dawnscanner 1.3.1 → 1.3.5

data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb

@@ -20,7 +20,7 @@
               :avoid_comments=>true,
               :check_family=>:owasp_ror_cheatsheet,
               :severity=>:info,
-              :evidences=>["In your session_store.rb file you are not using ActiveRercord to store session data. This will let rails to use a cookie based session and it can expose your web application to a session replay attack."],
+              :evidences=>["In your session_store.rb file you are not using ActiveRecord to store session data. This will let rails to use a cookie based session and it can expose your web application to a session replay attack."],
               :mitigation=>"Use ActiveRecord or the ORM you love most to handle your code session_store. Add \"Application.config.session_store :active_record_store\" to your session_store.rb file."
             })
             # @debug = true

data/lib/dawn/knowledge_base.rb

@@ -221,6 +221,21 @@ require "dawn/kb/cve_2014_2538"
 require "dawn/kb/cve_2014_3482"
 require "dawn/kb/cve_2014_3483"
 
+# CVE - 2015
+
+
+# CVE-2015-1840 is spread in two classes because a single CVE is assigned to a
+# vulnerability affecting two differents but related gems. An idiot hack to
+# mitigate an idiot decision.
+require "dawn/kb/cve_2015_1840/cve_2015_1840_a"
+require "dawn/kb/cve_2015_1840/cve_2015_1840_b"
+require "dawn/kb/cve_2015_2963"
+require "dawn/kb/cve_2015_3224"
+require "dawn/kb/cve_2015_3225"
+require "dawn/kb/cve_2015_3226"
+require "dawn/kb/cve_2015_3227"
+
+
 # OSVDB
 
 require "dawn/kb/osvdb_105971"
@@ -228,6 +243,12 @@ require "dawn/kb/osvdb_108569"
 require "dawn/kb/osvdb_108570"
 require "dawn/kb/osvdb_108530"
 require "dawn/kb/osvdb_108563"
+require "dawn/kb/osvdb_118579"
+require "dawn/kb/osvdb_118830"
+require "dawn/kb/osvdb_118954"
+require "dawn/kb/osvdb_119878"
+require "dawn/kb/osvdb_119927"
+
 
 
 module Dawn
@@ -470,6 +491,14 @@ module Dawn
           Dawn::Kb::CVE_2014_2538.new,
           Dawn::Kb::CVE_2014_3482.new,
           Dawn::Kb::CVE_2014_3483.new,
+          Dawn::Kb::CVE_2015_1840_a.new,
+          Dawn::Kb::CVE_2015_1840_b.new,
+          Dawn::Kb::CVE_2015_2963.new,
+          Dawn::Kb::CVE_2015_3224.new,
+          Dawn::Kb::CVE_2015_3225.new,
+          Dawn::Kb::CVE_2015_3226.new,
+          Dawn::Kb::CVE_2015_3227.new,
+
 
           # OSVDB Checks are still here since are all about dependencies
           Dawn::Kb::OSVDB_105971.new,
@@ -477,6 +506,11 @@ module Dawn
           Dawn::Kb::OSVDB_108570.new,
           Dawn::Kb::OSVDB_108530.new,
           Dawn::Kb::OSVDB_108563.new,
+          Dawn::Kb::OSVDB_118579.new,
+          Dawn::Kb::OSVDB_118830.new,
+          Dawn::Kb::OSVDB_118954.new,
+          Dawn::Kb::OSVDB_119878.new,
+          Dawn::Kb::OSVDB_119927.new,
       ]
         # END @cve_security_checks array
         # START @owasp_ror_cheatsheet_checks array

data/lib/dawn/logger.rb

@@ -0,0 +1,16 @@
+require 'logger/colors'
+
+class Logger
+  def helo(app, version)
+    @app = app
+    info "#{app} v#{version} is starting up"
+  end
+  def die(msg)
+    error(msg)
+    Kernel.exit(-1)
+  end
+  def bye
+    info "#{@app} is shutting down"
+  end
+
+end

data/lib/dawn/reporter.rb

@@ -227,34 +227,34 @@ module Dawn
 
     def ascii_plain_report
 
-      $logger.log "scanning #{@engine.target}"
-      $logger.log "#{@engine.name} v#{@engine.get_mvc_version} detected" unless @engine.name == "Gemfile.lock"
-      $logger.log "#{@engine.force} v#{@engine.get_mvc_version} detected" if @engine.name == "Gemfile.lock"
-      $logger.log "applying all security checks"
+      $logger.info "scanning #{@engine.target}"
+      $logger.info "#{@engine.name} v#{@engine.get_mvc_version} detected" unless @engine.name == "Gemfile.lock"
+      $logger.info "#{@engine.force} v#{@engine.get_mvc_version} detected" if @engine.name == "Gemfile.lock"
+      $logger.info "applying all security checks"
       if @ret
-        $logger.log "#{@engine.applied_checks} security checks applied - #{@engine.skipped_checks} security checks skipped"
+        $logger.info "#{@engine.applied_checks} security checks applied - #{@engine.skipped_checks} security checks skipped"
       else
-        $logger.err "no security checks in the knowledge base"
+        $logger.error "no security checks in the knowledge base"
       end
 
       if @engine.count_vulnerabilities != 0
-        $logger.log "#{@engine.count_vulnerabilities} vulnerabilities found"
+        $logger.info "#{@engine.count_vulnerabilities} vulnerabilities found"
         @engine.vulnerabilities.each do |vuln|
-          $logger.err "#{vuln[:name]} check failed"
-          $logger.log "Severity: #{vuln[:severity]}"
-          $logger.log "Priority: #{vuln[:priority]}"
-          $logger.log "Description: #{vuln[:message]}"
-          $logger.log "Solution: #{vuln[:remediation]}"
-          $logger.log "Evidence:"
+          $logger.error "#{vuln[:name]} check failed"
+          $logger.info "Severity: #{vuln[:severity]}"
+          $logger.info "Priority: #{vuln[:priority]}"
+          $logger.info "Description: #{vuln[:message]}"
+          $logger.info "Solution: #{vuln[:remediation]}"
+          $logger.info "Evidence:"
           vuln[:evidences].each do |evidence|
-            $logger.log "\t#{evidence}"
+            $logger.info "\t#{evidence}"
           end
         end
         if @engine.has_reflected_xss?
-          $logger.log "#{@engine.reflected_xss.count} reflected XSS found"
+          $logger.info "#{@engine.reflected_xss.count} reflected XSS found"
           @engine.reflected_xss.each do |vuln|
-            $logger.log "request parameter \"#{vuln[:sink_source]}\" is used without escaping in #{vuln[:sink_view]}. It was read here: #{vuln[:sink_file]}@#{vuln[:sink_line]}"
-            $logger.err "evidence: #{vuln[:sink_evidence]}"
+            $logger.info "request parameter \"#{vuln[:sink_source]}\" is used without escaping in #{vuln[:sink_view]}. It was read here: #{vuln[:sink_file]}@#{vuln[:sink_line]}"
+            $logger.error "evidence: #{vuln[:sink_evidence]}"
           end
         end
 
@@ -263,11 +263,11 @@ module Dawn
       end
 
       if @engine.mitigated_issues.count != 0
-        $logger.log "#{@engine.mitigated_issues.count} mitigated vulnerabilities found"
+        $logger.info "#{@engine.mitigated_issues.count} mitigated vulnerabilities found"
         @engine.mitigated_issues.each do |vuln|
           $logger.ok "#{vuln[:name]} mitigated"
           vuln[:evidences].each do |evidence|
-            $logger.err evidence
+            $logger.error evidence
           end
         end
       end

data/lib/dawn/utils.rb

@@ -8,11 +8,11 @@ module Dawn
       __debug_me_and_return(msg, false)
     end
     def debug_me(msg)
-      $logger.log(msg) if @debug
+      $logger.debug(msg) if @debug
     end
 
     def __debug_me_and_return(msg, status)
-      $logger.log(msg) if @debug
+      $logger.debug(msg) if @debug
       return status
     end
   end

data/lib/dawn/version.rb

@@ -1,26 +1,7 @@
 module Dawn
-  # codesake-dawn when in development has RELASE equal to '(development)' and
-  # the version number is set for the next release.
-  #
-  # Each codesake-dawn major release will have a Disney Pixar Cars / Cars2
-  # character as codename. My son Daniele loves those films and since I love
-  # him too, # this is a kinda sort of tribute of my son's passion.
-  #
-  # Future releases
-  #
-  # | Character       | Release |
-  # |-----------------|---------|
-  # |  "Tow Mater"    |  2.0.0  |
-  # | "Finn McMissile"|  3.0.0  |
-  # |  "Fillmore"     |  4.0.0  |
-  # |"Holly Shiftwell"|  5.0.0  |
-  # |   "Guido"       |  6.0.0  |
-  # |   "Luigi"       |  7.0.0  |
-  # | "Doc Hudson"    |  8.0.0  |
-
-  VERSION   = "1.3.1"
-  CODENAME  = "Lightning McQueen"
-  # RELEASE   = "(development)"
-  RELEASE   = "20150219"
-
+    VERSION = "1.3.5"
+    CODENAME = "Lightning McQueen"
+    RELEASE = "20150729"
+    BUILD = "31"
+    COMMIT = "ge32c804"
 end

data/lib/dawnscanner.rb

@@ -7,6 +7,7 @@ require "dawn/sinatra"
 require "dawn/padrino"
 require "dawn/gemfile_lock"
 require "dawn/reporter"
-require "codesake-commons"
+require "dawn/logger"
+# require "codesake-commons"
 
 require "date"

data/spec/lib/dawn/codesake_knowledgebase_spec.rb

@@ -910,31 +910,82 @@ describe "The Codesake Dawn knowledge base" do
   end
 
   it "must have test for OSVDB-108570" do
-      sc = kb.find("OSVDB-108570")
-        sc.should_not   be_nil
-          sc.class.should == Dawn::Kb::OSVDB_108570
+    sc = kb.find("OSVDB-108570")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_108570
   end
 
   it "must have test for OSVDB-108530" do
-      sc = kb.find("OSVDB-108530")
-        sc.should_not   be_nil
-          sc.class.should == Dawn::Kb::OSVDB_108530
+    sc = kb.find("OSVDB-108530")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_108530
   end
   it "must have test for OSVDB-108563" do
-      sc = kb.find("OSVDB-108563")
-        sc.should_not   be_nil
-          sc.class.should == Dawn::Kb::OSVDB_108563
+    sc = kb.find("OSVDB-108563")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_108563
   end
 
   it "must have test for CVE-2014-3482" do
-      sc = kb.find("CVE-2014-3482")
-        sc.should_not   be_nil
-          sc.class.should == Dawn::Kb::CVE_2014_3482
+    sc = kb.find("CVE-2014-3482")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2014_3482
   end
 
   it "must have test for CVE-2014-3483" do
-      sc = kb.find("CVE-2014-3483")
-        sc.should_not   be_nil
-          sc.class.should == Dawn::Kb::CVE_2014_3483
+    sc = kb.find("CVE-2014-3483")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2014_3483
+  end
+  it "must have test for OSVDB_119927" do
+    sc = kb.find("OSVDB_119927")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_119927
+  end
+  it "must have test for OSVDB_119878" do
+    sc = kb.find("OSVDB_119878")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_119878
+  end
+  it "must have test for OSVDB_118954" do
+    sc = kb.find("OSVDB_118954")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_118954
+  end
+  it "must have test for OSVDB_118579" do
+    sc = kb.find("OSVDB_118579")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_118579
+  end
+  it "must have test for OSVDB_118830" do
+    sc = kb.find("OSVDB_118830")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_118830
+  end
+  it "must have test for CVE-2015-3224" do
+    sc = kb.find("CVE-2015-3224")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2015_3224
+  end
+  it "must have test for CVE-2015-3225" do
+    sc = kb.find("CVE-2015-3225")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2015_3225
+  end
+  it "must have test for CVE-2015-3227" do
+    sc = kb.find("CVE-2015-3227")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2015_3227
+  end
+  it "must have test for CVE-2015-3226" do
+    sc = kb.find("CVE-2015-3226")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2015_3226
+  end
+  it "must have test for CVE-2015-2963" do
+    sc = kb.find("CVE-2015-2963")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2015_2963
   end
+  it "CVE-2015-1840 can't be tested. Trust me. It works"
 end

data/spec/lib/kb/cve_2015_1840_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+describe "The CVE-2015-1840 vulnerability" do
+	before(:all) do
+		@check_a = Dawn::Kb::CVE_2015_1840_a.new
+		@check_b = Dawn::Kb::CVE_2015_1840_b.new
+	end
+  it "is reported when vulnerable jquery-rails gem is used (3.1.2)" do
+    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.2'}]
+    @check_a.vuln?.should   == true
+  end
+  it "is reported when vulnerable jquery-rails gem is used 4.0.1)" do
+    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.1'}]
+    @check_a.vuln?.should   == true
+  end
+  it "is reported when vulnerable jquery-ujs gem is used 1.0.3)" do
+    @check_b.dependencies = [{:name=>"jquery-ujs", :version=>'1.0.3'}]
+    @check_b.vuln?.should   == true
+  end
+
+  it "is reported when vulnerable jquery-rails gem is used (3.1.3)" do
+    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.3'}]
+    @check_a.vuln?.should   == false
+  end
+  it "is reported when vulnerable jquery-rails gem is used 4.0.2)" do
+    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.2'}]
+    @check_a.vuln?.should   == false
+  end
+  it "is reported when vulnerable jquery-ujs gem is used 1.0.4)" do
+    @check_b.dependencies = [{:name=>"jquery-ujs", :version=>'1.0.4'}]
+    @check_b.vuln?.should   == false
+  end
+
+
+
+end

data/spec/lib/kb/cve_2015_2963_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+describe "The CVE-2015-2963 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_2963.new
+		# @check.debug = true
+	end
+  it "is reported when vulnerable paperclip gem is used 4.2.1)" do
+    @check.dependencies = [{:name=>"paperclip", :version=>'4.2.1'}]
+    @check.vuln?.should   == true
+  end
+
+  it "is reported when not vulnerable paperclip gem is used (4.2.2)" do
+    @check.dependencies = [{:name=>"paperclip", :version=>'4.2.2'}]
+    @check.vuln?.should   == false
+  end
+
+end

data/spec/lib/kb/cve_2015_3224_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe "The CVE-2015-3224 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_3224.new
+		# @check.debug = true
+	end
+  it "is reported when vulnerable web-console gem is used (2.1.2)" do
+    @check.dependencies = [{:name=>"web-console", :version=>'2.1.2'}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when safe rack gem is used (2.1.3)" do
+    @check.dependencies = [{:name=>"web-console", :version=>'2.1.3'}]
+    @check.vuln?.should   == false
+  end
+
+end

data/spec/lib/kb/cve_2015_3225_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+describe "The CVE-2015-3225 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_3225.new
+		# @check.debug = true
+	end
+  it "is reported when vulnerable rack gem is used (1.5.3)" do
+    @check.dependencies = [{:name=>"rack", :version=>'1.5.3'}]
+    @check.vuln?.should   == true
+  end
+  it "is reported when vulnerable rack gem is used (1.6.1)" do
+    @check.dependencies = [{:name=>"rack", :version=>'1.6.1'}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when safe rack gem is used (1.5.4)" do
+    @check.dependencies = [{:name=>"rack", :version=>'1.5.4'}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when safe rack gem is used (1.6.3)" do
+    @check.dependencies = [{:name=>"rack", :version=>'1.6.3'}]
+    @check.vuln?.should   == false
+  end
+end

data/spec/lib/kb/cve_2015_3226_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+describe "The CVE-2015-3226 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_3226.new
+		# @check.debug = true
+	end
+
+  it "is reported when vulnerable active_support gem is used (3.x.x)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'3.2.11'}]
+    @check.vuln?.should   == true
+  end
+  it "is reported when vulnerable active_support gem is used (4.1.11)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
+    @check.vuln?.should   == true
+  end
+  it "is reported when vulnerable active_support gem is used (4.2.2)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when safe active_support gem is used (4.1.12)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when safe active_support gem is used (4.2.3)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
+    @check.vuln?.should   == false
+  end
+
+end

data/spec/lib/kb/cve_2015_3227_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+describe "The CVE-2015-3227 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_3227.new
+		@check.debug = true
+	end
+  it "is reported when vulnerable active_support gem is used (4.1.11)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
+    @check.vuln?.should   == true
+  end
+  it "is reported when vulnerable active_support gem is used (4.2.2)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when safe active_support gem is used (4.1.12)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when safe active_support gem is used (4.2.3)" do
+    @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
+    @check.vuln?.should   == false
+  end
+end