dawnscanner 1.4.2 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.ruby-version +1 -1
- data/Changelog.md +85 -9
- data/KnowledgeBase.md +206 -5
- data/README.md +25 -25
- data/Rakefile +19 -5
- data/Roadmap.md +104 -46
- data/VERSION +10 -10
- data/bin/dawn +96 -15
- data/checksum/dawnscanner-1.4.2.gem.sha1 +1 -0
- data/dawnscanner.gemspec +21 -4
- data/doc/dawn_1_5_announcement.md +66 -0
- data/doc/{codesake-dawn.yaml.sample → dawnscanner.yaml.sample} +0 -0
- data/doc/new_knowledge_base_v1.0.md +78 -0
- data/lib/dawn/core.rb +22 -28
- data/lib/dawn/engine.rb +111 -54
- data/lib/dawn/kb/basic_check.rb +3 -0
- data/lib/dawn/kb/cve_2014_3483.rb +1 -0
- data/lib/dawn/kb/cve_2015_1819.rb +34 -0
- data/lib/dawn/kb/cve_2015_4020.rb +34 -0
- data/lib/dawn/kb/gem_check.rb +43 -0
- data/lib/dawn/kb/osvdb_115654.rb +33 -0
- data/lib/dawn/kb/osvdb_116010.rb +30 -0
- data/lib/dawn/kb/osvdb_117903.rb +30 -0
- data/lib/dawn/kb/osvdb_118954.rb +5 -3
- data/lib/dawn/kb/osvdb_119878.rb +3 -3
- data/lib/dawn/kb/osvdb_120415.rb +31 -0
- data/lib/dawn/kb/osvdb_120857.rb +34 -0
- data/lib/dawn/kb/osvdb_121701.rb +30 -0
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +23 -31
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +16 -20
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +31 -31
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +22 -22
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +23 -23
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +25 -25
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +21 -21
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +24 -24
- data/lib/dawn/kb/version_check.rb +4 -0
- data/lib/dawn/knowledge_base.rb +36 -4
- data/lib/dawn/registry.rb +43 -0
- data/lib/dawn/reporter.rb +88 -47
- data/lib/dawn/utils.rb +3 -4
- data/lib/dawn/version.rb +4 -4
- data/lib/dawnscanner.rb +4 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +40 -0
- data/spec/lib/kb/cve_2014_3483_spec.rb +5 -1
- data/spec/lib/kb/cve_2015_1819_spec.rb +16 -0
- data/spec/lib/kb/cve_2015_4020_spec.rb +24 -0
- data/spec/lib/kb/osvdb_115654_spec.rb +15 -0
- data/spec/lib/kb/osvdb_116010_spec.rb +15 -0
- data/spec/lib/kb/osvdb_117903_spec.rb +23 -0
- data/spec/lib/kb/osvdb_118954_spec.rb +13 -1
- data/spec/lib/kb/osvdb_119878_spec.rb +8 -9
- data/spec/lib/kb/osvdb_120415_spec.rb +16 -0
- data/spec/lib/kb/osvdb_120857_spec.rb +32 -0
- data/spec/lib/kb/osvdb_121701_spec.rb +15 -0
- metadata +153 -12
- metadata.gz.sig +0 -0
- data/BUGS.md +0 -14
@@ -1,22 +1,18 @@
|
|
1
|
-
|
2
|
-
require 'httpclient'
|
3
|
-
|
4
|
-
|
5
|
-
# Yes, I was buit just for RubyDay 2012 talk demo
|
1
|
+
# It will be completely rewritten in dawnscanner v2.0.0
|
6
2
|
#
|
3
|
+
# require 'anemone'
|
4
|
+
# require 'httpclient'
|
7
5
|
|
8
|
-
h=HTTPClient.new()
|
9
|
-
Anemone.crawl(ARGV[0]) do |anemone|
|
10
|
-
anemone.on_every_page do |page|
|
11
|
-
response = h.get(page.url)
|
12
|
-
puts "Original: #{page.url}: #{response.code}"
|
13
|
-
response = h.get(page.url.to_s.split(";")[0].concat(".bak"))
|
14
|
-
puts "BAK: #{page.url.to_s.split(";")[0].concat(".bak")}: #{response.code}"
|
15
|
-
response = h.get(page.url.to_s.split(";")[0].concat(".old"))
|
16
|
-
puts "OLD: #{page.url.to_s.split(";")[0].concat(".old")}: #{response.code}"
|
17
|
-
response = h.get(page.url.to_s.split(";")[0].concat("~"))
|
18
|
-
puts "~: #{page.url.to_s.split(";")[0].concat("~")}: #{response.code}"
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
# http://localhost:8080/HacmeBooks
|
6
|
+
# h=HTTPClient.new()
|
7
|
+
# Anemone.crawl(ARGV[0]) do |anemone|
|
8
|
+
# anemone.on_every_page do |page|
|
9
|
+
# response = h.get(page.url)
|
10
|
+
# puts "Original: #{page.url}: #{response.code}"
|
11
|
+
# response = h.get(page.url.to_s.split(";")[0].concat(".bak"))
|
12
|
+
# puts "BAK: #{page.url.to_s.split(";")[0].concat(".bak")}: #{response.code}"
|
13
|
+
# response = h.get(page.url.to_s.split(";")[0].concat(".old"))
|
14
|
+
# puts "OLD: #{page.url.to_s.split(";")[0].concat(".old")}: #{response.code}"
|
15
|
+
# response = h.get(page.url.to_s.split(";")[0].concat("~"))
|
16
|
+
# puts "~: #{page.url.to_s.split(";")[0].concat("~")}: #{response.code}"
|
17
|
+
# end
|
18
|
+
# end
|
@@ -1,12 +1,12 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
module Dawn
|
2
|
+
module Kb
|
3
|
+
module OwaspRorCheatSheet
|
4
4
|
|
5
|
-
|
6
|
-
|
5
|
+
class CheckForSafeRedirectAndForward
|
6
|
+
include PatternMatchCheck
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
def initialize
|
9
|
+
message = <<-EOT
|
10
10
|
Web applications often require the ability to dynamically redirect users based
|
11
11
|
on client-supplied data. To clarify, dynamic redirection usually entails the
|
12
12
|
client including a URL in a parameter within a request to the application. Once
|
@@ -25,33 +25,33 @@ Example: http://www.example.com/redirect?url=http://badhacker.com
|
|
25
25
|
|
26
26
|
The most basic, but restrictive protection is to use the :only_path option.
|
27
27
|
Setting this to true will essentially strip out any host information.
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
28
|
+
EOT
|
29
|
+
|
30
|
+
super({
|
31
|
+
:name=>"Owasp Ror CheatSheet: Check for safe redirect and forward",
|
32
|
+
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
33
|
+
:applies=>["rails"],
|
34
|
+
:glob=>"*.rb",
|
35
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
36
|
+
:message=>message,
|
37
|
+
:attack_pattern => ["redirect_to"],
|
38
|
+
:mitigation=>"The most basic, but restrictive protection is to use the :only_path option. Setting this to true will essentially strip out any host information.",
|
39
|
+
:severity=>:info,
|
40
|
+
:check_family=>:owasp_ror_cheatsheet
|
41
|
+
})
|
42
|
+
# @debug = true
|
43
43
|
|
44
|
+
end
|
45
|
+
def vuln?
|
46
|
+
super
|
47
|
+
ret = []
|
48
|
+
@evidences.each do |ev|
|
49
|
+
ret << ev unless ev[:matches].include? ":only_path => true"
|
44
50
|
end
|
45
|
-
|
46
|
-
|
47
|
-
ret = []
|
48
|
-
@evidences.each do |ev|
|
49
|
-
ret << ev unless ev[:matches].include? ":only_path => true"
|
50
|
-
end
|
51
|
-
@evidences = ret unless ret.empty?
|
52
|
-
return @evidences.empty?
|
53
|
-
end
|
51
|
+
@evidences = ret unless ret.empty?
|
52
|
+
return @evidences.empty?
|
54
53
|
end
|
55
54
|
end
|
56
55
|
end
|
57
56
|
end
|
57
|
+
end
|
@@ -1,28 +1,28 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
1
|
+
module Dawn
|
2
|
+
module Kb
|
3
|
+
module OwaspRorCheatSheet
|
4
|
+
class CommandInjection
|
5
|
+
include PatternMatchCheck
|
6
6
|
|
7
|
-
|
8
|
-
|
7
|
+
def initialize
|
8
|
+
message = "Ruby offers a function called \"eval\" which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection."
|
9
9
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
end
|
10
|
+
super({
|
11
|
+
:name=>"Owasp Ror CheatSheet: Command Injection",
|
12
|
+
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
13
|
+
:applies=>["rails"],
|
14
|
+
:glob=>"*.rb",
|
15
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
16
|
+
:message=>message,
|
17
|
+
:attack_pattern => ["eval", "System", "\`", "Kernel.exec"],
|
18
|
+
:avoid_comments => true,
|
19
|
+
:check_family=>:owasp_ror_cheatsheet,
|
20
|
+
:severity=>:info,
|
21
|
+
:mitigation=>"Please validate the code you pass as argument to eval, System, Kernel.exec and friends. If you generate your command line with user controlled values, can lead to an arbitrary code execution."
|
22
|
+
})
|
23
|
+
# @debug = true
|
25
24
|
end
|
26
25
|
end
|
27
26
|
end
|
28
27
|
end
|
28
|
+
end
|
@@ -1,29 +1,29 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
1
|
+
module Dawn
|
2
|
+
module Kb
|
3
|
+
module OwaspRorCheatSheet
|
4
|
+
class Csrf
|
5
|
+
include PatternMatchCheck
|
6
6
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
super({
|
11
|
-
:name=>"Owasp Ror CheatSheet: Cross Site Request Forgery",
|
12
|
-
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
13
|
-
:applies=>["rails"],
|
14
|
-
:glob=>"application_controller.rb",
|
15
|
-
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
16
|
-
:message=>message,
|
17
|
-
:attack_pattern => ["protect_from_forgery"],
|
18
|
-
:negative_search=>true,
|
19
|
-
:mitigation=>"Make sure you are using Rails protect_from_forgery facilities in application_controller.rMake sure you are using Rails protect_from_forgery facilities in application_controller.rb",
|
20
|
-
:severity=>:info,
|
21
|
-
:check_family=>:owasp_ror_cheatsheet
|
22
|
-
})
|
23
|
-
# @debug = true
|
24
|
-
end
|
7
|
+
def initialize
|
8
|
+
message = "Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request."
|
25
9
|
|
10
|
+
super({
|
11
|
+
:name=>"Owasp Ror CheatSheet: Cross Site Request Forgery",
|
12
|
+
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
13
|
+
:applies=>["rails"],
|
14
|
+
:glob=>"application_controller.rb",
|
15
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
16
|
+
:message=>message,
|
17
|
+
:attack_pattern => ["protect_from_forgery"],
|
18
|
+
:negative_search=>true,
|
19
|
+
:mitigation=>"Make sure you are using Rails protect_from_forgery facilities in application_controller.rMake sure you are using Rails protect_from_forgery facilities in application_controller.rb",
|
20
|
+
:severity=>:info,
|
21
|
+
:check_family=>:owasp_ror_cheatsheet
|
22
|
+
})
|
23
|
+
# @debug = true
|
26
24
|
end
|
25
|
+
|
27
26
|
end
|
28
27
|
end
|
29
28
|
end
|
29
|
+
end
|
@@ -1,33 +1,33 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
module Dawn
|
2
|
+
module Kb
|
3
|
+
module OwaspRorCheatSheet
|
4
4
|
|
5
|
-
|
5
|
+
class MassAssignmentInModel
|
6
6
|
|
7
|
-
|
7
|
+
include PatternMatchCheck
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
super({
|
13
|
-
:name=>"Owasp Ror CheatSheet: Mass Assignement in model",
|
14
|
-
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
15
|
-
:applies=>["rails"],
|
16
|
-
:glob=>"**/model/*.rb",
|
17
|
-
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
18
|
-
:message=>message,
|
19
|
-
:attack_pattern => ["attr_accessor"],
|
20
|
-
:negative_search=>false,
|
21
|
-
:avoid_comments=>true,
|
22
|
-
:check_family=>:owasp_ror_cheatsheet,
|
23
|
-
:severity=>:info,
|
24
|
-
:evidences=>["In one or more of your models, you use attr_accessor attribute modifier. This is risky since it exposes you to a massive assignment vulnerability. You have to carefully handle how your model receive data by setting all attribute to attr_reader and using a setter method validating input before saving to database."],
|
25
|
-
:mitigation=>"Avoid attr_accessor attribute modifier in your models. You must use attr_reader as modifier and carefully filter your inputs before passing to the database layer."
|
26
|
-
})
|
27
|
-
# @debug = true
|
28
|
-
end
|
9
|
+
def initialize
|
10
|
+
message = "Although the major issue with Mass Assignment has been fixed by default in base Rails specifically when generating new projects, it still applies to older and upgraded projects so it is important to understand the issue and to ensure that only attributes that are intended to be modifiable are exposed."
|
29
11
|
|
12
|
+
super({
|
13
|
+
:name=>"Owasp Ror CheatSheet: Mass Assignement in model",
|
14
|
+
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
15
|
+
:applies=>["rails"],
|
16
|
+
:glob=>"**/model/*.rb",
|
17
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
18
|
+
:message=>message,
|
19
|
+
:attack_pattern => ["attr_accessor"],
|
20
|
+
:negative_search=>false,
|
21
|
+
:avoid_comments=>true,
|
22
|
+
:check_family=>:owasp_ror_cheatsheet,
|
23
|
+
:severity=>:info,
|
24
|
+
:evidences=>["In one or more of your models, you use attr_accessor attribute modifier. This is risky since it exposes you to a massive assignment vulnerability. You have to carefully handle how your model receive data by setting all attribute to attr_reader and using a setter method validating input before saving to database."],
|
25
|
+
:mitigation=>"Avoid attr_accessor attribute modifier in your models. You must use attr_reader as modifier and carefully filter your inputs before passing to the database layer."
|
26
|
+
})
|
27
|
+
# @debug = true
|
30
28
|
end
|
29
|
+
|
31
30
|
end
|
32
31
|
end
|
33
32
|
end
|
33
|
+
end
|
@@ -1,29 +1,29 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
module Dawn
|
2
|
+
module Kb
|
3
|
+
module OwaspRorCheatSheet
|
4
4
|
|
5
|
-
|
6
|
-
|
5
|
+
class SensitiveFiles
|
6
|
+
include PatternMatchCheck
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
def initialize
|
9
|
+
message = "Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed."
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
11
|
+
super({
|
12
|
+
:name=>"Owasp Ror CheatSheet: Sensitive Files",
|
13
|
+
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
14
|
+
:applies=>["rails"],
|
15
|
+
:glob=>".gitignore",
|
16
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
17
|
+
:message=>message,
|
18
|
+
:check_family=>:owasp_ror_cheatsheet,
|
19
|
+
:severity=>:info,
|
20
|
+
:attack_pattern => ["/config/database.yml", "/config/initializers/secret_token.rb", "/db/seeds.rb", "/db/*.sqlite3"],
|
21
|
+
:mitigation=>"Put sensitive files in your repository gitignore file"
|
22
|
+
})
|
23
|
+
# @debug = true
|
24
24
|
|
25
|
-
end
|
26
25
|
end
|
27
26
|
end
|
28
27
|
end
|
29
28
|
end
|
29
|
+
end
|
@@ -1,31 +1,31 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
module Dawn
|
2
|
+
module Kb
|
3
|
+
module OwaspRorCheatSheet
|
4
4
|
|
5
|
-
|
6
|
-
|
5
|
+
class SessionStoredInDatabase
|
6
|
+
include PatternMatchCheck
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
def initialize
|
9
|
+
message = "By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session."
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
end
|
11
|
+
super({
|
12
|
+
:name=>"Owasp Ror CheatSheet: Session management",
|
13
|
+
:kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
|
14
|
+
:applies=>["rails"],
|
15
|
+
:glob=>"session_store.rb",
|
16
|
+
:aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
|
17
|
+
:message=>message,
|
18
|
+
:attack_pattern => ["Application.config.session_store :active_record_store", "Rails.application.config.session_store ActionDispatch::Session::CacheStore"],
|
19
|
+
:negative_search=>true,
|
20
|
+
:avoid_comments=>true,
|
21
|
+
:check_family=>:owasp_ror_cheatsheet,
|
22
|
+
:severity=>:info,
|
23
|
+
:evidences=>["In your session_store.rb file you are not using ActiveRecord to store session data. This will let rails to use a cookie based session and it can expose your web application to a session replay attack."],
|
24
|
+
:mitigation=>"Use ActiveRecord or the ORM you love most to handle your code session_store. Add \"Application.config.session_store :active_record_store\" to your session_store.rb file."
|
25
|
+
})
|
26
|
+
# @debug = true
|
28
27
|
end
|
29
28
|
end
|
30
29
|
end
|
31
30
|
end
|
31
|
+
end
|
@@ -31,6 +31,8 @@ module Dawn
|
|
31
31
|
debug_me "Safe versions array is #{@safe}"
|
32
32
|
debug_me "Deprecated versions array is #{@deprecated}. I'll mark them as vulnerable" unless @deprecated.nil?
|
33
33
|
debug_me "Excluded versions array is #{@excluded}. I'll mark them as not vulnerable" unless @excluded.nil?
|
34
|
+
debug_me "SAVE_MINOR FLAG = #{@save_minor}"
|
35
|
+
debug_me "SAVE_MAJOR FLAG = #{@save_major}"
|
34
36
|
|
35
37
|
@status = :deprecated if is_detected_deprecated?
|
36
38
|
return debug_me_and_return_false("detected version #{detected} is marked to be excluded for vulnerable ones") if is_detected_excluded?
|
@@ -162,7 +164,9 @@ module Dawn
|
|
162
164
|
dva = version_string_to_array(@detected)[:version]
|
163
165
|
@safe.sort.each do |s|
|
164
166
|
sva = version_string_to_array(s)[:version]
|
167
|
+
debug_me("#SVA=#{sva};DVA=#{dva};SM=#{is_same_major?(sva, dva)};sm=#{is_same_minor?(sva, dva)}; ( dva[2] >= sva[2] )=#{(dva[2] >= sva[2])}")
|
165
168
|
return true if is_same_major?(sva, dva) && is_same_minor?(sva, dva) && dva[2] >= sva[2] && hm
|
169
|
+
return true if is_same_major?(sva, dva) && hm
|
166
170
|
end
|
167
171
|
return false
|
168
172
|
end
|
data/lib/dawn/knowledge_base.rb
CHANGED
@@ -7,14 +7,13 @@ require "dawn/kb/operating_system_check"
|
|
7
7
|
require "dawn/kb/combo_check"
|
8
8
|
require "dawn/kb/version_check"
|
9
9
|
require "dawn/kb/deprecation_check"
|
10
|
+
require "dawn/kb/gem_check"
|
10
11
|
|
11
12
|
# Q&A related checks
|
12
13
|
## Not revised code
|
13
14
|
require "dawn/kb/not_revised_code"
|
14
|
-
# require "dawn/kb/owasp_ror_cheatsheet"
|
15
15
|
|
16
16
|
## Owasp ROR Cheatsheet
|
17
|
-
|
18
17
|
require 'dawn/kb/owasp_ror_cheatsheet/command_injection'
|
19
18
|
require 'dawn/kb/owasp_ror_cheatsheet/csrf'
|
20
19
|
require 'dawn/kb/owasp_ror_cheatsheet/session_stored_in_database'
|
@@ -232,9 +231,9 @@ require "dawn/kb/cve_2014_9490"
|
|
232
231
|
# CVE - 2015
|
233
232
|
|
234
233
|
|
234
|
+
require "dawn/kb/cve_2015_1819"
|
235
235
|
# CVE-2015-1840 is spread in two classes because a single CVE is assigned to a
|
236
|
-
# vulnerability affecting two differents but related gems.
|
237
|
-
# mitigate an idiot decision.
|
236
|
+
# vulnerability affecting two differents but related gems.
|
238
237
|
require "dawn/kb/cve_2015_1840/cve_2015_1840_a"
|
239
238
|
require "dawn/kb/cve_2015_1840/cve_2015_1840_b"
|
240
239
|
require "dawn/kb/cve_2015_2963"
|
@@ -243,6 +242,7 @@ require "dawn/kb/cve_2015_3225"
|
|
243
242
|
require "dawn/kb/cve_2015_3226"
|
244
243
|
require "dawn/kb/cve_2015_3227"
|
245
244
|
require "dawn/kb/cve_2015_3448"
|
245
|
+
require "dawn/kb/cve_2015_4020"
|
246
246
|
|
247
247
|
|
248
248
|
# OSVDB
|
@@ -252,11 +252,17 @@ require "dawn/kb/osvdb_108569"
|
|
252
252
|
require "dawn/kb/osvdb_108570"
|
253
253
|
require "dawn/kb/osvdb_108530"
|
254
254
|
require "dawn/kb/osvdb_108563"
|
255
|
+
require "dawn/kb/osvdb_115654"
|
256
|
+
require "dawn/kb/osvdb_116010"
|
257
|
+
require "dawn/kb/osvdb_117903"
|
255
258
|
require "dawn/kb/osvdb_118579"
|
256
259
|
require "dawn/kb/osvdb_118830"
|
257
260
|
require "dawn/kb/osvdb_118954"
|
258
261
|
require "dawn/kb/osvdb_119878"
|
259
262
|
require "dawn/kb/osvdb_119927"
|
263
|
+
require "dawn/kb/osvdb_120415"
|
264
|
+
require "dawn/kb/osvdb_120857"
|
265
|
+
require "dawn/kb/osvdb_121701"
|
260
266
|
|
261
267
|
|
262
268
|
|
@@ -266,6 +272,7 @@ module Dawn
|
|
266
272
|
|
267
273
|
include Dawn::Utils
|
268
274
|
|
275
|
+
GEM_CHECK = :rubygem_check
|
269
276
|
DEPENDENCY_CHECK = :dependency_check
|
270
277
|
PATTERN_MATCH_CHECK = :pattern_match_check
|
271
278
|
RUBY_VERSION_CHECK = :ruby_version_check
|
@@ -508,6 +515,7 @@ module Dawn
|
|
508
515
|
Dawn::Kb::CVE_2014_7829.new,
|
509
516
|
Dawn::Kb::CVE_2014_8090.new,
|
510
517
|
Dawn::Kb::CVE_2014_9490.new,
|
518
|
+
Dawn::Kb::CVE_2015_1819.new,
|
511
519
|
Dawn::Kb::CVE_2015_1840_a.new,
|
512
520
|
Dawn::Kb::CVE_2015_1840_b.new,
|
513
521
|
Dawn::Kb::CVE_2015_2963.new,
|
@@ -516,6 +524,7 @@ module Dawn
|
|
516
524
|
Dawn::Kb::CVE_2015_3226.new,
|
517
525
|
Dawn::Kb::CVE_2015_3227.new,
|
518
526
|
Dawn::Kb::CVE_2015_3448.new,
|
527
|
+
Dawn::Kb::CVE_2015_4020.new,
|
519
528
|
|
520
529
|
|
521
530
|
# OSVDB Checks are still here since are all about dependencies
|
@@ -524,11 +533,17 @@ module Dawn
|
|
524
533
|
Dawn::Kb::OSVDB_108570.new,
|
525
534
|
Dawn::Kb::OSVDB_108530.new,
|
526
535
|
Dawn::Kb::OSVDB_108563.new,
|
536
|
+
Dawn::Kb::OSVDB_115654.new,
|
537
|
+
Dawn::Kb::OSVDB_116010.new,
|
538
|
+
Dawn::Kb::OSVDB_117903.new,
|
527
539
|
Dawn::Kb::OSVDB_118579.new,
|
528
540
|
Dawn::Kb::OSVDB_118830.new,
|
529
541
|
Dawn::Kb::OSVDB_118954.new,
|
530
542
|
Dawn::Kb::OSVDB_119878.new,
|
531
543
|
Dawn::Kb::OSVDB_119927.new,
|
544
|
+
Dawn::Kb::OSVDB_120415.new,
|
545
|
+
Dawn::Kb::OSVDB_120857.new,
|
546
|
+
Dawn::Kb::OSVDB_121701.new,
|
532
547
|
]
|
533
548
|
# END @cve_security_checks array
|
534
549
|
# START @owasp_ror_cheatsheet_checks array
|
@@ -558,6 +573,23 @@ module Dawn
|
|
558
573
|
|
559
574
|
ret
|
560
575
|
end
|
576
|
+
|
577
|
+
def self.dump(verbose=false)
|
578
|
+
puts "Security checks currently supported:"
|
579
|
+
i=0
|
580
|
+
self.new.all.each do |check|
|
581
|
+
i+=1
|
582
|
+
if verbose
|
583
|
+
puts "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}"
|
584
|
+
puts "Description\n#{check.message}"
|
585
|
+
puts "Remediation\n#{check.remediation}\n\n"
|
586
|
+
else
|
587
|
+
puts "#{check.name}"
|
588
|
+
end
|
589
|
+
end
|
590
|
+
puts "-----\nTotal: #{i}"
|
591
|
+
|
592
|
+
end
|
561
593
|
end
|
562
594
|
|
563
595
|
end
|