dawnscanner 1.4.2 → 1.5.0

data/lib/dawn/kb/basic_check.rb

@@ -6,6 +6,7 @@ module Dawn
 
       include Dawn::Utils
 
+      attr_reader :title
       attr_reader :name
       attr_reader :cve
       attr_reader :osvdb
@@ -84,6 +85,7 @@ module Dawn
         @ruby_version             = ""
         @ruby_vulnerable_versions = []
 
+        @title        = options[:title]
         @name         = options[:name]
         @cvss         = options[:cvss]
         @cwe          = options[:cwe]
@@ -233,6 +235,7 @@ module Dawn
         ret << :cvss if self.cvss.nil? || self.cvss.empty? || self.cvss == "not assigned"
         ret << :severity if self.severity == "unknown"
         ret << :priority if self.priority == "unknown"
+        ret << :title if self.title.nil?
 
         ret
       end

data/lib/dawn/kb/cve_2014_3483.rb

@@ -20,6 +20,7 @@
             :mitigation=>"Please upgrade rails at least to version 4.0.7 or 4.1.3. As a general rule, using the latest stable rails version is recommended.",
             :aux_links=>["http://weblog.rubyonrails.org/2014/7/2/Rails_3_2_19_4_0_7_and_4_1_3_have_been_released/"]
            })
+           self.save_major=true
            self.safe_dependencies = [{:name=>"rails", :version=>['4.0.7', '4.1.3']}]
 				end
 			end

data/lib/dawn/kb/cve_2015_1819.rb

@@ -0,0 +1,34 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2015-12-03
+			class CVE_2015_1819
+				# Include the testing skeleton for this CVE
+				# include PatternMatchCheck
+				include DependencyCheck
+				# include RubyVersionCheck
+
+				def initialize
+          title="Nokogiri denial of service (DoS) Memory Consumption"
+          message="Nokogiri versions before 1.6.6.4 contain a vulnerable version of libxml2 as a C extension. The vulnerability allows for memory consumption denial of service."
+          super({
+            :title=>title,
+            :name=> "CVE-2015-1819",
+            :cve=>"2015-1819",
+            :osvdb=>"",
+            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            :release_date => Date.new(2015, 8, 14),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade nokogiri gem to version 1.6.6.4 or later.",
+            :aux_links=>[""]
+           })
+          self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.6.4']}]
+
+
+				end
+			end
+		end
+end

data/lib/dawn/kb/cve_2015_4020.rb

@@ -0,0 +1,34 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2015-12-02
+			class CVE_2015_4020
+				# Include the testing skeleton for this CVE
+				# include PatternMatchCheck
+				# include DependencyCheck
+				# include RubyVersionCheck
+        include GemCheck
+
+				def initialize
+          title="RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking"
+          message = "RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a 'DNS hijack attack.'"
+          super({
+            :title=>title,
+            :name=> "CVE-2015-4020",
+            :cve=>"2015-4020",
+            :osvdb=>"122162",
+            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2015, 8, 25),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Dawn::KnowledgeBase::GEM_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade redcarpet gem to version 3.2.3 or later.",
+            :aux_links=>[""]
+           })
+
+          self.safe_versions = [{:version=>['2.0.17', '2.2.5', '2.4.8']}]
+				end
+			end
+		end
+end

data/lib/dawn/kb/gem_check.rb

@@ -0,0 +1,43 @@
+# This module handles security checks for RubyGems framework.
+module Dawn
+  module Kb
+    module GemCheck
+      include BasicCheck
+
+      attr_accessor :safe_versions
+      attr_accessor :my_gem_version
+
+      def initialize(options)
+        super(options)
+        @safe_versions  ||= options[:safe_versions]
+        @my_gem_version ||= options[:my_gem_version]
+
+        @my_gem_version = take_gem_version_from_system if @my_gem_version.nil?
+      end
+
+      def take_gem_version_from_system
+        require 'rubygems'
+        return Gem::VERSION
+      end
+
+      def vuln?
+        debug_me "here"
+        @safe_versions.each do |sv|
+          v = Dawn::Kb::VersionCheck.new(
+            {
+              :safe=>sv[:version],
+              :detected=>@my_gem_version,
+              :save_minor => true,
+              :save_major => false,
+            }
+          )
+          v.debug = self.debug
+          return true if v.vuln?
+        end
+
+        return false
+      end
+
+    end
+  end
+end

data/lib/dawn/kb/osvdb_115654.rb

@@ -0,0 +1,33 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2015-12-02
+			class OSVDB_115654
+				# Include the testing skeleton for this Security Check
+				# include PatternMatchCheck
+				include DependencyCheck
+				# include RubyVersionCheck
+
+				def initialize
+          title = "Sentry raven-ruby lib/raven/okjson.rb Exponent / Scientific Notation Value Handling Resource Consumption DoS"
+          message = "Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service."
+          super({
+            :title=>title,
+            :name=> "OSVDB_115654",
+            :cve=>"CVE-2014-9490",
+            :osvdb=>"115654",
+            :cvss=>"",
+            :release_date => Date.new(2015, 1, 20),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade raven-ruby gem to version 0.12.2 or later.",
+            :aux_links=>[""]
+           })
+          self.safe_dependencies = [{:name=>"raven-ruby", :version=>['0.12.2']}]
+
+				end
+			end
+		end
+end

data/lib/dawn/kb/osvdb_116010.rb

@@ -0,0 +1,30 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2015-12-03
+			class OSVDB_116010
+				include DependencyCheck
+
+				def initialize
+          title = "Doorkeeper Gem for Ruby access_token Disclosure CSRF"
+          message = "Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors."
+          super({
+            :title=>title,
+            :name=> "OSVDB_116010",
+            :cve=>"CVE-2014-8144",
+            :osvdb=>"116010",
+            :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            :release_date => Date.new(2014, 12, 31),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade doorkeeper gem to version 1.4.1 or later.",
+            :aux_links=>[""]
+           })
+          self.safe_dependencies = [{:name=>"doorkeeper", :version=>['1.4.1']}]
+
+				end
+			end
+		end
+end

data/lib/dawn/kb/osvdb_117903.rb

@@ -0,0 +1,30 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2015-12-02
+			class OSVDB_117903
+				include DependencyCheck
+
+				def initialize
+          title = "ruby-saml URI SAML Response Handling Remote Command Execution"
+          message = "ruby-saml contains a flaw that is triggered as the URI value of a SAML response is not properly sanitized through a prepared statement. This may allow a remote attacker to execute arbitrary shell commands on the host machine."
+           super({
+            :title=>title,
+            :name=> "OSVDB_117903",
+            :cve=>"",
+            :osvdb=>"117903",
+            :cvss=>"",
+            :release_date => Date.new(2015, 1, 7),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade ruby-saml gem to version 0.8.2 or later.",
+            :aux_links=>["https://security.dxw.com/advisories/publicly-exploitable-command-injection-in-ruby-saml-0-7-2-library-can-root-the-host/"]
+           })
+           self.safe_dependencies = [{:name=>"ruby-saml", :version=>['0.8.2', '0.7.3']}]
+
+				end
+			end
+		end
+end

data/lib/dawn/kb/osvdb_118954.rb

@@ -20,10 +20,12 @@ module Dawn
             :applies=>["rails"],
             :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
             :message=>message,
-            :mitigation=>"Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository (e.g. GIT, CVS, SVN) that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor links in the references section for more information.",
-            :aux_links=>[""]
+            :mitigation=>"Please upgrade to latest rails ruby gems",
+            :aux_links=>["https://github.com/rails/rails/pull/19055", "https://github.com/rails/rails/issues/19050"]
            })
-          self.safe_dependencies = [{:name=>"rails", :version=>['99.99.99']}]
+          self.save_minor=true
+          self.save_major=true
+          self.safe_dependencies = [{:name=>"rails", :version=>['4.2.1.rc3']}]
 
 				end
 			end

data/lib/dawn/kb/osvdb_119878.rb

@@ -8,7 +8,7 @@ module Dawn
 				# include RubyVersionCheck
 
 				def initialize
-          message="rest-client Gem for Ruby contains a flaw in abstract_response.rb related to the handling of set-cookie headers in redirection responses that allows a remote, user-assisted attacker to conduct a session fixation attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session to be subsequently hijacked."
+          message="ret-client Gem for Ruby contains a flaw in abstract_response.rb related to the handling of set-cookie headers in redirection responses that allows a remote, user-assisted attacker to conduct a session fixation attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session to be subsequently hijacked."
 
           super({
             :name=> "OSVDB_119878",
@@ -21,10 +21,10 @@ module Dawn
             :applies=>["rails", "sinatra", "padrino"],
             :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
             :message=>message,
-            :mitigation=>"The vulnerability at the 4 April 2015 it has not been fixed. Please refer to gem readme to check when vulnerability it has been fixed.",
+            :mitigation=>"Please upgrade rest-client gem version to 2.0.0.rc1 or later.",
             :aux_links=>[""]
            })
-           self.safe_dependencies = [{:name=>"rest-client", :version=>['99.99.99']}]
+          self.safe_dependencies = [{:name=>"rest-client", :version=>['2.0.0.rc1']}]
 
 				end
 			end

data/lib/dawn/kb/osvdb_120415.rb

@@ -0,0 +1,31 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2015-12-01
+			class OSVDB_120415
+				include DependencyCheck
+
+				def initialize
+          title = "redcarpet Gem for Ruby markdown.c parse_inline() Function XSS"
+          message = "redcarpet gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the parse_inline() function in markdown.c does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server."
+
+          super({
+            :title=>title,
+            :name=> "OSVDB_120415",
+            :cve=>"",
+            :osvdb=>"120415",
+            :cvss=>"",
+            :release_date => Date.new(2015, 4, 7),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade redcarpet gem to version 3.2.3 or later.",
+            :aux_links=>[""]
+           })
+          self.safe_dependencies = [{:name=>"redcarpet", :version=>['3.2.3']}]
+
+				end
+			end
+		end
+end

data/lib/dawn/kb/osvdb_120857.rb

@@ -0,0 +1,34 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2015-12-02
+			class OSVDB_120857
+				# Include the testing skeleton for this Security Check
+				# include PatternMatchCheck
+				include DependencyCheck
+				# include RubyVersionCheck
+
+				def initialize
+          title = "refile Gem for Ruby remote_image_url Attachment Remote Command Execution"
+          message = "refile Gem for Ruby contains a flaw that is triggered when input is not sanitized when handling the 'remote_image_url' field in a form, where 'image' is the name of the attachment. This may allow a remote attacker to execute arbitrary shell commands."
+
+          super({
+            :title=>title,
+            :name=> "OSVDB_120857",
+            :cve=>"",
+            :osvdb=>"120857",
+            :cvss=>"",
+            :release_date => Date.new(2015, 4, 15),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade refile gem to version 0.5.4 or later.",
+            :aux_links=>[""]
+           })
+          self.save_minor = true
+          self.safe_dependencies=[{:name=>"refile", :version=>['0.5.4', '0.4.-1', '0.3.-1', '0.2.-1', '0.1.-1']}]
+				end
+			end
+		end
+end

data/lib/dawn/kb/osvdb_121701.rb

@@ -0,0 +1,30 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2015-12-02
+			class OSVDB_121701
+				include DependencyCheck
+
+				def initialize
+          title = "open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation"
+          message = "open-uri-cached Gem for Ruby contains a flaw that is due to the program creating temporary files in a predictable, unsafe manner when using YAML. This may allow a local attacker to gain elevated privileges."
+
+          super({
+            :title=>title,
+            :name=> "OSVDB_121701",
+            :cve=>"",
+            :osvdb=>"121701",
+            :cvss=>"",
+            :release_date => Date.new(2015, 5, 5),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade open-uri-cached gem to version 0.0.5 or later.",
+            :aux_links=>[""]
+           })
+          self.safe_dependencies = [{:name=>"open-uri-cached", :version=>['0.0.5']}]
+				end
+			end
+		end
+end

data/lib/dawn/kb/owasp_ror_cheatsheet.rb

@@ -1,40 +1,32 @@
-require 'codesake/dawn/kb/owasp_ror_cheatsheet/command_injection'
-require 'codesake/dawn/kb/owasp_ror_cheatsheet/csrf'
-require 'codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database'
-require 'codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model'
-require 'codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers'
+module Dawn
+  module Kb
+    class OwaspRorCheatsheet
+      include ComboCheck
 
-module Codesake
-  module Dawn
-    module Kb
-      class OwaspRorCheatsheet
-        include ComboCheck
+      def initialize
+        message = "This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from rails core.  The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, those unfamiliar with the inner-workings of Rails, likely need a basic set of guidelines to secure fundamental aspects of their application. The intended purpose of this doc is to be that guide."
 
-        def initialize
-          message = "This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from rails core.  The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, those unfamiliar with the inner-workings of Rails, likely need a basic set of guidelines to secure fundamental aspects of their application. The intended purpose of this doc is to be that guide."
+        super({
+          :name=>"Owasp Ror Cheatsheet", 
+          :applies=>["rails"],
+          :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
+          :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
+          :message=>message,
+          :mitigation=>"Please refere to the Ruby on Rails cheatsheet available from owasp.org to mitigate this vulnerability",
+          :checks=>[
+            Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new,
+            Dawn::Kb::OwaspRorCheatSheet::Csrf.new,
+            Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
+            Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new, 
+            Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new, 
 
-          super({
-            :name=>"Owasp Ror Cheatsheet", 
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
-            :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
-            :message=>message,
-            :mitigation=>"Please refere to the Ruby on Rails cheatsheet available from owasp.org to mitigate this vulnerability",
-            :checks=>[
-              Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new,
-              Dawn::Kb::OwaspRorCheatSheet::Csrf.new,
-              Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
-              Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new, 
-              Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new, 
 
+          ],
+          :vuln_if_all_fails => false
+        })
 
-            ],
-            :vuln_if_all_fails => false
-          })
+        # @debug = true
 
-          # @debug = true
-
-        end
       end
     end
   end