dawnscanner 1.4.2 → 1.5.0

data/lib/dawn/registry.rb

@@ -0,0 +1,43 @@
+module Dawn
+  class Registry
+    include DataMapper::Resource
+    property :id, Serial
+
+    property :target,           String, :default=>""
+    property :registry_version, String, :default=>"0.5"
+    property :dawn_version,     String, :default=>Dawn::VERSION
+    property :output_dir,       String, :default=>"", :length=>255
+    property :scan_started,     DateTime, :default=>DateTime.now
+    property :scan_duration,    Float,  :default=>0
+    property :scan_status,      Enum[ :completed, :failed ], :default=>:failed
+    property :issues_found,     Integer,  :default=>-1
+    property :message,          String, :default=>"", :length=>255
+
+
+    property :created_at, DateTime
+    property :created_on, Date
+    property :updated_at, DateTime
+    property :updated_on, Date
+
+
+    def do_save(options={})
+
+      self.target         = options[:target]
+      self.output_dir     = options[:output_dir]
+      self.scan_status    = options[:scan_status]
+      self.issues_found   = options[:issues_found]
+      self.scan_started   = options[:scan_started]
+      self.scan_duration  = options[:scan_duration]
+      self.message        = options[:message]
+
+      save
+    end
+
+    def self.dump
+      all.each do |entry|
+        puts "#{entry.scan_started.strftime("[%Y-%m-%d %H:%M:%S]")}  #{entry.scan_status.upcase} -- : #{entry.target}: #{entry.issues_found} issues found - #{entry.output_dir}" if entry.scan_status == :completed
+        puts "#{entry.scan_started.strftime("[%Y-%m-%d %H:%M:%S]")}  #{entry.scan_status.upcase} -- : #{entry.target}: #{entry.message}" if entry.scan_status == :failed
+      end
+    end
+  end
+end

data/lib/dawn/reporter.rb

@@ -10,7 +10,7 @@ module Dawn
       @format = options[:format] unless options[:format].nil?
       @engine = options[:engine] unless options[:engine].nil?
 
-      @format = :console unless is_valid_format?(@format)
+      @format = :tabular unless is_valid_format?(@format)
     end
 
     def report
@@ -33,6 +33,33 @@ module Dawn
         $logger.info "#{@filename} created (#{output.length} bytes)"
       end
     end
+
+    def write_html(path, content)
+      css_path = File.join(path, 'css')
+      js_path = File.join(path, 'js')
+      support_path = File.join(Dir.pwd, 'support')
+
+      FileUtils.mkdir_p(File.join(path, 'css'))
+      FileUtils.mkdir_p(File.join(path, 'js'))
+
+      FileUtils.cp(File.join(support_path, 'bootstrap.js'), js_path)
+      FileUtils.cp(File.join(support_path, 'bootstrap.min.css'), css_path)
+      FileUtils.cp(File.join(support_path, 'codesake.css'), css_path)
+
+      File.open(File.join(path, 'report.html'), "w") do |f|
+        f.puts content
+      end
+      $logger.info "#{File.join(path, 'report.html')} created (#{File.stat(File.join(path, 'report.html')).size} bytes)"
+
+    end
+
+    def write_table(path, content)
+      File.open(path, "w") do |f|
+        f.puts content
+      end
+      $logger.info "#{path} created (#{File.stat(path).size} bytes)"
+    end
+
     def is_valid_format?(format)
       return false if format.nil?
       return true if (format == :console) || (format == :tabular) || (format == :json) || (format == :html) || (format == :csv)
@@ -40,10 +67,12 @@ module Dawn
     end
 
     def html_report
-      html_head = "<!doctype html>\n<html>\n<head>\n<title>Dawn report for #{File.basename(@engine.target)}</title>"
-      html_head += "<script src=\"./support/bootstrap.js\"></script>\n"
-      html_head += "<link href=\"./support/codesake.css\" media=\"all\" rel=\"stylesheet\" />\n"
-      html_head += "<link href=\"./support/bootstrap.min.css\" media=\"all\" rel=\"stylesheet\" />\n"
+      output = @engine.create_output_dir
+
+      html_head = "<!doctype html>\n<html>\n<head>\n<title>Dawnscanner report for #{File.basename(@engine.target)}</title>"
+      html_head += "<script src=\"./js/bootstrap.js\"></script>\n"
+      html_head += "<link href=\"./css/codesake.css\" media=\"all\" rel=\"stylesheet\" />\n"
+      html_head += "<link href=\"./css/bootstrap.min.css\" media=\"all\" rel=\"stylesheet\" />\n"
       html_head += "</head>\n"
       html_body =  "<body>\n"
       html_body +=  ""
@@ -51,10 +80,10 @@ module Dawn
       html_body += "<div class=\"container-narrow\">\n"
       html_body += "<div class=\"masthead\">\n"
       html_body += "<ul class=\"nav nav-pills pull-right\">\n"
-      html_body += "<li class=\"\"><a href=\"https://dawn.codesake.com\">Home</a></li>\n"
-      html_body += "<li class=\"active\"><a href=\"https://github.com/codesake/codesake-dawn\">Github repo</a></li>\n"
+      html_body += "<li class=\"\"><a href=\"http://dawnscanner.org\">Home</a></li>\n"
+      html_body += "<li class=\"active\"><a href=\"https://github.com/thesp0nge/dawnscanner\">Github repo</a></li>\n"
       html_body += "</ul>\n"
-      html_body += "<h3 class=\"muted\">Dawn</h3>\n"
+      html_body += "<h3 class=\"muted\">Dawnscanner</h3>\n"
       html_body += "</div>\n"
       html_body += "<h1>Security code review results for \"#{File.basename(@engine.target)}\"</h1>\n"
       html_body += "<hr />\n"
@@ -91,10 +120,11 @@ module Dawn
         html_body += "<hr />\n"
         html_body += "<h2>Vulnerabilities found</h2>\n"
         html_body += "<table class=\"table-striped table-bordered table\">\n"
-        html_body += "<thead><tr><td>Name</td><td>Severity</td><td>Priority</td><td>CVSS score</td><td>Description</td><td>Remediation</td></tr></thead>\n"
+        html_body += "<thead><tr><td>Name</td><td>Severity</td><td>CVSS score</td><td>Description</td><td>Remediation</td></tr></thead>\n"
 
+        html_body += "<tbody>"
         @engine.vulnerabilities.each do |vuln|
-          html_body += "<tr><td><a href=\"#{vuln[:cve_link]}\">#{vuln[:name]}</a></td><td>#{vuln[:severity]}</td><td>#{vuln[:priority]}</td><td>#{vuln[:cvss_score]}</td><td>#{vuln[:message]}</td><td>#{vuln[:remediation]}</td></tr>\n"
+          html_body += "<tr><td><a href=\"#{vuln[:cve_link]}\">#{vuln[:name]}</a></td><td>#{vuln[:severity]}</td><td>#{vuln[:cvss_score]}</td><td>#{vuln[:message]}</td><td>#{vuln[:remediation]}</td></tr>\n"
         end
         html_body += "</tbody>\n"
         html_body += "</table>\n"
@@ -102,7 +132,7 @@ module Dawn
       html_body += "<div id=\"push\"></div>\n"
       html_body += "<div id=\"footer\">\n"
       html_body += "<div class=\"container\">\n"
-      html_body += "<p class=\"muted credit\">&copy; <a href=\"http://dawn.codesake.com\">Dawn</a> &mdash; #{Time.now.strftime("%Y")} &mdash; engine v#{Dawn::VERSION} (#{Dawn::RELEASE})</p>\n"
+      html_body += "<p class=\"muted credit\">Proudly generated with <a href=\"http://dawnscanner.org\">Dawnscanner</a> &mdash; #{Time.now.strftime("%Y")} &mdash; engine v#{Dawn::VERSION} (#{Dawn::RELEASE})</p>\n"
       html_body += "</div>\n"
       html_body += "</div>\n"
       html_body += "</div>\n"
@@ -114,12 +144,14 @@ module Dawn
 
       html = html_head + html_body
 
-      write(html)
+      write_html(output,  html)
       true
     end
 
     def ascii_tabular_report
 
+      output = @engine.create_output_dir
+
       # 0_First table: executive summary
       rows = []
       rows << ['Dawn version', Dawn::VERSION] unless Dawn::RELEASE == "(development)"
@@ -127,32 +159,44 @@ module Dawn
       rows << ['Scan started', @engine.scan_start]
       rows << ['Scan duration', "#{@engine.scan_time.round(3)} sec"]
       rows << ['Target', @engine.target]
-      rows << ['MVC detected framework', "#{@engine.name} v#{@engine.get_mvc_version}" ] unless @engine.name == "Gemfile.lock"
-      rows << ['MVC detected framework', "#{@engine.force} v#{@engine.get_mvc_version}" ] if @engine.name == "Gemfile.lock"
+      rows << ['Framework', "#{@engine.name} v#{@engine.get_mvc_version}" ] unless @engine.name == "Gemfile.lock"
+      rows << ['Framework', "#{@engine.force} v#{@engine.get_mvc_version}" ] if @engine.name == "Gemfile.lock"
       if @ret
         rows << ['Applied checks', "#{@engine.applied_checks} security checks"]
         rows << ['Skipped checks', "#{@engine.skipped_checks} security checks"]
       else
         rows << ['Applied checks', "No security checks in the knowledge base"]
       end
-      rows << ['Vulnerabilities found', @engine.count_vulnerabilities]
-      rows << ['Mitigated issues found', @engine.mitigated_issues.count]
-      rows << ['Reflected XSS', @engine.reflected_xss.count]
+      rows << ['Vulnerabilities found in dependencies', @engine.count_vulnerabilities]
+      rows << ['Vulnerabilities mitigated by external factors', @engine.mitigated_issues.count] unless @engine.mitigated_issues.count == 0
+      rows << ['Reflected XSS found', @engine.reflected_xss.count]
       table = Terminal::Table.new :title=>'Scan summary', :rows => rows
-      puts table
+      write_table(File.join(output, 'summary.txt'), table)
 
+      # 0_a) Application structure
+      rows = []
+      rows << ['Lines of code', 'to be added soon']
+      rows << ['Cyclomatic complexity index', 'to be added soon']
+      rows << ['Models', @engine.models.count]
+      rows << ['Views', @engine.views.count]
+      rows << ['Controllers', @engine.controllers.count]
+      table = Terminal::Table.new :title=>'Application stats', :rows => rows
+      write_table(File.join(output, 'statistics.txt'), table)
 
       if @engine.count_vulnerabilities > 0
 
-        # 1_Vulnerabilities
+        # 1) Vulnerabilities
+
+        # 1_a) Third party gem vulnerabilities
         rows = []
         @engine.vulnerabilities.each do |vuln|
-          rows << [vuln[:name].justify(10), vuln[:severity], vuln[:priority], vuln[:message].justify(50), vuln[:remediation].justify(15), vuln[:evidences].join.justify(15)]
+          rows << [vuln[:name].justify(10), vuln[:severity], vuln[:message].justify(30), vuln[:remediation].justify(15), vuln[:evidences].join.justify(15)]
           rows << :separator
         end
-        table = Terminal::Table.new :title=>"Vulnerabilities", :headings=>['Issue', 'Severity', 'Priority', 'Description', 'Solution', 'Evidences'], :rows=>rows
-        puts table
+        table = Terminal::Table.new :title=>"Vulnerabilities", :headings=>['Issue', 'Severity', 'Description', 'Solution', 'Evidences'], :rows=>rows
+        write_table(File.join(output, 'third_party_vulnerabilities.txt'), table)
 
+        # 1_b) Refleted XXS
         rows = []
         if @engine.has_reflected_xss?
           @engine.reflected_xss.each do |vuln|
@@ -160,8 +204,7 @@ module Dawn
             rows << :separator
           end
           table = Terminal::Table.new :title=>"Reflected Cross Site Scripting", :headings=>['Sink name', 'View', 'Location the sink was read', 'Evidences'], :rows=>rows
-          puts table
-
+          write_table(File.join(output, 'reflected_xss.txt'), table)
         end
 
       end
@@ -174,7 +217,7 @@ module Dawn
           rows << :separator
         end
         table = Terminal::Table.new :title=>"Mitigated issues", :headings=>['Issue', 'Description', 'Evidences'], :rows=>rows
-        puts table
+        write_table(File.join(output, 'mitigated_issues.txt'), table)
       end
 
       true
@@ -209,7 +252,6 @@ module Dawn
           :name => v[:name],
           :cve_link => v[:cve_link],
           :severity => v[:severity],
-          :priority => v[:priority],
           :cvss_score => v[:cvss_score],
           :message => v[:message],
           :remediation => v[:remediation]
@@ -227,51 +269,50 @@ module Dawn
 
     def ascii_plain_report
 
-      $logger.info "scanning #{@engine.target}"
-      $logger.info "#{@engine.name} v#{@engine.get_mvc_version} detected" unless @engine.name == "Gemfile.lock"
-      $logger.info "#{@engine.force} v#{@engine.get_mvc_version} detected" if @engine.name == "Gemfile.lock"
-      $logger.info "applying all security checks"
+      result = sprintf "%s\n", "scanning #{@engine.target}"
+      result += sprintf "%s\n", "#{@engine.name} v#{@engine.get_mvc_version} detected" unless @engine.name == "Gemfile.lock"
+      result += sprintf "%s\n", "#{@engine.force} v#{@engine.get_mvc_version} detected" if @engine.name == "Gemfile.lock"
+      result += sprintf "%s\n", "applying all security checks"
       if @ret
-        $logger.info "#{@engine.applied_checks} security checks applied - #{@engine.skipped_checks} security checks skipped"
+        result += sprintf "%s\n", "#{@engine.applied_checks} security checks applied - #{@engine.skipped_checks} security checks skipped"
       else
-        $logger.error "no security checks in the knowledge base"
+        result += sprintf "%s\n", "no security checks in the knowledge base"
       end
 
       if @engine.count_vulnerabilities != 0
-        $logger.info "#{@engine.count_vulnerabilities} vulnerabilities found"
+        result += sprintf "%s\n", "#{@engine.count_vulnerabilities} vulnerabilities found"
         @engine.vulnerabilities.each do |vuln|
-          $logger.error "#{vuln[:name]} check failed"
-          $logger.info "Severity: #{vuln[:severity]}"
-          $logger.info "Priority: #{vuln[:priority]}"
-          $logger.info "Description: #{vuln[:message]}"
-          $logger.info "Solution: #{vuln[:remediation]}"
-          $logger.info "Evidence:"
+          result += sprintf "%s\n", "#{vuln[:name]} check failed\n"
+          result += sprintf "%s\n", "#{vuln[:message].justify(70)}"
+          result += sprintf "%s\n", "Evidence:"
           vuln[:evidences].each do |evidence|
-            $logger.info "\t#{evidence}"
+            result += sprintf "%s\n", "\t#{evidence}"
           end
+          result += sprintf "\n\n"
         end
         if @engine.has_reflected_xss?
-          $logger.info "#{@engine.reflected_xss.count} reflected XSS found"
+          result += sprintf "%s\n", "#{@engine.reflected_xss.count} reflected XSS found"
           @engine.reflected_xss.each do |vuln|
-            $logger.info "request parameter \"#{vuln[:sink_source]}\" is used without escaping in #{vuln[:sink_view]}. It was read here: #{vuln[:sink_file]}@#{vuln[:sink_line]}"
-            $logger.error "evidence: #{vuln[:sink_evidence]}"
+            result += sprintf "%s\n", "request parameter \"#{vuln[:sink_source]}\" is used without escaping in #{vuln[:sink_view]}. It was read here: #{vuln[:sink_file]}@#{vuln[:sink_line]}"
+            result += sprintf "%s\n", "evidence: #{vuln[:sink_evidence]}"
           end
         end
 
       else
-        $logger.info "no vulnerabilities found."
+        result += sprintf "%s\n", "no vulnerabilities found."
       end
 
       if @engine.mitigated_issues.count != 0
-        $logger.info "#{@engine.mitigated_issues.count} mitigated vulnerabilities found"
+        result += sprintf "%s\n", "#{@engine.mitigated_issues.count} mitigated vulnerabilities found"
         @engine.mitigated_issues.each do |vuln|
-          $logger.info "#{vuln[:name]} mitigated"
+          result += sprintf "%s\n", "#{vuln[:name]} mitigated"
           vuln[:evidences].each do |evidence|
-            $logger.error evidence
+            result += sprintf "%s\n", evidence
           end
         end
       end
 
+      write(result)
       true
     end
   end

data/lib/dawn/utils.rb

@@ -1,5 +1,8 @@
 module Dawn
   module Utils
+    def debug_me(msg)
+      $logger.debug(msg) if @debug
+    end
 
     def debug_me_and_return_true(msg)
       __debug_me_and_return(msg, true)
@@ -7,10 +10,6 @@ module Dawn
     def debug_me_and_return_false(msg)
       __debug_me_and_return(msg, false)
     end
-    def debug_me(msg)
-      $logger.debug(msg) if @debug
-    end
-
     def __debug_me_and_return(msg, status)
       $logger.debug(msg) if @debug
       return status

data/lib/dawn/version.rb

@@ -1,7 +1,7 @@
 module Dawn
-    VERSION = "1.4.2"
+    VERSION = "1.5.0"
     CODENAME = "Tow Mater"
-    RELEASE = "20151013"
-    BUILD = "5"
-    COMMIT = "g1f95333"
+    RELEASE = "20151209"
+    BUILD = "60"
+    COMMIT = "g24e3b7e"
 end

data/lib/dawnscanner.rb

@@ -8,6 +8,9 @@ require "dawn/padrino"
 require "dawn/gemfile_lock"
 require "dawn/reporter"
 require "dawn/logger"
-# require "codesake-commons"
+
+# Datamapper classes
+require 'data_mapper'
+require "dawn/registry"
 
 require "date"

data/spec/lib/dawn/codesake_knowledgebase_spec.rb

@@ -1034,4 +1034,44 @@ describe "The Codesake Dawn knowledge base" do
     sc.should_not   be_nil
     sc.class.should == Dawn::Kb::CVE_2014_7818
   end
+  it "must have test for OSVDB_120415" do
+    sc = kb.find("OSVDB_120415")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_120415
+  end
+  it "must have test for OSVDB_120857" do
+    sc = kb.find("OSVDB_120857")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_120857
+  end
+  it "must have test for OSVDB_121701" do
+    sc = kb.find("OSVDB_121701")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_121701
+  end
+  it "must have test for CVE-2015-4020" do
+    sc = kb.find("CVE-2015-4020")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2015_4020
+  end
+  it "must have test for OSVDB_117903" do
+    sc = kb.find("OSVDB_117903")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_117903
+  end
+  it "must have test for OSVDB_115654" do
+    sc = kb.find("OSVDB_115654")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_115654
+  end
+  it "must have test for OSVDB_116010" do
+    sc = kb.find("OSVDB_116010")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::OSVDB_116010
+  end
+  it "must have test for CVE-2015-1819" do
+    sc = kb.find("CVE-2015-1819")
+    sc.should_not   be_nil
+    sc.class.should == Dawn::Kb::CVE_2015_1819
+  end
 end

data/spec/lib/kb/cve_2014_3483_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 describe "The CVE-2014-3483 vulnerability" do
 	before(:all) do
 		@check = Dawn::Kb::CVE_2014_3483.new
-		# @check.debug = true
+		@check.debug = true
 	end
   it "is reported when a rails gem version 4.0.6 is detected" do
     @check.dependencies = [{:name=>"rails", :version=>"4.0.6"}]
@@ -20,4 +20,8 @@ describe "The CVE-2014-3483 vulnerability" do
     @check.dependencies = [{:name=>"rails", :version=>"4.1.3"}]
     @check.vuln?.should   == false
   end
+  it "is not reported when a rails gem version 3.2.21 is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>"3.2.21"}]
+    @check.vuln?.should   == false
+  end
 end

data/spec/lib/kb/cve_2015_1819_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe "The CVE-2015-1819 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_1819.new
+		# @check.debug = true
+	end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.6.3"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.6.4"}]
+    @check.vuln?.should   == false
+  end
+
+end

data/spec/lib/kb/cve_2015_4020_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+describe "The CVE-2015-4020 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_4020.new
+		# @check.debug = true
+	end
+  it "is reported when the vulnerable rubygem is detected" do
+    @check.my_gem_version="2.4.3"
+    @check.vuln?.should   == true
+  end
+  it "is reported when the vulnerable rubygem is detected" do
+    @check.my_gem_version="2.2.4"
+    @check.vuln?.should   == true
+  end
+  it "is reported when the vulnerable rubygem is detected" do
+    @check.my_gem_version="2.0.16"
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.my_gem_version="2.4.9"
+    @check.vuln?.should   == false
+  end
+
+end