dawnscanner 1.5.2 → 1.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (54) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/.travis.yml +8 -1
  5. data/Changelog.md +64 -1
  6. data/KnowledgeBase.md +38 -2
  7. data/README.md +2 -1
  8. data/VERSION +2 -3
  9. data/bin/dawn +2 -0
  10. data/checksum/dawnscanner-1.5.2.gem.sha1 +1 -0
  11. data/lib/dawn/kb/cve_2015_5312.rb +30 -0
  12. data/lib/dawn/kb/cve_2015_7497.rb +32 -0
  13. data/lib/dawn/kb/cve_2015_7498.rb +32 -0
  14. data/lib/dawn/kb/cve_2015_7499.rb +32 -0
  15. data/lib/dawn/kb/cve_2015_7500.rb +32 -0
  16. data/lib/dawn/kb/cve_2015_7519.rb +31 -0
  17. data/lib/dawn/kb/cve_2015_7541.rb +31 -0
  18. data/lib/dawn/kb/cve_2015_7576.rb +35 -0
  19. data/lib/dawn/kb/cve_2015_7577.rb +32 -0
  20. data/lib/dawn/kb/cve_2015_7578.rb +30 -0
  21. data/lib/dawn/kb/cve_2015_7579.rb +30 -0
  22. data/lib/dawn/kb/cve_2015_7581.rb +33 -0
  23. data/lib/dawn/kb/cve_2015_8241.rb +32 -0
  24. data/lib/dawn/kb/cve_2015_8242.rb +32 -0
  25. data/lib/dawn/kb/cve_2015_8317.rb +32 -0
  26. data/lib/dawn/kb/cve_2016_0751.rb +30 -0
  27. data/lib/dawn/kb/cve_2016_0752.rb +35 -0
  28. data/lib/dawn/kb/cve_2016_0753.rb +31 -0
  29. data/lib/dawn/kb/version_check.rb +61 -29
  30. data/lib/dawn/knowledge_base.rb +39 -1
  31. data/lib/dawn/reporter.rb +17 -8
  32. data/lib/dawn/version.rb +4 -4
  33. data/spec/lib/dawn/codesake_knowledgebase_spec.rb +90 -0
  34. data/spec/lib/kb/codesake_version_check_spec.rb +2 -2
  35. data/spec/lib/kb/cve_2015_5312_spec.rb +31 -0
  36. data/spec/lib/kb/cve_2015_7497_spec.rb +31 -0
  37. data/spec/lib/kb/cve_2015_7498_spec.rb +31 -0
  38. data/spec/lib/kb/cve_2015_7499_spec.rb +31 -0
  39. data/spec/lib/kb/cve_2015_7500_spec.rb +31 -0
  40. data/spec/lib/kb/cve_2015_7519_spec.rb +23 -0
  41. data/spec/lib/kb/cve_2015_7541_spec.rb +15 -0
  42. data/spec/lib/kb/cve_2015_7576_spec.rb +51 -0
  43. data/spec/lib/kb/cve_2015_7577_spec.rb +51 -0
  44. data/spec/lib/kb/cve_2015_7578_spec.rb +15 -0
  45. data/spec/lib/kb/cve_2015_7579_spec.rb +23 -0
  46. data/spec/lib/kb/cve_2015_7581_spec.rb +51 -0
  47. data/spec/lib/kb/cve_2015_8241_spec.rb +31 -0
  48. data/spec/lib/kb/cve_2015_8242_spec.rb +31 -0
  49. data/spec/lib/kb/cve_2015_8317_spec.rb +31 -0
  50. data/spec/lib/kb/cve_2016_0751_spec.rb +51 -0
  51. data/spec/lib/kb/cve_2016_0752_spec.rb +51 -0
  52. data/spec/lib/kb/cve_2016_0753_spec.rb +51 -0
  53. metadata +57 -2
  54. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 313b6f39d2552cd17cc22146869e62bf09c2e3bf
4
- data.tar.gz: 98557420fb931a751dbdf1ae2e618d5c02f5ae45
3
+ metadata.gz: 380c6df2bc5c7d61d6c1b7ada8fb8a56c4a39bb5
4
+ data.tar.gz: 34245bac1ac6e5b254913388003ca484dd793f6c
5
5
  SHA512:
6
- metadata.gz: 223a2251f79238be8ae251f98b2b879e808801be97d813cc947aaffd8dd6a0a3945b9115c4efd9902e621e6a0df5b9f3944cf18c8f372b5f7268aa335f4b5394
7
- data.tar.gz: 4c075b80716633944f58be2cfa0c8e245c8c06f7443d8f58d1cae14f44ee184744bdd6f37b39326a631fd3c25553a1e96b03ad3e09274422f91ade962cef00d3
6
+ metadata.gz: 114a8bf87ec4a07107c74dc843709a642e9bce77e9373384f304538ca3613ff1bcb3eba37bb564b91a505761ebdbe8cf8728a4617df42c210ceca1879feeb9c8
7
+ data.tar.gz: 3eb5f35bb5acbe11f3bb94d8554d5f6b24142778513ae07256deeab3ecca1289c4d0f55c010bb0706fc0c3f366caa3db247047c1595b6dbb593883bc0ef41ad7
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
Binary file
data/.travis.yml CHANGED
@@ -1,8 +1,15 @@
1
1
  language: ruby
2
2
  rvm:
3
+ - 2.3.0
3
4
  - 2.2.3
4
5
  - 2.1.0
5
6
  - 2.0.0
6
- - 1.9.3
7
7
  - ruby-head
8
8
  - rbx
9
+ notifications:
10
+ webhooks:
11
+ urls:
12
+ - https://webhooks.gitter.im/e/968de5e2c7eb03759e38
13
+ on_success: change # options: [always|never|change] default: always
14
+ on_failure: always # options: [always|never|change] default: always
15
+ on_start: never # options: [always|never|change] default: always
data/Changelog.md CHANGED
@@ -5,7 +5,70 @@ It supports [Sinatra](http://www.sinatrarb.com),
5
5
  [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
6
6
  frameworks.
7
7
 
8
- _latest update: Thu Dec 3 18:29:33 CET 2015_
8
+ _latest update: Wed Feb 3 10:59:00 CET 2016_
9
+
10
+ ## Version 1.6.0 - codename: Tow Mater (2016-02-03)
11
+
12
+ * Issue #186 - Adding a check for CVE-2015-7576: Timing attack vulnerability in
13
+ basic authentication in Action Controller
14
+ * Issue #185 - Adding a check for CVE-2016-0751: Possible Object Leak and
15
+ Denial of Service attack in Action Pack
16
+ * BUGFIX in is_vulnerable_minor? in case of version length mismatch, there was
17
+ an error evaluating if safe_version.length > detected_version.length block
18
+ * BUGFIX in is_vulnerable_aux_patch? when detected version has no auxiliary
19
+ patch (eg. 3.5.3) and safe version has it (eg. 3.5.3.1) the check was not
20
+ triggered the right way. Now aux patch is forced to 0 when missing and when
21
+ one of twos has it.
22
+ * Issue #184 - Adding a check for CVE-2015-7577: Nested attributes rejection
23
+ proc bypass in Active Record.
24
+ * Issue #183 - Adding a check for CVE-2015-7579: XSS vulnerability in
25
+ rails-html-sanitizer
26
+ * Issue #182 - Adding a check for CVE-2016-0752: Possible Information Leak
27
+ Vulnerability in Action View
28
+ * Issue #181 - Adding a check for CVE-2016:0753: Possible Input Validation
29
+ Circumvention in Active Model
30
+ * Issue #180 - Adding a check for CVE-2015-7578: Possible XSS vulnerability in
31
+ rails-html-sanitizer
32
+ * Issue #179 - Adding a check for CVE-2015-7581: Object leak vulnerability for
33
+ wildcard controller routes in Action Pack
34
+ * BUGFIX in is_higher? when a version with an aux patch number was compared
35
+ with a one without ('1.2.3.4' vs '1.2.3') the incorrect result were
36
+ triggered.
37
+ * BUGFIX in is_same_version? when a beta version is to be evaluated, during
38
+ comparison the beta number must be discarded.
39
+ * BUGFIX in is_vulnerable_beta? handling situation when either safe version or
40
+ detected version doesn't have the beta number
41
+ * BUGFIX in is_vulnerable_rc? handling situation when either safe version or
42
+ detected version doesn't have the rc number
43
+ * BUGFIX in is_vulnerable_pre? handling situation when either safe version or
44
+ detected version doesn't have the pre number
45
+ * Issue #173 handles a lot of CVE about nokogiri rubygem due to libxml version embedded on it:
46
+ - CVE-2015-5312: DoS in xmlStringLenDecodeEntities()
47
+ - CVE-2015-7497: DoS in xmlDictComputeFastQKey()
48
+ - CVE-2015-7498: DoS in xmlParseXmlDecl()
49
+ - CVE-2015-7499: In memory information disclosure due to heap-based buffer
50
+ overflow in the xmlGROW()
51
+ - CVE-2015-7500: DoS in xmlParseMisc()
52
+ - CVE-2015-8241: Information disclosure and DoS in xmlNextChar()
53
+ - CVE-2015-8242: Information disclosure and DoS in xmlSAX2TextNode()
54
+ - CVE-2015-8317: Information disclosure in xmlParseXMLDecl()
55
+ * Issue #171 - Adding a check for CVE-2015-7541: colorscore Gem for Ruby
56
+ lib/colorscore/histogram.rb Arbitrary Command Injection
57
+ * Issue #169 - Adding a check for CVE-2015-7519: Phusion Passenger Server
58
+ allows to overwrite headers in some cases
59
+ * BUGFIX in bin/dawn when target from command line is '.'. The directory name
60
+ must be expanded to save results
61
+ * Issue #177 BUGFIX. HTML reporting is broken. The line "support_path =
62
+ File.join(Dir.pwd, 'support')" in reporter.rb:40 is used to build the path
63
+ for support files (css, js) to be copied in the output directory. If you call
64
+ dawn using '.' as target directory name, an exeception is raised. Fixed
65
+ changing the line this way: "support_path = File.join(File.dirname(__FILE__),
66
+ '..', '..', 'support')"
67
+ * Issue #177 BUGFIX. HTML filename creation is honored when -F flag is used.
68
+ * Issue #177 IMPROVEMENT. As @mort666 suggested, now bootstrap and jquery are
69
+ loaded from CDN and specific CSS is now embedded in the HTML report in a
70
+ minified form.
71
+
9
72
 
10
73
  ## Version 1.5.2 - codename: Tow Mater (2015-12-16)
11
74
 
data/KnowledgeBase.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Dawnscanner Knowledge base
2
2
 
3
- The knowledge base library for dawnscanner version 1.4.2 contains 209 security checks.
3
+ The knowledge base library for dawnscanner version 1.6.0 contains 227 security checks.
4
4
  ---
5
5
  * Simple Form XSS - 20131129: There is a XSS vulnerability on Simple Form's label, hint and error options. When Simple Form creates a label, hint or error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the text of these helpers can be provided by the users, malicious values can be provided and Simple Form will mark it as safe.
6
6
  * [CVE-2004-0755](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755): The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
@@ -377,6 +377,42 @@ XML documents with carefully crafted entity expansion strings which can cause th
377
377
  * CVE-2015-3448: REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
378
378
  * [CVE-2015-4020](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4020): RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a 'DNS hijack attack.'
379
379
  * CVE-2015-4020: RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a 'DNS hijack attack.'
380
+ * [CVE-2015-5312](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312): The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
381
+ * CVE-2015-5312: The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
382
+ * [CVE-2015-7497](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497): Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
383
+ * CVE-2015-7497: Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
384
+ * [CVE-2015-7498](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498): Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
385
+ * CVE-2015-7498: Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
386
+ * [CVE-2015-7499](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499): Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
387
+ * CVE-2015-7499: Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
388
+ * [CVE-2015-7500](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500): The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
389
+ * CVE-2015-7500: The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
390
+ * [CVE-2015-7519](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7519): agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.
391
+ * CVE-2015-7519: agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.
392
+ * [CVE-2015-7541](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7541): The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
393
+ * CVE-2015-7541: The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
394
+ * [CVE-2015-7576](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576): There is a timing attack vulnerability in the basic authentication support in Action Controller. Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password.
395
+ * CVE-2015-7576: There is a timing attack vulnerability in the basic authentication support in Action Controller. Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password.
396
+ * [CVE-2015-7577](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577): There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled.
397
+ * CVE-2015-7577: There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled.
398
+ * [CVE-2015-7578](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7578): There is a possible XSS vulnerability in rails-html-sanitizer. Certain attributes are not removed from tags when they are sanitized, and these attributes can lead to an XSS attack on target applications.
399
+ * CVE-2015-7578: There is a possible XSS vulnerability in rails-html-sanitizer. Certain attributes are not removed from tags when they are sanitized, and these attributes can lead to an XSS attack on target applications.
400
+ * [CVE-2015-7579](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7579): There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's strip_tags. Due to the way that Rails::Html::FullSanitizer is implemented, if an attacker passes an already escaped HTML entity to the input of Action View's strip_tags these entities will be unescaped what may cause a XSS attack if used in combination with raw or html_safe.
401
+ * CVE-2015-7579: There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's strip_tags. Due to the way that Rails::Html::FullSanitizer is implemented, if an attacker passes an already escaped HTML entity to the input of Action View's strip_tags these entities will be unescaped what may cause a XSS attack if used in combination with raw or html_safe.
402
+ * [CVE-2015-7581](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581): There is an object leak vulnerability for wildcard controllers in Action Pack. Users that have a route that contains the string ":controller" are susceptible to objects being leaked globally which can lead to unbounded memory growth.
403
+ * CVE-2015-7581: There is an object leak vulnerability for wildcard controllers in Action Pack. Users that have a route that contains the string ":controller" are susceptible to objects being leaked globally which can lead to unbounded memory growth.
404
+ * [CVE-2015-8241](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241): The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
405
+ * CVE-2015-8241: The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
406
+ * [CVE-2015-8242](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242): The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
407
+ * CVE-2015-8242: The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
408
+ * [CVE-2015-8317](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317): The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read
409
+ * CVE-2015-8317: The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read
410
+ * [CVE-2016-0751](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751): There is a possible object leak which can lead to a denial of service vulnerability in Action Pack. A carefully crafted accept header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.
411
+ * CVE-2016-0751: There is a possible object leak which can lead to a denial of service vulnerability in Action Pack. A carefully crafted accept header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.
412
+ * [CVE-2016-0752](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752): There is a possible directory traversal and information leak vulnerability in Action View. Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability.
413
+ * CVE-2016-0752: There is a possible directory traversal and information leak vulnerability in Action View. Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability.
414
+ * [CVE-2016-0753](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753): There is a possible input validation circumvention vulnerability in Active Model. Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations.
415
+ * CVE-2016-0753: There is a possible input validation circumvention vulnerability in Active Model. Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations.
380
416
  * [OSVDB-105971](http://osvdb.org/show/osvdb/105971): sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
381
417
  * OSVDB-105971: sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
382
418
  * [OSVDB-108569](http://osvdb.org/show/osvdb/108569): backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
@@ -437,4 +473,4 @@ Setting this to true will essentially strip out any host information.
437
473
  This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME
438
474
 
439
475
 
440
- _Last updated: Thu 03 Dec 18:28:09 CET 2015_
476
+ _Last updated: Wed 03 Feb 10:57:52 CET 2016_
data/README.md CHANGED
@@ -20,10 +20,11 @@ box:
20
20
  [![Coverage Status](https://coveralls.io/repos/thesp0nge/dawnscanner/badge.png)](https://coveralls.io/r/thesp0nge/dawnscanner)
21
21
  [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thesp0nge/dawnscanner/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
22
22
  [![Inline docs](http://inch-ci.org/github/thesp0nge/dawnscanner.png?branch=master)](http://inch-ci.org/github/thesp0nge/dawnscanner)
23
+ [![Gitter](https://badges.gitter.im/thesp0nge/dawnscanner.svg)](https://gitter.im/thesp0nge/dawnscanner?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
23
24
 
24
25
  ---
25
26
 
26
- dawnscanner version 1.5.2 has 209 security checks loaded in its knowledge
27
+ dawnscanner version 1.6.0 has 227 security checks loaded in its knowledge
27
28
  base. Most of them are CVE bulletins applying to gems or the ruby interpreter
28
29
  itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
29
30
 
data/VERSION CHANGED
@@ -6,11 +6,10 @@
6
6
  #
7
7
  # | Character | Release |
8
8
  # |-----------------|---------|
9
- # | "Tow Mater" | 1.4.0 |
10
- # | "Finn McMissile"| x.x.0 |
9
+ # | "Finn McMissile"| 2.0.0 |
11
10
  # | "Fillmore" | x.x.0 |
12
11
  # |"Holly Shiftwell"| x.x.0 |
13
12
  # | "Guido" | x.x.0 |
14
13
  # | "Luigi" | x.x.0 |
15
14
  # | "Doc Hudson" | x.x.0 |
16
- 1.5.2 - Tow Mater
15
+ 1.6.0 - Tow Mater
data/bin/dawn CHANGED
@@ -190,6 +190,8 @@ end
190
190
 
191
191
  target=ARGV.shift
192
192
 
193
+ target = File.expand_path(".") if target == "."
194
+
193
195
  $logger.helo APPNAME, Dawn::VERSION
194
196
  r = Dawn::Registry.new
195
197
 
@@ -0,0 +1 @@
1
+ 632579913def064e10c4d6c76cb722140bcb5925
@@ -0,0 +1,30 @@
1
+ module Dawn
2
+ module Kb
3
+ # Automatically created with rake on 2016-02-01
4
+ class CVE_2015_5312
5
+ include DependencyCheck
6
+
7
+ def initialize
8
+ message = "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660."
9
+ super({
10
+ :title=>title,
11
+ :name=> "CVE-2015-5312",
12
+ :cve=>"2015-5312",
13
+ :osvdb=>"",
14
+ :cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:C",
15
+ :release_date => Date.new(2015, 12, 15),
16
+ :cwe=>"119",
17
+ :owasp=>"A9",
18
+ :applies=>["rails", "sinatra", "padrino"],
19
+ :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
20
+ :message=>message,
21
+ :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
22
+ :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
23
+ })
24
+
25
+ self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
26
+ self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,32 @@
1
+ module Dawn
2
+ module Kb
3
+ # Automatically created with rake on 2016-02-02
4
+ class CVE_2015_7497
5
+ # Include the testing skeleton for this CVE
6
+ include DependencyCheck
7
+
8
+ def initialize
9
+ message ="Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors."
10
+ super({
11
+ :title=>title,
12
+ :name=> "CVE-2015-7497",
13
+ :cve=>"2015-7497",
14
+ :osvdb=>"",
15
+ :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
16
+ :release_date => Date.new(2015, 12, 15),
17
+ :cwe=>"119",
18
+ :owasp=>"A9",
19
+ :applies=>["rails", "sinatra", "padrino"],
20
+ :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
+ :message=>message,
22
+ :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
23
+ :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
24
+ })
25
+
26
+ self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
27
+ self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
28
+
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,32 @@
1
+ module Dawn
2
+ module Kb
3
+ # Automatically created with rake on 2016-02-02
4
+ class CVE_2015_7498
5
+ # Include the testing skeleton for this CVE
6
+ include DependencyCheck
7
+
8
+ def initialize
9
+ message = "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure."
10
+ super({
11
+ :title=>title,
12
+ :name=> "CVE-2015-7498",
13
+ :cve=>"2015-7498",
14
+ :osvdb=>"",
15
+ :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
16
+ :release_date => Date.new(2015, 12, 15),
17
+ :cwe=>"119",
18
+ :owasp=>"A9",
19
+ :applies=>["rails", "sinatra", "padrino"],
20
+ :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
+ :message=>message,
22
+ :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
23
+ :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
24
+ })
25
+
26
+ self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
27
+ self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
28
+
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,32 @@
1
+ module Dawn
2
+ module Kb
3
+ # Automatically created with rake on 2016-02-02
4
+ class CVE_2015_7499
5
+ # Include the testing skeleton for this CVE
6
+ include DependencyCheck
7
+
8
+ def initialize
9
+ message="Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
10
+ super({
11
+ :title=>title,
12
+ :name=> "CVE-2015-7499",
13
+ :cve=>"2015-7499",
14
+ :osvdb=>"",
15
+ :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
16
+ :release_date => Date.new(2015, 12, 15),
17
+ :cwe=>"119",
18
+ :owasp=>"A9",
19
+ :applies=>["rails", "sinatra", "padrino"],
20
+ :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
+ :message=>message,
22
+ :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
23
+ :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
24
+ })
25
+
26
+ self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
27
+ self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
28
+
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,32 @@
1
+ module Dawn
2
+ module Kb
3
+ # Automatically created with rake on 2016-02-02
4
+ class CVE_2015_7500
5
+ # Include the testing skeleton for this CVE
6
+ include DependencyCheck
7
+
8
+ def initialize
9
+ message = "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags."
10
+ super({
11
+ :title=>title,
12
+ :name=> "CVE-2015-7500",
13
+ :cve=>"2015-7500",
14
+ :osvdb=>"",
15
+ :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
16
+ :release_date => Date.new(2015, 12, 15),
17
+ :cwe=>"119",
18
+ :owasp=>"A9",
19
+ :applies=>["rails", "sinatra", "padrino"],
20
+ :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
+ :message=>message,
22
+ :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
23
+ :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
24
+ })
25
+
26
+ self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
27
+ self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
28
+
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,31 @@
1
+ module Dawn
2
+ module Kb
3
+ # Automatically created with rake on 2016-02-02
4
+ class CVE_2015_7519
5
+ # Include the testing skeleton for this CVE
6
+ include DependencyCheck
7
+
8
+ def initialize
9
+ message ="agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header."
10
+ super({
11
+ :title=>title,
12
+ :name=> "CVE-2015-7519",
13
+ :cve=>"2015-7519",
14
+ :osvdb=>"",
15
+ :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
16
+ :release_date => Date.new(2016, 1, 8),
17
+ :cwe=>"119",
18
+ :owasp=>"A9",
19
+ :applies=>["rails", "sinatra", "padrino"],
20
+ :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
+ :message=>message,
22
+ :mitigation=>"Please upgrade passenger gem to version 4.0.60, 5.0.22 or later.",
23
+ :aux_links=>["https://blog.phusion.nl/2015/12/07/cve-2015-7519/"]
24
+ })
25
+
26
+ self.safe_dependencies = [{:name=>"passenger", :version=>['4.0.60', '5.0.22']}]
27
+
28
+ end
29
+ end
30
+ end
31
+ end
@@ -0,0 +1,31 @@
1
+ module Dawn
2
+ module Kb
3
+ # Automatically created with rake on 2016-02-02
4
+ class CVE_2015_7541
5
+ # Include the testing skeleton for this CVE
6
+ include DependencyCheck
7
+
8
+ def initialize
9
+ message = "The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable."
10
+ super({
11
+ :title=>title,
12
+ :name=> "CVE-2015-7541",
13
+ :cve=>"2015-7541",
14
+ :osvdb=>"",
15
+ :cvss=>"AV:N/AC:L/Au:N/C:C/I:C/A:C",
16
+ :release_date => Date.new(2016, 1, 8),
17
+ :cwe=>"77",
18
+ :owasp=>"A9",
19
+ :applies=>["rails", "sinatra", "padrino"],
20
+ :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
+ :message=>message,
22
+ :mitigation=>"Please upgrade colorscore gem to version 0.0.5 or later.",
23
+ :aux_links=>["http://seclists.org/oss-sec/2016/q1/17"]
24
+ })
25
+
26
+ self.safe_dependencies = [{:name=>"colorscore", :version=>['0.0.5']}]
27
+
28
+ end
29
+ end
30
+ end
31
+ end
@@ -0,0 +1,35 @@
1
+ module Dawn
2
+ module Kb
3
+ # Automatically created with rake on 2016-01-28
4
+ class CVE_2015_7576
5
+ # Include the testing skeleton for this CVE
6
+ # include PatternMatchCheck
7
+ include DependencyCheck
8
+ # include RubyVersionCheck
9
+
10
+ def initialize
11
+ message = "There is a timing attack vulnerability in the basic authentication support in Action Controller. Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password."
12
+ super({
13
+ :title=>title,
14
+ :name=> "CVE-2015-7576",
15
+ :cve=>"2015-7576",
16
+ :osvdb=>"",
17
+ :cvss=>"",
18
+ :release_date => Date.new(2016, 1, 26),
19
+ :cwe=>"",
20
+ :owasp=>"A9",
21
+ :applies=>["rails", "sinatra", "padrino"],
22
+ :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
23
+ :message=>message,
24
+ :mitigation=>"Please upgrade actionpack gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.",
25
+ :aux_links=>["http://securitytracker.com/id/1034816"]
26
+ })
27
+ self.save_minor=true
28
+ self.save_major=true
29
+ self.safe_dependencies = [{:name=>"actionpack", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}]
30
+
31
+
32
+ end
33
+ end
34
+ end
35
+ end