dawnscanner 1.4.1 → 1.4.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 21beffc2d50962f7a17135b47974c233a785b7a9
4
- data.tar.gz: a8f73f32dd52afdf4454335109948ca242c3ad25
3
+ metadata.gz: 71f55db4d3db8eb5884be020455c890ec34abf96
4
+ data.tar.gz: d925be243b149d3016c88cb4cf1415c8e5fdff17
5
5
  SHA512:
6
- metadata.gz: 0b97eeebb92fd48fd5b1ad0fcb8b940d24a51d257d323e5f42eeba993c6a18f51c35670b56b99ffb8f5c450df8cb49170503393012270f32e7118991b57996d8
7
- data.tar.gz: e9da9bf28bb243d2ba912698e552040ee7222ea4a87c70f6b5d01b0deb6d6b67a6774e296339c097960b87de686ec7c8b8a699cf0aefecaf3d68108b5ccbe40a
6
+ metadata.gz: 31af35e4b103403baf62db15595d13326f2aaa9a9cb6a5849bb01042e6d534ddf35d24b598aa1aae6dea3b504ea6dcdb54db768c286aa65cbfa74914b82c1871
7
+ data.tar.gz: 458ff98c756dc73a57a58d346fa96382b67a7e94df63c66d886f0f7d7fc795b228e246a3053aab0108d2f04e9c0ca9bad60171f958ff8d688b827a0f385f7563
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
Binary file
data/Changelog.md CHANGED
@@ -5,7 +5,15 @@ It supports [Sinatra](http://www.sinatrarb.com),
5
5
  [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
6
6
  frameworks.
7
7
 
8
- _latest update: Tue Oct 13 09:53:14 CEST 2015_
8
+ _latest update: Tue Oct 13 11:36:46 CEST 2015_
9
+
10
+ ## Version 1.4.2 - codename: Tow Mater (2015-10-13)
11
+
12
+ * Applying pull request #140. Thanks to @j15e for fixing an issue with logger
13
+ method causing dawn to abort. Thank you also to Igor to prompt me about this
14
+ issue existing again.
15
+
16
+ ## Version 1.4.1 - codename: Tow Mater (2015-10-13)
9
17
 
10
18
  * Applying pull request #145. Thanks to @wmotti, a typo in CVE-2015-1840 has
11
19
  been fixed and the following false positives have been fixed as well:
data/KnowledgeBase.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Dawn Knowledge base
2
2
 
3
- The knowledge base library for Dawn version 1.3.5 contains 192 security checks.
3
+ The knowledge base library for Dawn version 1.4.1 contains 201 security checks.
4
4
  ---
5
5
  * Simple Form XSS - 20131129: There is a XSS vulnerability on Simple Form's label, hint and error options. When Simple Form creates a label, hint or error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the text of these helpers can be provided by the users, malicious values can be provided and Simple Form will mark it as safe.
6
6
  * [CVE-2004-0755](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755): The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
@@ -88,6 +88,7 @@ The knowledge base library for Dawn version 1.3.5 contains 192 security checks.
88
88
  * [CVE-2012-6134](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6134): Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
89
89
  * [CVE-2012-6496](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496): SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.
90
90
  * [CVE-2012-6497](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497): The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.
91
+ * [CVE-2012-6684](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684): Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.
91
92
  * [CVE-2013-0155](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155): Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
92
93
  * [CVE-2013-0156](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156): active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
93
94
  * [CVE-2013-0162](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0162): The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
@@ -172,13 +173,21 @@ XML documents with carefully crafted entity expansion strings which can cause th
172
173
  * [CVE-2014-2538](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2538): rack-ssl Gem for Ruby contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the program does not validate input passed via error messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
173
174
  * [CVE-2014-3482](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482): Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting bitstrings. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
174
175
  * [CVE-2014-3483](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483): Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting ranges. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
175
- * [CVE-2015-1849](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1849): jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
176
- * [CVE-2015-1849](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1849): jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
176
+ * [CVE-2014-3916](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3916): The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
177
+ * [CVE-2014-4975](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975): Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
178
+ * [CVE-2014-7818](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818): Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.
179
+ * [CVE-2014-7819](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819): Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.
180
+ * [CVE-2014-7829](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829): Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a (backslash) character, a similar issue to CVE-2014-7818.
181
+ * [CVE-2014-8090](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090): The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
182
+ * [CVE-2014-9490](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9490): The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.
183
+ * [CVE-2015-1840](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1840): jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
184
+ * [CVE-2015-1840](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1840): jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
177
185
  * [CVE-2015-2963](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2963): The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
178
186
  * [CVE-2015-3224](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3224): request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
179
187
  * [CVE-2015-3225](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225): lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
180
188
  * [CVE-2015-3226](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226): Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
181
189
  * [CVE-2015-3227](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227): The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
190
+ * [CVE-2015-3448](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448): REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
182
191
  * [OSVDB-105971](http://osvdb.org/show/osvdb/105971): sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
183
192
  * OSVDB-105971: sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
184
193
  * [OSVDB-108569](http://osvdb.org/show/osvdb/108569): backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
@@ -227,4 +236,4 @@ Setting this to true will essentially strip out any host information.
227
236
  This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME
228
237
 
229
238
 
230
- _Last updated: Wed 29 Jul 23:06:16 CEST 2015_
239
+ _Last updated: Tue 13 Oct 11:01:08 CEST 2015_
data/README.md CHANGED
@@ -23,7 +23,7 @@ box:
23
23
 
24
24
  ---
25
25
 
26
- Dawn version 1.3.5 has 192 security checks loaded in its knowledge
26
+ Dawn version 1.4.2 has 201 security checks loaded in its knowledge
27
27
  base. Most of them are CVE bulletins applying to gems or the ruby interpreter
28
28
  itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
29
29
 
data/VERSION CHANGED
@@ -13,4 +13,4 @@
13
13
  # | "Guido" | 1.12.0 |
14
14
  # | "Luigi" | 1.14.0 |
15
15
  # | "Doc Hudson" | 1.16.0 |
16
- 1.4.1 - Tow Mater
16
+ 1.4.2 - Tow Mater
@@ -0,0 +1 @@
1
+ 89342f40c6ba4752c6ab6bc69f3ad24de0f62f4e
data/lib/dawn/reporter.rb CHANGED
@@ -30,7 +30,7 @@ module Dawn
30
30
  File.open(@filename, "w") do |f|
31
31
  f.puts output
32
32
  end
33
- $logger.ok "#{@filename} created (#{output.length} bytes)"
33
+ $logger.info "#{@filename} created (#{output.length} bytes)"
34
34
  end
35
35
  end
36
36
  def is_valid_format?(format)
@@ -259,13 +259,13 @@ module Dawn
259
259
  end
260
260
 
261
261
  else
262
- $logger.ok "no vulnerabilities found."
262
+ $logger.info "no vulnerabilities found."
263
263
  end
264
264
 
265
265
  if @engine.mitigated_issues.count != 0
266
266
  $logger.info "#{@engine.mitigated_issues.count} mitigated vulnerabilities found"
267
267
  @engine.mitigated_issues.each do |vuln|
268
- $logger.ok "#{vuln[:name]} mitigated"
268
+ $logger.info "#{vuln[:name]} mitigated"
269
269
  vuln[:evidences].each do |evidence|
270
270
  $logger.error evidence
271
271
  end
data/lib/dawn/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Dawn
2
- VERSION = "1.4.1"
2
+ VERSION = "1.4.2"
3
3
  CODENAME = "Tow Mater"
4
4
  RELEASE = "20151013"
5
- BUILD = "9"
6
- COMMIT = "gc7e4aa2"
5
+ BUILD = "5"
6
+ COMMIT = "g1f95333"
7
7
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dawnscanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.1
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paolo Perego
@@ -296,6 +296,7 @@ files:
296
296
  - checksum/dawnscanner-1.3.1.gem.sha1
297
297
  - checksum/dawnscanner-1.3.5.gem.sha1
298
298
  - checksum/dawnscanner-1.4.0.gem.sha1
299
+ - checksum/dawnscanner-1.4.1.gem.sha1
299
300
  - dawnscanner.gemspec
300
301
  - doc/codesake-dawn.yaml.sample
301
302
  - doc/dawn_1_0_announcement.md
metadata.gz.sig CHANGED
Binary file