codesake-dawn 1.0.3 → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Changelog.md +18 -0
- data/KnowledgeBase.md +18 -3
- data/lib/codesake/dawn/kb/cve_2014_0081.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2014_0082.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2014_1233.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2014_1234.rb +28 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +22 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +45 -0
- data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +29 -0
- data/lib/codesake/dawn/knowledge_base.rb +12 -2
- data/lib/codesake/dawn/version.rb +8 -8
- data/spec/lib/kb/cve_2014_0081_spec.rb +68 -0
- data/spec/lib/kb/cve_2014_0082_spec.rb +52 -0
- data/spec/lib/kb/cve_2014_1233_spec.rb +15 -0
- data/spec/lib/kb/cve_2014_1234_spec.rb +16 -0
- metadata +18 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 914a2707ab6f6f0ddf7966e68d892631f10442e2
|
4
|
+
data.tar.gz: c699f50ca63a6faaa85ce13cf173cd00f0824e8a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3384ce19d54e70a4cda683b45840f6c77a78dabffc78507f5b734ed539f0b82d83c2a13578aa256e68aad31af159657080aa73e3f5edcef72193902a8adfc293
|
7
|
+
data.tar.gz: 9afe07268b10933f21dd169dd9bae01b9ceb3f668f475ea5a354cc43e93d096b4b502581f739cf4c834703e7f6458dee8808e70fa307af726d1915a41dc44a9d
|
data/Changelog.md
CHANGED
@@ -7,6 +7,24 @@ frameworks.
|
|
7
7
|
|
8
8
|
_latest update: Fri Jan 24 07:57:58 CET 2014_
|
9
9
|
|
10
|
+
## Version 1.0.4 - codename: Lightning McQueen (2014-03-14)
|
11
|
+
|
12
|
+
* Backporting of some CVEs introduced in 2014 from the development branch.
|
13
|
+
Since it will take some time to improve dawn 1.1 and since I forgot to merge
|
14
|
+
some useful CVE released since January also in master, I do it know. Please
|
15
|
+
note that, due to a big change in DependencyCheck class the check against
|
16
|
+
CVE-2014-0080 will be only available with dawn 1.1.
|
17
|
+
|
18
|
+
Backported checks are:
|
19
|
+
+ CVE-2014-1233: The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
|
20
|
+
+ CVE-2014-1234: The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
|
21
|
+
+ CVE-2014-0081: Multiple cross-site scripting (XSS) vulnerabilities in rails
|
22
|
+
+ CVE-2014-0082: Denial of service in Rails before 3.2.17
|
23
|
+
|
24
|
+
New security checks are for Owasp ROR Cheatsheet:
|
25
|
+
+ Check for safe redirect and forward
|
26
|
+
+ Check for sensitive file
|
27
|
+
|
10
28
|
## Version 1.0.3 - codename: Lightning McQueen (2014-02-13)
|
11
29
|
|
12
30
|
* Fixing issue #37. Now the rake task is successfully loaded when you require
|
data/KnowledgeBase.md
CHANGED
@@ -1,10 +1,21 @@
|
|
1
1
|
# Codesake::Dawn Knowledge base
|
2
2
|
|
3
|
-
The knowledge base library for Codesake::Dawn version 1.0.
|
3
|
+
The knowledge base library for Codesake::Dawn version 1.0.4 contains 152 security checks.
|
4
4
|
---
|
5
5
|
* Not revised code: Analyzing comments, it seems your code is waiting from some review from you. Please consider take action before putting it in production.
|
6
6
|
This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME
|
7
|
-
* Owasp Ror
|
7
|
+
* Owasp Ror CheatSheet: Command Injection: Ruby offers a function called "eval" which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection.
|
8
|
+
* Owasp Ror CheatSheet: Cross Site Request Forgery: Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request.
|
9
|
+
* Owasp Ror CheatSheet: Session management: By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session.
|
10
|
+
* Owasp Ror CheatSheet: Mass Assignement in model: Although the major issue with Mass Assignment has been fixed by default in base Rails specifically when generating new projects, it still applies to older and upgraded projects so it is important to understand the issue and to ensure that only attributes that are intended to be modifiable are exposed.
|
11
|
+
* Owasp Ror CheatSheet: Security Related Headers: To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the "default_headers" functionality that will automatically apply the values supplied. This works for most headers in almost all cases.
|
12
|
+
* Owasp Ror CheatSheet: Check for safe redirect and forward: Web applications often require the ability to dynamically redirect users based on client-supplied data. To clarify, dynamic redirection usually entails the client including a URL in a parameter within a request to the application. Once received by the application, the user is redirected to the URL specified in the request. For example:
|
13
|
+
http://www.example.com/redirect?url=http://www.example_commerce_site.com/checkout
|
14
|
+
The above request would redirect the user to http://www.example.com/checkout. The security concern associated with this functionality is leveraging an organization’s trusted brand to phish users and trick them into visiting a malicious site, in our example, “badhacker.com”. Example:
|
15
|
+
http://www.example.com/redirect?url=http://badhacker.com
|
16
|
+
The most basic, but restrictive protection is to use the :only_path option. Setting this to true will essentially strip out any host information.
|
17
|
+
|
18
|
+
* Owasp Ror CheatSheet: Sensitive Files: Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed.
|
8
19
|
* Simple Form XSS - 20131129: There is a XSS vulnerability on Simple Form's label, hint and error options. When Simple Form creates a label, hint or error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the text of these helpers can be provided by the users, malicious values can be provided and Simple Form will mark it as safe.
|
9
20
|
* Nokogiri - Denial of service - 20131217: There is a vulnerability in Nokogiri when using JRuby where the parser can enter an infinite loop and exhaust the process memory. Nokogiri users on JRuby using the native Java extension. Attackers can send XML documents with carefully crafted documents which can cause the XML processor to enter an infinite loop, causing the server to run out of memory and crash.
|
10
21
|
* Nokogiri - Entity expasion denial of service - 20131217: There is an entity expansion vulnerability in Nokogiri when using JRuby. Nokogiri users on JRuby using the native Java extension. Attackers can send
|
@@ -148,6 +159,10 @@ XML documents with carefully crafted entity expansion strings which can cause th
|
|
148
159
|
* [CVE-2013-6421](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6421): The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.
|
149
160
|
* [CVE-2013-6459](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459): Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
|
150
161
|
* [CVE-2013-7086](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7086): The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
|
162
|
+
* [CVE-2014-1233](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1233): The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
|
163
|
+
* [CVE-2014-1234](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1234): The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
|
164
|
+
* [CVE-2014-0081](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081): Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
|
165
|
+
* [CVE-2014-0082](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082): actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
|
151
166
|
|
152
167
|
|
153
|
-
_Last updated:
|
168
|
+
_Last updated: Fri 14 Mar 08:36:40 CET 2014_
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2014-02-21
|
5
|
+
class CVE_2014_0081
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper."
|
10
|
+
super({
|
11
|
+
:name=>"CVE-2014-0081",
|
12
|
+
:cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
13
|
+
:release_date => Date.new(2014, 2, 20),
|
14
|
+
:cwe=>"79",
|
15
|
+
:owasp=>"A3",
|
16
|
+
:applies=>["rails"],
|
17
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message=>message,
|
19
|
+
:mitigation=>"Please upgrade rails version at least to 3.2.17, 4.0.3 or 4.1.0.beta2. As a general rule, using the latest stable rails version is recommended.",
|
20
|
+
:aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ"]
|
21
|
+
})
|
22
|
+
|
23
|
+
self.safe_dependencies = [{:name=>"rails", :version=>['3.2.17', '4.0.3', '4.1.0.beta2', '3.1.99999', '3.0.99999', '2.99999.99999', '1.99999.99999']}]
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2014-02-21
|
5
|
+
class CVE_2014_0082
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>"CVE-2014-0082",
|
13
|
+
:cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
14
|
+
:release_date => Date.new(2014, 2, 20),
|
15
|
+
:cwe=>"20",
|
16
|
+
:owasp=>"A9",
|
17
|
+
:applies=>["rails"],
|
18
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
19
|
+
:message=>message,
|
20
|
+
:mitigation=>"Please upgrade rails version at least to 3.2.17. As a general rule, using the latest stable rails version is recommended.",
|
21
|
+
:aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"]
|
22
|
+
})
|
23
|
+
|
24
|
+
self.safe_dependencies = [{:name=>"rails", :version=>['3.2.17', '3.1.9999', '3.0.99999', '2.99999.99999', '1.99999.99999']}]
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2014-02-05
|
5
|
+
class CVE_2014_1233
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process."
|
10
|
+
|
11
|
+
super({
|
12
|
+
:name=>"CVE-2014-1233",
|
13
|
+
:cvss=>"AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
14
|
+
:release_date => Date.new(2014, 01, 10),
|
15
|
+
:cwe=>"200",
|
16
|
+
:owasp=>"A9",
|
17
|
+
:applies=>["rails", "sinatra", "padrino"],
|
18
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
19
|
+
:message=>message,
|
20
|
+
:mitigation=>"Please upgrade paratrooper-pingdom version up to version 1.0.0.",
|
21
|
+
:aux_links=>["http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html"]
|
22
|
+
})
|
23
|
+
|
24
|
+
self.safe_dependencies = [{:name=>"paratrooper-pingdom", :version=>['1.0.1']}]
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
# Automatically created with rake on 2014-02-05
|
5
|
+
class CVE_2014_1234
|
6
|
+
include DependencyCheck
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
message = "The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process."
|
10
|
+
super({
|
11
|
+
:name=>"CVE-2014-1234",
|
12
|
+
:cvss=>"AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
13
|
+
:release_date => Date.new(2014, 01, 10),
|
14
|
+
:cwe=>"200",
|
15
|
+
:owasp=>"A9",
|
16
|
+
:applies=>["rails", "sinatra", "padrino"],
|
17
|
+
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
+
:message=>message,
|
19
|
+
:mitigation=>"Please upgrade paratrooper-newrelic version up to version 1.0.1.",
|
20
|
+
:aux_links=>["http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html"]
|
21
|
+
})
|
22
|
+
|
23
|
+
self.safe_dependencies = [{:name=>"paratrooper-newrelic", :version=>['1.0.2']}]
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'anemone'
|
2
|
+
require 'httpclient'
|
3
|
+
|
4
|
+
|
5
|
+
# Yes, I was buit just for RubyDay 2012 talk demo
|
6
|
+
#
|
7
|
+
|
8
|
+
h=HTTPClient.new()
|
9
|
+
Anemone.crawl(ARGV[0]) do |anemone|
|
10
|
+
anemone.on_every_page do |page|
|
11
|
+
response = h.get(page.url)
|
12
|
+
puts "Original: #{page.url}: #{response.code}"
|
13
|
+
response = h.get(page.url.to_s.split(";")[0].concat(".bak"))
|
14
|
+
puts "BAK: #{page.url.to_s.split(";")[0].concat(".bak")}: #{response.code}"
|
15
|
+
response = h.get(page.url.to_s.split(";")[0].concat(".old"))
|
16
|
+
puts "OLD: #{page.url.to_s.split(";")[0].concat(".old")}: #{response.code}"
|
17
|
+
response = h.get(page.url.to_s.split(";")[0].concat("~"))
|
18
|
+
puts "~: #{page.url.to_s.split(";")[0].concat("~")}: #{response.code}"
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
# http://localhost:8080/HacmeBooks
|
@@ -0,0 +1,45 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
module OwaspRorCheatSheet
|
5
|
+
|
6
|
+
class CheckForSafeRedirectAndForward
|
7
|
+
include PatternMatchCheck
|
8
|
+
|
9
|
+
def initialize
|
10
|
+
message = <<EOT
|
11
|
+
Web applications often require the ability to dynamically redirect users based on client-supplied data. To clarify, dynamic redirection usually entails the client including a URL in a parameter within a request to the application. Once received by the application, the user is redirected to the URL specified in the request. For example:
|
12
|
+
http://www.example.com/redirect?url=http://www.example_commerce_site.com/checkout
|
13
|
+
The above request would redirect the user to http://www.example.com/checkout. The security concern associated with this functionality is leveraging an organization’s trusted brand to phish users and trick them into visiting a malicious site, in our example, “badhacker.com”. Example:
|
14
|
+
http://www.example.com/redirect?url=http://badhacker.com
|
15
|
+
The most basic, but restrictive protection is to use the :only_path option. Setting this to true will essentially strip out any host information.
|
16
|
+
|
17
|
+
EOT
|
18
|
+
|
19
|
+
super({
|
20
|
+
:name=>"Owasp Ror CheatSheet: Check for safe redirect and forward",
|
21
|
+
:kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
22
|
+
:applies=>["rails"],
|
23
|
+
:glob=>"*.rb",
|
24
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
25
|
+
:message=>message,
|
26
|
+
:attack_pattern => ["redirect_to"],
|
27
|
+
:mitigation=>"The most basic, but restrictive protection is to use the :only_path option. Setting this to true will essentially strip out any host information."
|
28
|
+
})
|
29
|
+
# @debug = true
|
30
|
+
|
31
|
+
end
|
32
|
+
def vuln?
|
33
|
+
super
|
34
|
+
ret = []
|
35
|
+
@evidences.each do |ev|
|
36
|
+
ret << ev unless ev[:matches].include? ":only_path => true"
|
37
|
+
end
|
38
|
+
@evidences = ret unless ret.empty?
|
39
|
+
return @evidences.empty?
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Codesake
|
2
|
+
module Dawn
|
3
|
+
module Kb
|
4
|
+
module OwaspRorCheatSheet
|
5
|
+
|
6
|
+
class SensitiveFiles
|
7
|
+
include PatternMatchCheck
|
8
|
+
|
9
|
+
def initialize
|
10
|
+
message = "Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed."
|
11
|
+
|
12
|
+
super({
|
13
|
+
:name=>"Owasp Ror CheatSheet: Sensitive Files",
|
14
|
+
:kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
15
|
+
:applies=>["rails"],
|
16
|
+
:glob=>".gitignore",
|
17
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
18
|
+
:message=>message,
|
19
|
+
:attack_pattern => ["/config/database.yml", "/config/initializers/secret_token.rb", "/db/seeds.rb", "/db/*.sqlite3"],
|
20
|
+
:mitigation=>"Put sensitive files in your repository gitignore file"
|
21
|
+
})
|
22
|
+
# @debug = true
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -18,6 +18,8 @@ require 'codesake/dawn/kb/owasp_ror_cheatsheet/csrf'
|
|
18
18
|
require 'codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database'
|
19
19
|
require 'codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model'
|
20
20
|
require 'codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers'
|
21
|
+
require 'codesake/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward'
|
22
|
+
require 'codesake/dawn/kb/owasp_ror_cheatsheet/sensitive_files'
|
21
23
|
|
22
24
|
# Security checks with no or pending CVE
|
23
25
|
|
@@ -193,8 +195,11 @@ require "codesake/dawn/kb/cve_2013_6459"
|
|
193
195
|
require "codesake/dawn/kb/cve_2013_7086"
|
194
196
|
|
195
197
|
# CVE - 2014
|
196
|
-
# require "codesake/dawn/kb/cve_2014_1234"
|
197
198
|
|
199
|
+
require "codesake/dawn/kb/cve_2014_0081"
|
200
|
+
require "codesake/dawn/kb/cve_2014_0082"
|
201
|
+
require "codesake/dawn/kb/cve_2014_1233"
|
202
|
+
require "codesake/dawn/kb/cve_2014_1234"
|
198
203
|
|
199
204
|
module Codesake
|
200
205
|
module Dawn
|
@@ -263,7 +268,8 @@ module Codesake
|
|
263
268
|
Codesake::Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
|
264
269
|
Codesake::Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new,
|
265
270
|
Codesake::Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new,
|
266
|
-
|
271
|
+
Codesake::Dawn::Kb::OwaspRorCheatSheet::CheckForSafeRedirectAndForward.new,
|
272
|
+
Codesake::Dawn::Kb::OwaspRorCheatSheet::SensitiveFiles.new,
|
267
273
|
Codesake::Dawn::Kb::SimpleForm_Xss_20131129.new,
|
268
274
|
Codesake::Dawn::Kb::NokogiriDos20131217.new,
|
269
275
|
Codesake::Dawn::Kb::Nokogiri_EntityExpansion_Dos_20131217.new,
|
@@ -404,6 +410,10 @@ module Codesake
|
|
404
410
|
Codesake::Dawn::Kb::CVE_2013_6421.new,
|
405
411
|
Codesake::Dawn::Kb::CVE_2013_6459.new,
|
406
412
|
Codesake::Dawn::Kb::CVE_2013_7086.new,
|
413
|
+
Codesake::Dawn::Kb::CVE_2014_1233.new,
|
414
|
+
Codesake::Dawn::Kb::CVE_2014_1234.new,
|
415
|
+
Codesake::Dawn::Kb::CVE_2014_0081.new,
|
416
|
+
Codesake::Dawn::Kb::CVE_2014_0082.new,
|
407
417
|
|
408
418
|
]
|
409
419
|
end
|
@@ -9,17 +9,17 @@ module Codesake
|
|
9
9
|
#
|
10
10
|
# Future releases
|
11
11
|
#
|
12
|
-
# "Tow Mater"
|
13
|
-
# "Finn McMissile"
|
14
|
-
# "Fillmore"
|
15
|
-
# "Holly Shiftwell"
|
16
|
-
# "Guido"
|
17
|
-
# "Luigi"
|
12
|
+
# "Tow Mater"
|
13
|
+
# "Finn McMissile"
|
14
|
+
# "Fillmore"
|
15
|
+
# "Holly Shiftwell"
|
16
|
+
# "Guido"
|
17
|
+
# "Luigi"
|
18
18
|
|
19
|
-
VERSION = "1.0.
|
19
|
+
VERSION = "1.0.4"
|
20
20
|
CODENAME = "Lightning McQueen"
|
21
21
|
# RELEASE = "(development)"
|
22
|
-
RELEASE = "
|
22
|
+
RELEASE = "20140314"
|
23
23
|
|
24
24
|
end
|
25
25
|
end
|
@@ -0,0 +1,68 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
describe "The CVE-2014-0081 vulnerability" do
|
3
|
+
before(:all) do
|
4
|
+
@check = Codesake::Dawn::Kb::CVE_2014_0081.new
|
5
|
+
# @check.debug = true
|
6
|
+
end
|
7
|
+
it "affects version 3.2.16" do
|
8
|
+
@check.dependencies = [{:name=>"rails", :version=>'3.2.16'}]
|
9
|
+
@check.vuln?.should be_true
|
10
|
+
end
|
11
|
+
it "affects version 4.0.0" do
|
12
|
+
@check.dependencies = [{:name=>"rails", :version=>'4.0.0'}]
|
13
|
+
@check.vuln?.should be_true
|
14
|
+
end
|
15
|
+
it "affects version 4.0.2" do
|
16
|
+
@check.dependencies = [{:name=>"rails", :version=>'4.0.2'}]
|
17
|
+
@check.vuln?.should be_true
|
18
|
+
end
|
19
|
+
it "affects version 4.0.1" do
|
20
|
+
@check.dependencies = [{:name=>"rails", :version=>'4.0.1'}]
|
21
|
+
@check.vuln?.should be_true
|
22
|
+
end
|
23
|
+
|
24
|
+
it "affects version 3.1.x" do
|
25
|
+
require 'securerandom'
|
26
|
+
rand = SecureRandom.random_number(9999)
|
27
|
+
version = "3.1.#{rand}"
|
28
|
+
|
29
|
+
@check.dependencies = [{:name=>"rails", :version=>version}]
|
30
|
+
@check.vuln?.should be_true
|
31
|
+
end
|
32
|
+
|
33
|
+
it "affects version 3.0.x" do
|
34
|
+
require 'securerandom'
|
35
|
+
rand = SecureRandom.random_number(9999)
|
36
|
+
version = "3.0.#{rand}"
|
37
|
+
|
38
|
+
@check.dependencies = [{:name=>"rails", :version=>version}]
|
39
|
+
@check.vuln?.should be_true
|
40
|
+
end
|
41
|
+
it "affects version 2.x.y" do
|
42
|
+
require 'securerandom'
|
43
|
+
rand_min = SecureRandom.random_number(9999)
|
44
|
+
rand_patch = SecureRandom.random_number(9999)
|
45
|
+
version = "2.#{rand_min}.#{rand_patch}"
|
46
|
+
|
47
|
+
@check.dependencies = [{:name=>"rails", :version=>version}]
|
48
|
+
@check.vuln?.should be_true
|
49
|
+
end
|
50
|
+
it "affects version 1.x.y" do
|
51
|
+
require 'securerandom'
|
52
|
+
rand_min = SecureRandom.random_number(9999)
|
53
|
+
rand_patch = SecureRandom.random_number(9999)
|
54
|
+
version = "1.#{rand_min}.#{rand_patch}"
|
55
|
+
|
56
|
+
@check.dependencies = [{:name=>"rails", :version=>version}]
|
57
|
+
@check.vuln?.should be_true
|
58
|
+
end
|
59
|
+
|
60
|
+
it "doesn't affect version 4.0.3" do
|
61
|
+
@check.dependencies = [{:name=>"rails", :version=>'4.0.3'}]
|
62
|
+
@check.vuln?.should be_false
|
63
|
+
end
|
64
|
+
it "doesn't affect version 3.2.17" do
|
65
|
+
@check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
|
66
|
+
@check.vuln?.should be_false
|
67
|
+
end
|
68
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
describe "The CVE-2014-0082 vulnerability" do
|
3
|
+
before(:all) do
|
4
|
+
@check = Codesake::Dawn::Kb::CVE_2014_0082.new
|
5
|
+
# @check.debug = true
|
6
|
+
end
|
7
|
+
it "affects version 3.0.x" do
|
8
|
+
require 'securerandom'
|
9
|
+
rand = SecureRandom.random_number(9999)
|
10
|
+
version = "3.0.#{rand}"
|
11
|
+
|
12
|
+
@check.dependencies = [{:name=>"rails", :version=>version}]
|
13
|
+
@check.vuln?.should be_true
|
14
|
+
end
|
15
|
+
it "affects version 2.x.y" do
|
16
|
+
require 'securerandom'
|
17
|
+
rand_min = SecureRandom.random_number(9999)
|
18
|
+
rand_patch = SecureRandom.random_number(9999)
|
19
|
+
version = "2.#{rand_min}.#{rand_patch}"
|
20
|
+
@check.dependencies = [{:name=>"rails", :version=>version}]
|
21
|
+
@check.vuln?.should be_true
|
22
|
+
end
|
23
|
+
it "affects version 1.x.y" do
|
24
|
+
require 'securerandom'
|
25
|
+
rand_min = SecureRandom.random_number(9999)
|
26
|
+
rand_patch = SecureRandom.random_number(9999)
|
27
|
+
version = "1.#{rand_min}.#{rand_patch}"
|
28
|
+
|
29
|
+
@check.dependencies = [{:name=>"rails", :version=>version}]
|
30
|
+
@check.vuln?.should be_true
|
31
|
+
end
|
32
|
+
it "doesn't affect version 4.0.2" do
|
33
|
+
@check.dependencies = [{:name=>"rails", :version=>'4.0.2'}]
|
34
|
+
@check.vuln?.should be_false
|
35
|
+
end
|
36
|
+
it "doesn't affect version 4.0.1" do
|
37
|
+
@check.dependencies = [{:name=>"rails", :version=>'4.0.1'}]
|
38
|
+
@check.vuln?.should be_false
|
39
|
+
end
|
40
|
+
it "doesn't affect version 4.0.0" do
|
41
|
+
@check.dependencies = [{:name=>"rails", :version=>'4.0.0'}]
|
42
|
+
@check.vuln?.should be_false
|
43
|
+
end
|
44
|
+
it "doesn't affect version 4.0.3" do
|
45
|
+
@check.dependencies = [{:name=>"rails", :version=>'4.0.3'}]
|
46
|
+
@check.vuln?.should be_false
|
47
|
+
end
|
48
|
+
it "doesn't affect version 3.2.17" do
|
49
|
+
@check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
|
50
|
+
@check.vuln?.should be_false
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
describe "The CVE-2014-1233 vulnerability" do
|
3
|
+
before(:all) do
|
4
|
+
@check = Codesake::Dawn::Kb::CVE_2014_1233.new
|
5
|
+
# @check.debug = true
|
6
|
+
end
|
7
|
+
it "is reported when a paratrooper-pingdom gem version 1.0.0 is detected" do
|
8
|
+
@check.dependencies = [{:name=>"paratrooper-pingdom", :version=>"1.0.0"}]
|
9
|
+
@check.vuln?.should be_true
|
10
|
+
end
|
11
|
+
it "is not reported when a paratrooper-pingdom gem version 1.0.1 is detected" do
|
12
|
+
@check.dependencies = [{:name=>"paratrooper-pingdom", :version=>"1.0.1"}]
|
13
|
+
@check.vuln?.should be_false
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
describe "The CVE-2014-1234 vulnerability" do
|
3
|
+
before(:all) do
|
4
|
+
@check = Codesake::Dawn::Kb::CVE_2014_1234.new
|
5
|
+
# @check.debug = true
|
6
|
+
end
|
7
|
+
|
8
|
+
it "is reported when a paratrooper-newrelic gem version 1.0.1 is detected" do
|
9
|
+
@check.dependencies = [{:name=>"paratrooper-newrelic", :version=>"1.0.1"}]
|
10
|
+
@check.vuln?.should be_true
|
11
|
+
end
|
12
|
+
it "is not reported when a paratrooper-newrelic gem version 1.0.2 is detected" do
|
13
|
+
@check.dependencies = [{:name=>"paratrooper-newrelic", :version=>"1.0.2"}]
|
14
|
+
@check.vuln?.should be_false
|
15
|
+
end
|
16
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: codesake-dawn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paolo Perego
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-03-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: codesake-commons
|
@@ -379,16 +379,23 @@ files:
|
|
379
379
|
- lib/codesake/dawn/kb/cve_2013_6421.rb
|
380
380
|
- lib/codesake/dawn/kb/cve_2013_6459.rb
|
381
381
|
- lib/codesake/dawn/kb/cve_2013_7086.rb
|
382
|
+
- lib/codesake/dawn/kb/cve_2014_0081.rb
|
383
|
+
- lib/codesake/dawn/kb/cve_2014_0082.rb
|
384
|
+
- lib/codesake/dawn/kb/cve_2014_1233.rb
|
385
|
+
- lib/codesake/dawn/kb/cve_2014_1234.rb
|
382
386
|
- lib/codesake/dawn/kb/dependency_check.rb
|
383
387
|
- lib/codesake/dawn/kb/nokogiri_dos_20131217.rb
|
384
388
|
- lib/codesake/dawn/kb/nokogiri_entityexpansion_dos_20131217.rb
|
385
389
|
- lib/codesake/dawn/kb/not_revised_code.rb
|
386
390
|
- lib/codesake/dawn/kb/operating_system_check.rb
|
387
391
|
- lib/codesake/dawn/kb/owasp_ror_cheatsheet.rb
|
392
|
+
- lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb
|
393
|
+
- lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb
|
388
394
|
- lib/codesake/dawn/kb/owasp_ror_cheatsheet/command_injection.rb
|
389
395
|
- lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
|
390
396
|
- lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb
|
391
397
|
- lib/codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
|
398
|
+
- lib/codesake/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb
|
392
399
|
- lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb
|
393
400
|
- lib/codesake/dawn/kb/pattern_match_check.rb
|
394
401
|
- lib/codesake/dawn/kb/ruby_version_check.rb
|
@@ -429,6 +436,10 @@ files:
|
|
429
436
|
- spec/lib/kb/cve_2013_5647_spec.rb
|
430
437
|
- spec/lib/kb/cve_2013_6459_spec.rb
|
431
438
|
- spec/lib/kb/cve_2013_7086_spec.rb
|
439
|
+
- spec/lib/kb/cve_2014_0081_spec.rb
|
440
|
+
- spec/lib/kb/cve_2014_0082_spec.rb
|
441
|
+
- spec/lib/kb/cve_2014_1233_spec.rb
|
442
|
+
- spec/lib/kb/cve_2014_1234_spec.rb
|
432
443
|
- spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
|
433
444
|
- spec/spec_helper.rb
|
434
445
|
homepage: http://dawn.codesake.com
|
@@ -450,7 +461,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
450
461
|
version: '0'
|
451
462
|
requirements: []
|
452
463
|
rubyforge_project:
|
453
|
-
rubygems_version: 2.
|
464
|
+
rubygems_version: 2.1.11
|
454
465
|
signing_key:
|
455
466
|
specification_version: 4
|
456
467
|
summary: dawn is a security static source code analyzer for sinatra, padrino and ruby
|
@@ -488,5 +499,9 @@ test_files:
|
|
488
499
|
- spec/lib/kb/cve_2013_5647_spec.rb
|
489
500
|
- spec/lib/kb/cve_2013_6459_spec.rb
|
490
501
|
- spec/lib/kb/cve_2013_7086_spec.rb
|
502
|
+
- spec/lib/kb/cve_2014_0081_spec.rb
|
503
|
+
- spec/lib/kb/cve_2014_0082_spec.rb
|
504
|
+
- spec/lib/kb/cve_2014_1233_spec.rb
|
505
|
+
- spec/lib/kb/cve_2014_1234_spec.rb
|
491
506
|
- spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
|
492
507
|
- spec/spec_helper.rb
|