dawnscanner 1.3.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.ruby-gemset +1 -1
- data/.ruby-version +1 -1
- data/Roadmap.md +7 -7
- data/bin/dawn +21 -21
- data/checksum/dawnscanner-1.3.0.gem.sha1 +1 -0
- data/lib/dawn/core.rb +8 -8
- data/lib/dawn/engine.rb +18 -18
- data/lib/dawn/kb/basic_check.rb +1 -1
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +6 -6
- data/lib/dawn/padrino.rb +1 -1
- data/lib/dawn/reporter.rb +4 -4
- data/lib/dawn/version.rb +2 -2
- metadata +4 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f0312208553d247840f6a71da2e0ef95c8c223d
|
|
4
|
+
data.tar.gz: 5122a815d28cc9d701374407d04cf0c0b78e1b48
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aef798632ca975c2c04b67a434a69e3ce5852ef83fc28ecf4e1e781b3f7e79adde54c6bb20459bcf7249acfe3968c77ef02cf4c87183c497c186fb6794f1cabe
|
|
7
|
+
data.tar.gz: 14f385eb24b0745a67eaa8fd7e177e6a456b2c298434f794f54b2c952417f49ed728fdab3dc5592face49983de1e485b986905931bc6556d05be96019c4959e1
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/.ruby-gemset
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
dawnscanner
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.
|
|
1
|
+
2.2.0
|
data/Roadmap.md
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
# Codesake Dawn - roadmap
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Dawnscanner is a static analysis security scanner for ruby written web applications.
|
|
4
4
|
It supports [Sinatra](http://www.sinatrarb.com),
|
|
5
5
|
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
|
6
6
|
frameworks.
|
|
7
7
|
|
|
8
|
-
This is an ongoing roadmap for the
|
|
8
|
+
This is an ongoing roadmap for the Dawnscanner source code review tool.
|
|
9
9
|
|
|
10
10
|
_latest update: Mon Mar 31 13:01:21 CEST 2014_
|
|
11
11
|
|
|
@@ -13,7 +13,7 @@ _latest update: Mon Mar 31 13:01:21 CEST 2014_
|
|
|
13
13
|
|
|
14
14
|
* create a task to check for new CVE in NVD website
|
|
15
15
|
* SQLite3 integration for saving data. Each project will have its own SQLite
|
|
16
|
-
database containing reviews, findings and all. A table with
|
|
16
|
+
database containing reviews, findings and all. A table with Dawnscanner version it
|
|
17
17
|
created the database will be inserted as well
|
|
18
18
|
* add a language check. It will handle a ruby script as input and a
|
|
19
19
|
ruby\_parser line as unsafe pattern. It will compile the ruby and look for
|
|
@@ -33,7 +33,7 @@ _latest update: Mon Mar 31 13:01:21 CEST 2014_
|
|
|
33
33
|
* Cross Site Scripting detection: it must be done for all MVC frameworks
|
|
34
34
|
(including Rack) and it must cover either reflected than stored attack
|
|
35
35
|
patterns
|
|
36
|
-
* Add a --github option to
|
|
36
|
+
* Add a --github option to Dawnscanner to clone a remote repository, perform
|
|
37
37
|
a bundle install and do a code review.
|
|
38
38
|
* Add support for github hooks
|
|
39
39
|
* Add premilinary SQL injection detection for Ruby on Rails
|
|
@@ -47,13 +47,13 @@ _latest update: Mon Mar 31 13:01:21 CEST 2014_
|
|
|
47
47
|
|
|
48
48
|
# Spinoff projects
|
|
49
49
|
|
|
50
|
-
|
|
50
|
+
Dawnscanner is a security scanner for ruby code. Modern web applications
|
|
51
51
|
however are wrote in a plenty of great technologies deserving a good tool for
|
|
52
52
|
security scan.
|
|
53
53
|
|
|
54
54
|
Node.js and Go are very promising programming languages and a tool similiar to
|
|
55
|
-
|
|
55
|
+
Dawnscanner can be wrote also to support them:
|
|
56
56
|
|
|
57
|
-
Initially they were in the
|
|
57
|
+
Initially they were in the Dawnscanner roadmap for a 2.0.0 version. However
|
|
58
58
|
we decide to drop this in the name of being focused on ruby programming
|
|
59
59
|
language.
|
data/bin/dawn
CHANGED
|
@@ -7,7 +7,7 @@ require 'terminal-table'
|
|
|
7
7
|
require 'justify'
|
|
8
8
|
|
|
9
9
|
require 'codesake-commons'
|
|
10
|
-
require '
|
|
10
|
+
require 'dawnscanner'
|
|
11
11
|
|
|
12
12
|
APPNAME = File.basename($0)
|
|
13
13
|
LIST_KNOWN_FRAMEWORK = %w(rails sinatra padrino)
|
|
@@ -58,7 +58,7 @@ opts.quiet=true
|
|
|
58
58
|
engine = nil
|
|
59
59
|
|
|
60
60
|
|
|
61
|
-
options =
|
|
61
|
+
options = Dawn::Core.read_conf(Dawn::Core.find_conf(true))
|
|
62
62
|
check = ""
|
|
63
63
|
guess = {:name=>"", :version=>"", :connected_gems=>[]}
|
|
64
64
|
|
|
@@ -66,10 +66,10 @@ begin
|
|
|
66
66
|
opts.each do |opt, val|
|
|
67
67
|
case opt
|
|
68
68
|
when '--version'
|
|
69
|
-
puts "#{
|
|
69
|
+
puts "#{Dawn::VERSION} [#{Dawn::CODENAME}]"
|
|
70
70
|
Kernel.exit(0)
|
|
71
71
|
when '--config-file'
|
|
72
|
-
options =
|
|
72
|
+
options = Dawn::Core.read_conf(val)
|
|
73
73
|
when '--disable-cve-bulletins'
|
|
74
74
|
options[:enabled_checks].delete(:cve_bulletin)
|
|
75
75
|
when '--disable-code-quality'
|
|
@@ -90,8 +90,8 @@ opts.each do |opt, val|
|
|
|
90
90
|
options[:enabled_checks].delete(:owasp_top_10_9)
|
|
91
91
|
options[:enabled_checks].delete(:owasp_top_10_10)
|
|
92
92
|
when '--list-known-families'
|
|
93
|
-
printf "
|
|
94
|
-
puts
|
|
93
|
+
printf "Dawn supports following check families:\n\n"
|
|
94
|
+
puts Dawn::Kb::BasicCheck.families
|
|
95
95
|
Kernel.exit(0)
|
|
96
96
|
when '--json'
|
|
97
97
|
options[:output] = "json"
|
|
@@ -111,7 +111,7 @@ opts.each do |opt, val|
|
|
|
111
111
|
options[:gemfile_scan] = true
|
|
112
112
|
unless val.empty?
|
|
113
113
|
options[:gemfile_name] = val
|
|
114
|
-
guess =
|
|
114
|
+
guess = Dawn::Core.guess_mvc(val)
|
|
115
115
|
end
|
|
116
116
|
when '--verbose'
|
|
117
117
|
options[:verbose]=true
|
|
@@ -123,13 +123,13 @@ opts.each do |opt, val|
|
|
|
123
123
|
options[:exit_on_warn] = true
|
|
124
124
|
|
|
125
125
|
when '--search-knowledge-base'
|
|
126
|
-
found =
|
|
126
|
+
found = Dawn::KnowledgeBase.find(nil, val)
|
|
127
127
|
puts "#{val} found in knowledgebase." if found
|
|
128
128
|
puts "#{val} not found in knowledgebase" if ! found
|
|
129
129
|
Kernel.exit(0)
|
|
130
130
|
|
|
131
131
|
when '--list-knowledge-base'
|
|
132
|
-
puts
|
|
132
|
+
puts Dawn::Core.dump_knowledge_base(options[:verbose])
|
|
133
133
|
Kernel.exit(0)
|
|
134
134
|
when '--list-known-framework'
|
|
135
135
|
puts "Ruby MVC framework supported by #{APPNAME}:"
|
|
@@ -138,22 +138,22 @@ opts.each do |opt, val|
|
|
|
138
138
|
end
|
|
139
139
|
Kernel.exit(0)
|
|
140
140
|
when '--help'
|
|
141
|
-
Kernel.exit(
|
|
141
|
+
Kernel.exit(Dawn::Core.help)
|
|
142
142
|
end
|
|
143
143
|
end
|
|
144
144
|
rescue GetoptLong::InvalidOption => e
|
|
145
145
|
|
|
146
|
-
$logger.helo APPNAME,
|
|
146
|
+
$logger.helo APPNAME, Dawn::VERSION
|
|
147
147
|
$logger.err e.message
|
|
148
|
-
Kernel.exit(
|
|
148
|
+
Kernel.exit(Dawn::Core.help)
|
|
149
149
|
end
|
|
150
150
|
|
|
151
151
|
target=ARGV.shift
|
|
152
152
|
|
|
153
|
-
$logger.helo APPNAME,
|
|
153
|
+
$logger.helo APPNAME, Dawn::VERSION
|
|
154
154
|
trap("INT") { $logger.die('[INTERRUPTED]') }
|
|
155
155
|
$logger.die("missing target") if target.nil? && options[:gemfile_name].empty?
|
|
156
|
-
$logger.die("invalid directory (#{target})") if options[:gemfile_name].empty? &&!
|
|
156
|
+
$logger.die("invalid directory (#{target})") if options[:gemfile_name].empty? &&! Dawn::Core.is_good_target?(target)
|
|
157
157
|
$logger.die("if scanning Gemfile.lock file you must not force target MVC using one from -r, -s or -p flag") if ! options[:mvc].empty? && options[:gemfile_scan]
|
|
158
158
|
$logger.log("security check enabled: #{options[:enabled_checks]}") if options[:debug]
|
|
159
159
|
|
|
@@ -164,18 +164,18 @@ $logger.log("security check enabled: #{options[:enabled_checks]}") if options[:d
|
|
|
164
164
|
unless options[:gemfile_scan]
|
|
165
165
|
begin
|
|
166
166
|
if options[:mvc].empty?
|
|
167
|
-
engine =
|
|
167
|
+
engine = Dawn::Core.detect_mvc(target)
|
|
168
168
|
$logger.log("using #{engine.class.name} engine via autodect") if options[:debug]
|
|
169
169
|
else
|
|
170
|
-
engine =
|
|
171
|
-
engine =
|
|
172
|
-
engine =
|
|
170
|
+
engine = Dawn::Rails.new(target) if options[:mvc] == :rails
|
|
171
|
+
engine = Dawn::Sinatra.new(target) if options[:mvc] == :sinatra
|
|
172
|
+
engine = Dawn::Padrino.new(target) if options[:mvc] == :padrino
|
|
173
173
|
end
|
|
174
174
|
rescue ArgumentError => e
|
|
175
175
|
$logger.die(e.message)
|
|
176
176
|
end
|
|
177
177
|
else
|
|
178
|
-
engine =
|
|
178
|
+
engine = Dawn::GemfileLock.new(target, options[:gemfile_name], guess) # if options[:gemfile_scan]
|
|
179
179
|
end
|
|
180
180
|
|
|
181
181
|
$logger.die("ruby framework auto detect failed. Please force if rails, sinatra or padrino with -r, -s or -p flags") if engine.nil?
|
|
@@ -194,7 +194,7 @@ if options[:debug]
|
|
|
194
194
|
end
|
|
195
195
|
|
|
196
196
|
$logger.die "missing target framework option" if engine.nil?
|
|
197
|
-
$logger.warn "this is a development
|
|
197
|
+
$logger.warn "this is a development Dawn version" if Dawn::RELEASE == "(development)"
|
|
198
198
|
$logger.die "nothing to do on #{target}" if ! options[:gemfile_scan] && ! engine.can_apply?
|
|
199
199
|
|
|
200
200
|
engine.load_knowledge_base(options[:enabled_checks])
|
|
@@ -206,5 +206,5 @@ if options[:output] == "count"
|
|
|
206
206
|
Kernel.exit(0)
|
|
207
207
|
end
|
|
208
208
|
|
|
209
|
-
|
|
209
|
+
Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret, :format=>options[:output].to_sym, :filename=>options[:filename]}).report
|
|
210
210
|
$logger.bye
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
d15d8d596f4305f6f9c23ec23462844ff49a5743
|
data/lib/dawn/core.rb
CHANGED
|
@@ -30,7 +30,7 @@ module Dawn
|
|
|
30
30
|
printf "\n --disable-code-style\t\t\tdisable all code style checks"
|
|
31
31
|
printf "\n --disable-owasp-ror-cheatsheet\t\tdisable all Owasp Ruby on Rails cheatsheet checks"
|
|
32
32
|
printf "\n --disable-owasp-top-10\t\t\tdisable all Owasp Top 10 checks"
|
|
33
|
-
printf "\n\nFlags useful to query
|
|
33
|
+
printf "\n\nFlags useful to query Dawn\n"
|
|
34
34
|
printf "\n -S, --search-knowledge-base [check_name]\tsearch check_name in the knowledge base"
|
|
35
35
|
printf "\n --list-knowledge-base\t\t\tlist knowledge-base content"
|
|
36
36
|
printf "\n --list-known-families\t\t\tlist security check families contained in dawn's knowledge base"
|
|
@@ -45,7 +45,7 @@ module Dawn
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def self.dump_knowledge_base(verbose = false)
|
|
48
|
-
kb =
|
|
48
|
+
kb = Dawn::KnowledgeBase.new
|
|
49
49
|
lines = []
|
|
50
50
|
lines << "Security checks currently supported:\n"
|
|
51
51
|
|
|
@@ -99,11 +99,11 @@ module Dawn
|
|
|
99
99
|
lockfile = Bundler::LockfileParser.new(Bundler.read_file("Gemfile.lock"))
|
|
100
100
|
Dir.chdir(my_dir)
|
|
101
101
|
lockfile.specs.each do |s|
|
|
102
|
-
return
|
|
103
|
-
return
|
|
102
|
+
return Dawn::Rails.new(target) if s.name == "rails"
|
|
103
|
+
return Dawn::Padrino.new(target) if s.name == "padrino"
|
|
104
104
|
end
|
|
105
105
|
|
|
106
|
-
return
|
|
106
|
+
return Dawn::Sinatra.new(target)
|
|
107
107
|
end
|
|
108
108
|
|
|
109
109
|
def self.is_good_target?(target)
|
|
@@ -124,14 +124,14 @@ module Dawn
|
|
|
124
124
|
return fn if File.exist?(fn)
|
|
125
125
|
end
|
|
126
126
|
|
|
127
|
-
#
|
|
127
|
+
# Dawn didn't find a config file.
|
|
128
128
|
# If create_if_none flag is set to false, than I'll return nil so the
|
|
129
129
|
# read_conf method will return the default configuration
|
|
130
130
|
return nil unless create_if_none
|
|
131
131
|
|
|
132
132
|
# If create_if_none flag is set to true, than I'll create a config file
|
|
133
133
|
# on the current directory with the default configuration.
|
|
134
|
-
conf = {"config"=>{:verbose=>false, :output=>"console", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=>
|
|
134
|
+
conf = {"config"=>{:verbose=>false, :output=>"console", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}}
|
|
135
135
|
|
|
136
136
|
# Calculate the conf file path
|
|
137
137
|
conf_path = File.expand_path('~') +'/.'+conf_name
|
|
@@ -145,7 +145,7 @@ module Dawn
|
|
|
145
145
|
end
|
|
146
146
|
|
|
147
147
|
def self.read_conf(file=nil)
|
|
148
|
-
conf = {:verbose=>false, :output=>"console", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=>
|
|
148
|
+
conf = {:verbose=>false, :output=>"console", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
|
|
149
149
|
begin
|
|
150
150
|
return conf if file.nil?
|
|
151
151
|
file = file.chop if (not file.nil? and file.end_with? '/')
|
data/lib/dawn/engine.rb
CHANGED
|
@@ -73,7 +73,7 @@ module Dawn
|
|
|
73
73
|
|
|
74
74
|
if $logger.nil?
|
|
75
75
|
$logger = Codesake::Commons::Logging.instance
|
|
76
|
-
$logger.helo "dawn-engine",
|
|
76
|
+
$logger.helo "dawn-engine", Dawn::VERSION
|
|
77
77
|
|
|
78
78
|
end
|
|
79
79
|
$logger.warn "pattern matching security checks are disabled for Gemfile.lock scan" if @name == "Gemfile.lock"
|
|
@@ -161,10 +161,10 @@ module Dawn
|
|
|
161
161
|
def load_knowledge_base(enabled_checks=[])
|
|
162
162
|
debug_me("load_knowledge_base called. Enabled checks are: #{enabled_checks}")
|
|
163
163
|
if @name == "Gemfile.lock"
|
|
164
|
-
@checks =
|
|
165
|
-
@checks =
|
|
164
|
+
@checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all if @force.empty?
|
|
165
|
+
@checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@force) unless @force.empty?
|
|
166
166
|
else
|
|
167
|
-
@checks =
|
|
167
|
+
@checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@name)
|
|
168
168
|
|
|
169
169
|
end
|
|
170
170
|
debug_me("#{@checks.count} checks loaded")
|
|
@@ -239,21 +239,21 @@ module Dawn
|
|
|
239
239
|
|
|
240
240
|
@checks.each do |check|
|
|
241
241
|
if check.name == name
|
|
242
|
-
unless ((check.kind ==
|
|
242
|
+
unless ((check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Dawn::KnowledgeBase::COMBO_CHECK ) && @name == "Gemfile.lock")
|
|
243
243
|
debug_me "applying check #{check.name}"
|
|
244
244
|
@applied_checks += 1
|
|
245
245
|
@applied << { :name=>name }
|
|
246
246
|
check.ruby_version = @ruby_version[:version]
|
|
247
|
-
check.detected_ruby = @ruby_version if check.kind ==
|
|
248
|
-
check.dependencies = self.connected_gems if check.kind ==
|
|
249
|
-
check.root_dir = self.target if check.kind ==
|
|
250
|
-
check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind ==
|
|
247
|
+
check.detected_ruby = @ruby_version if check.kind == Dawn::KnowledgeBase::RUBY_VERSION_CHECK
|
|
248
|
+
check.dependencies = self.connected_gems if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK
|
|
249
|
+
check.root_dir = self.target if check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
|
|
250
|
+
check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Dawn::KnowledgeBase::COMBO_CHECK
|
|
251
251
|
|
|
252
252
|
check_vuln = check.vuln?
|
|
253
253
|
|
|
254
|
-
@vulnerabilities << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=
|
|
254
|
+
@vulnerabilities << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind != Dawn::KnowledgeBase::COMBO_CHECK
|
|
255
255
|
|
|
256
|
-
@vulnerabilities << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==
|
|
256
|
+
@vulnerabilities << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind == Dawn::KnowledgeBase::COMBO_CHECK
|
|
257
257
|
|
|
258
258
|
@mitigated_issues << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
|
|
259
259
|
return true
|
|
@@ -290,22 +290,22 @@ module Dawn
|
|
|
290
290
|
end
|
|
291
291
|
|
|
292
292
|
@checks.each do |check|
|
|
293
|
-
unless ((check.kind ==
|
|
293
|
+
unless ((check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Dawn::KnowledgeBase::COMBO_CHECK ) && @gemfile_lock_sudo)
|
|
294
294
|
|
|
295
295
|
@applied << { :name => name }
|
|
296
296
|
debug_me "applying check #{check.name}"
|
|
297
297
|
@applied_checks += 1
|
|
298
298
|
|
|
299
299
|
check.ruby_version = @ruby_version[:version]
|
|
300
|
-
check.detected_ruby = @ruby_version if check.kind ==
|
|
301
|
-
check.dependencies = self.connected_gems if check.kind ==
|
|
302
|
-
check.root_dir = self.target if check.kind ==
|
|
303
|
-
check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind ==
|
|
300
|
+
check.detected_ruby = @ruby_version if check.kind == Dawn::KnowledgeBase::RUBY_VERSION_CHECK
|
|
301
|
+
check.dependencies = self.connected_gems if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK
|
|
302
|
+
check.root_dir = self.target if check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
|
|
303
|
+
check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Dawn::KnowledgeBase::COMBO_CHECK
|
|
304
304
|
check_vuln = check.vuln?
|
|
305
305
|
|
|
306
|
-
@vulnerabilities << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=
|
|
306
|
+
@vulnerabilities << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind != Dawn::KnowledgeBase::COMBO_CHECK
|
|
307
307
|
|
|
308
|
-
@vulnerabilities << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==
|
|
308
|
+
@vulnerabilities << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind == Dawn::KnowledgeBase::COMBO_CHECK
|
|
309
309
|
|
|
310
310
|
@mitigated_issues << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
|
|
311
311
|
else
|
data/lib/dawn/kb/basic_check.rb
CHANGED
|
@@ -16,16 +16,16 @@ module Codesake
|
|
|
16
16
|
super({
|
|
17
17
|
:name=>"Owasp Ror Cheatsheet",
|
|
18
18
|
:applies=>["rails"],
|
|
19
|
-
:kind=>
|
|
19
|
+
:kind=>Dawn::KnowledgeBase::COMBO_CHECK,
|
|
20
20
|
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
|
21
21
|
:message=>message,
|
|
22
22
|
:mitigation=>"Please refere to the Ruby on Rails cheatsheet available from owasp.org to mitigate this vulnerability",
|
|
23
23
|
:checks=>[
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
24
|
+
Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new,
|
|
25
|
+
Dawn::Kb::OwaspRorCheatSheet::Csrf.new,
|
|
26
|
+
Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
|
|
27
|
+
Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new,
|
|
28
|
+
Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new,
|
|
29
29
|
|
|
30
30
|
|
|
31
31
|
],
|
data/lib/dawn/padrino.rb
CHANGED
data/lib/dawn/reporter.rb
CHANGED
|
@@ -67,8 +67,8 @@ module Dawn
|
|
|
67
67
|
html_body += "<table class=\"table-striped table-bordered table\">\n"
|
|
68
68
|
html_body += "<thead><tr><td>Key</td><td>Value</td></tr></thead>\n"
|
|
69
69
|
html_body += "<tbody>\n"
|
|
70
|
-
html_body += "<tr><td>Dawn version</td><td>#{Dawn::VERSION}</td></tr>" unless
|
|
71
|
-
html_body += "<tr><td>Dawn development version</td><td>#{Dawn::VERSION}</td></tr>" if
|
|
70
|
+
html_body += "<tr><td>Dawn version</td><td>#{Dawn::VERSION}</td></tr>" unless Dawn::RELEASE == "(development)\n"
|
|
71
|
+
html_body += "<tr><td>Dawn development version</td><td>#{Dawn::VERSION}</td></tr>" if Dawn::RELEASE == "(development)\n"
|
|
72
72
|
html_body += "<tr><td>Scan duration</td><td>#{@engine.scan_time.round(3)} sec</td></tr>\n"
|
|
73
73
|
html_body += "<tr><td>Target</td><td>#{@engine.target}</td></tr>\n"
|
|
74
74
|
html_body += "<tr><td>MVC detected framework</td><td>#{@engine.name} v#{@engine.get_mvc_version}</td></tr>" unless @engine.name == "Gemfile.lock\n"
|
|
@@ -102,7 +102,7 @@ module Dawn
|
|
|
102
102
|
html_body += "<div id=\"push\"></div>\n"
|
|
103
103
|
html_body += "<div id=\"footer\">\n"
|
|
104
104
|
html_body += "<div class=\"container\">\n"
|
|
105
|
-
html_body += "<p class=\"muted credit\">© <a href=\"http://dawn.codesake.com\">Dawn</a> — #{Time.now.strftime("%Y")} — engine v#{
|
|
105
|
+
html_body += "<p class=\"muted credit\">© <a href=\"http://dawn.codesake.com\">Dawn</a> — #{Time.now.strftime("%Y")} — engine v#{Dawn::VERSION} (#{Dawn::RELEASE})</p>\n"
|
|
106
106
|
html_body += "</div>\n"
|
|
107
107
|
html_body += "</div>\n"
|
|
108
108
|
html_body += "</div>\n"
|
|
@@ -123,7 +123,7 @@ module Dawn
|
|
|
123
123
|
# 0_First table: executive summary
|
|
124
124
|
rows = []
|
|
125
125
|
rows << ['Dawn version', Dawn::VERSION] unless Dawn::RELEASE == "(development)"
|
|
126
|
-
rows << ['Dawn development version', Dawn::VERSION] if
|
|
126
|
+
rows << ['Dawn development version', Dawn::VERSION] if Dawn::RELEASE == "(development)"
|
|
127
127
|
rows << ['Scan started', @engine.scan_start]
|
|
128
128
|
rows << ['Scan duration', "#{@engine.scan_time.round(3)} sec"]
|
|
129
129
|
rows << ['Target', @engine.target]
|
data/lib/dawn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dawnscanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Paolo Perego
|
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
|
30
30
|
1zH2rpK27DW5pOeHUEJn31+gGd111ogP5tYruPV7Qgfy2jUrUPmP67v7nRNlgd84
|
|
31
31
|
Z5mHj9jGk4wgMQy2pk4GDwsXiirZfI0z2WZfySqEldE=
|
|
32
32
|
-----END CERTIFICATE-----
|
|
33
|
-
date: 2015-02-
|
|
33
|
+
date: 2015-02-19 00:00:00.000000000 Z
|
|
34
34
|
dependencies:
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
36
|
name: codesake-commons
|
|
@@ -286,6 +286,7 @@ files:
|
|
|
286
286
|
- checksum/codesake-dawn-1.2.0.gem.sha512
|
|
287
287
|
- checksum/codesake-dawn-1.2.99.gem.sha512
|
|
288
288
|
- checksum/dawnscanner-1.2.99.gem.sha1
|
|
289
|
+
- checksum/dawnscanner-1.3.0.gem.sha1
|
|
289
290
|
- dawnscanner.gemspec
|
|
290
291
|
- doc/codesake-dawn.yaml.sample
|
|
291
292
|
- doc/dawn_1_0_announcement.md
|
|
@@ -585,7 +586,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
585
586
|
version: '0'
|
|
586
587
|
requirements: []
|
|
587
588
|
rubyforge_project:
|
|
588
|
-
rubygems_version: 2.
|
|
589
|
+
rubygems_version: 2.4.6
|
|
589
590
|
signing_key:
|
|
590
591
|
specification_version: 4
|
|
591
592
|
summary: Codesake::Dawn is a security source code scanner for ruby powered code.
|
metadata.gz.sig
CHANGED
|
Binary file
|