dawnscanner 1.6.8 → 2.0.0.rc4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (387) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +27 -1
  5. data/LICENSE.txt +1 -1
  6. data/README.md +59 -57
  7. data/Rakefile +10 -242
  8. data/Roadmap.md +15 -23
  9. data/VERSION +1 -1
  10. data/bin/dawn +17 -273
  11. data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
  12. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  13. data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
  14. data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
  15. data/dawnscanner.gemspec +10 -9
  16. data/doc/change.sh +13 -0
  17. data/doc/kickstart_kb.tar.gz +0 -0
  18. data/doc/knowledge_base.rb +650 -0
  19. data/docs/.placeholder +0 -0
  20. data/docs/CNAME +1 -0
  21. data/docs/_config.yml +1 -0
  22. data/lib/dawn/cli/dawn_cli.rb +139 -0
  23. data/lib/dawn/core.rb +8 -7
  24. data/lib/dawn/engine.rb +93 -34
  25. data/lib/dawn/gemfile_lock.rb +2 -2
  26. data/lib/dawn/kb/basic_check.rb +1 -2
  27. data/lib/dawn/kb/combo_check.rb +1 -1
  28. data/lib/dawn/kb/dependency_check.rb +1 -1
  29. data/lib/dawn/kb/operating_system_check.rb +1 -1
  30. data/lib/dawn/kb/pattern_match_check.rb +10 -9
  31. data/lib/dawn/kb/ruby_version_check.rb +11 -10
  32. data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
  33. data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
  34. data/lib/dawn/kb/version_check.rb +41 -24
  35. data/lib/dawn/knowledge_base.rb +259 -595
  36. data/lib/dawn/reporter.rb +2 -1
  37. data/lib/dawn/utils.rb +5 -2
  38. data/lib/dawn/version.rb +5 -5
  39. data/lib/dawnscanner.rb +7 -6
  40. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
  41. data/spec/lib/kb/dependency_check.yml +29 -0
  42. metadata +30 -496
  43. checksums.yaml.gz.sig +0 -0
  44. data.tar.gz.sig +0 -0
  45. data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
  46. data/lib/dawn/kb/cve_2004_0755.rb +0 -33
  47. data/lib/dawn/kb/cve_2004_0983.rb +0 -31
  48. data/lib/dawn/kb/cve_2005_1992.rb +0 -31
  49. data/lib/dawn/kb/cve_2005_2337.rb +0 -33
  50. data/lib/dawn/kb/cve_2006_1931.rb +0 -30
  51. data/lib/dawn/kb/cve_2006_2582.rb +0 -28
  52. data/lib/dawn/kb/cve_2006_3694.rb +0 -31
  53. data/lib/dawn/kb/cve_2006_4112.rb +0 -27
  54. data/lib/dawn/kb/cve_2006_5467.rb +0 -28
  55. data/lib/dawn/kb/cve_2006_6303.rb +0 -28
  56. data/lib/dawn/kb/cve_2006_6852.rb +0 -27
  57. data/lib/dawn/kb/cve_2006_6979.rb +0 -29
  58. data/lib/dawn/kb/cve_2007_0469.rb +0 -29
  59. data/lib/dawn/kb/cve_2007_5162.rb +0 -28
  60. data/lib/dawn/kb/cve_2007_5379.rb +0 -27
  61. data/lib/dawn/kb/cve_2007_5380.rb +0 -29
  62. data/lib/dawn/kb/cve_2007_5770.rb +0 -30
  63. data/lib/dawn/kb/cve_2007_6077.rb +0 -31
  64. data/lib/dawn/kb/cve_2007_6612.rb +0 -30
  65. data/lib/dawn/kb/cve_2008_1145.rb +0 -38
  66. data/lib/dawn/kb/cve_2008_1891.rb +0 -38
  67. data/lib/dawn/kb/cve_2008_2376.rb +0 -30
  68. data/lib/dawn/kb/cve_2008_2662.rb +0 -33
  69. data/lib/dawn/kb/cve_2008_2663.rb +0 -32
  70. data/lib/dawn/kb/cve_2008_2664.rb +0 -33
  71. data/lib/dawn/kb/cve_2008_2725.rb +0 -31
  72. data/lib/dawn/kb/cve_2008_3655.rb +0 -37
  73. data/lib/dawn/kb/cve_2008_3657.rb +0 -37
  74. data/lib/dawn/kb/cve_2008_3790.rb +0 -30
  75. data/lib/dawn/kb/cve_2008_3905.rb +0 -36
  76. data/lib/dawn/kb/cve_2008_4094.rb +0 -27
  77. data/lib/dawn/kb/cve_2008_4310.rb +0 -100
  78. data/lib/dawn/kb/cve_2008_5189.rb +0 -27
  79. data/lib/dawn/kb/cve_2008_7248.rb +0 -27
  80. data/lib/dawn/kb/cve_2009_4078.rb +0 -29
  81. data/lib/dawn/kb/cve_2009_4124.rb +0 -30
  82. data/lib/dawn/kb/cve_2009_4214.rb +0 -27
  83. data/lib/dawn/kb/cve_2010_1330.rb +0 -28
  84. data/lib/dawn/kb/cve_2010_2489.rb +0 -60
  85. data/lib/dawn/kb/cve_2010_3933.rb +0 -27
  86. data/lib/dawn/kb/cve_2011_0188.rb +0 -67
  87. data/lib/dawn/kb/cve_2011_0446.rb +0 -28
  88. data/lib/dawn/kb/cve_2011_0447.rb +0 -28
  89. data/lib/dawn/kb/cve_2011_0739.rb +0 -28
  90. data/lib/dawn/kb/cve_2011_0995.rb +0 -61
  91. data/lib/dawn/kb/cve_2011_1004.rb +0 -34
  92. data/lib/dawn/kb/cve_2011_1005.rb +0 -31
  93. data/lib/dawn/kb/cve_2011_2197.rb +0 -27
  94. data/lib/dawn/kb/cve_2011_2686.rb +0 -29
  95. data/lib/dawn/kb/cve_2011_2705.rb +0 -32
  96. data/lib/dawn/kb/cve_2011_2929.rb +0 -27
  97. data/lib/dawn/kb/cve_2011_2930.rb +0 -28
  98. data/lib/dawn/kb/cve_2011_2931.rb +0 -30
  99. data/lib/dawn/kb/cve_2011_2932.rb +0 -27
  100. data/lib/dawn/kb/cve_2011_3009.rb +0 -28
  101. data/lib/dawn/kb/cve_2011_3186.rb +0 -29
  102. data/lib/dawn/kb/cve_2011_3187.rb +0 -29
  103. data/lib/dawn/kb/cve_2011_4319.rb +0 -30
  104. data/lib/dawn/kb/cve_2011_4815.rb +0 -28
  105. data/lib/dawn/kb/cve_2011_5036.rb +0 -26
  106. data/lib/dawn/kb/cve_2012_1098.rb +0 -30
  107. data/lib/dawn/kb/cve_2012_1099.rb +0 -27
  108. data/lib/dawn/kb/cve_2012_1241.rb +0 -27
  109. data/lib/dawn/kb/cve_2012_2139.rb +0 -26
  110. data/lib/dawn/kb/cve_2012_2140.rb +0 -27
  111. data/lib/dawn/kb/cve_2012_2660.rb +0 -28
  112. data/lib/dawn/kb/cve_2012_2661.rb +0 -27
  113. data/lib/dawn/kb/cve_2012_2671.rb +0 -28
  114. data/lib/dawn/kb/cve_2012_2694.rb +0 -30
  115. data/lib/dawn/kb/cve_2012_2695.rb +0 -27
  116. data/lib/dawn/kb/cve_2012_3424.rb +0 -29
  117. data/lib/dawn/kb/cve_2012_3463.rb +0 -27
  118. data/lib/dawn/kb/cve_2012_3464.rb +0 -27
  119. data/lib/dawn/kb/cve_2012_3465.rb +0 -26
  120. data/lib/dawn/kb/cve_2012_4464.rb +0 -27
  121. data/lib/dawn/kb/cve_2012_4466.rb +0 -27
  122. data/lib/dawn/kb/cve_2012_4481.rb +0 -26
  123. data/lib/dawn/kb/cve_2012_4522.rb +0 -27
  124. data/lib/dawn/kb/cve_2012_5370.rb +0 -27
  125. data/lib/dawn/kb/cve_2012_5371.rb +0 -27
  126. data/lib/dawn/kb/cve_2012_5380.rb +0 -28
  127. data/lib/dawn/kb/cve_2012_6109.rb +0 -25
  128. data/lib/dawn/kb/cve_2012_6134.rb +0 -27
  129. data/lib/dawn/kb/cve_2012_6496.rb +0 -28
  130. data/lib/dawn/kb/cve_2012_6497.rb +0 -28
  131. data/lib/dawn/kb/cve_2012_6684.rb +0 -28
  132. data/lib/dawn/kb/cve_2013_0155.rb +0 -29
  133. data/lib/dawn/kb/cve_2013_0156.rb +0 -27
  134. data/lib/dawn/kb/cve_2013_0162.rb +0 -28
  135. data/lib/dawn/kb/cve_2013_0175.rb +0 -27
  136. data/lib/dawn/kb/cve_2013_0183.rb +0 -25
  137. data/lib/dawn/kb/cve_2013_0184.rb +0 -25
  138. data/lib/dawn/kb/cve_2013_0233.rb +0 -26
  139. data/lib/dawn/kb/cve_2013_0256.rb +0 -59
  140. data/lib/dawn/kb/cve_2013_0262.rb +0 -26
  141. data/lib/dawn/kb/cve_2013_0263.rb +0 -26
  142. data/lib/dawn/kb/cve_2013_0269.rb +0 -27
  143. data/lib/dawn/kb/cve_2013_0276.rb +0 -28
  144. data/lib/dawn/kb/cve_2013_0277.rb +0 -25
  145. data/lib/dawn/kb/cve_2013_0284.rb +0 -27
  146. data/lib/dawn/kb/cve_2013_0285.rb +0 -27
  147. data/lib/dawn/kb/cve_2013_0333.rb +0 -28
  148. data/lib/dawn/kb/cve_2013_0334.rb +0 -25
  149. data/lib/dawn/kb/cve_2013_1607.rb +0 -25
  150. data/lib/dawn/kb/cve_2013_1655.rb +0 -65
  151. data/lib/dawn/kb/cve_2013_1656.rb +0 -28
  152. data/lib/dawn/kb/cve_2013_1756.rb +0 -26
  153. data/lib/dawn/kb/cve_2013_1800.rb +0 -26
  154. data/lib/dawn/kb/cve_2013_1801.rb +0 -27
  155. data/lib/dawn/kb/cve_2013_1802.rb +0 -27
  156. data/lib/dawn/kb/cve_2013_1812.rb +0 -27
  157. data/lib/dawn/kb/cve_2013_1821.rb +0 -28
  158. data/lib/dawn/kb/cve_2013_1854.rb +0 -26
  159. data/lib/dawn/kb/cve_2013_1855.rb +0 -25
  160. data/lib/dawn/kb/cve_2013_1856.rb +0 -26
  161. data/lib/dawn/kb/cve_2013_1857.rb +0 -27
  162. data/lib/dawn/kb/cve_2013_1875.rb +0 -27
  163. data/lib/dawn/kb/cve_2013_1898.rb +0 -27
  164. data/lib/dawn/kb/cve_2013_1911.rb +0 -28
  165. data/lib/dawn/kb/cve_2013_1933.rb +0 -27
  166. data/lib/dawn/kb/cve_2013_1947.rb +0 -27
  167. data/lib/dawn/kb/cve_2013_1948.rb +0 -27
  168. data/lib/dawn/kb/cve_2013_2065.rb +0 -29
  169. data/lib/dawn/kb/cve_2013_2090.rb +0 -28
  170. data/lib/dawn/kb/cve_2013_2105.rb +0 -26
  171. data/lib/dawn/kb/cve_2013_2119.rb +0 -27
  172. data/lib/dawn/kb/cve_2013_2512.rb +0 -26
  173. data/lib/dawn/kb/cve_2013_2513.rb +0 -25
  174. data/lib/dawn/kb/cve_2013_2516.rb +0 -26
  175. data/lib/dawn/kb/cve_2013_2615.rb +0 -27
  176. data/lib/dawn/kb/cve_2013_2616.rb +0 -27
  177. data/lib/dawn/kb/cve_2013_2617.rb +0 -28
  178. data/lib/dawn/kb/cve_2013_3221.rb +0 -27
  179. data/lib/dawn/kb/cve_2013_4164.rb +0 -30
  180. data/lib/dawn/kb/cve_2013_4203.rb +0 -25
  181. data/lib/dawn/kb/cve_2013_4389.rb +0 -26
  182. data/lib/dawn/kb/cve_2013_4413.rb +0 -27
  183. data/lib/dawn/kb/cve_2013_4457.rb +0 -29
  184. data/lib/dawn/kb/cve_2013_4478.rb +0 -26
  185. data/lib/dawn/kb/cve_2013_4479.rb +0 -26
  186. data/lib/dawn/kb/cve_2013_4489.rb +0 -28
  187. data/lib/dawn/kb/cve_2013_4491.rb +0 -29
  188. data/lib/dawn/kb/cve_2013_4492.rb +0 -29
  189. data/lib/dawn/kb/cve_2013_4562.rb +0 -27
  190. data/lib/dawn/kb/cve_2013_4593.rb +0 -27
  191. data/lib/dawn/kb/cve_2013_5647.rb +0 -29
  192. data/lib/dawn/kb/cve_2013_5671.rb +0 -26
  193. data/lib/dawn/kb/cve_2013_6414.rb +0 -30
  194. data/lib/dawn/kb/cve_2013_6415.rb +0 -29
  195. data/lib/dawn/kb/cve_2013_6416.rb +0 -29
  196. data/lib/dawn/kb/cve_2013_6417.rb +0 -30
  197. data/lib/dawn/kb/cve_2013_6421.rb +0 -28
  198. data/lib/dawn/kb/cve_2013_6459.rb +0 -28
  199. data/lib/dawn/kb/cve_2013_6460.rb +0 -53
  200. data/lib/dawn/kb/cve_2013_6461.rb +0 -57
  201. data/lib/dawn/kb/cve_2013_7086.rb +0 -27
  202. data/lib/dawn/kb/cve_2014_0036.rb +0 -27
  203. data/lib/dawn/kb/cve_2014_0080.rb +0 -29
  204. data/lib/dawn/kb/cve_2014_0081.rb +0 -27
  205. data/lib/dawn/kb/cve_2014_0082.rb +0 -27
  206. data/lib/dawn/kb/cve_2014_0130.rb +0 -27
  207. data/lib/dawn/kb/cve_2014_1233.rb +0 -27
  208. data/lib/dawn/kb/cve_2014_1234.rb +0 -26
  209. data/lib/dawn/kb/cve_2014_2322.rb +0 -28
  210. data/lib/dawn/kb/cve_2014_2525.rb +0 -59
  211. data/lib/dawn/kb/cve_2014_2538.rb +0 -26
  212. data/lib/dawn/kb/cve_2014_3482.rb +0 -28
  213. data/lib/dawn/kb/cve_2014_3483.rb +0 -28
  214. data/lib/dawn/kb/cve_2014_3916.rb +0 -29
  215. data/lib/dawn/kb/cve_2014_4975.rb +0 -28
  216. data/lib/dawn/kb/cve_2014_7818.rb +0 -27
  217. data/lib/dawn/kb/cve_2014_7819.rb +0 -31
  218. data/lib/dawn/kb/cve_2014_7829.rb +0 -30
  219. data/lib/dawn/kb/cve_2014_8090.rb +0 -30
  220. data/lib/dawn/kb/cve_2014_9490.rb +0 -29
  221. data/lib/dawn/kb/cve_2015_1819.rb +0 -34
  222. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
  223. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
  224. data/lib/dawn/kb/cve_2015_2963.rb +0 -27
  225. data/lib/dawn/kb/cve_2015_3224.rb +0 -26
  226. data/lib/dawn/kb/cve_2015_3225.rb +0 -28
  227. data/lib/dawn/kb/cve_2015_3226.rb +0 -27
  228. data/lib/dawn/kb/cve_2015_3227.rb +0 -28
  229. data/lib/dawn/kb/cve_2015_3448.rb +0 -29
  230. data/lib/dawn/kb/cve_2015_4020.rb +0 -34
  231. data/lib/dawn/kb/cve_2015_5312.rb +0 -30
  232. data/lib/dawn/kb/cve_2015_7497.rb +0 -32
  233. data/lib/dawn/kb/cve_2015_7498.rb +0 -32
  234. data/lib/dawn/kb/cve_2015_7499.rb +0 -32
  235. data/lib/dawn/kb/cve_2015_7500.rb +0 -32
  236. data/lib/dawn/kb/cve_2015_7519.rb +0 -31
  237. data/lib/dawn/kb/cve_2015_7541.rb +0 -31
  238. data/lib/dawn/kb/cve_2015_7576.rb +0 -35
  239. data/lib/dawn/kb/cve_2015_7577.rb +0 -34
  240. data/lib/dawn/kb/cve_2015_7578.rb +0 -30
  241. data/lib/dawn/kb/cve_2015_7579.rb +0 -30
  242. data/lib/dawn/kb/cve_2015_7581.rb +0 -33
  243. data/lib/dawn/kb/cve_2015_8241.rb +0 -32
  244. data/lib/dawn/kb/cve_2015_8242.rb +0 -32
  245. data/lib/dawn/kb/cve_2015_8317.rb +0 -32
  246. data/lib/dawn/kb/cve_2016_0751.rb +0 -32
  247. data/lib/dawn/kb/cve_2016_0752.rb +0 -35
  248. data/lib/dawn/kb/cve_2016_0753.rb +0 -31
  249. data/lib/dawn/kb/cve_2016_2097.rb +0 -35
  250. data/lib/dawn/kb/cve_2016_2098.rb +0 -35
  251. data/lib/dawn/kb/cve_2016_5697.rb +0 -30
  252. data/lib/dawn/kb/cve_2016_6316.rb +0 -33
  253. data/lib/dawn/kb/cve_2016_6317.rb +0 -32
  254. data/lib/dawn/kb/cve_2016_6582.rb +0 -43
  255. data/lib/dawn/kb/not_revised_code.rb +0 -22
  256. data/lib/dawn/kb/osvdb_105971.rb +0 -29
  257. data/lib/dawn/kb/osvdb_108530.rb +0 -27
  258. data/lib/dawn/kb/osvdb_108563.rb +0 -28
  259. data/lib/dawn/kb/osvdb_108569.rb +0 -28
  260. data/lib/dawn/kb/osvdb_108570.rb +0 -27
  261. data/lib/dawn/kb/osvdb_115654.rb +0 -33
  262. data/lib/dawn/kb/osvdb_116010.rb +0 -30
  263. data/lib/dawn/kb/osvdb_117903.rb +0 -30
  264. data/lib/dawn/kb/osvdb_118579.rb +0 -31
  265. data/lib/dawn/kb/osvdb_118830.rb +0 -32
  266. data/lib/dawn/kb/osvdb_118954.rb +0 -33
  267. data/lib/dawn/kb/osvdb_119878.rb +0 -32
  268. data/lib/dawn/kb/osvdb_119927.rb +0 -33
  269. data/lib/dawn/kb/osvdb_120415.rb +0 -31
  270. data/lib/dawn/kb/osvdb_120857.rb +0 -34
  271. data/lib/dawn/kb/osvdb_121701.rb +0 -30
  272. data/lib/dawn/kb/osvdb_132234.rb +0 -34
  273. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
  274. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
  275. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
  276. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
  277. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
  278. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
  279. data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
  280. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
  281. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
  282. data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
  283. data/lib/dawn/knowledge_base_experimental.rb +0 -245
  284. data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
  285. data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
  286. data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
  287. data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
  288. data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
  289. data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
  290. data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
  291. data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
  292. data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
  293. data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
  294. data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
  295. data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
  296. data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
  297. data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
  298. data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
  299. data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
  300. data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
  301. data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
  302. data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
  303. data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
  304. data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
  305. data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
  306. data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
  307. data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
  308. data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
  309. data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
  310. data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
  311. data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
  312. data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
  313. data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
  314. data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
  315. data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
  316. data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
  317. data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
  318. data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
  319. data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
  320. data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
  321. data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
  322. data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
  323. data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
  324. data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
  325. data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
  326. data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
  327. data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
  328. data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
  329. data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
  330. data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
  331. data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
  332. data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
  333. data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
  334. data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
  335. data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
  336. data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
  337. data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
  338. data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
  339. data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
  340. data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
  341. data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
  342. data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
  343. data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
  344. data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
  345. data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
  346. data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
  347. data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
  348. data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
  349. data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
  350. data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
  351. data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
  352. data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
  353. data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
  354. data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
  355. data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
  356. data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
  357. data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
  358. data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
  359. data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
  360. data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
  361. data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
  362. data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
  363. data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
  364. data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
  365. data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
  366. data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
  367. data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
  368. data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
  369. data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
  370. data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
  371. data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
  372. data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
  373. data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
  374. data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
  375. data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
  376. data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
  377. data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
  378. data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
  379. data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
  380. data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
  381. data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
  382. data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
  383. data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
  384. data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
  385. data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
  386. data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
  387. metadata.gz.sig +0 -0
@@ -1,29 +0,0 @@
1
- module Dawn
2
- module Kb
3
- module OwaspRorCheatSheet
4
- class Csrf
5
- include PatternMatchCheck
6
-
7
- def initialize
8
- message = "Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request."
9
-
10
- super({
11
- :name=>"Owasp Ror CheatSheet: Cross Site Request Forgery",
12
- :kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
13
- :applies=>["rails"],
14
- :glob=>"application_controller.rb",
15
- :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
16
- :message=>message,
17
- :attack_pattern => ["protect_from_forgery"],
18
- :negative_search=>true,
19
- :mitigation=>"Make sure you are using Rails protect_from_forgery facilities in application_controller.rMake sure you are using Rails protect_from_forgery facilities in application_controller.rb",
20
- :severity=>:info,
21
- :check_family=>:owasp_ror_cheatsheet
22
- })
23
- # @debug = true
24
- end
25
-
26
- end
27
- end
28
- end
29
- end
@@ -1,33 +0,0 @@
1
- module Dawn
2
- module Kb
3
- module OwaspRorCheatSheet
4
-
5
- class MassAssignmentInModel
6
-
7
- include PatternMatchCheck
8
-
9
- def initialize
10
- message = "Although the major issue with Mass Assignment has been fixed by default in base Rails specifically when generating new projects, it still applies to older and upgraded projects so it is important to understand the issue and to ensure that only attributes that are intended to be modifiable are exposed."
11
-
12
- super({
13
- :name=>"Owasp Ror CheatSheet: Mass Assignement in model",
14
- :kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
15
- :applies=>["rails"],
16
- :glob=>"**/model/*.rb",
17
- :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
18
- :message=>message,
19
- :attack_pattern => ["attr_accessor"],
20
- :negative_search=>false,
21
- :avoid_comments=>true,
22
- :check_family=>:owasp_ror_cheatsheet,
23
- :severity=>:info,
24
- :evidences=>["In one or more of your models, you use attr_accessor attribute modifier. This is risky since it exposes you to a massive assignment vulnerability. You have to carefully handle how your model receive data by setting all attribute to attr_reader and using a setter method validating input before saving to database."],
25
- :mitigation=>"Avoid attr_accessor attribute modifier in your models. You must use attr_reader as modifier and carefully filter your inputs before passing to the database layer."
26
- })
27
- # @debug = true
28
- end
29
-
30
- end
31
- end
32
- end
33
- end
@@ -1,35 +0,0 @@
1
- module Dawn
2
- module Kb
3
- module OwaspRorCheatSheet
4
- class SecurityRelatedHeaders
5
- include PatternMatchCheck
6
-
7
- def initialize
8
- message = "To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the \"default_headers\" functionality that will automatically apply the values supplied. This works for most headers in almost all cases."
9
-
10
- super({
11
- :name=>"Owasp Ror CheatSheet: Security Related Headers",
12
- :kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
13
- :applies=>["rails"],
14
- :glob=>"**/controllers/*.rb",
15
- :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
16
- :message=>message,
17
- :attack_pattern => [
18
- "response.headers\\['X-Frame-Options'\\] = 'DENY'",
19
- "response.headers\\['X-Content-Type-Options'\\] = 'nosniff'",
20
- "response.headers\\['X-XSS-Protection'\\] = '1'",
21
- "ActionDispatch::Response.default_headers = {
22
- 'X-Frame-Options' => 'DENY',
23
- 'X-Content-Type-Options' => 'nosniff',
24
- 'X-XSS-Protection' => '1;'
25
- }"],
26
- :negative_search=>true,
27
- :check_family=>:owasp_ror_cheatsheet,
28
- :severity=>:info,
29
- :mitigation=>"Use response headers like X-Frame-Options, X-Content-Type-Options, X-XSS-Protection in your project."
30
- })
31
- end
32
- end
33
- end
34
- end
35
- end
@@ -1,29 +0,0 @@
1
- module Dawn
2
- module Kb
3
- module OwaspRorCheatSheet
4
-
5
- class SensitiveFiles
6
- include PatternMatchCheck
7
-
8
- def initialize
9
- message = "Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed."
10
-
11
- super({
12
- :name=>"Owasp Ror CheatSheet: Sensitive Files",
13
- :kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
14
- :applies=>["rails"],
15
- :glob=>".gitignore",
16
- :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
17
- :message=>message,
18
- :check_family=>:owasp_ror_cheatsheet,
19
- :severity=>:info,
20
- :attack_pattern => ["/config/database.yml", "/config/initializers/secret_token.rb", "/db/seeds.rb", "/db/*.sqlite3"],
21
- :mitigation=>"Put sensitive files in your repository gitignore file"
22
- })
23
- # @debug = true
24
-
25
- end
26
- end
27
- end
28
- end
29
- end
@@ -1,31 +0,0 @@
1
- module Dawn
2
- module Kb
3
- module OwaspRorCheatSheet
4
-
5
- class SessionStoredInDatabase
6
- include PatternMatchCheck
7
-
8
- def initialize
9
- message = "By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session."
10
-
11
- super({
12
- :name=>"Owasp Ror CheatSheet: Session management",
13
- :kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
14
- :applies=>["rails"],
15
- :glob=>"session_store.rb",
16
- :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
17
- :message=>message,
18
- :attack_pattern => ["Application.config.session_store :active_record_store", "Rails.application.config.session_store ActionDispatch::Session::CacheStore"],
19
- :negative_search=>true,
20
- :avoid_comments=>true,
21
- :check_family=>:owasp_ror_cheatsheet,
22
- :severity=>:info,
23
- :evidences=>["In your session_store.rb file you are not using ActiveRecord to store session data. This will let rails to use a cookie based session and it can expose your web application to a session replay attack."],
24
- :mitigation=>"Use ActiveRecord or the ORM you love most to handle your code session_store. Add \"Application.config.session_store :active_record_store\" to your session_store.rb file."
25
- })
26
- # @debug = true
27
- end
28
- end
29
- end
30
- end
31
- end
@@ -1,28 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2013-12-11
4
- class SimpleForm_Xss_20131129
5
- include DependencyCheck
6
-
7
- def initialize
8
- message = "There is a XSS vulnerability on Simple Form's label, hint and error options. When Simple Form creates a label, hint or error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the text of these helpers can be provided by the users, malicious values can be provided and Simple Form will mark it as safe."
9
-
10
- super({
11
- :name=>"Simple Form XSS - 20131129",
12
- :cvss=>"none",
13
- :release_date => Date.new(2013, 11, 29),
14
- :cwe=>"",
15
- :owasp=>"A9",
16
- :applies=>["rails", "padrino", "sinatra"],
17
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
18
- :message=>message,
19
- :mitigation=>"Please upgrade Simple Form the 3.0.1 and 2.1.1 releases are available at the normal locations.",
20
- :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/flHbLMb07tE"]
21
- })
22
-
23
- self.safe_dependencies = [{:name=>"simple_form", :version=>['3.0.1', '2.1.1']}]
24
-
25
- end
26
- end
27
- end
28
- end
@@ -1,245 +0,0 @@
1
- require 'singleton'
2
-
3
- # For HTTPS communication to check for KB updates and to fetch them
4
- require 'net/http'
5
- require 'uri'
6
-
7
- require 'yaml'
8
- require 'digest'
9
-
10
- module Dawn
11
- # This is the YAML powered experimental knowledge base
12
- #
13
- # When the old KB format, using Ruby classes will be marked as deprecated,
14
- # than this one will be the official.
15
- #
16
- # Dawnscanner KB will be a bunch of YAML file, stored in a hierachy of
17
- # directories resembling security checks family. A digital signature will be
18
- # also available to prevent KB tampering.
19
- #
20
- # This class will be accountable for:
21
- # + check for KB upgrade
22
- # + fetching the KB file from the Internet
23
- # + verifying the database signature
24
- # + reading YAML file, creating the security check array
25
- #
26
- # Another big change will be the MVC passed as constructor parameter, so only
27
- # the checks regarding the particular app, will be loaded in the security
28
- # check array. This should speed up BasicCheck internal routines.
29
- #
30
- # Class usage will be very simple. After getting the singleton instance, you
31
- # will load the KB content. The load method will be also responsible about
32
- # all relevant checks.
33
- #
34
- # Example
35
- #
36
- # require "dawn/knowledge_base_experimental"
37
- #
38
- # ...
39
- #
40
- # d = Dawn::KnowledgeBaseExperimental.instance
41
- # d.update if d.update?
42
- # d.load
43
- #
44
- # Last update: Fri Oct 7 08:03:43 CEST 2016
45
- class KnowledgeBaseExperimental
46
- include Dawn::Utils
47
- include Singleton
48
-
49
- GEM_CHECK = :rubygem_check
50
- DEPENDENCY_CHECK = :dependency_check
51
- PATTERN_MATCH_CHECK = :pattern_match_check
52
- RUBY_VERSION_CHECK = :ruby_version_check
53
- OS_CHECK = :os_check
54
- COMBO_CHECK = :combo_check
55
- CUSTOM_CHECK = :custom_check
56
-
57
- REMOTE_KB_URL_PREFIX = "https://dawnscanner.org/data/"
58
- FILES = %w(kb.yaml bulletin.tar.gz generic_check.tar.gz owasp_ror_cheatsheet.tar.gz code_style.tar.gz code_quality.tar.gz owasp_top_10.tar.gz signatures.tar.gz)
59
-
60
-
61
- attr_reader :security_checks
62
- attr_reader :descriptor
63
- attr_reader :path
64
-
65
- def initialize(options={})
66
- if $logger.nil?
67
- require 'dawn/logger'
68
- $logger = Logger.new(STDOUT)
69
- $logger.helo "knowledge-base-experimental", Dawn::VERSION
70
- end
71
- end
72
-
73
-
74
-
75
- def find(name)
76
- end
77
-
78
- def self.kb_descriptor
79
- {:kb=>{:version=>"0.0.1", :revision=>Time.now.strftime("%Y%m%d"), :api=>Dawn::VERSION}}.to_yaml
80
- end
81
-
82
- def update?
83
- FileUtils.mkdir_p("tmp")
84
- begin
85
- response = Net::HTTP.get URI(REMOTE_KB_URL_PREFIX + "kb.yaml")
86
- open("tmp/kb.yaml", "w") do |f|
87
- f.puts(response)
88
- end
89
- response = Net::HTTP.get URI(REMOTE_KB_URL_PREFIX + "kb.yaml.sig")
90
- open("tmp/kb.yaml.sig", "w") do |f|
91
- f.puts(response)
92
- end
93
- rescue Exception => e
94
- $logger.error e.to_s
95
- return false
96
- end
97
-
98
- # Verify kb.yaml signature
99
-
100
- YAML.load(response)
101
- end
102
-
103
- def all
104
- @security_checks
105
- end
106
-
107
- # Load security checks from db/ folder.
108
- #
109
- # options - The list of the options to be passed to KB. It can contain:
110
- # + enabled_checks: an array of security checks that must be enabled
111
- # [:generic_check, :code_quality, :bulletin, :code_style, :owasp_ror_cheatsheet, :owasp_top_10]
112
- # + mvc: the mvc name for the target application, in order for the KB to
113
- # deselect all security checks that don't fit the code to be
114
- # reviewed.
115
- # + path: the path for the KB root folder. Please note that #{Dir.pwd}/db
116
- # is the default location.
117
- #
118
- # Returns an array of security checks, matching the mvc to be reviewed and
119
- # the enabled check list or an empty array if an error occured.
120
- def load(options={})
121
- @security_checks = []
122
- $path = File.join(Dir.pwd, "db")
123
-
124
- enabled_checks = options[:enabled_checks] unless options[:enabled_checks].nil?
125
- mvc = options[:mvc] unless options[:mvc].nil?
126
- $path = options[:path] unless options[:path].nil?
127
-
128
- unless __valid?
129
- $logger.error "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
130
- return []
131
- end
132
-
133
- unless __load?
134
- $logger.error "The library must be consumed with dawnscanner up to v#{$descriptor["kb"]["api"]}. You are using dawnscanner v#{Dawn::VERSION}"
135
- return []
136
- end
137
-
138
- # TODO: untar and unzip from here (look for it in Google)
139
- if __packed?
140
- $logger.info "a packed knowledge base it has been found. Unpacking it"
141
- __unpack
142
- end
143
-
144
- enabled_checks.each do |d|
145
-
146
- dir = File.join($path, d)
147
-
148
- # Please note that if we enter in this branch, it means someone
149
- # tampered the KB between the previous __valid? check and this point.
150
- # Of course this is a very rare situation, but we must handle it.
151
- unless Dir.exists?(dir)
152
- $logger.critical "Missing check directory #{dir}"
153
- $logger.error "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
154
- return []
155
- end
156
-
157
- # Enumerate all YAML file in the give dir
158
-
159
- end
160
-
161
- end
162
-
163
- def dump(verbose=false)
164
- puts "Security checks currently supported:"
165
- i=0
166
- KnowledgeBaseExperimental.instance.all.each do |check|
167
- i+=1
168
- if verbose
169
- puts "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}"
170
- puts "Description\n#{check.message}"
171
- puts "Remediation\n#{check.remediation}\n\n"
172
- else
173
- puts "#{check.name}"
174
- end
175
- end
176
- puts "-----\nTotal: #{i}"
177
-
178
- end
179
-
180
- private
181
-
182
- def __verify_hash(original, computed)
183
- t=original.split(' ')
184
- return false if t.length != 2
185
- return (t[0] == computed)
186
- end
187
-
188
- def __valid?
189
-
190
- lines = ""
191
-
192
- unless File.exists?(File.join($path, "kb.yaml"))
193
- $logger.error "Missing kb.yaml in #{path}. Giving up"
194
- return false
195
- end
196
-
197
- unless File.exists?(File.join($path, "kb.yaml.sig"))
198
- $logger.error "Missing kb.yaml signature in #{path}. Giving up"
199
- return false
200
- end
201
-
202
- lines = File.read(File.join($path, "kb.yaml"))
203
- hash_file = Digest::SHA256.hexdigest lines
204
- hash_orig = File.read(File.join($path, "kb.yaml.sig"))
205
-
206
- v = __verify_hash(hash_orig, hash_file)
207
- if v
208
- $logger.info("good kb.yaml file found. Reading knowledge base descriptor")
209
- @descriptor = YAML.load(lines)
210
- else
211
- $logger.error("kb.yaml signature mismatch. Found #{hash_file} while expecting #{hash_orig}. Giving up")
212
- return false
213
- end
214
-
215
- return true
216
- end
217
-
218
- # Check if the local KB is packet or not.
219
- #
220
- # Returns true if at least one KB tarball file it has been found in the
221
- # local DB path
222
- def __packed?
223
- FILES.each do |fn|
224
- return true if fn.end_with? 'tar.gz' and File.exists?(File.join($path, fn))
225
- end
226
- return false
227
- end
228
-
229
- def __unpack
230
-
231
- end
232
-
233
- def __load?
234
- api = $descriptor["kb"]["api"]
235
- v = Dawn::VERSION
236
- require "dawn/kb/version_check"
237
-
238
- vc = VersionCheck.new
239
- return true if vc.is_higher?(api, v) # => true if v > api
240
- return false
241
- end
242
-
243
-
244
- end
245
- end
@@ -1,35 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2011-2705 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2011_2705.new
5
- # @check.debug = true
6
- end
7
- it "fires when ruby 1.8.7-p351 is detected" do
8
- @check.detected_ruby ={:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p351"}
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "fires when ruby 1.9.0 any patchlevel is detected" do
12
- @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p351"}
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "fires when ruby 1.9.1 any patchlevel is detected" do
16
- @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.1", :patchlevel=>"p351"}
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "fires when ruby 1.9.2-p289 is detected" do
20
- @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"p289"}
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "doesn't fire when ruby 1.8.7-p352 is detected" do
24
- @check.detected_ruby ={:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p352"}
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "doesn't fire when ruby 1.9.2-p290 is detected" do
28
- @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"p290"}
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "doesn't fire when ruby 1.9.3-p290 is detected" do
32
- @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p290"}
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- end