dawnscanner 1.6.8 → 2.0.0.rc4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.ruby-version +1 -1
- data/Changelog.md +27 -1
- data/LICENSE.txt +1 -1
- data/README.md +59 -57
- data/Rakefile +10 -242
- data/Roadmap.md +15 -23
- data/VERSION +1 -1
- data/bin/dawn +17 -273
- data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
- data/dawnscanner.gemspec +10 -9
- data/doc/change.sh +13 -0
- data/doc/kickstart_kb.tar.gz +0 -0
- data/doc/knowledge_base.rb +650 -0
- data/docs/.placeholder +0 -0
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/lib/dawn/cli/dawn_cli.rb +139 -0
- data/lib/dawn/core.rb +8 -7
- data/lib/dawn/engine.rb +93 -34
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -2
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/operating_system_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +10 -9
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
- data/lib/dawn/kb/version_check.rb +41 -24
- data/lib/dawn/knowledge_base.rb +259 -595
- data/lib/dawn/reporter.rb +2 -1
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +7 -6
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
- data/spec/lib/kb/dependency_check.yml +29 -0
- metadata +30 -496
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
- metadata.gz.sig +0 -0
data/Roadmap.md
CHANGED
@@ -11,12 +11,24 @@ The document is _dynamic_ and feature schedule may vary. If you do need a
|
|
11
11
|
feature to be included sooner, please open an [issue on
|
12
12
|
github](https://github.com/thesp0nge/dawnscanner/issues/new)
|
13
13
|
|
14
|
-
_latest update:
|
14
|
+
_latest update: mar 7 mag 2019, 17:48:53, CEST_
|
15
15
|
|
16
16
|
|
17
|
-
|
17
|
+
* Add Hanami support
|
18
|
+
* Add node.js support
|
19
|
+
|
20
|
+
* Add Maven support (this will lead of creating the skeleton of a
|
21
|
+
dawnscanner-java gem. I will decide later if it will stay with the core or if
|
22
|
+
it will be a separted gem plugging into dawnscanner as plugin).
|
23
|
+
* Add support for pure Rack applications
|
24
|
+
* Add basic support for Javascript. At the beginning, it will be a signature
|
25
|
+
based support. dawnscanner will try to detect the js library version by using
|
26
|
+
SHA hashing functions, comparing it with fingerprint of vulnerable libraies.
|
27
|
+
Of course, this will lead to false negatives if a user tamper the original
|
28
|
+
JS. We must consider also minified versions and we're not able to deal with
|
29
|
+
obfuscated code.
|
30
|
+
|
18
31
|
|
19
|
-
* close all issues on github markedsfor milestone 1.5.5
|
20
32
|
* Issue #131 - Adding a check for OSVDB 119927 : http Gem for Ruby SSL Certificate Validation MitM Spoofing
|
21
33
|
* Issue #119 - Adding a check for OSVDB 114641 : Ruby lib/rexml/entity.rb NULL String Handling Recursive XML External Entity (XXE) Expansion Resource Consumption Remote DoS
|
22
34
|
* Issue #118 - Adding a check for OSVDB 113965 : Sprockets Gem for Ruby Unspecified Request Handling File Enumeration
|
@@ -39,24 +51,6 @@ _latest update: Thu Dec 3 18:29:11 CET 2015_
|
|
39
51
|
* adding test for CVE-2011-4969 XSS in jquery < 1.6.2
|
40
52
|
|
41
53
|
|
42
|
-
## Version 2.0.0 (est. June 2016)
|
43
|
-
|
44
|
-
### New supported frameworks
|
45
|
-
|
46
|
-
* Add Lotus support
|
47
|
-
* Add Maven support (this will lead of creating the skeleton of a
|
48
|
-
dawnscanner-java gem. I will decide later if it will stay with the core or if
|
49
|
-
it will be a separted gem plugging into dawnscanner as plugin).
|
50
|
-
* Add support for pure Rack applications
|
51
|
-
* Add basic support for Javascript. At the beginning, it will be a signature
|
52
|
-
based support. dawnscanner will try to detect the js library version by using
|
53
|
-
SHA hashing functions, comparing it with fingerprint of vulnerable libraies.
|
54
|
-
Of course, this will lead to false negatives if a user tamper the original
|
55
|
-
JS. We must consider also minified versions and we're not able to deal with
|
56
|
-
obfuscated code.
|
57
|
-
|
58
|
-
### New checks
|
59
|
-
|
60
54
|
* Add a language check. It will handle a ruby script as input and a
|
61
55
|
ruby\_parser line as unsafe pattern. It will compile the ruby and look for
|
62
56
|
the unsafe pattern
|
@@ -67,7 +61,6 @@ _latest update: Thu Dec 3 18:29:11 CET 2015_
|
|
67
61
|
dawnscanner the proper way. This is a dynamic tests that it must be run in a
|
68
62
|
static way, looking for the public directory for old and backup files
|
69
63
|
pattern.
|
70
|
-
* Security checks for vulnerabilities out until 31 May 2016.
|
71
64
|
|
72
65
|
### New features
|
73
66
|
|
@@ -115,7 +108,6 @@ _latest update: Thu Dec 3 18:29:11 CET 2015_
|
|
115
108
|
## Version 2.5.0 (est. December 2016)
|
116
109
|
|
117
110
|
* Add automatic mitigation patch generation for Ruby
|
118
|
-
* Add node.js support
|
119
111
|
* Add Opal support
|
120
112
|
|
121
113
|
## Long term Roadmap
|
data/VERSION
CHANGED
data/bin/dawn
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
3
|
require 'bundler'
|
4
|
-
require 'getoptlong'
|
5
4
|
require 'json'
|
6
5
|
require 'terminal-table'
|
7
6
|
require 'justify'
|
@@ -9,289 +8,34 @@ require 'justify'
|
|
9
8
|
require 'dawnscanner'
|
10
9
|
|
11
10
|
APPNAME = File.basename($0)
|
11
|
+
|
12
12
|
LIST_KNOWN_FRAMEWORK = %w(rails sinatra padrino)
|
13
13
|
VALID_OUTPUT_FORMAT = %w(console json csv html)
|
14
14
|
|
15
15
|
# Datamapper stuff
|
16
|
-
DataMapper.setup(:default, "sqlite3://#{Dawn::Core.registry_db_name}")
|
17
|
-
DataMapper::Logger.new(Dawn::Core.sql_log_name, :debug)
|
18
|
-
DataMapper.finalize
|
19
|
-
DataMapper.auto_upgrade!
|
16
|
+
#DataMapper.setup(:default, "sqlite3://#{Dawn::Core.registry_db_name}")
|
17
|
+
#DataMapper::Logger.new(Dawn::Core.sql_log_name, :debug)
|
18
|
+
#DataMapper.finalize
|
19
|
+
#DataMapper.auto_upgrade!
|
20
20
|
|
21
21
|
require 'logger'
|
22
22
|
$logger = Logger.new(STDOUT)
|
23
|
-
$logger.
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
[ '--ascii-tabular-report', '-a', GetoptLong::NO_ARGUMENT], # Deprecated in 1.5.x - To be removed in 2.0.0
|
29
|
-
[ '--tabular', '-T', GetoptLong::NO_ARGUMENT],
|
30
|
-
[ '--json', '-j', GetoptLong::NO_ARGUMENT],
|
31
|
-
[ '--html', '-H', GetoptLong::NO_ARGUMENT],
|
32
|
-
[ '--console', '-K', GetoptLong::NO_ARGUMENT],
|
33
|
-
|
34
|
-
# MVC forcing
|
35
|
-
# Deprecated in 1.5.x
|
36
|
-
# To be removed in 2.0.0
|
37
|
-
[ '--rails', '-r', GetoptLong::NO_ARGUMENT],
|
38
|
-
[ '--sinatra', '-s', GetoptLong::NO_ARGUMENT],
|
39
|
-
[ '--padrino', '-p', GetoptLong::NO_ARGUMENT],
|
40
|
-
|
41
|
-
[ '--gem-lock', '-G', GetoptLong::REQUIRED_ARGUMENT], # Deprecated in 1.5.x - To be removed in 2.0.0
|
42
|
-
[ '--dependencies', '-d', GetoptLong::REQUIRED_ARGUMENT],
|
43
|
-
|
44
|
-
[ '--count-only', '-C', GetoptLong::NO_ARGUMENT],
|
45
|
-
[ '--exit-on-warn', '-z', GetoptLong::NO_ARGUMENT],
|
46
|
-
|
47
|
-
# Disable checks by family type
|
48
|
-
[ '--disable-cve-bulletins', GetoptLong::NO_ARGUMENT],
|
49
|
-
[ '--disable-code-quality', GetoptLong::NO_ARGUMENT],
|
50
|
-
[ '--disable-code-style', GetoptLong::NO_ARGUMENT],
|
51
|
-
[ '--disable-owasp-ror-cheatsheet', GetoptLong::NO_ARGUMENT],
|
52
|
-
[ '--disable-owasp-top-10', GetoptLong::NO_ARGUMENT],
|
53
|
-
|
54
|
-
# Search knowledge base
|
55
|
-
[ '--search-knowledge-base', '-S', GetoptLong::REQUIRED_ARGUMENT],
|
56
|
-
# List stuff
|
57
|
-
[ '--list-knowledge-base', GetoptLong::NO_ARGUMENT],
|
58
|
-
[ '--list-known-framework', GetoptLong::NO_ARGUMENT],
|
59
|
-
[ '--list-known-families', GetoptLong::NO_ARGUMENT],
|
60
|
-
[ '--list-scan-registry', GetoptLong::NO_ARGUMENT],
|
61
|
-
# please save output to file
|
62
|
-
[ '--file', '-F', GetoptLong::REQUIRED_ARGUMENT],
|
63
|
-
# specify an alternate config file
|
64
|
-
[ '--config-file', '-c', GetoptLong::REQUIRED_ARGUMENT],
|
65
|
-
|
66
|
-
# service options
|
67
|
-
[ '--verbose', '-V', GetoptLong::NO_ARGUMENT],
|
68
|
-
[ '--debug', '-D', GetoptLong::NO_ARGUMENT],
|
69
|
-
[ '--version', '-v', GetoptLong::NO_ARGUMENT],
|
70
|
-
[ '--help', '-h', GetoptLong::NO_ARGUMENT]
|
71
|
-
)
|
72
|
-
opts.quiet=true
|
73
|
-
|
74
|
-
engine = nil
|
75
|
-
|
76
|
-
|
77
|
-
options = Dawn::Core.read_conf(Dawn::Core.find_conf(true))
|
78
|
-
check = ""
|
79
|
-
guess = {:name=>"", :version=>"", :connected_gems=>[]}
|
80
|
-
|
81
|
-
###############################################################################
|
82
|
-
# CLI argument start.
|
83
|
-
#
|
84
|
-
# Refactoring is necessary here
|
85
|
-
###############################################################################
|
86
|
-
begin
|
87
|
-
opts.each do |opt, val|
|
88
|
-
case opt
|
89
|
-
when '--version'
|
90
|
-
puts "#{Dawn::VERSION} [#{Dawn::CODENAME}]"
|
91
|
-
Kernel.exit(0)
|
92
|
-
when '--config-file'
|
93
|
-
options = Dawn::Core.read_conf(val)
|
94
|
-
when '--disable-cve-bulletins'
|
95
|
-
options[:enabled_checks].delete(:bulletin)
|
96
|
-
when '--disable-code-quality'
|
97
|
-
options[:enabled_checks].delete(:code_quality)
|
98
|
-
when '--disable-code-style'
|
99
|
-
options[:enabled_checks].delete(:code_style)
|
100
|
-
when '--disable-owasp-ror-cheatsheet'
|
101
|
-
options[:enabled_checks].delete(:owasp_ror_cheatsheet)
|
102
|
-
when '--disable-owasp-top-10'
|
103
|
-
options[:enabled_checks].delete(:owasp_top_10_1)
|
104
|
-
options[:enabled_checks].delete(:owasp_top_10_2)
|
105
|
-
options[:enabled_checks].delete(:owasp_top_10_3)
|
106
|
-
options[:enabled_checks].delete(:owasp_top_10_4)
|
107
|
-
options[:enabled_checks].delete(:owasp_top_10_5)
|
108
|
-
options[:enabled_checks].delete(:owasp_top_10_6)
|
109
|
-
options[:enabled_checks].delete(:owasp_top_10_7)
|
110
|
-
options[:enabled_checks].delete(:owasp_top_10_8)
|
111
|
-
options[:enabled_checks].delete(:owasp_top_10_9)
|
112
|
-
options[:enabled_checks].delete(:owasp_top_10_10)
|
113
|
-
when '--list-known-families'
|
114
|
-
printf "Dawn supports following check families:\n\n"
|
115
|
-
puts Dawn::Kb::BasicCheck.families
|
116
|
-
Kernel.exit(0)
|
117
|
-
when '--json'
|
118
|
-
options[:output] = "json"
|
119
|
-
when '--console'
|
120
|
-
options[:output] = "console"
|
121
|
-
when '--tabular'
|
122
|
-
options[:output] = "tabular"
|
123
|
-
when '--ascii-tabular-report'
|
124
|
-
$logger.warn "--ascii-tabular-report' it has been deprecated. It will be removed in version 2.0.0. Please use '--tabular' instead"
|
125
|
-
options[:output] = "tabular"
|
126
|
-
when '--html'
|
127
|
-
options[:output] = "html"
|
128
|
-
when '--rails'
|
129
|
-
options[:mvc]=:rails
|
130
|
-
when '--sinatra'
|
131
|
-
options[:mvc]=:sinatra
|
132
|
-
when '--padrino'
|
133
|
-
options[:mvc]=:padrino
|
134
|
-
when '--file'
|
135
|
-
options[:filename] = val
|
136
|
-
when '--gem-lock'
|
137
|
-
options[:gemfile_scan] = true
|
138
|
-
$logger.warn "--gem-lock flag it has been deprecated. It will be removed in version 2.0.0. Please use '--dependencies' instead"
|
139
|
-
unless val.empty?
|
140
|
-
options[:gemfile_name] = val
|
141
|
-
guess = Dawn::Core.guess_mvc(val)
|
142
|
-
end
|
143
|
-
when '--dependencies'
|
144
|
-
options[:gemfile_scan] = true
|
145
|
-
unless val.empty?
|
146
|
-
options[:gemfile_name] = val
|
147
|
-
guess = Dawn::Core.guess_mvc(val)
|
148
|
-
end
|
149
|
-
|
150
|
-
when '--verbose'
|
151
|
-
options[:verbose]=true
|
152
|
-
when '--count-only'
|
153
|
-
options[:output] = "count"
|
154
|
-
when '--debug'
|
155
|
-
options[:debug] = true
|
156
|
-
when '--exit-on-warn'
|
157
|
-
options[:exit_on_warn] = true
|
158
|
-
|
159
|
-
when '--search-knowledge-base'
|
160
|
-
found = Dawn::KnowledgeBase.find(nil, val)
|
161
|
-
puts "#{val} found in knowledgebase." if found
|
162
|
-
puts "#{val} not found in knowledgebase" if ! found
|
163
|
-
Kernel.exit(0)
|
164
|
-
when '--list-scan-registry'
|
165
|
-
puts "#{APPNAME} scan registry\n\n"
|
166
|
-
Dawn::Registry.dump
|
167
|
-
Kernel.exit(0)
|
168
|
-
|
169
|
-
when '--list-knowledge-base'
|
170
|
-
Dawn::KnowledgeBase.dump(options[:verbose])
|
171
|
-
Kernel.exit(0)
|
172
|
-
when '--list-known-framework'
|
173
|
-
puts "Ruby MVC framework supported by #{APPNAME}:"
|
174
|
-
LIST_KNOWN_FRAMEWORK.each do |mvc|
|
175
|
-
puts "* #{mvc}"
|
176
|
-
end
|
177
|
-
Kernel.exit(0)
|
178
|
-
when '--help'
|
179
|
-
Kernel.exit(Dawn::Core.help)
|
180
|
-
end
|
181
|
-
end
|
182
|
-
rescue GetoptLong::InvalidOption => e
|
183
|
-
$logger.helo APPNAME, Dawn::VERSION
|
184
|
-
$logger.error e.message
|
185
|
-
Kernel.exit(Dawn::Core.help)
|
186
|
-
end
|
187
|
-
###############################################################################
|
188
|
-
# CLI argument stop
|
189
|
-
###############################################################################
|
190
|
-
|
191
|
-
target=ARGV.shift
|
192
|
-
|
193
|
-
target = File.expand_path(".") if target == "."
|
194
|
-
|
195
|
-
$logger.helo APPNAME, Dawn::VERSION
|
196
|
-
r = Dawn::Registry.new
|
197
|
-
|
198
|
-
unless Dir.exist?(Dawn::Core.registry_db_folder)
|
199
|
-
FileUtils.mkdir_p(Dawn::Core.registry_db_folder)
|
200
|
-
$logger.info "#{Dawn::Core.registry_db_folder} created" if Dir.exist?(Dawn::Core.registry_db_folder)
|
201
|
-
end
|
202
|
-
|
203
|
-
trap("INT") { $logger.die('[INTERRUPTED]') }
|
204
|
-
$logger.die("missing target") if target.nil? && options[:gemfile_name].empty?
|
205
|
-
$logger.die("invalid directory (#{target})") if options[:gemfile_name].empty? &&! Dawn::Core.is_good_target?(target)
|
206
|
-
$logger.die("if scanning Gemfile.lock file you must not force target MVC using one from -r, -s or -p flag") if ! options[:mvc].empty? && options[:gemfile_scan]
|
207
|
-
$logger.debug("security check enabled: #{options[:enabled_checks]}") if options[:debug]
|
208
|
-
|
209
|
-
# MVC flag deprecation warnings
|
210
|
-
$logger.warn("the --rails is deprecated and it will be removed in version 2.0.0") if options[:mvc] == :rails
|
211
|
-
$logger.warn("the --sinatra is deprecated and it will be removed in version 2.0.0") if options[:mvc] == :sinatra
|
212
|
-
$logger.warn("the --padrino is deprecated and it will be removed in version 2.0.0") if options[:mvc] == :padrino
|
213
|
-
|
214
|
-
|
215
|
-
## MVC auto detect.
|
216
|
-
|
217
|
-
# Skipping MVC autodetect if it's already been done by guess_mvc when choosing
|
218
|
-
# Gemfile.lock scan
|
219
|
-
|
220
|
-
unless options[:gemfile_scan]
|
221
|
-
begin
|
222
|
-
if options[:mvc].empty?
|
223
|
-
engine = Dawn::Core.detect_mvc(target)
|
224
|
-
$logger.debug("using #{engine.class.name} engine via autodect") if options[:debug]
|
23
|
+
$logger.formatter = proc do |severity, datetime, progname, msg|
|
24
|
+
date_format = datetime.strftime("%Y-%m-%d %H:%M:%S")
|
25
|
+
if severity == "INFO" or severity == "WARN"
|
26
|
+
"[#{date_format}] #{severity} (dawn): #{msg}\n"
|
225
27
|
else
|
226
|
-
|
227
|
-
engine = Dawn::Sinatra.new(target) if options[:mvc] == :sinatra
|
228
|
-
engine = Dawn::Padrino.new(target) if options[:mvc] == :padrino
|
229
|
-
end
|
230
|
-
rescue ArgumentError => e
|
231
|
-
r.do_save({:target=>File.basename(target), :scan_started=>DateTime.now, :scan_duration => 0, :issues_found=> -1, :output_dir=> "", :message=>e.message, :scan_status=>:failed})
|
232
|
-
$logger.die(e.message)
|
233
|
-
end
|
234
|
-
else
|
235
|
-
engine = Dawn::GemfileLock.new(target, options[:gemfile_name], guess) # if options[:gemfile_scan]
|
236
|
-
end
|
237
|
-
|
238
|
-
|
239
|
-
if engine.nil?
|
240
|
-
$logger.error("MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues")
|
241
|
-
r.do_save({:target=>File.basename(target), :message=>"MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues", :scan_status=>:failed})
|
242
|
-
$logger.die("ruby framework auto detect failed. Please force if rails, sinatra or padrino with -r, -s or -p flags")
|
243
|
-
end
|
244
|
-
## end MVC auto detect.
|
245
|
-
|
246
|
-
if options[:exit_on_warn]
|
247
|
-
Kernel.at_exit do
|
248
|
-
if engine.count_vulnerabilities != 0
|
249
|
-
r.do_save({:target=>engine.target, :scan_started=>engine.scan_start, :scan_duration => engine.scan_time.round(3), :issues_found=>engine.vulnerabilities.count, :output_dir=>engine.output_dir_name, :scan_status=>:completed})
|
250
|
-
Kernel.exit(engine.count_vulnerabilities)
|
28
|
+
"[#{date_format}] #{severity} (dawn): #{msg}\n"
|
251
29
|
end
|
252
|
-
end
|
253
|
-
end
|
254
|
-
|
255
|
-
if options[:debug]
|
256
|
-
$logger.warn "putting engine in debug mode"
|
257
|
-
engine.debug = true
|
258
30
|
end
|
259
31
|
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
r.do_save({:target=>File.basename(target), :message=>"missing target framework option", :scan_status=>:failed})
|
264
|
-
$logger.die "missing target framework option"
|
265
|
-
end
|
266
|
-
|
267
|
-
if ! options[:gemfile_scan] && ! engine.can_apply?
|
268
|
-
r.do_save({:target=>File.basename(target), :message=>"nothing to do on #{target}", :scan_status=>:failed})
|
269
|
-
$logger.die "nothing to do on #{target}"
|
270
|
-
end
|
271
|
-
|
272
|
-
engine.load_knowledge_base(options[:enabled_checks])
|
273
|
-
ret = engine.apply_all
|
32
|
+
engine = nil
|
33
|
+
$debug=false
|
34
|
+
$verbose=false
|
274
35
|
|
275
|
-
if options[:output] == "count"
|
276
|
-
STDERR.puts (ret)? engine.vulnerabilities.count : "-1" unless options[:output] == "json"
|
277
|
-
STDERR.puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json if options[:output] == "json"
|
278
36
|
|
279
|
-
|
280
|
-
|
281
|
-
Kernel.exit(0)
|
282
|
-
end
|
37
|
+
check = ""
|
38
|
+
guess = {:name=>"", :version=>"", :connected_gems=>[]}
|
283
39
|
|
284
|
-
Dawn::
|
285
|
-
|
286
|
-
:scan_started=>engine.scan_start,
|
287
|
-
:scan_duration => engine.scan_time.round(3),
|
288
|
-
:issues_found=>engine.vulnerabilities.count,
|
289
|
-
:output_dir=>engine.output_dir_name,
|
290
|
-
:scan_status=>:completed}))
|
291
|
-
$logger.info "#{Dawn::Core.registry_db_name} updated with scan infos"
|
292
|
-
else
|
293
|
-
r.errors.each do |error|
|
294
|
-
$logger.error error
|
295
|
-
end
|
296
|
-
end
|
297
|
-
$logger.bye
|
40
|
+
Dawn::Cli::DawnCli.start
|
41
|
+
Kernel.exit(0)
|
@@ -0,0 +1 @@
|
|
1
|
+
7f56617eeab5f897c910d9bfbfd54425c4856fc1
|
@@ -0,0 +1 @@
|
|
1
|
+
04dc5b15006b4ee5912b789160756c57b4c9036a
|
@@ -0,0 +1 @@
|
|
1
|
+
1c96f786d3683b79311855a14b8ef7d7ebe7b13d
|
@@ -0,0 +1 @@
|
|
1
|
+
55641656f0a1979b283c10ac526f00f5fc449d89
|
data/dawnscanner.gemspec
CHANGED
@@ -10,17 +10,14 @@ Gem::Specification.new do |gem|
|
|
10
10
|
gem.email = ["paolo@dawnscanner.org"]
|
11
11
|
gem.description = %q{Dawnscanner is a security source code scanner for ruby powered code. It is especially designed for web applications, but it works also with general purpose ruby scripts. Dawn supports all major MVC frameworks like ruby on rails, padrino and sinatra; it provides more than 150 security checks with their own mitigation suggestion.}
|
12
12
|
gem.summary = %q{Dawnscanner is a security source code scanner for ruby powered code. It is crafted with love to make your sinatra, padrino and ruby on rails web applications secure.}
|
13
|
-
gem.homepage = "
|
13
|
+
gem.homepage = "https://dawnscanner.org"
|
14
14
|
gem.files = `git ls-files`.split($/)
|
15
15
|
gem.license = "MIT"
|
16
16
|
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
17
17
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
18
18
|
gem.require_paths = ["lib"]
|
19
19
|
|
20
|
-
gem.
|
21
|
-
gem.signing_key = File.expand_path("~/.ssh/paolo_at_dawnscanner_dot_org_private_key.pem") if $0 =~ /gem\z/
|
22
|
-
|
23
|
-
gem.required_ruby_version = '>= 1.9.3'
|
20
|
+
gem.required_ruby_version = '>= 2.3.0'
|
24
21
|
|
25
22
|
gem.add_dependency 'cvss'
|
26
23
|
gem.add_dependency 'haml'
|
@@ -30,11 +27,15 @@ Gem::Specification.new do |gem|
|
|
30
27
|
gem.add_dependency 'justify'
|
31
28
|
gem.add_dependency 'logger-colors'
|
32
29
|
gem.add_dependency 'ptools'
|
33
|
-
gem.add_dependency '
|
34
|
-
|
35
|
-
|
30
|
+
gem.add_dependency 'psych'
|
31
|
+
|
32
|
+
# For CLI we will use thor
|
33
|
+
gem.add_dependency 'thor'
|
34
|
+
|
35
|
+
# gem.add_dependency 'sqlite3'
|
36
|
+
# gem.add_dependency 'datamapper'
|
37
|
+
# gem.add_dependency 'dm-sqlite-adapter'
|
36
38
|
|
37
|
-
# Dependencies for code stats
|
38
39
|
# To be added back in 1.5.5
|
39
40
|
# gem.add_dependency 'code_metrics'
|
40
41
|
# gem.add_dependency 'metric_fu-Saikuro'
|
data/doc/change.sh
ADDED