
|
engine.reflected_xss.each do |vuln|
|
205
|
-
logger.log "request parameter \"#{vuln[:sink_source]}\""
|
213
|
+
$logger.log "request parameter \"#{vuln[:sink_source]}\""
|
206
214
|
end
|
207
215
|
end
|
208
216
|
|
209
217
|
else
|
210
|
-
logger.ok "no vulnerabilities found."
|
218
|
+
$logger.ok "no vulnerabilities found."
|
211
219
|
end
|
212
220
|
|
213
221
|
if engine.mitigated_issues.count != 0
|
214
|
-
logger.log "#{engine.mitigated_issues.count} mitigated vulnerabilities found"
|
222
|
+
$logger.log "#{engine.mitigated_issues.count} mitigated vulnerabilities found"
|
215
223
|
engine.mitigated_issues.each do |vuln|
|
216
|
-
logger.ok "#{vuln[:name]} mitigated"
|
224
|
+
$logger.ok "#{vuln[:name]} mitigated"
|
217
225
|
vuln[:evidences].each do |evidence|
|
218
|
-
logger.err evidence
|
226
|
+
$logger.err evidence
|
219
227
|
end
|
220
228
|
end
|
221
229
|
end
|
@@ -223,7 +231,7 @@ end
|
|
223
231
|
|
224
232
|
|
225
233
|
|
226
|
-
logger.helo "#{APPNAME} is shutting down"
|
234
|
+
$logger.helo "#{APPNAME} is shutting down"
|
227
235
|
Kernel.exit(0)
|
228
236
|
|
229
237
|
|
data/codesake-dawn.gemspec
CHANGED
data/lib/codesake-dawn.rb
CHANGED
data/lib/codesake/dawn/engine.rb
CHANGED
@@ -161,12 +161,19 @@ module Codesake
|
|
161
161
|
@checks.each do |check|
|
162
162
|
if check.name == name
|
163
163
|
@applied << { :name=>name }
|
164
|
-
check.ruby_version =
|
165
|
-
check.detected_ruby =
|
164
|
+
check.ruby_version = @ruby_version[:version]
|
165
|
+
check.detected_ruby = @ruby_version if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
|
166
166
|
check.dependencies = self.connected_gems if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
|
167
167
|
check.root_dir = self.target if check.kind == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
|
168
|
-
|
169
|
-
|
168
|
+
check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
|
169
|
+
|
170
|
+
check_vuln = check.vuln?
|
171
|
+
|
172
|
+
@vulnerabilities << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind != Codesake::Dawn::KnowledgeBase::COMBO_CHECK
|
173
|
+
|
174
|
+
@vulnerabilities << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
|
175
|
+
|
176
|
+
@mitigated_issues << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
|
170
177
|
return true
|
171
178
|
end
|
172
179
|
end
|
@@ -180,12 +187,18 @@ module Codesake
|
|
180
187
|
|
181
188
|
@checks.each do |check|
|
182
189
|
@applied << { :name => name }
|
183
|
-
|
184
|
-
check.
|
190
|
+
|
191
|
+
check.ruby_version = @ruby_version[:version]
|
192
|
+
check.detected_ruby = @ruby_version if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
|
185
193
|
check.dependencies = self.connected_gems if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
|
186
194
|
check.root_dir = self.target if check.kind == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
|
187
|
-
|
188
|
-
|
195
|
+
check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
|
196
|
+
check_vuln = check.vuln?
|
197
|
+
|
198
|
+
@vulnerabilities << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind != Codesake::Dawn::KnowledgeBase::COMBO_CHECK
|
199
|
+
|
200
|
+
@vulnerabilities << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
|
201
|
+
@mitigated_issues << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
|
189
202
|
end
|
190
203
|
|
191
204
|
true
|
@@ -204,17 +217,22 @@ module Codesake
|
|
204
217
|
@vulnerabilities
|
205
218
|
end
|
206
219
|
|
207
|
-
def
|
220
|
+
def find_vulnerability_by_name(name)
|
208
221
|
apply(name) unless is_applied?(name)
|
209
|
-
|
210
222
|
@vulnerabilities.each do |v|
|
211
|
-
return
|
223
|
+
return v if v[:name] == name
|
212
224
|
end
|
213
225
|
|
214
|
-
|
226
|
+
nil
|
215
227
|
end
|
228
|
+
|
229
|
+
def is_vulnerable_to?(name)
|
230
|
+
return (find_vulnerability_by_name(name) != nil)
|
231
|
+
end
|
232
|
+
|
233
|
+
|
216
234
|
def has_reflected_xss?
|
217
|
-
(@reflected_xss.count != 0)
|
235
|
+
(@reflected_xss.count != 0) unless @reflected_xss.nil?
|
218
236
|
end
|
219
237
|
|
220
238
|
def count_vulnerabilities
|
@@ -5,6 +5,8 @@ module Codesake
|
|
5
5
|
module Kb
|
6
6
|
module BasicCheck
|
7
7
|
|
8
|
+
include Codesake::Dawn::Utils
|
9
|
+
|
8
10
|
attr_reader :name
|
9
11
|
attr_reader :cvss
|
10
12
|
attr_reader :cwe
|
@@ -36,6 +38,12 @@ module Codesake
|
|
36
38
|
# Vulnerability evidences
|
37
39
|
attr_reader :evidences
|
38
40
|
|
41
|
+
# Check status. Returns the latest vuln? call result
|
42
|
+
attr_reader :status
|
43
|
+
|
44
|
+
# Put the check in debug mode
|
45
|
+
attr_accessor :debug
|
46
|
+
|
39
47
|
def initialize(options={})
|
40
48
|
@applies = []
|
41
49
|
@ruby_version = ""
|
@@ -57,10 +65,11 @@ module Codesake
|
|
57
65
|
|
58
66
|
@evidences = []
|
59
67
|
@mitigated = false
|
68
|
+
@status = false
|
69
|
+
@debug = false
|
60
70
|
|
61
71
|
end
|
62
72
|
|
63
|
-
|
64
73
|
def applies_to?(name)
|
65
74
|
! @applies.find_index(name).nil?
|
66
75
|
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
module ComboCheck
|
5
|
+
include BasicCheck
|
6
|
+
|
7
|
+
attr_reader :checks
|
8
|
+
attr_accessor :options
|
9
|
+
attr_reader :vulnerable_checks
|
10
|
+
|
11
|
+
|
12
|
+
def initialize(options={})
|
13
|
+
super(options)
|
14
|
+
@vuln_if_all_fails = true
|
15
|
+
@vuln_if_all_fails = options[:vuln_if_all_fails] unless options[:vuln_if_all_fails].nil?
|
16
|
+
@checks = options[:checks]
|
17
|
+
@vulnerable_checks = []
|
18
|
+
@options = options
|
19
|
+
end
|
20
|
+
|
21
|
+
def vuln?
|
22
|
+
ret = true
|
23
|
+
at_least_one = false
|
24
|
+
@checks.each do |check|
|
25
|
+
check_vuln = false
|
26
|
+
check.detected_ruby = @options[:detected_ruby] if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
|
27
|
+
check.dependencies = @options[:dependencies] if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
|
28
|
+
check.root_dir = @options[:root_dir] if check.kind == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
|
29
|
+
|
30
|
+
check_vuln = check.vuln? if check.respond_to?(:vuln?)
|
31
|
+
|
32
|
+
ret = ret && check_vuln
|
33
|
+
at_least_one = true if check_vuln
|
34
|
+
@evidences << check.evidences if check_vuln
|
35
|
+
@vulnerable_checks << check if check_vuln
|
36
|
+
raise "A check class doesn't respond to vuln? in combo (#{check.class})" unless check.respond_to?(:vuln?)
|
37
|
+
end
|
38
|
+
|
39
|
+
dump_status
|
40
|
+
debug_me("AVIAF = #{@vuln_if_all_fails}, RET = #{ret}, AL1= #{at_least_one}")
|
41
|
+
return ret if @vuln_if_all_fails
|
42
|
+
return at_least_one unless @vuln_if_all_fails
|
43
|
+
end
|
44
|
+
|
45
|
+
def dump_status
|
46
|
+
@checks.each do |check|
|
47
|
+
debug_me("#{File.basename(__FILE__)}@#{__LINE__}:#{check.name}: #{check.status}")
|
48
|
+
end
|
49
|
+
|
50
|
+
true
|
51
|
+
end
|
52
|
+
|
53
|
+
def self.find_vulnerable_checks_by_class(list=[], klass=Object)
|
54
|
+
list.each do |l|
|
55
|
+
return l if l.instance_of?(klass)
|
56
|
+
end
|
57
|
+
nil
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|