codesake-dawn 0.80.0 → 0.85
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Changelog.md +124 -0
- data/Roadmap.md +1 -104
- data/bin/dawn +9 -84
- data/codesake-dawn.gemspec +1 -1
- data/lib/codesake/dawn/core.rb +78 -1
- data/lib/codesake/dawn/kb/cve_2013_1656.rb +1 -1
- data/lib/codesake/dawn/kb/cve_2013_1812.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_4478.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2013_4479.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2013_6421.rb +30 -0
- data/lib/codesake/dawn/kb/nokogiri_dos_20131217.rb +57 -0
- data/lib/codesake/dawn/kb/nokogiri_entityexpansion_dos_20131217.rb +59 -0
- data/lib/codesake/dawn/knowledge_base.rb +17 -0
- data/lib/codesake/dawn/padrino.rb +30 -3
- data/lib/codesake/dawn/sinatra.rb +7 -4
- data/lib/codesake/dawn/version.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +31 -0
- metadata +10 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 860da13a7734a3fc89044ccb66eb006513df7f4d
|
4
|
+
data.tar.gz: 8266c446632c9e4945c758033a48103668b1fa2a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e0a33db83ee98ebef83a616ee30e93d3c618f678724584559c8dfe20367169b1978509ebb75ed2475e9d19c3dfb9de453655e9afba2a04bc2d2598469d385cc1
|
7
|
+
data.tar.gz: ddd848c1482a567a2b963972dc5caea16409de7888b6ee6f70bf09fdf74398eee6d7dc59bb8e15462997e5dad1b93ec4e4f39b9cc1e57e60979e7662be1e9d8c
|
data/Changelog.md
ADDED
@@ -0,0 +1,124 @@
|
|
1
|
+
# Codesake Dawn - changelog
|
2
|
+
|
3
|
+
Dawn is a static analysis security scanner for ruby written web applications.
|
4
|
+
It supports [Sinatra](http://www.sinatrarb.com),
|
5
|
+
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
6
|
+
frameworks.
|
7
|
+
|
8
|
+
_latest update: Tue Dec 17 08:12:19 CET 2013_
|
9
|
+
|
10
|
+
## Version 0.85 - codename: elevator (2013-12-17)
|
11
|
+
|
12
|
+
* refactoring bin/dawn script: some stuff were moved into Codesake::Core class
|
13
|
+
* Added a check against Denial of Service vulnerability for Nokogiri 1.5.x
|
14
|
+
and 1.6.0 when used with JRuby.
|
15
|
+
* Added a check against Denial of Service vulnerability due to entity expansion
|
16
|
+
for Nokogiri 1.5.x and 1.6.0 when used with JRuby.
|
17
|
+
* Added a check for CVE-2013-4478 (sup remote code execution)
|
18
|
+
* Added a check for CVE-2013-4479 (sup remote code execution)
|
19
|
+
* Added a check for CVE-2013-1812 (ruby-openid denial of service)
|
20
|
+
* Added a check for CVE-2013-6421 (sprout remote code execution)
|
21
|
+
|
22
|
+
|
23
|
+
|
24
|
+
## Version 0.80 - codename: elevator (2013-12-12)
|
25
|
+
|
26
|
+
* adding test for CVE-2013-4164
|
27
|
+
* adding test for CVE-2013-4457
|
28
|
+
* adding test for CVE-2013-4562
|
29
|
+
* added a '-z' flag to exit the process with the number of issues found as exit code
|
30
|
+
* added a Cross Site Scripting in Simple Form gem
|
31
|
+
* adding test for CVE-2013-4492
|
32
|
+
* adding test for CVE-2013-4491
|
33
|
+
* adding test for CVE-2013-6414
|
34
|
+
* adding test for CVE-2013-6415
|
35
|
+
* adding test for CVE-2013-6416
|
36
|
+
* adding test for CVE-2013-6417
|
37
|
+
|
38
|
+
## Version 0.79.99 - codename:oddity (2013-11-14)
|
39
|
+
|
40
|
+
This is the first codesake-dawn version making codesake.com web application
|
41
|
+
able to scan something. It deserves a special release.
|
42
|
+
|
43
|
+
* adding test for CVE-2013-2065
|
44
|
+
* adding test for CVE-2013-4389
|
45
|
+
* adding test for CVE-2010-1330
|
46
|
+
* adding test for CVE-2011-0446
|
47
|
+
* adding test for CVE-2011-0995
|
48
|
+
* adding test for CVE-2011-2929
|
49
|
+
* adding test for CVE-2011-4815
|
50
|
+
* adding test for CVE-2012-3424
|
51
|
+
* adding test for CVE-2012-5380
|
52
|
+
* adding test for CVE-2012-4522
|
53
|
+
* adding test for RoRCheatSheet\_1
|
54
|
+
* adding test for RoRCheatSheet\_4
|
55
|
+
* adding test for RoRCheatSheet\_7
|
56
|
+
* adding test for RoRCheatSheet\_8
|
57
|
+
* Fix issue #1. You can read more about it in TODO.md
|
58
|
+
* Added API to scan a single Gemfile.lock using -G flag
|
59
|
+
|
60
|
+
## Version 0.70 (2013-06-19)
|
61
|
+
|
62
|
+
* adding test for CVE-2011-0447
|
63
|
+
* adding test for CVE-2011-3186
|
64
|
+
* adding test for CVE-2012-1099
|
65
|
+
* adding test for CVE-2012-1241
|
66
|
+
* adding test for CVE-2012-2140
|
67
|
+
* adding test for CVE-2012-5370
|
68
|
+
* adding test for CVE-2012-5371
|
69
|
+
* adding test for CVE-2011-2197
|
70
|
+
* adding test for CVE-2011-2932
|
71
|
+
* adding test for CVE-2012-3463
|
72
|
+
* adding test for CVE-2012-3464
|
73
|
+
* adding test for CVE-2012-4464
|
74
|
+
* adding test for CVE-2012-4466
|
75
|
+
* adding test for CVE-2012-4481
|
76
|
+
* adding test for CVE-2012-6134
|
77
|
+
* Fix issue #4. PatternMatching complains when applied to binary files. We must
|
78
|
+
skip them
|
79
|
+
* add ruby\_parser dependency
|
80
|
+
* add haml dependency
|
81
|
+
* add target MVC autodetect
|
82
|
+
* write '--help'
|
83
|
+
* detect sinks for XSS in Sinatra applications
|
84
|
+
* detect reflected XSS in Sinatra applications
|
85
|
+
|
86
|
+
## Version 0.60 (2013-05-28)
|
87
|
+
|
88
|
+
* adding cucumber dependency
|
89
|
+
* adding test for CVE-2013-1854
|
90
|
+
* adding test for CVE-2013-1856
|
91
|
+
* adding test for CVE-2013-0276
|
92
|
+
* adding test for CVE-2013-0277
|
93
|
+
* adding test for CVE-2013-0156
|
94
|
+
* adding test for CVE-2013-2615
|
95
|
+
* adding test for CVE-2013-1875
|
96
|
+
* adding test for CVE-2013-1655
|
97
|
+
* adding test for CVE-2013-1656
|
98
|
+
* adding test for CVE-2013-0175
|
99
|
+
* adding test for CVE-2013-0233
|
100
|
+
* adding test for CVE-2013-0284
|
101
|
+
* adding test for CVE-2013-0285
|
102
|
+
* adding test for CVE-2013-1801
|
103
|
+
* adding test for CVE-2013-1802
|
104
|
+
* adding test for CVE-2013-1821
|
105
|
+
* adding test for CVE-2013-1898
|
106
|
+
* adding test for CVE-2013-1911
|
107
|
+
* adding test for CVE-2013-1933
|
108
|
+
* adding test for CVE-2013-1947
|
109
|
+
* adding test for CVE-2013-1948
|
110
|
+
* adding test for CVE-2013-2616
|
111
|
+
* adding test for CVE-2013-2617
|
112
|
+
* adding test for CVE-2013-3221
|
113
|
+
* make output less verbose. Only vulnerabilities and severity will be shown
|
114
|
+
* adding a '--verbose' option to see also the whole knowledge base info about each findings
|
115
|
+
* adding a '--output' option
|
116
|
+
* adding a '--count-only' option
|
117
|
+
* support JSON output
|
118
|
+
|
119
|
+
## Version 0.50 (2013-05-13) - First public release
|
120
|
+
|
121
|
+
* adding test for CVE\_2013\_0269
|
122
|
+
* adding test for CVE\_2013\_0155
|
123
|
+
* adding test for CVE\_2011\_2931
|
124
|
+
* adding test for CVE\_2012\_3465
|
data/Roadmap.md
CHANGED
@@ -7,110 +7,7 @@ frameworks.
|
|
7
7
|
|
8
8
|
This is an ongoing roadmap for the dawn source code review tool.
|
9
9
|
|
10
|
-
_latest update: Fri
|
11
|
-
|
12
|
-
## Version 0.50 (2013-05-13) - First public release
|
13
|
-
|
14
|
-
* adding test for CVE\_2013\_0269
|
15
|
-
* adding test for CVE\_2013\_0155
|
16
|
-
* adding test for CVE\_2011\_2931
|
17
|
-
* adding test for CVE\_2012\_3465
|
18
|
-
|
19
|
-
## Version 0.60 (2013-05-28)
|
20
|
-
|
21
|
-
* adding cucumber dependency
|
22
|
-
* adding test for CVE-2013-1854
|
23
|
-
* adding test for CVE-2013-1856
|
24
|
-
* adding test for CVE-2013-0276
|
25
|
-
* adding test for CVE-2013-0277
|
26
|
-
* adding test for CVE-2013-0156
|
27
|
-
* adding test for CVE-2013-2615
|
28
|
-
* adding test for CVE-2013-1875
|
29
|
-
* adding test for CVE-2013-1655
|
30
|
-
* adding test for CVE-2013-1656
|
31
|
-
* adding test for CVE-2013-0175
|
32
|
-
* adding test for CVE-2013-0233
|
33
|
-
* adding test for CVE-2013-0284
|
34
|
-
* adding test for CVE-2013-0285
|
35
|
-
* adding test for CVE-2013-1801
|
36
|
-
* adding test for CVE-2013-1802
|
37
|
-
* adding test for CVE-2013-1821
|
38
|
-
* adding test for CVE-2013-1898
|
39
|
-
* adding test for CVE-2013-1911
|
40
|
-
* adding test for CVE-2013-1933
|
41
|
-
* adding test for CVE-2013-1947
|
42
|
-
* adding test for CVE-2013-1948
|
43
|
-
* adding test for CVE-2013-2616
|
44
|
-
* adding test for CVE-2013-2617
|
45
|
-
* adding test for CVE-2013-3221
|
46
|
-
* make output less verbose. Only vulnerabilities and severity will be shown
|
47
|
-
* adding a '--verbose' option to see also the whole knowledge base info about each findings
|
48
|
-
* adding a '--output' option
|
49
|
-
* adding a '--count-only' option
|
50
|
-
* support JSON output
|
51
|
-
|
52
|
-
## Version 0.70 (2013-06-19)
|
53
|
-
|
54
|
-
* adding test for CVE-2011-0447
|
55
|
-
* adding test for CVE-2011-3186
|
56
|
-
* adding test for CVE-2012-1099
|
57
|
-
* adding test for CVE-2012-1241
|
58
|
-
* adding test for CVE-2012-2140
|
59
|
-
* adding test for CVE-2012-5370
|
60
|
-
* adding test for CVE-2012-5371
|
61
|
-
* adding test for CVE-2011-2197
|
62
|
-
* adding test for CVE-2011-2932
|
63
|
-
* adding test for CVE-2012-3463
|
64
|
-
* adding test for CVE-2012-3464
|
65
|
-
* adding test for CVE-2012-4464
|
66
|
-
* adding test for CVE-2012-4466
|
67
|
-
* adding test for CVE-2012-4481
|
68
|
-
* adding test for CVE-2012-6134
|
69
|
-
* Fix issue #4. PatternMatching complains when applied to binary files. We must
|
70
|
-
skip them
|
71
|
-
* add ruby\_parser dependency
|
72
|
-
* add haml dependency
|
73
|
-
* add target MVC autodetect
|
74
|
-
* write '--help'
|
75
|
-
* detect sinks for XSS in Sinatra applications
|
76
|
-
* detect reflected XSS in Sinatra applications
|
77
|
-
|
78
|
-
## Version 0.79.99 - codename:oddity (2013-11-14)
|
79
|
-
|
80
|
-
This is the first codesake-dawn version making codesake.com web application
|
81
|
-
able to scan something. It deserves a special release.
|
82
|
-
|
83
|
-
* adding test for CVE-2013-2065
|
84
|
-
* adding test for CVE-2013-4389
|
85
|
-
* adding test for CVE-2010-1330
|
86
|
-
* adding test for CVE-2011-0446
|
87
|
-
* adding test for CVE-2011-0995
|
88
|
-
* adding test for CVE-2011-2929
|
89
|
-
* adding test for CVE-2011-4815
|
90
|
-
* adding test for CVE-2012-3424
|
91
|
-
* adding test for CVE-2012-5380
|
92
|
-
* adding test for CVE-2012-4522
|
93
|
-
* adding test for RoRCheatSheet\_1
|
94
|
-
* adding test for RoRCheatSheet\_4
|
95
|
-
* adding test for RoRCheatSheet\_7
|
96
|
-
* adding test for RoRCheatSheet\_8
|
97
|
-
* Fix issue #1. You can read more about it in TODO.md
|
98
|
-
* Added API to scan a single Gemfile.lock using -G flag
|
99
|
-
|
100
|
-
## Version 0.80
|
101
|
-
|
102
|
-
* adding test for CVE-2013-4164
|
103
|
-
* adding test for CVE-2013-4457
|
104
|
-
* adding test for CVE-2013-4562
|
105
|
-
* added a '-z' flag to exit the process with the number of issues found as exit code
|
106
|
-
* added a Cross Site Scripting in Simple Form gem
|
107
|
-
* adding test for CVE-2013-4492
|
108
|
-
* adding test for CVE-2013-4491
|
109
|
-
* adding test for CVE-2013-6414
|
110
|
-
* adding test for CVE-2013-6415
|
111
|
-
* adding test for CVE-2013-6416
|
112
|
-
* adding test for CVE-2013-6417
|
113
|
-
|
10
|
+
_latest update: Fri Dec 13 07:55:54 CET 2013_
|
114
11
|
|
115
12
|
## Version 0.90
|
116
13
|
|
data/bin/dawn
CHANGED
@@ -6,84 +6,8 @@ require 'json'
|
|
6
6
|
require 'codesake-commons'
|
7
7
|
require 'codesake-dawn'
|
8
8
|
|
9
|
-
def dry_run(target, engine)
|
10
|
-
engine.set_target(target)
|
11
|
-
engine.load_knowledge_base
|
12
|
-
engine.apply_all
|
13
|
-
end
|
14
|
-
|
15
|
-
def output_json_run(target = "", engine = nil)
|
16
|
-
result = {}
|
17
|
-
return {:status=>"KO", :message=>"BUG at #{__FILE__}@#{__LINE__}: target is empty or engine is nil."}.to_json if target.empty? or engine.nil?
|
18
|
-
return {:status=>"KO", :message=>"#{target} doesn't exist"}.to_json if ! Dir.exist?(target)
|
19
|
-
check_applied = dry_run(target, engine)
|
20
|
-
return {:status=>"KO", :message=>"no security checks applied"}.to_json unless check_applied
|
21
|
-
|
22
|
-
result[:status]="OK"
|
23
|
-
result[:target]=target
|
24
|
-
result[:mvc]=engine.name
|
25
|
-
result[:mvc_version]=engine.get_mvc_version
|
26
|
-
result[:vulnerabilities_count]=engine.count_vulnerabilities
|
27
|
-
result[:vulnerabilities]=[]
|
28
|
-
engine.vulnerabilities.each do |v|
|
29
|
-
result[:vulnerabilities] << v[:name]
|
30
|
-
end
|
31
|
-
result[:mitigated_vuln_count]=engine.mitigated_issues.count
|
32
|
-
result[:mitigated_vuln] = engine.mitigated_issues
|
33
|
-
result[:reflected_xss] = []
|
34
|
-
engine.reflected_xss.each do |r|
|
35
|
-
result[:reflected_xss] << "request parameter \"#{r[:sink_source]}\""
|
36
|
-
end
|
37
|
-
|
38
|
-
result.to_json
|
39
|
-
end
|
40
|
-
|
41
|
-
def dump_knowledge_base(verbose = false)
|
42
|
-
kb = Codesake::Dawn::KnowledgeBase.new
|
43
|
-
lines = []
|
44
|
-
lines << "Security checks currently supported:\n"
|
45
|
-
|
46
|
-
kb.all.each do |check|
|
47
|
-
if verbose
|
48
|
-
lines << "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}"
|
49
|
-
lines << "Description\n#{check.message}"
|
50
|
-
lines << "Remediation\n#{check.remediation}\n\n"
|
51
|
-
else
|
52
|
-
lines << "#{check.name}"
|
53
|
-
end
|
54
|
-
end
|
55
|
-
lines << "-----\nTotal: #{kb.all.count}"
|
56
|
-
|
57
|
-
lines.empty? ? 0 : lines.compact.join("\n")
|
58
|
-
|
59
|
-
end
|
60
|
-
|
61
|
-
def help
|
62
|
-
puts "Usage: dawn [options] target_directory"
|
63
|
-
printf "\n\nExamples:"
|
64
|
-
puts "$ dawn a_sinatra_webapp_directory"
|
65
|
-
puts "$ dawn -C the_rails_blog_engine"
|
66
|
-
puts "$ dawn -C --output json a_sinatra_webapp_directory"
|
67
|
-
printf "\n -r, --rails\t\t\t\t\tforce dawn to consider the target a rails application"
|
68
|
-
printf "\n -s, --sinatra\t\t\t\tforce dawn to consider the target a sinatra application"
|
69
|
-
printf "\n -p, --padrino\t\t\t\tforce dawn to consider the target a padrino application"
|
70
|
-
printf "\n -G, --gem-lock\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock"
|
71
|
-
printf "\n -D, --debug\t\t\t\t\tenters dawn debug mode"
|
72
|
-
printf "\n -f, --list-known-framework\t\t\tlist ruby MVC frameworks supported by dawn"
|
73
|
-
printf "\n -k, --list-knowledgebase [check_name]\tlist dawn known security checks. If check_name is specified dawn says if check is present or not"
|
74
|
-
printf "\n -o, --output [console, json. csv, html]\tthe output will be in the specified format"
|
75
|
-
printf "\n -V, --verbose\t\t\t\tthe output will be more verbose"
|
76
|
-
printf "\n -C, --count-only\t\t\t\tdawn will only count vulnerabilities (useful for scripts)"
|
77
|
-
printf "\n -z, --exit-on-warn\t\t\t\tdawn will return number of found vulnerabilities as exit code"
|
78
|
-
printf "\n -v, --version\t\t\t\tshow version information"
|
79
|
-
printf "\n -h, --help\t\t\t\t\tshow this help\n"
|
80
|
-
|
81
|
-
0
|
82
|
-
end
|
83
|
-
|
84
|
-
|
85
9
|
APPNAME = File.basename($0)
|
86
|
-
LIST_KNOWN_FRAMEWORK = %w(rails sinatra
|
10
|
+
LIST_KNOWN_FRAMEWORK = %w(rails sinatra padrino)
|
87
11
|
VALID_OUTPUT_FORMAT = %w(console json csv html)
|
88
12
|
|
89
13
|
$logger = Codesake::Commons::Logging.instance
|
@@ -122,7 +46,6 @@ opts.each do |opt, val|
|
|
122
46
|
options[:mvc]=:sinatra
|
123
47
|
when '--padrino'
|
124
48
|
options[:mvc]=:padrino
|
125
|
-
$logger.die "sorry padrino is not yet supported"
|
126
49
|
when '--gem-lock'
|
127
50
|
options[:gemfile_scan] = true
|
128
51
|
options[:gemfile_name] = val unless val.nil?
|
@@ -151,12 +74,12 @@ opts.each do |opt, val|
|
|
151
74
|
end
|
152
75
|
Kernel.exit(0)
|
153
76
|
when '--help'
|
154
|
-
Kernel.exit(help)
|
77
|
+
Kernel.exit(Codesake::Dawn::Core.help)
|
155
78
|
end
|
156
79
|
end
|
157
80
|
|
158
81
|
if options[:dump_kb]
|
159
|
-
puts dump_knowledge_base(options[:verbose]) if check.empty?
|
82
|
+
puts Codesake::Dawn::Core.dump_knowledge_base(options[:verbose]) if check.empty?
|
160
83
|
if ! check.empty?
|
161
84
|
found = Codesake::Dawn::KnowledgeBase.find(nil, check)
|
162
85
|
puts "#{check} found in knowledgebase." if found
|
@@ -184,9 +107,10 @@ unless options[:gemfile_scan]
|
|
184
107
|
end
|
185
108
|
end
|
186
109
|
|
110
|
+
|
187
111
|
engine = Codesake::Dawn::Rails.new(target) if options[:mvc] == :rails && options[:gemfile_scan].nil?
|
188
112
|
engine = Codesake::Dawn::Sinatra.new(target) if options[:mvc] == :sinatra && options[:gemfile_scan].nil?
|
189
|
-
|
113
|
+
engine = Codesake::Dawn::Padrino.new(target) if options[:mvc] == :padrino && options[:gemfile_scan].nil?
|
190
114
|
engine = Codesake::Dawn::GemfileLock.new(target, options[:gemfile_name], options[:debug], guess) if options[:gemfile_scan]
|
191
115
|
|
192
116
|
$logger.die("ruby framework auto detect failed. Please force if rails, sinatra or padrino with -r, -s or -p flags") if engine.nil?
|
@@ -200,7 +124,7 @@ if options[:exit_on_warn]
|
|
200
124
|
end
|
201
125
|
|
202
126
|
if options[:count_only]
|
203
|
-
ret = dry_run(target, engine)
|
127
|
+
ret = Codesake::Dawn::Core.dry_run(target, engine)
|
204
128
|
|
205
129
|
puts (ret)? engine.vulnerabilities.count : "-1" unless options[:output] == "json"
|
206
130
|
puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json
|
@@ -208,7 +132,7 @@ if options[:count_only]
|
|
208
132
|
end
|
209
133
|
|
210
134
|
if options[:output] == "json"
|
211
|
-
puts output_json_run(target, engine)
|
135
|
+
puts Codesake::Dawn::Core.output_json_run(target, engine)
|
212
136
|
Kernel.exit(0)
|
213
137
|
end
|
214
138
|
|
@@ -242,7 +166,8 @@ if engine.count_vulnerabilities != 0
|
|
242
166
|
if engine.has_reflected_xss?
|
243
167
|
$logger.log "#{engine.reflected_xss.count} reflected XSS found"
|
244
168
|
engine.reflected_xss.each do |vuln|
|
245
|
-
$logger.log "request parameter \"#{vuln[:sink_source]}\""
|
169
|
+
$logger.log "request parameter \"#{vuln[:sink_source]}\" is used without escaping in #{vuln[:sink_view]}. It was read here: #{vuln[:sink_file]}@#{vuln[:sink_line]}"
|
170
|
+
$logger.err "evidence: #{vuln[:sink_evidence]}"
|
246
171
|
end
|
247
172
|
end
|
248
173
|
|
data/codesake-dawn.gemspec
CHANGED
@@ -10,7 +10,7 @@ Gem::Specification.new do |gem|
|
|
10
10
|
gem.email = ["thesp0nge@gmail.com"]
|
11
11
|
gem.description = %q{dawn is a security static source code analyzer for web applications written in ruby. It supports major MVC frameworks like sinatra, padrino and ruby on rails. dawn output is a list of security vulnerabilities affecting your code with a suggestion on how to mitigate all of them.}
|
12
12
|
gem.summary = %q{dawn is a security static source code analyzer for sinatra, padrino and ruby on rails web applicartions.}
|
13
|
-
gem.homepage = "http://codesake.com"
|
13
|
+
gem.homepage = "http://dawn.codesake.com"
|
14
14
|
|
15
15
|
gem.files = `git ls-files`.split($/)
|
16
16
|
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
data/lib/codesake/dawn/core.rb
CHANGED
@@ -2,6 +2,83 @@ module Codesake
|
|
2
2
|
module Dawn
|
3
3
|
class Core
|
4
4
|
|
5
|
+
def self.help
|
6
|
+
puts "Usage: dawn [options] target_directory"
|
7
|
+
printf "\n\nExamples:"
|
8
|
+
puts "$ dawn a_sinatra_webapp_directory"
|
9
|
+
puts "$ dawn -C the_rails_blog_engine"
|
10
|
+
puts "$ dawn -C --output json a_sinatra_webapp_directory"
|
11
|
+
printf "\n -r, --rails\t\t\t\t\tforce dawn to consider the target a rails application"
|
12
|
+
printf "\n -s, --sinatra\t\t\t\tforce dawn to consider the target a sinatra application"
|
13
|
+
printf "\n -p, --padrino\t\t\t\tforce dawn to consider the target a padrino application"
|
14
|
+
printf "\n -G, --gem-lock\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock"
|
15
|
+
printf "\n -D, --debug\t\t\t\t\tenters dawn debug mode"
|
16
|
+
printf "\n -f, --list-known-framework\t\t\tlist ruby MVC frameworks supported by dawn"
|
17
|
+
printf "\n -k, --list-knowledgebase [check_name]\tlist dawn known security checks. If check_name is specified dawn says if check is present or not"
|
18
|
+
printf "\n -o, --output [console, json. csv, html]\tthe output will be in the specified format"
|
19
|
+
printf "\n -V, --verbose\t\t\t\tthe output will be more verbose"
|
20
|
+
printf "\n -C, --count-only\t\t\t\tdawn will only count vulnerabilities (useful for scripts)"
|
21
|
+
printf "\n -z, --exit-on-warn\t\t\t\tdawn will return number of found vulnerabilities as exit code"
|
22
|
+
printf "\n -v, --version\t\t\t\tshow version information"
|
23
|
+
printf "\n -h, --help\t\t\t\t\tshow this help\n"
|
24
|
+
|
25
|
+
0
|
26
|
+
end
|
27
|
+
|
28
|
+
|
29
|
+
def self.output_json_run(target = "", engine = nil)
|
30
|
+
result = {}
|
31
|
+
return {:status=>"KO", :message=>"BUG at #{__FILE__}@#{__LINE__}: target is empty or engine is nil."}.to_json if target.empty? or engine.nil?
|
32
|
+
return {:status=>"KO", :message=>"#{target} doesn't exist"}.to_json if ! Dir.exist?(target)
|
33
|
+
check_applied = Codesake::Dawn::Core.dry_run(target, engine)
|
34
|
+
return {:status=>"KO", :message=>"no security checks applied"}.to_json unless check_applied
|
35
|
+
|
36
|
+
result[:status]="OK"
|
37
|
+
result[:target]=target
|
38
|
+
result[:mvc]=engine.name
|
39
|
+
result[:mvc_version]=engine.get_mvc_version
|
40
|
+
result[:vulnerabilities_count]=engine.count_vulnerabilities
|
41
|
+
result[:vulnerabilities]=[]
|
42
|
+
engine.vulnerabilities.each do |v|
|
43
|
+
result[:vulnerabilities] << v[:name]
|
44
|
+
end
|
45
|
+
result[:mitigated_vuln_count]=engine.mitigated_issues.count
|
46
|
+
result[:mitigated_vuln] = engine.mitigated_issues
|
47
|
+
result[:reflected_xss] = []
|
48
|
+
engine.reflected_xss.each do |r|
|
49
|
+
result[:reflected_xss] << "request parameter \"#{r[:sink_source]}\""
|
50
|
+
end
|
51
|
+
|
52
|
+
result.to_json
|
53
|
+
end
|
54
|
+
|
55
|
+
|
56
|
+
def self.dump_knowledge_base(verbose = false)
|
57
|
+
kb = Codesake::Dawn::KnowledgeBase.new
|
58
|
+
lines = []
|
59
|
+
lines << "Security checks currently supported:\n"
|
60
|
+
|
61
|
+
kb.all.each do |check|
|
62
|
+
if verbose
|
63
|
+
lines << "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}"
|
64
|
+
lines << "Description\n#{check.message}"
|
65
|
+
lines << "Remediation\n#{check.remediation}\n\n"
|
66
|
+
else
|
67
|
+
lines << "#{check.name}"
|
68
|
+
end
|
69
|
+
end
|
70
|
+
lines << "-----\nTotal: #{kb.all.count}"
|
71
|
+
|
72
|
+
lines.empty? ? 0 : lines.compact.join("\n")
|
73
|
+
|
74
|
+
end
|
75
|
+
|
76
|
+
|
77
|
+
def self.dry_run(target, engine)
|
78
|
+
engine.set_target(target)
|
79
|
+
engine.load_knowledge_base
|
80
|
+
engine.apply_all
|
81
|
+
end
|
5
82
|
|
6
83
|
# guess_mvc is very close to detect_mvc despite it accepts a
|
7
84
|
# filename as input and it tries to guess the mvc framework used from the
|
@@ -39,7 +116,7 @@ module Codesake
|
|
39
116
|
Dir.chdir(my_dir)
|
40
117
|
lockfile.specs.each do |s|
|
41
118
|
return Codesake::Dawn::Rails.new(target) if s.name == "rails"
|
42
|
-
|
119
|
+
return Codesake::Dawn::Padrino.new(target) if s.name == "padrino"
|
43
120
|
end
|
44
121
|
|
45
122
|
return Codesake::Dawn::Sinatra.new(target)
|
@@ -15,7 +15,7 @@ module Codesake
|
|
15
15
|
:release_date => Date.new(2013, 3, 8),
|
16
16
|
:cwe=>"20",
|
17
17
|
:owasp=>"A9",
|
18
|
-
:applies=>["rails"],
|
18
|
+
:applies=>["rails", "sinatra", "padrino"],
|
19
19
|
:kind => Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
20
20
|
:message => message,
|
21
21
|
:mitigation=>"Please upgrade Spree commerce rubygem",
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-12-17
|
5
|
+
class CVE_2013_1812
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>'CVE-2013-1812',
|
13
|
+
:cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
14
|
+
:release_date => Date.new(2013, 12, 12),
|
15
|
+
:cwe=>"399",
|
16
|
+
:owasp=>"A9",
|
17
|
+
:applies=>["rails", "padrino", "sinatra"],
|
18
|
+
:kind => Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
19
|
+
:message => message,
|
20
|
+
:mitigation=>"Please upgrade ruby-openid rubygem",
|
21
|
+
:aux_links => ["http://www.openwall.com/lists/oss-security/2013/03/03/8"]
|
22
|
+
})
|
23
|
+
self.safe_dependencies = [{:name=>"ruby-openid", :version=>['2.2.2']}]
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-12-17
|
5
|
+
class CVE_2013_4478
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment."
|
10
|
+
super({
|
11
|
+
:name=>'CVE-2013-4478',
|
12
|
+
:cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
13
|
+
:release_date => Date.new(2013, 12, 7),
|
14
|
+
:cwe=>"94",
|
15
|
+
:owasp=>"A9",
|
16
|
+
:applies=>["rails", "padrino", "sinatra"],
|
17
|
+
:kind => Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message => message,
|
19
|
+
:mitigation=>"Please upgrade sup rubygem",
|
20
|
+
:aux_links => ["http://www.openwall.com/lists/oss-security/2013/10/30/2"]
|
21
|
+
})
|
22
|
+
self.safe_dependencies = [{:name=>"sup", :version=>['0.13.2.1', '0.14.1.1']}]
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-12-17
|
5
|
+
class CVE_2013_4479
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment."
|
10
|
+
super({
|
11
|
+
:name=>'CVE-2013-4479',
|
12
|
+
:cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
13
|
+
:release_date => Date.new(2013, 12, 7),
|
14
|
+
:cwe=>"94",
|
15
|
+
:owasp=>"A9",
|
16
|
+
:applies=>["rails", "padrino", "sinatra"],
|
17
|
+
:kind => Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message => message,
|
19
|
+
:mitigation=>"Please upgrade sup rubygem",
|
20
|
+
:aux_links => ["http://www.openwall.com/lists/oss-security/2013/10/30/2"]
|
21
|
+
})
|
22
|
+
self.safe_dependencies = [{:name=>"sup", :version=>['0.13.2.1', '0.14.1.1']}]
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2013-12-17
|
5
|
+
class CVE_2013_6421
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>'CVE-2013-6421',
|
13
|
+
:cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
14
|
+
:release_date => Date.new(2013, 12, 12),
|
15
|
+
:cwe=>"94",
|
16
|
+
:owasp=>"A9",
|
17
|
+
:applies=>["rails", "padrino", "sinatra"],
|
18
|
+
:kind => Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
19
|
+
:message => message,
|
20
|
+
:mitigation=>"Please upgrade sprout rubygem",
|
21
|
+
:aux_links => ["http://www.openwall.com/lists/oss-security/2013/12/03/1"]
|
22
|
+
})
|
23
|
+
self.safe_dependencies = [{:name=>"sprout", :version=>['0.7.247']}]
|
24
|
+
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
|
5
|
+
class NokogiriDos20131217_a
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Vulnerability arises when Nokogiri version 1.6.0 and 1.5.x (x<11) is used"
|
10
|
+
super({
|
11
|
+
:name=>"NokogiriDos20131217_a",
|
12
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
13
|
+
})
|
14
|
+
self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.1', '1.5.11']}]
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
class NokogiriDos20131217_b
|
20
|
+
include RubyVersionCheck
|
21
|
+
def initialize
|
22
|
+
message = "Vulnerability arises when Nokogiri version 1.6.0 and 1.5.x (x<11) is used with JRuby"
|
23
|
+
super({
|
24
|
+
:name=>"NokogiriDos20131217_b",
|
25
|
+
:kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
|
26
|
+
})
|
27
|
+
self.safe_rubies = [ {:engine=>"jruby", :version=>"99.99.99", :patchlevel=>"p999"}]
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
class NokogiriDos20131217
|
32
|
+
include ComboCheck
|
33
|
+
|
34
|
+
def initialize
|
35
|
+
message = "There is a vulnerability in Nokogiri when using JRuby where the parser can enter an infinite loop and exhaust the process memory. Nokogiri users on JRuby using the native Java extension. Attackers can send XML documents with carefully crafted documents which can cause the XML processor to enter an infinite loop, causing the server to run out of memory and crash."
|
36
|
+
|
37
|
+
super({
|
38
|
+
:name=>"Nokogiri - Denial of service - 20131217",
|
39
|
+
:cvss=>"",
|
40
|
+
:release_date => Date.new(2013, 12, 15),
|
41
|
+
:cwe=>"",
|
42
|
+
:owasp=>"A9",
|
43
|
+
:applies=>["rails", "sinatra", "padrino"],
|
44
|
+
:kind=>Codesake::Dawn::KnowledgeBase::COMBO_CHECK,
|
45
|
+
:message=>message,
|
46
|
+
:mitigation=>"Please upgrade nokogiri gem to a newer version",
|
47
|
+
:aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA"],
|
48
|
+
:checks=>[NokogiriDos20131217_a.new, NokogiriDos20131217_b.new]
|
49
|
+
})
|
50
|
+
|
51
|
+
|
52
|
+
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
|
5
|
+
class Nokogiri_EntityExpansion_Dos_20131217_a
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Vulnerability arises when Nokogiri version 1.6.0 and 1.5.x (x<11) is used"
|
10
|
+
super({
|
11
|
+
:name=>"Nokogiri_EntityExpansion_Dos_20131217_a",
|
12
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
13
|
+
})
|
14
|
+
self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.1', '1.5.11']}]
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
class Nokogiri_EntityExpansion_Dos_20131217_b
|
20
|
+
include RubyVersionCheck
|
21
|
+
def initialize
|
22
|
+
message = "Vulnerability arises when Nokogiri version 1.6.0 and 1.5.x (x<11) is used with JRuby"
|
23
|
+
super({
|
24
|
+
:name=>"Nokogiri_EntityExpansion_Dos_20131217_b",
|
25
|
+
:kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
|
26
|
+
})
|
27
|
+
self.safe_rubies = [ {:engine=>"jruby", :version=>"99.99.99", :patchlevel=>"p999"}]
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
class Nokogiri_EntityExpansion_Dos_20131217
|
32
|
+
include ComboCheck
|
33
|
+
|
34
|
+
def initialize
|
35
|
+
message = "There is an entity expansion vulnerability in Nokogiri when using JRuby. Nokogiri users on JRuby using the native Java extension. Attackers can send
|
36
|
+
XML documents with carefully crafted entity expansion strings which can cause the server to run out of memory and crash."
|
37
|
+
super({
|
38
|
+
:name=>"Nokogiri - Entity expasion denial of service - 20131217",
|
39
|
+
:cvss=>"",
|
40
|
+
:release_date => Date.new(2013, 12, 15),
|
41
|
+
:cwe=>"",
|
42
|
+
:owasp=>"A9",
|
43
|
+
:applies=>["rails", "sinatra", "padrino"],
|
44
|
+
:kind=>Codesake::Dawn::KnowledgeBase::COMBO_CHECK,
|
45
|
+
:message=>message,
|
46
|
+
:mitigation=>"Please upgrade nokogiri gem to a newer version",
|
47
|
+
:aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA"],
|
48
|
+
:checks=>[Nokogiri_EntityExpansion_Dos_20131217_a.new, Nokogiri_EntityExpansion_Dos_20131217_b.new]
|
49
|
+
})
|
50
|
+
|
51
|
+
|
52
|
+
|
53
|
+
|
54
|
+
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -18,6 +18,13 @@ require "codesake/dawn/kb/owasp_ror_cheatsheet"
|
|
18
18
|
# https://groups.google.com/forum/#!topic/ruby-security-ann/flHbLMb07tE
|
19
19
|
require "codesake/dawn/kb/simpleform_xss_20131129"
|
20
20
|
|
21
|
+
# Two different denial of service issues affecting Nokogiri gem when using Jruby interpreter
|
22
|
+
# December, 17 2013
|
23
|
+
#
|
24
|
+
# https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
|
25
|
+
require "codesake/dawn/kb/nokogiri_dos_20131217"
|
26
|
+
require "codesake/dawn/kb/nokogiri_entityexpansion_dos_20131217"
|
27
|
+
|
21
28
|
# CVE - 2010
|
22
29
|
require "codesake/dawn/kb/cve_2010_1330"
|
23
30
|
|
@@ -71,6 +78,7 @@ require "codesake/dawn/kb/cve_2013_1656"
|
|
71
78
|
require "codesake/dawn/kb/cve_2013_1800"
|
72
79
|
require "codesake/dawn/kb/cve_2013_1801"
|
73
80
|
require "codesake/dawn/kb/cve_2013_1802"
|
81
|
+
require "codesake/dawn/kb/cve_2013_1812"
|
74
82
|
require "codesake/dawn/kb/cve_2013_1821"
|
75
83
|
require "codesake/dawn/kb/cve_2013_1854"
|
76
84
|
require "codesake/dawn/kb/cve_2013_1855"
|
@@ -90,6 +98,8 @@ require "codesake/dawn/kb/cve_2013_3221"
|
|
90
98
|
require "codesake/dawn/kb/cve_2013_4164"
|
91
99
|
require "codesake/dawn/kb/cve_2013_4389"
|
92
100
|
require "codesake/dawn/kb/cve_2013_4457"
|
101
|
+
require "codesake/dawn/kb/cve_2013_4478"
|
102
|
+
require "codesake/dawn/kb/cve_2013_4479"
|
93
103
|
require "codesake/dawn/kb/cve_2013_4491"
|
94
104
|
require "codesake/dawn/kb/cve_2013_4492"
|
95
105
|
require "codesake/dawn/kb/cve_2013_4562"
|
@@ -97,6 +107,7 @@ require "codesake/dawn/kb/cve_2013_6414"
|
|
97
107
|
require "codesake/dawn/kb/cve_2013_6415"
|
98
108
|
require "codesake/dawn/kb/cve_2013_6416"
|
99
109
|
require "codesake/dawn/kb/cve_2013_6417"
|
110
|
+
require "codesake/dawn/kb/cve_2013_6421"
|
100
111
|
|
101
112
|
|
102
113
|
module Codesake
|
@@ -163,6 +174,8 @@ module Codesake
|
|
163
174
|
Codesake::Dawn::Kb::NotRevisedCode.new,
|
164
175
|
Codesake::Dawn::Kb::OwaspRorCheatsheet.new,
|
165
176
|
Codesake::Dawn::Kb::SimpleForm_Xss_20131129.new,
|
177
|
+
Codesake::Dawn::Kb::NokogiriDos20131217.new,
|
178
|
+
Codesake::Dawn::Kb::Nokogiri_EntityExpansion_Dos_20131217.new,
|
166
179
|
Codesake::Dawn::Kb::CVE_2010_1330.new,
|
167
180
|
Codesake::Dawn::Kb::CVE_2011_0446.new,
|
168
181
|
Codesake::Dawn::Kb::CVE_2011_0447.new,
|
@@ -209,6 +222,7 @@ module Codesake
|
|
209
222
|
Codesake::Dawn::Kb::CVE_2013_1800.new,
|
210
223
|
Codesake::Dawn::Kb::CVE_2013_1801.new,
|
211
224
|
Codesake::Dawn::Kb::CVE_2013_1802.new,
|
225
|
+
Codesake::Dawn::Kb::CVE_2013_1812.new,
|
212
226
|
Codesake::Dawn::Kb::CVE_2013_1821.new,
|
213
227
|
Codesake::Dawn::Kb::CVE_2013_1854.new,
|
214
228
|
Codesake::Dawn::Kb::CVE_2013_1855.new,
|
@@ -228,6 +242,8 @@ module Codesake
|
|
228
242
|
Codesake::Dawn::Kb::CVE_2013_4164.new,
|
229
243
|
Codesake::Dawn::Kb::CVE_2013_4389.new,
|
230
244
|
Codesake::Dawn::Kb::CVE_2013_4457.new,
|
245
|
+
Codesake::Dawn::Kb::CVE_2013_4478.new,
|
246
|
+
Codesake::Dawn::Kb::CVE_2013_4479.new,
|
231
247
|
Codesake::Dawn::Kb::CVE_2013_4491.new,
|
232
248
|
Codesake::Dawn::Kb::CVE_2013_4492.new,
|
233
249
|
Codesake::Dawn::Kb::CVE_2013_4562.new,
|
@@ -235,6 +251,7 @@ module Codesake
|
|
235
251
|
Codesake::Dawn::Kb::CVE_2013_6415.new,
|
236
252
|
Codesake::Dawn::Kb::CVE_2013_6416.new,
|
237
253
|
Codesake::Dawn::Kb::CVE_2013_6417.new,
|
254
|
+
Codesake::Dawn::Kb::CVE_2013_6421.new,
|
238
255
|
|
239
256
|
]
|
240
257
|
end
|
@@ -11,6 +11,13 @@ module Codesake
|
|
11
11
|
@apps = detect_apps
|
12
12
|
end
|
13
13
|
|
14
|
+
def get_sinatra_version
|
15
|
+
self.connected_gems.each do |gem|
|
16
|
+
return gem[:version] if gem[:name] == "sinatra"
|
17
|
+
end
|
18
|
+
|
19
|
+
return ""
|
20
|
+
end
|
14
21
|
def detect_apps
|
15
22
|
|
16
23
|
apps_rb = File.join(@target, "config", "apps.rb")
|
@@ -26,11 +33,25 @@ module Codesake
|
|
26
33
|
tree = p.parse(line)
|
27
34
|
if ! tree.nil? && tree.sexp_type == :call
|
28
35
|
body_a = tree.sexp_body.to_a
|
29
|
-
|
30
|
-
sinatra_app_rb = body_a[0][4][2][3][1] if is_mount_call?(body_a[0])
|
31
|
-
debug_me("BODY_A=#{body_a[0]}")
|
36
|
+
debug_me("BODY_A=#{body_a[0]} - BODY_A_SIZE=#{body_a[0].size}")
|
32
37
|
debug_me("IS_MOUNT_CALL? #{is_mount_call?(body_a[0])}")
|
38
|
+
mp = body_a[2][1]
|
33
39
|
debug_me("MP = #{mp}")
|
40
|
+
|
41
|
+
# Padrino.mount('HelloWorldPadrino::App', :app_file => Padrino.root('app/app.rb')).to('/')
|
42
|
+
sinatra_app_rb = body_a[0][4][2][3][1] if body_a[0].size == 5 && is_mount_call?(body_a[0])
|
43
|
+
|
44
|
+
# Padrino.mount("HelloWorldPadrino:App").to('/')
|
45
|
+
if body_a[0].size == 4
|
46
|
+
|
47
|
+
# Defaulting the application name if mount point is /
|
48
|
+
sinatra_app_rb = "app/app.rb" if mp == "/"
|
49
|
+
|
50
|
+
# Take the app name as mountpoint/app.rb
|
51
|
+
sinatra_app_rb = body_a[0][3][1].downcase+"/app.rb" unless mp == "/"
|
52
|
+
|
53
|
+
end
|
54
|
+
|
34
55
|
target = File.dirname(sinatra_app_rb )
|
35
56
|
apps << Codesake::Dawn::Sinatra.new(target, mp)
|
36
57
|
end
|
@@ -43,6 +64,12 @@ module Codesake
|
|
43
64
|
# if line.start_with?("Padrino.mount")
|
44
65
|
|
45
66
|
end
|
67
|
+
|
68
|
+
|
69
|
+
debug_me("sinatra version is: #{self.get_sinatra_version}")
|
70
|
+
apps.each do |a|
|
71
|
+
debug_me("detected sinatra application at #{a.mount_point} ")
|
72
|
+
end
|
46
73
|
apps
|
47
74
|
end
|
48
75
|
|
@@ -37,7 +37,10 @@ module Codesake
|
|
37
37
|
@views.each do |v|
|
38
38
|
view_content = File.read(v[:filename])
|
39
39
|
@sinks.each do |sink|
|
40
|
-
|
40
|
+
if view_content.match(sink[:sink_name])
|
41
|
+
sink[:sink_view] = v[:filename]
|
42
|
+
ret << sink
|
43
|
+
end
|
41
44
|
end
|
42
45
|
end
|
43
46
|
ret
|
@@ -72,14 +75,14 @@ module Codesake
|
|
72
75
|
|
73
76
|
sink_source = "#{body[3].to_a[1][2].to_s}[#{body[3].to_a[3][1].to_s}]"
|
74
77
|
|
75
|
-
ret << {:sink_name=>sink_name, :sink_kind=>:params, :sink_line=>i+1, :sink_source=>sink_source}
|
78
|
+
ret << {:sink_name=>sink_name, :sink_kind=>:params, :sink_line=>i+1, :sink_source=>sink_source, :sink_file=>appname, :sink_evidence=>line}
|
76
79
|
end
|
77
80
|
if body[0][0] == :ivar
|
78
81
|
sink_name=body[0][1].to_s
|
79
82
|
sink_pos=body[2][1].to_i
|
80
83
|
sink_source=body[3][3][1]
|
81
84
|
|
82
|
-
ret << {:sink_name=>sink_name, :sink_kind=>:params, :sink_line=>i+1, :sink_source=>sink_source}
|
85
|
+
ret << {:sink_name=>sink_name, :sink_kind=>:params, :sink_line=>i+1, :sink_source=>sink_source, :sink_file=>appname, :sink_evidence=>line}
|
83
86
|
end
|
84
87
|
|
85
88
|
end
|
@@ -91,7 +94,7 @@ module Codesake
|
|
91
94
|
if is_assignement_from_params?(body, :iasgn)
|
92
95
|
sink_name = body[0].to_s
|
93
96
|
sink_source = "#{body[1][3][1].to_s}"
|
94
|
-
ret << {:sink_name=>sink_name, :sink_kind=>:params, :sink_line=>i+1, :sink_source=>sink_source }
|
97
|
+
ret << {:sink_name=>sink_name, :sink_kind=>:params, :sink_line=>i+1, :sink_source=>sink_source, :sink_file=>appname, :sink_evidence=>line}
|
95
98
|
end
|
96
99
|
end
|
97
100
|
rescue Racc::ParseError => e
|
@@ -426,4 +426,35 @@ describe "The Codesake Dawn knowledge base" do
|
|
426
426
|
sc.should_not be_nil
|
427
427
|
sc.class.should == Codesake::Dawn::Kb::CVE_2013_6417
|
428
428
|
end
|
429
|
+
|
430
|
+
it "must have test for NokogiriDos20131217_1" do
|
431
|
+
sc = kb.find("Nokogiri - Denial of service - 20131217")
|
432
|
+
sc.should_not be_nil
|
433
|
+
sc.class.should == Codesake::Dawn::Kb::NokogiriDos20131217
|
434
|
+
end
|
435
|
+
it "must have test for Nokogiri_EntityExpansion_Dos_20131217" do
|
436
|
+
sc = kb.find("Nokogiri - Entity expasion denial of service - 20131217")
|
437
|
+
sc.should_not be_nil
|
438
|
+
sc.class.should == Codesake::Dawn::Kb::Nokogiri_EntityExpansion_Dos_20131217
|
439
|
+
end
|
440
|
+
it "must have test for CVE-2013-4478" do
|
441
|
+
sc = kb.find("CVE-2013-4478")
|
442
|
+
sc.should_not be_nil
|
443
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2013_4478
|
444
|
+
end
|
445
|
+
it "must have test for CVE-2013-4479" do
|
446
|
+
sc = kb.find("CVE-2013-4479")
|
447
|
+
sc.should_not be_nil
|
448
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2013_4479
|
449
|
+
end
|
450
|
+
it "must have test for CVE-2013-1812" do
|
451
|
+
sc = kb.find("CVE-2013-1812")
|
452
|
+
sc.should_not be_nil
|
453
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2013_1812
|
454
|
+
end
|
455
|
+
it "must have test for CVE-2013-6421" do
|
456
|
+
sc = kb.find("CVE-2013-6421")
|
457
|
+
sc.should_not be_nil
|
458
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2013_6421
|
459
|
+
end
|
429
460
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: codesake-dawn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: '0.85'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paolo Perego
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-12-
|
11
|
+
date: 2013-12-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: codesake-commons
|
@@ -221,6 +221,7 @@ files:
|
|
221
221
|
- .ruby-gemset
|
222
222
|
- .ruby-version
|
223
223
|
- .travis.yml
|
224
|
+
- Changelog.md
|
224
225
|
- Competitive_matrix.md
|
225
226
|
- Gemfile
|
226
227
|
- LICENSE.txt
|
@@ -287,6 +288,7 @@ files:
|
|
287
288
|
- lib/codesake/dawn/kb/cve_2013_1800.rb
|
288
289
|
- lib/codesake/dawn/kb/cve_2013_1801.rb
|
289
290
|
- lib/codesake/dawn/kb/cve_2013_1802.rb
|
291
|
+
- lib/codesake/dawn/kb/cve_2013_1812.rb
|
290
292
|
- lib/codesake/dawn/kb/cve_2013_1821.rb
|
291
293
|
- lib/codesake/dawn/kb/cve_2013_1854.rb
|
292
294
|
- lib/codesake/dawn/kb/cve_2013_1855.rb
|
@@ -306,6 +308,8 @@ files:
|
|
306
308
|
- lib/codesake/dawn/kb/cve_2013_4164.rb
|
307
309
|
- lib/codesake/dawn/kb/cve_2013_4389.rb
|
308
310
|
- lib/codesake/dawn/kb/cve_2013_4457.rb
|
311
|
+
- lib/codesake/dawn/kb/cve_2013_4478.rb
|
312
|
+
- lib/codesake/dawn/kb/cve_2013_4479.rb
|
309
313
|
- lib/codesake/dawn/kb/cve_2013_4491.rb
|
310
314
|
- lib/codesake/dawn/kb/cve_2013_4492.rb
|
311
315
|
- lib/codesake/dawn/kb/cve_2013_4562.rb
|
@@ -313,7 +317,10 @@ files:
|
|
313
317
|
- lib/codesake/dawn/kb/cve_2013_6415.rb
|
314
318
|
- lib/codesake/dawn/kb/cve_2013_6416.rb
|
315
319
|
- lib/codesake/dawn/kb/cve_2013_6417.rb
|
320
|
+
- lib/codesake/dawn/kb/cve_2013_6421.rb
|
316
321
|
- lib/codesake/dawn/kb/dependency_check.rb
|
322
|
+
- lib/codesake/dawn/kb/nokogiri_dos_20131217.rb
|
323
|
+
- lib/codesake/dawn/kb/nokogiri_entityexpansion_dos_20131217.rb
|
317
324
|
- lib/codesake/dawn/kb/not_revised_code.rb
|
318
325
|
- lib/codesake/dawn/kb/operating_system_check.rb
|
319
326
|
- lib/codesake/dawn/kb/owasp_ror_cheatsheet.rb
|
@@ -527,7 +534,7 @@ files:
|
|
527
534
|
- spec/support/sinatra-vulnerable/views/layout.haml
|
528
535
|
- spec/support/sinatra-vulnerable/views/root.haml
|
529
536
|
- spec/support/sinatra-vulnerable/views/xss.haml
|
530
|
-
homepage: http://codesake.com
|
537
|
+
homepage: http://dawn.codesake.com
|
531
538
|
licenses: []
|
532
539
|
metadata: {}
|
533
540
|
post_install_message:
|