codesake 0.0.1 → 0.15.1

data/features/support/env.rb

@@ -0,0 +1 @@
+require 'aruba/cucumber'

data/lib/codesake.rb

@@ -1,5 +1,10 @@
 require "codesake/version"
+require "codesake/cli"
+require "codesake/kernel"
+require "codesake/utils/files"
+require "codesake/utils/secrets"
+require "codesake/engine/text"
+require "codesake/engine/generic"
+require "codesake/engine/core"
+require "codesake/engine/jsp"
 
-module Codesake
-  # Your code goes here...
-end

data/lib/codesake/cli.rb

@@ -0,0 +1,90 @@
+require 'optparse'
+require 'trimmy'
+
+module Codesake
+  class Cli
+    attr_reader :options
+    attr_reader :targets
+    
+    def parse(command_line)
+      @options = {}
+
+      return {:vulnerabilities=>:all} if (command_line.nil?) or (command_line.send(:empty?))
+
+      begin
+        option_parser =OptionParser.new do |opts|
+          executable_name = File.basename($PROGRAM_NAME)
+          opts.banner = 
+            "codesake v#{Codesake::VERSION} - (C) 2012 - paolo@armoredcode.com\nReviews one or more source file for security issues.\n\nUsage #{executable_name} [options] sources\n"
+        # opts.on("-h", "--help") do 
+        #   @options[:help] = true 
+        # end
+
+        opts.on("-v", "--version", "Show codesake version") do
+          @options[:version] = true
+        end
+
+        opts.on("-V", "--verbose", "Be verbose") do
+          @options[:verbose] = true
+        end
+
+        opts.on("-k KEYWORDS", "--add-keys", "Add the command separated list of strings as reserved keywords") do |val|
+          @options[:keywords] = val.trim.split(",")
+        end
+
+        opts.on("-o TARGET", "--output", "Write output to file, to json string or to db usin SQLite3") do |val|
+          @options[:output]=:screen
+          val=val.trim
+          @options[:output]=val.to_sym if (val.to_sym == :file) or (val.to_sym == :json) or (val.to_sym == :db)
+        end
+        opts.on("-C", "--confirmed-vulnerabilities", "Show only confirmed vulnerabilities") do
+          @options[:vulnerabilities] = :confirmed
+        end
+        opts.on("-A", "--all-vulnerabilities", "Show all vulnerabilities found [default]") do
+          @options[:vulnerabilities] = :all
+        end
+
+        end
+
+        rest = option_parser.parse(command_line)
+
+        @targets = [] 
+        @targets = build_target_list(rest[0].split(" ")) if expect_targets? and (! rest.empty?) and (! rest[0].nil?)
+        @options[:vulnerabilities] = :all if @options[:vulnerabilities].nil?
+      rescue OptionParser::InvalidOption => e
+        @options={:error=>true, :message=>e.message}
+      end
+      @options
+    end
+
+
+    def is_good_target?(target)
+      (!Dir.glob(target).empty?) or File.exists?(target) or File.directory?(target)
+    end
+
+    def has_errors?
+      (@options[:error])
+    end
+
+    def error_message
+      @options[:message] if has_errors?
+    end
+
+
+    private
+    def expect_targets?
+      (! @options[:help] ) and ( ! @options[:version]) 
+    end
+
+   
+    def build_target_list(target_list)
+      ret = []
+      target_list.each do |target|
+        ret << {:target=>target, :valid=>is_good_target?(target)} 
+      end
+
+      ret
+    end
+
+  end
+end

data/lib/codesake/engine/core.rb

@@ -0,0 +1,10 @@
+module Codesake
+  module Engine
+    module Core
+      def analyse
+        []
+      end
+
+    end
+  end
+end

data/lib/codesake/engine/generic.rb

@@ -0,0 +1,12 @@
+module Codesake
+  module Engine
+    class Generic
+      include Codesake::Utils::Files
+
+      def initialize(filename)
+        @filename = filename
+      end
+
+    end
+  end
+end

data/lib/codesake/engine/jsp.rb

@@ -0,0 +1,165 @@
+require 'codesake/engine/core'
+
+module Codesake
+  module Engine
+    class Jsp
+      include Codesake::Utils::Files
+      include Codesake::Utils::Secrets
+      include Codesake::Engine::Core
+
+      FALSE_POSITIVES = ["request.getContextPath()", "request.getLocalName()", "request.getLocalPort()"]
+
+
+      attr_reader :imports
+      attr_reader :attack_entrypoints
+      attr_reader :reflected_xss
+      attr_reader :cookies
+
+      def initialize(filename, options)
+        @filename = filename
+        @options = options
+
+        read_file
+        load_secrets
+      end
+
+      def analyse
+        ret =  []
+        @reserved_keywords  = find_reserved_keywords
+        @imports            = find_imports
+        @attack_entrypoints = find_attack_entrypoints
+        @reflected_xss      = find_reflected_xss
+        @cookies            = find_cookies
+
+        @reserved_keywords.each do |secret|
+          ret << "reserved keyword found: \"#{secret[:matcher]}\" (#{@filename}@#{secret[:line]})"
+        end
+        @imports.each do |import|
+          ret << "imported package found: \"#{import[:package]}\""
+        end
+
+        @attack_entrypoints.each do |entry|
+          ret << "attack entrypoint found: parameter \"#{entry[:param]}\" stored in \"#{entry[:var]}\" (#{@filename}@#{entry[:line]})"
+        end
+        @reflected_xss.each do |entry|
+          ret << "suspicious reflected xss found: \"#{entry[:var]}\" (#{@filename}@#{entry[:line]})\"" if entry[:false_positive] and @options[:vulnerabilities] == :all
+          ret << "reflected xss found: \"#{entry[:var]}\" (#{@filename}@#{entry[:line]})\"" if ! entry[:false_positive] 
+        end
+
+        @cookies.each do |c|
+          ret << "cookie \"#{c[:name]}\" found with value: \"#{c[:value]}\" (#{@filename}@#{c[:line]})" 
+        end
+
+         
+        ret
+      end
+
+
+
+      private
+      # redefined
+      def find_reserved_keywords
+
+        ret = []
+
+        @file_content.each_with_index do |l, i|
+          l = l.unpack("C*").pack("U*")
+          @secrets.each do |s|
+            ret << {:line=> i+1, :matcher=>s } if l.trim.include?(s)
+          end
+        end
+
+        ret
+      end
+
+      def find_cookies
+        ret = []
+
+        @file_content.each_with_index do |l, i|
+          l = l.unpack("C*").pack("U*")
+          m = /Cookie (.*?) = new Cookie \("(.*?)",(.*?)\)/.match(l);
+          ret << {:line => i+1, :var => m[1].trim, :name => m[2].trim.gsub("\"", ""), :value => m[3].trim.gsub("\"", "")} unless m.nil?
+
+          m = /Cookie (.*?) = new Cookie\("(.*?)",(.*?)\)/.match(l);
+          ret << {:line => i+1, :var => m[1].trim, :name => m[2].trim.gsub("\"", ""), :value => m[3].trim.gsub("\"", "")} unless m.nil?
+
+
+          m = /(.*?) = new Cookie \("(.*?)",(.*?)\)/.match(l);
+          ret << {:line => i+1, :var => m[1].trim, :name => m[2].trim.gsub("\"", ""), :value => m[3].trim.gsub("\"", "")} unless m.nil?
+
+
+        end
+        ret
+      end
+
+
+
+      def find_reflected_xss
+        ret = []
+        @file_content.each_with_index do |l, i|
+          # <%=avar%> #=> /<%=(\w+)%>/.match(a)[1] = avar
+          l = l.unpack("C*").pack("U*")
+          m = /<%=(.*?)%>/.match(l)
+          ret << {:line => i+1, :var=> m[1].trim, :false_positive=>Codesake::Engine::Jsp.is_false_positive?(m[1].trim)} unless m.nil?
+
+          m = /out\.println\((.*?)\)/.match(l)
+          ret << {:line => i+1, :var=> m[1].trim, :false_positive=>Codesake::Engine::Jsp.is_false_positive?(m[1].trim)} unless m.nil?
+
+          m = /out\.print\((.*?)\)/.match(l)
+          ret << {:line => i+1, :var=> m[1].trim, :false_positive=>Codesake::Engine::Jsp.is_false_positive?(m[1].trim)} unless m.nil?
+
+          m = /out\.write\((.*?)\)/.match(l)
+          ret << {:line => i+1, :var=> m[1].trim, :false_positive=>Codesake::Engine::Jsp.is_false_positive?(m[1].trim)} unless m.nil?
+
+          m = /out\.writeln\((.*?)\)/.match(l)
+          ret << {:line => i+1, :var=> m[1].trim, :false_positive=>Codesake::Engine::Jsp.is_false_positive?(m[1].trim)} unless m.nil?
+        end
+
+        ret
+      end
+
+      def self.is_false_positive?(var)
+        FALSE_POSITIVES.include?(var)
+      end
+
+
+      def find_attack_entrypoints
+        ret = []
+        @file_content.each_with_index do |l, i|
+          l = l.unpack("C*").pack("U*")
+          m = /request.getParameter\((.*?)\)/.match(l)
+          ret << {:line => i+1, :param => m[1].trim.gsub("\"", ""), :var => variable_from_line(l) } unless m.nil?
+
+          m = /request.getParameterValues\((.*?)\)/.match(l)
+          ret << {:line => i+1, :param => m[1].trim.gsub("\"", ""), :var => variable_from_line(l) } unless m.nil?
+
+          m = /request.getAttribute\((.*?)\)/.match(l)
+          ret << {:line => i+1, :param => m[1].trim.gsub("\"", ""), :var => variable_from_line(l) } unless m.nil?
+
+        end
+
+        ret
+      end
+      def variable_from_line(line)
+        ret = "" 
+        left_operand = line.split('=')[0]
+        l = left_operand.split
+        l[l.size - 1]
+      end
+
+
+
+      def find_imports
+        ret = []
+        @file_content.each_with_index do |l, i|
+          l = l.unpack("C*").pack("U*")
+          m = /<%@page import="(.*?)"%>/.match(l)
+          ret << {:line => i+1, :package=>m[1].trim} unless m.nil?
+        end
+
+        ret
+      end
+
+    end
+  end
+end

data/lib/codesake/engine/text.rb

@@ -0,0 +1,36 @@
+require 'codesake/engine/core'
+
+module Codesake
+  module Engine
+    class Text
+      include Codesake::Utils::Files
+      include Codesake::Utils::Secrets
+      include Codesake::Engine::Core
+
+      attr_reader :reserved_keywords
+
+      def initialize(filename)
+        @filename = filename
+        @raw_results = nil
+        
+        read_file
+        load_secrets
+      end
+
+      def analyse
+        ret =  []
+        @reserved_keywords = find_reserved_keywords
+        @reserved_keywords.each do |secret|
+          ret << "reserved keyword found: \"#{secret[:matcher]}\" (#{@filename}@#{secret[:line]})"
+        end
+         
+        ret
+      end
+
+      def self.is_txt?(filename)
+        (File.extname(filename).empty? or File.extname(filename) == ".txt" or File.extname(filename) == ".conf" or File.extname(filename) == ".rc" or File.extname(filename) == ".bak" or File.extname(filename) == ".old" )
+      end
+
+    end
+  end
+end

data/lib/codesake/kernel.rb

@@ -0,0 +1,39 @@
+require 'singleton'
+
+module Codesake
+  class Kernel
+    include Singleton
+
+    attr_reader   :engine
+
+    NONE    = 0
+    TEXT    = 1
+    JSP     = 2
+    UNKNOWN = -1
+
+    def choose_engine(filename, options)
+
+
+      engine = nil
+
+      case detect(filename)
+      when TEXT
+        engine = Codesake::Engine::Text.new(filename)
+      when NONE
+        engine = Codesake::Engine::Generic.new(filename)
+      when JSP
+        engine = Codesake::Engine::Jsp.new(filename, options)
+      end
+      engine
+    end
+
+    def detect(filename)
+      return NONE if filename.nil? or filename.empty?
+      return TEXT if Codesake::Engine::Text.is_txt?(filename)
+      return JSP if (File.extname(filename) == ".jsp")
+
+
+      return UNKNOWN
+    end
+  end
+end

data/lib/codesake/utils/files.rb

@@ -0,0 +1,25 @@
+module Codesake
+  module Utils
+    module Files
+
+      attr_accessor :filename
+      attr_reader   :file_content
+
+      def read_file
+        @file_content = []
+        @file_content = File.readlines(@filename) if File.exists?(@filename)
+      end
+
+      def lines
+        @file_content.count
+      end
+
+      def lines_of_comment
+        0
+      end
+      def loc
+        0
+      end
+    end
+  end
+end

data/lib/codesake/utils/secrets.rb

@@ -0,0 +1,45 @@
+module Codesake
+  module Utils
+    module Secrets
+      DEFAULT_SECRETS = ["secret", "password", "username", "login", "xxx", "fixme", "fix", "todo", "passwd"]
+      attr_accessor :secrets
+      attr_accessor :reserved_keywords
+
+      def initialize
+        load_secrets
+      end
+
+      def load_secrets
+        @secrets = DEFAULT_SECRETS
+      end
+
+      def add(word)
+        @secrets << word
+        @secrets
+      end
+
+      def reserved?(word)
+        @secrets.include?(word)
+      end
+
+      def find_reserved_keywords
+
+        ret = []
+
+        @file_content.each_with_index do |l, i|
+          l = l.unpack("C*").pack("U*")
+          l.split.each do |tok|
+            # ret << {:line=> i+1, :matcher=>tok, :source_line=>l} if @secrets.include?(tok.downcase)
+            ret << {:line=> i+1, :matcher=>tok } if @secrets.include?(tok.downcase)
+
+          end
+        end
+
+        ret
+      end
+
+
+
+    end
+  end
+end