dawnscanner 1.6.8 → 2.0.0.rc4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (387) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +27 -1
  5. data/LICENSE.txt +1 -1
  6. data/README.md +59 -57
  7. data/Rakefile +10 -242
  8. data/Roadmap.md +15 -23
  9. data/VERSION +1 -1
  10. data/bin/dawn +17 -273
  11. data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
  12. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  13. data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
  14. data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
  15. data/dawnscanner.gemspec +10 -9
  16. data/doc/change.sh +13 -0
  17. data/doc/kickstart_kb.tar.gz +0 -0
  18. data/doc/knowledge_base.rb +650 -0
  19. data/docs/.placeholder +0 -0
  20. data/docs/CNAME +1 -0
  21. data/docs/_config.yml +1 -0
  22. data/lib/dawn/cli/dawn_cli.rb +139 -0
  23. data/lib/dawn/core.rb +8 -7
  24. data/lib/dawn/engine.rb +93 -34
  25. data/lib/dawn/gemfile_lock.rb +2 -2
  26. data/lib/dawn/kb/basic_check.rb +1 -2
  27. data/lib/dawn/kb/combo_check.rb +1 -1
  28. data/lib/dawn/kb/dependency_check.rb +1 -1
  29. data/lib/dawn/kb/operating_system_check.rb +1 -1
  30. data/lib/dawn/kb/pattern_match_check.rb +10 -9
  31. data/lib/dawn/kb/ruby_version_check.rb +11 -10
  32. data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
  33. data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
  34. data/lib/dawn/kb/version_check.rb +41 -24
  35. data/lib/dawn/knowledge_base.rb +259 -595
  36. data/lib/dawn/reporter.rb +2 -1
  37. data/lib/dawn/utils.rb +5 -2
  38. data/lib/dawn/version.rb +5 -5
  39. data/lib/dawnscanner.rb +7 -6
  40. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
  41. data/spec/lib/kb/dependency_check.yml +29 -0
  42. metadata +30 -496
  43. checksums.yaml.gz.sig +0 -0
  44. data.tar.gz.sig +0 -0
  45. data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
  46. data/lib/dawn/kb/cve_2004_0755.rb +0 -33
  47. data/lib/dawn/kb/cve_2004_0983.rb +0 -31
  48. data/lib/dawn/kb/cve_2005_1992.rb +0 -31
  49. data/lib/dawn/kb/cve_2005_2337.rb +0 -33
  50. data/lib/dawn/kb/cve_2006_1931.rb +0 -30
  51. data/lib/dawn/kb/cve_2006_2582.rb +0 -28
  52. data/lib/dawn/kb/cve_2006_3694.rb +0 -31
  53. data/lib/dawn/kb/cve_2006_4112.rb +0 -27
  54. data/lib/dawn/kb/cve_2006_5467.rb +0 -28
  55. data/lib/dawn/kb/cve_2006_6303.rb +0 -28
  56. data/lib/dawn/kb/cve_2006_6852.rb +0 -27
  57. data/lib/dawn/kb/cve_2006_6979.rb +0 -29
  58. data/lib/dawn/kb/cve_2007_0469.rb +0 -29
  59. data/lib/dawn/kb/cve_2007_5162.rb +0 -28
  60. data/lib/dawn/kb/cve_2007_5379.rb +0 -27
  61. data/lib/dawn/kb/cve_2007_5380.rb +0 -29
  62. data/lib/dawn/kb/cve_2007_5770.rb +0 -30
  63. data/lib/dawn/kb/cve_2007_6077.rb +0 -31
  64. data/lib/dawn/kb/cve_2007_6612.rb +0 -30
  65. data/lib/dawn/kb/cve_2008_1145.rb +0 -38
  66. data/lib/dawn/kb/cve_2008_1891.rb +0 -38
  67. data/lib/dawn/kb/cve_2008_2376.rb +0 -30
  68. data/lib/dawn/kb/cve_2008_2662.rb +0 -33
  69. data/lib/dawn/kb/cve_2008_2663.rb +0 -32
  70. data/lib/dawn/kb/cve_2008_2664.rb +0 -33
  71. data/lib/dawn/kb/cve_2008_2725.rb +0 -31
  72. data/lib/dawn/kb/cve_2008_3655.rb +0 -37
  73. data/lib/dawn/kb/cve_2008_3657.rb +0 -37
  74. data/lib/dawn/kb/cve_2008_3790.rb +0 -30
  75. data/lib/dawn/kb/cve_2008_3905.rb +0 -36
  76. data/lib/dawn/kb/cve_2008_4094.rb +0 -27
  77. data/lib/dawn/kb/cve_2008_4310.rb +0 -100
  78. data/lib/dawn/kb/cve_2008_5189.rb +0 -27
  79. data/lib/dawn/kb/cve_2008_7248.rb +0 -27
  80. data/lib/dawn/kb/cve_2009_4078.rb +0 -29
  81. data/lib/dawn/kb/cve_2009_4124.rb +0 -30
  82. data/lib/dawn/kb/cve_2009_4214.rb +0 -27
  83. data/lib/dawn/kb/cve_2010_1330.rb +0 -28
  84. data/lib/dawn/kb/cve_2010_2489.rb +0 -60
  85. data/lib/dawn/kb/cve_2010_3933.rb +0 -27
  86. data/lib/dawn/kb/cve_2011_0188.rb +0 -67
  87. data/lib/dawn/kb/cve_2011_0446.rb +0 -28
  88. data/lib/dawn/kb/cve_2011_0447.rb +0 -28
  89. data/lib/dawn/kb/cve_2011_0739.rb +0 -28
  90. data/lib/dawn/kb/cve_2011_0995.rb +0 -61
  91. data/lib/dawn/kb/cve_2011_1004.rb +0 -34
  92. data/lib/dawn/kb/cve_2011_1005.rb +0 -31
  93. data/lib/dawn/kb/cve_2011_2197.rb +0 -27
  94. data/lib/dawn/kb/cve_2011_2686.rb +0 -29
  95. data/lib/dawn/kb/cve_2011_2705.rb +0 -32
  96. data/lib/dawn/kb/cve_2011_2929.rb +0 -27
  97. data/lib/dawn/kb/cve_2011_2930.rb +0 -28
  98. data/lib/dawn/kb/cve_2011_2931.rb +0 -30
  99. data/lib/dawn/kb/cve_2011_2932.rb +0 -27
  100. data/lib/dawn/kb/cve_2011_3009.rb +0 -28
  101. data/lib/dawn/kb/cve_2011_3186.rb +0 -29
  102. data/lib/dawn/kb/cve_2011_3187.rb +0 -29
  103. data/lib/dawn/kb/cve_2011_4319.rb +0 -30
  104. data/lib/dawn/kb/cve_2011_4815.rb +0 -28
  105. data/lib/dawn/kb/cve_2011_5036.rb +0 -26
  106. data/lib/dawn/kb/cve_2012_1098.rb +0 -30
  107. data/lib/dawn/kb/cve_2012_1099.rb +0 -27
  108. data/lib/dawn/kb/cve_2012_1241.rb +0 -27
  109. data/lib/dawn/kb/cve_2012_2139.rb +0 -26
  110. data/lib/dawn/kb/cve_2012_2140.rb +0 -27
  111. data/lib/dawn/kb/cve_2012_2660.rb +0 -28
  112. data/lib/dawn/kb/cve_2012_2661.rb +0 -27
  113. data/lib/dawn/kb/cve_2012_2671.rb +0 -28
  114. data/lib/dawn/kb/cve_2012_2694.rb +0 -30
  115. data/lib/dawn/kb/cve_2012_2695.rb +0 -27
  116. data/lib/dawn/kb/cve_2012_3424.rb +0 -29
  117. data/lib/dawn/kb/cve_2012_3463.rb +0 -27
  118. data/lib/dawn/kb/cve_2012_3464.rb +0 -27
  119. data/lib/dawn/kb/cve_2012_3465.rb +0 -26
  120. data/lib/dawn/kb/cve_2012_4464.rb +0 -27
  121. data/lib/dawn/kb/cve_2012_4466.rb +0 -27
  122. data/lib/dawn/kb/cve_2012_4481.rb +0 -26
  123. data/lib/dawn/kb/cve_2012_4522.rb +0 -27
  124. data/lib/dawn/kb/cve_2012_5370.rb +0 -27
  125. data/lib/dawn/kb/cve_2012_5371.rb +0 -27
  126. data/lib/dawn/kb/cve_2012_5380.rb +0 -28
  127. data/lib/dawn/kb/cve_2012_6109.rb +0 -25
  128. data/lib/dawn/kb/cve_2012_6134.rb +0 -27
  129. data/lib/dawn/kb/cve_2012_6496.rb +0 -28
  130. data/lib/dawn/kb/cve_2012_6497.rb +0 -28
  131. data/lib/dawn/kb/cve_2012_6684.rb +0 -28
  132. data/lib/dawn/kb/cve_2013_0155.rb +0 -29
  133. data/lib/dawn/kb/cve_2013_0156.rb +0 -27
  134. data/lib/dawn/kb/cve_2013_0162.rb +0 -28
  135. data/lib/dawn/kb/cve_2013_0175.rb +0 -27
  136. data/lib/dawn/kb/cve_2013_0183.rb +0 -25
  137. data/lib/dawn/kb/cve_2013_0184.rb +0 -25
  138. data/lib/dawn/kb/cve_2013_0233.rb +0 -26
  139. data/lib/dawn/kb/cve_2013_0256.rb +0 -59
  140. data/lib/dawn/kb/cve_2013_0262.rb +0 -26
  141. data/lib/dawn/kb/cve_2013_0263.rb +0 -26
  142. data/lib/dawn/kb/cve_2013_0269.rb +0 -27
  143. data/lib/dawn/kb/cve_2013_0276.rb +0 -28
  144. data/lib/dawn/kb/cve_2013_0277.rb +0 -25
  145. data/lib/dawn/kb/cve_2013_0284.rb +0 -27
  146. data/lib/dawn/kb/cve_2013_0285.rb +0 -27
  147. data/lib/dawn/kb/cve_2013_0333.rb +0 -28
  148. data/lib/dawn/kb/cve_2013_0334.rb +0 -25
  149. data/lib/dawn/kb/cve_2013_1607.rb +0 -25
  150. data/lib/dawn/kb/cve_2013_1655.rb +0 -65
  151. data/lib/dawn/kb/cve_2013_1656.rb +0 -28
  152. data/lib/dawn/kb/cve_2013_1756.rb +0 -26
  153. data/lib/dawn/kb/cve_2013_1800.rb +0 -26
  154. data/lib/dawn/kb/cve_2013_1801.rb +0 -27
  155. data/lib/dawn/kb/cve_2013_1802.rb +0 -27
  156. data/lib/dawn/kb/cve_2013_1812.rb +0 -27
  157. data/lib/dawn/kb/cve_2013_1821.rb +0 -28
  158. data/lib/dawn/kb/cve_2013_1854.rb +0 -26
  159. data/lib/dawn/kb/cve_2013_1855.rb +0 -25
  160. data/lib/dawn/kb/cve_2013_1856.rb +0 -26
  161. data/lib/dawn/kb/cve_2013_1857.rb +0 -27
  162. data/lib/dawn/kb/cve_2013_1875.rb +0 -27
  163. data/lib/dawn/kb/cve_2013_1898.rb +0 -27
  164. data/lib/dawn/kb/cve_2013_1911.rb +0 -28
  165. data/lib/dawn/kb/cve_2013_1933.rb +0 -27
  166. data/lib/dawn/kb/cve_2013_1947.rb +0 -27
  167. data/lib/dawn/kb/cve_2013_1948.rb +0 -27
  168. data/lib/dawn/kb/cve_2013_2065.rb +0 -29
  169. data/lib/dawn/kb/cve_2013_2090.rb +0 -28
  170. data/lib/dawn/kb/cve_2013_2105.rb +0 -26
  171. data/lib/dawn/kb/cve_2013_2119.rb +0 -27
  172. data/lib/dawn/kb/cve_2013_2512.rb +0 -26
  173. data/lib/dawn/kb/cve_2013_2513.rb +0 -25
  174. data/lib/dawn/kb/cve_2013_2516.rb +0 -26
  175. data/lib/dawn/kb/cve_2013_2615.rb +0 -27
  176. data/lib/dawn/kb/cve_2013_2616.rb +0 -27
  177. data/lib/dawn/kb/cve_2013_2617.rb +0 -28
  178. data/lib/dawn/kb/cve_2013_3221.rb +0 -27
  179. data/lib/dawn/kb/cve_2013_4164.rb +0 -30
  180. data/lib/dawn/kb/cve_2013_4203.rb +0 -25
  181. data/lib/dawn/kb/cve_2013_4389.rb +0 -26
  182. data/lib/dawn/kb/cve_2013_4413.rb +0 -27
  183. data/lib/dawn/kb/cve_2013_4457.rb +0 -29
  184. data/lib/dawn/kb/cve_2013_4478.rb +0 -26
  185. data/lib/dawn/kb/cve_2013_4479.rb +0 -26
  186. data/lib/dawn/kb/cve_2013_4489.rb +0 -28
  187. data/lib/dawn/kb/cve_2013_4491.rb +0 -29
  188. data/lib/dawn/kb/cve_2013_4492.rb +0 -29
  189. data/lib/dawn/kb/cve_2013_4562.rb +0 -27
  190. data/lib/dawn/kb/cve_2013_4593.rb +0 -27
  191. data/lib/dawn/kb/cve_2013_5647.rb +0 -29
  192. data/lib/dawn/kb/cve_2013_5671.rb +0 -26
  193. data/lib/dawn/kb/cve_2013_6414.rb +0 -30
  194. data/lib/dawn/kb/cve_2013_6415.rb +0 -29
  195. data/lib/dawn/kb/cve_2013_6416.rb +0 -29
  196. data/lib/dawn/kb/cve_2013_6417.rb +0 -30
  197. data/lib/dawn/kb/cve_2013_6421.rb +0 -28
  198. data/lib/dawn/kb/cve_2013_6459.rb +0 -28
  199. data/lib/dawn/kb/cve_2013_6460.rb +0 -53
  200. data/lib/dawn/kb/cve_2013_6461.rb +0 -57
  201. data/lib/dawn/kb/cve_2013_7086.rb +0 -27
  202. data/lib/dawn/kb/cve_2014_0036.rb +0 -27
  203. data/lib/dawn/kb/cve_2014_0080.rb +0 -29
  204. data/lib/dawn/kb/cve_2014_0081.rb +0 -27
  205. data/lib/dawn/kb/cve_2014_0082.rb +0 -27
  206. data/lib/dawn/kb/cve_2014_0130.rb +0 -27
  207. data/lib/dawn/kb/cve_2014_1233.rb +0 -27
  208. data/lib/dawn/kb/cve_2014_1234.rb +0 -26
  209. data/lib/dawn/kb/cve_2014_2322.rb +0 -28
  210. data/lib/dawn/kb/cve_2014_2525.rb +0 -59
  211. data/lib/dawn/kb/cve_2014_2538.rb +0 -26
  212. data/lib/dawn/kb/cve_2014_3482.rb +0 -28
  213. data/lib/dawn/kb/cve_2014_3483.rb +0 -28
  214. data/lib/dawn/kb/cve_2014_3916.rb +0 -29
  215. data/lib/dawn/kb/cve_2014_4975.rb +0 -28
  216. data/lib/dawn/kb/cve_2014_7818.rb +0 -27
  217. data/lib/dawn/kb/cve_2014_7819.rb +0 -31
  218. data/lib/dawn/kb/cve_2014_7829.rb +0 -30
  219. data/lib/dawn/kb/cve_2014_8090.rb +0 -30
  220. data/lib/dawn/kb/cve_2014_9490.rb +0 -29
  221. data/lib/dawn/kb/cve_2015_1819.rb +0 -34
  222. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
  223. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
  224. data/lib/dawn/kb/cve_2015_2963.rb +0 -27
  225. data/lib/dawn/kb/cve_2015_3224.rb +0 -26
  226. data/lib/dawn/kb/cve_2015_3225.rb +0 -28
  227. data/lib/dawn/kb/cve_2015_3226.rb +0 -27
  228. data/lib/dawn/kb/cve_2015_3227.rb +0 -28
  229. data/lib/dawn/kb/cve_2015_3448.rb +0 -29
  230. data/lib/dawn/kb/cve_2015_4020.rb +0 -34
  231. data/lib/dawn/kb/cve_2015_5312.rb +0 -30
  232. data/lib/dawn/kb/cve_2015_7497.rb +0 -32
  233. data/lib/dawn/kb/cve_2015_7498.rb +0 -32
  234. data/lib/dawn/kb/cve_2015_7499.rb +0 -32
  235. data/lib/dawn/kb/cve_2015_7500.rb +0 -32
  236. data/lib/dawn/kb/cve_2015_7519.rb +0 -31
  237. data/lib/dawn/kb/cve_2015_7541.rb +0 -31
  238. data/lib/dawn/kb/cve_2015_7576.rb +0 -35
  239. data/lib/dawn/kb/cve_2015_7577.rb +0 -34
  240. data/lib/dawn/kb/cve_2015_7578.rb +0 -30
  241. data/lib/dawn/kb/cve_2015_7579.rb +0 -30
  242. data/lib/dawn/kb/cve_2015_7581.rb +0 -33
  243. data/lib/dawn/kb/cve_2015_8241.rb +0 -32
  244. data/lib/dawn/kb/cve_2015_8242.rb +0 -32
  245. data/lib/dawn/kb/cve_2015_8317.rb +0 -32
  246. data/lib/dawn/kb/cve_2016_0751.rb +0 -32
  247. data/lib/dawn/kb/cve_2016_0752.rb +0 -35
  248. data/lib/dawn/kb/cve_2016_0753.rb +0 -31
  249. data/lib/dawn/kb/cve_2016_2097.rb +0 -35
  250. data/lib/dawn/kb/cve_2016_2098.rb +0 -35
  251. data/lib/dawn/kb/cve_2016_5697.rb +0 -30
  252. data/lib/dawn/kb/cve_2016_6316.rb +0 -33
  253. data/lib/dawn/kb/cve_2016_6317.rb +0 -32
  254. data/lib/dawn/kb/cve_2016_6582.rb +0 -43
  255. data/lib/dawn/kb/not_revised_code.rb +0 -22
  256. data/lib/dawn/kb/osvdb_105971.rb +0 -29
  257. data/lib/dawn/kb/osvdb_108530.rb +0 -27
  258. data/lib/dawn/kb/osvdb_108563.rb +0 -28
  259. data/lib/dawn/kb/osvdb_108569.rb +0 -28
  260. data/lib/dawn/kb/osvdb_108570.rb +0 -27
  261. data/lib/dawn/kb/osvdb_115654.rb +0 -33
  262. data/lib/dawn/kb/osvdb_116010.rb +0 -30
  263. data/lib/dawn/kb/osvdb_117903.rb +0 -30
  264. data/lib/dawn/kb/osvdb_118579.rb +0 -31
  265. data/lib/dawn/kb/osvdb_118830.rb +0 -32
  266. data/lib/dawn/kb/osvdb_118954.rb +0 -33
  267. data/lib/dawn/kb/osvdb_119878.rb +0 -32
  268. data/lib/dawn/kb/osvdb_119927.rb +0 -33
  269. data/lib/dawn/kb/osvdb_120415.rb +0 -31
  270. data/lib/dawn/kb/osvdb_120857.rb +0 -34
  271. data/lib/dawn/kb/osvdb_121701.rb +0 -30
  272. data/lib/dawn/kb/osvdb_132234.rb +0 -34
  273. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
  274. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
  275. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
  276. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
  277. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
  278. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
  279. data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
  280. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
  281. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
  282. data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
  283. data/lib/dawn/knowledge_base_experimental.rb +0 -245
  284. data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
  285. data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
  286. data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
  287. data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
  288. data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
  289. data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
  290. data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
  291. data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
  292. data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
  293. data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
  294. data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
  295. data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
  296. data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
  297. data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
  298. data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
  299. data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
  300. data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
  301. data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
  302. data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
  303. data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
  304. data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
  305. data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
  306. data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
  307. data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
  308. data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
  309. data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
  310. data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
  311. data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
  312. data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
  313. data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
  314. data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
  315. data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
  316. data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
  317. data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
  318. data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
  319. data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
  320. data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
  321. data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
  322. data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
  323. data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
  324. data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
  325. data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
  326. data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
  327. data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
  328. data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
  329. data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
  330. data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
  331. data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
  332. data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
  333. data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
  334. data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
  335. data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
  336. data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
  337. data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
  338. data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
  339. data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
  340. data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
  341. data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
  342. data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
  343. data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
  344. data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
  345. data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
  346. data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
  347. data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
  348. data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
  349. data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
  350. data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
  351. data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
  352. data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
  353. data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
  354. data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
  355. data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
  356. data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
  357. data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
  358. data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
  359. data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
  360. data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
  361. data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
  362. data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
  363. data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
  364. data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
  365. data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
  366. data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
  367. data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
  368. data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
  369. data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
  370. data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
  371. data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
  372. data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
  373. data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
  374. data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
  375. data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
  376. data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
  377. data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
  378. data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
  379. data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
  380. data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
  381. data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
  382. data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
  383. data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
  384. data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
  385. data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
  386. data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
  387. metadata.gz.sig +0 -0
data/docs/.placeholder ADDED
File without changes
data/docs/CNAME ADDED
@@ -0,0 +1 @@
1
+ www.dawnscanner.org
data/docs/_config.yml ADDED
@@ -0,0 +1 @@
1
+ theme: jekyll-theme-cayman
@@ -0,0 +1,139 @@
1
+ require 'thor'
2
+ require 'dawn/utils'
3
+
4
+ module Dawn
5
+ module Cli
6
+ # This class is responsible for the "dawn kb" command and related
7
+ # subcommands.
8
+ class Kb < Thor
9
+ package_name "dawnscanner"
10
+ desc "find", "Searches the knowledge base for a given security test"
11
+ def find(string)
12
+ kb = Dawn::KnowledgeBase.instance
13
+ kb.find(string)
14
+ end
15
+
16
+ desc "lint", "Checks knowledge base content for correcteness"
17
+ def lint
18
+ kb = Dawn::KnowledgeBase.instance
19
+ kb.load(true)
20
+ end
21
+
22
+ desc "unpack", "Unpacks security checks in KB library path"
23
+ def unpack
24
+ $logger.helo APPNAME, Dawn::VERSION
25
+ kb = Dawn::KnowledgeBase.instance
26
+ kb.unpack
27
+ $logger.bye
28
+ Kernel.exit(0)
29
+ end
30
+
31
+ desc "status", "Checks the status of the knowledge base"
32
+ def status
33
+ $logger.helo APPNAME, Dawn::VERSION
34
+ Dawn::KnowledgeBase.enabled_checks=[:bulletin, :generic_check]
35
+ kb = Dawn::KnowledgeBase.instance
36
+ kb.load
37
+ if kb.security_checks.empty?
38
+ $logger.error(kb.error)
39
+ end
40
+ $logger.info("" + kb.security_checks.count.to_s + " security checks loaded")
41
+ if kb.is_packed?
42
+ $logger.error "The knowledge base is packed. It must be unpacked with the 'unpack' command before it can be used"
43
+ end
44
+ $logger.bye
45
+ Kernel.exit(0)
46
+ end
47
+ end
48
+
49
+ class DawnCli < Thor
50
+ package_name "dawnscanner"
51
+ class_option :verbose, :type=>:boolean
52
+ class_option :debug, :type=>:boolean
53
+
54
+ map %w[--version -v] => :__print_version
55
+
56
+ desc "--version, -v", "Prints the dawnscanner version"
57
+ def __print_version
58
+ puts Dawn::VERSION
59
+ Kernel.exit(0)
60
+ end
61
+
62
+ desc "kb SUBCOMMAND ... ARGS", "Interacts with the knowledge base"
63
+ subcommand "kb", Dawn::Cli::Kb
64
+
65
+ desc "scan", "scans a ruby written web application for security issues"
66
+ method_option :config_file, :type=>:string, :default=>"", :aliases => "-c", :desc=>"tells dawn to load configuration from filename"
67
+ method_option :gemfile, :type=>:boolean, :default=>true, :aliases => "-G", :desc => "uses Gemfile.lock to detect MVC"
68
+ method_option :skip, :type=>:array, :aliases => "-S", :desc => "specify a list of security checks to be skipped"
69
+ method_option :report_format, :type=>:string, :aliases => "-F", :desc=>"specify the report format (text, html, json). Default is plain text files."
70
+ method_option :exit_on_warn, :type=>:boolean, :default=>false, :aliases => "-z", :desc =>"return number of found vulnerabilities as exit code"
71
+ method_option :count, :type=>:boolean, :default=>false, :aliases => "-C", :desc=>"count vulnerabilities (useful for scripts)"
72
+ method_option :output, :type=>:string, :aliases => "-O", :desc=>"write output to a file with the name specified by the parameter"
73
+ method_option :dependencies, :type=>:boolean, :default=>false, :aliases => "-d", :desc=>"scan only for vulnerabilities affecting dependencies in Gemfile.lock"
74
+
75
+ def scan(target)
76
+ $logger.helo APPNAME, Dawn::VERSION
77
+ trap("INT") { $logger.die('[INTERRUPTED]') }
78
+
79
+ $logger.die("invalid directory (#{target})") unless Dawn::Core.is_good_target?(target)
80
+
81
+ $debug = true if options[:debug]
82
+ $verbose = true if options[:verbose]
83
+ checks_to_be_skipped = []
84
+ checks_to_be_skipped = options[:skip] unless options[:skip].nil?
85
+
86
+ debug_me("scanning #{target}")
87
+
88
+ $config_file= Dawn::Core.find_conf(true) if options[:config_file].nil?
89
+ $config = Dawn::Core.read_conf($config_file)
90
+
91
+ debug_me($config)
92
+
93
+ $telemetry_url = $config[:telemetry][:endpoint] if $config[:telemetry][:enabled]
94
+ debug_me("telemetry url is " + $telemetry_url) unless @telemetry_url.nil?
95
+
96
+ $telemetry_id = $config[:telemetry][:id] if $config[:telemetry][:enabled]
97
+ debug_me("telemetry id is " + $telemetry_id) unless @telemetry_id.nil?
98
+
99
+ debug_me("telemetry is disabled in config file") unless $config[:telemetry][:enabled]
100
+
101
+ engine = Dawn::Core.detect_mvc(target) unless options[:gemfile]
102
+ engine = Dawn::GemfileLock.new(target) if options[:gemfile]
103
+
104
+ if engine.nil?
105
+ $logger.error("MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues")
106
+ $logger.die('ruby framework auto detect failed.')
107
+ end
108
+
109
+ if options[:exit_on_warn]
110
+ Kernel.at_exit do
111
+ if engine.count_vulnerabilities != 0
112
+ Kernel.exit(engine.count_vulnerabilities)
113
+ end
114
+ end
115
+ end
116
+
117
+
118
+ engine.load_knowledge_base
119
+
120
+ ret = engine.apply_all(checks_to_be_skipped)
121
+
122
+
123
+ if options[:report_format] and options[:report_format].eql? "json"
124
+ STDERR.puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json
125
+ $logger.bye
126
+ Kernel.exit(0)
127
+ end
128
+
129
+ $logger.info("#{engine.count_vulnerabilities} issues found")
130
+
131
+ Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret}).report
132
+ $logger.bye
133
+
134
+ Kernel.exit(0)
135
+
136
+ end
137
+ end
138
+ end
139
+ end
data/lib/dawn/core.rb CHANGED
@@ -24,9 +24,6 @@ module Dawn
24
24
  puts "\t$ dawn -C --json a_sinatra_webapp_directory"
25
25
  puts "\t$ dawn --ascii-tabular-report my_rails_blog_ecommerce"
26
26
  puts "\t$ dawn --html -F my_report.html my_rails_blog_ecommerce"
27
- printf "\n -r, --rails\t\t\t\t\tforce dawn to consider the target a rails application (DEPRECATED)"
28
- printf "\n -s, --sinatra\t\t\t\tforce dawn to consider the target a sinatra application (DEPRECATED)"
29
- printf "\n -p, --padrino\t\t\t\tforce dawn to consider the target a padrino application (DEPRECATED)"
30
27
  printf "\n -G, --gem-lock\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock (DEPRECATED)"
31
28
  printf "\n -d, --dependencies\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock"
32
29
  printf "\n\nReporting\n"
@@ -115,6 +112,7 @@ module Dawn
115
112
  fn = p + conf_name if p.start_with?('/')
116
113
  # if outside $HOME the config file must be hidden
117
114
  fn = File.expand_path(p) + '/.'+conf_name if ! p.start_with?('/')
115
+ debug_me("found a config file: " + fn) if File.exist?(fn)
118
116
  return fn if File.exist?(fn)
119
117
  end
120
118
 
@@ -125,7 +123,7 @@ module Dawn
125
123
 
126
124
  # If create_if_none flag is set to true, than I'll create a config file
127
125
  # on the current directory with the default configuration.
128
- conf = {"config"=>{:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}}
126
+ conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES, :telemetry=>{:enabled=>false, :endpoint=>"", :id=>""}}
129
127
 
130
128
  # Calculate the conf file path
131
129
  conf_path = File.expand_path('~') +'/.'+conf_name
@@ -134,13 +132,15 @@ module Dawn
134
132
  File.open(conf_path, 'w') do |f|
135
133
  rv = f.write(YAML.dump(conf))
136
134
  end
135
+ debug_me(conf_path)
137
136
 
138
137
  conf_path
139
138
  end
140
139
 
141
140
  def self.read_conf(file=nil)
142
- conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
141
+ conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES, :telemetry=>{:enabled=>false, :endpoint=>"", :id=>""}}
143
142
  begin
143
+ debug_me("returning a default config") if file.nil? or ! File.exist?(file)
144
144
  return conf if file.nil?
145
145
  file = file.chop if (not file.nil? and file.end_with? '/')
146
146
  return conf if ! File.exist?(file)
@@ -149,9 +149,9 @@ module Dawn
149
149
  return conf
150
150
  end
151
151
 
152
- c = YAML.load_file(file)
152
+ cf = YAML.load_file(file)
153
153
 
154
- cf = c["config"]
154
+ tm = cf[:telemetry]
155
155
  cc = cf[:enabled_checks]
156
156
 
157
157
  # TODO
@@ -160,6 +160,7 @@ module Dawn
160
160
  conf[:debug] = cf["debug"] unless cf["debug"].nil?
161
161
  conf[:output] = cf["output"] unless cf["output"].nil?
162
162
  conf[:enabled_checks] = cc unless cc.nil?
163
+ conf[:telemetry] = tm unless tm.nil?
163
164
 
164
165
  return conf
165
166
  end
data/lib/dawn/engine.rb CHANGED
@@ -1,9 +1,11 @@
1
+ require 'net/http'
2
+ require 'json'
3
+ require 'socket'
1
4
  # Statistics stuff
2
5
  # require 'code_metrics/statistics'
3
6
 
4
7
  module Dawn
5
8
  module Engine
6
- include Dawn::Utils
7
9
 
8
10
  attr_reader :target
9
11
  attr_reader :name
@@ -37,7 +39,7 @@ module Dawn
37
39
  attr_reader :controllers
38
40
 
39
41
  # Models I don't know right now. Let them initialized as Array... we
40
- # will see later
42
+ # will see later
41
43
  attr_reader :models
42
44
 
43
45
  attr_accessor :debug
@@ -61,15 +63,16 @@ module Dawn
61
63
  @applied = []
62
64
  @reflected_xss = []
63
65
  @engine_error = false
64
- @debug = false
65
- @debug = options[:debug] unless options[:debug].nil?
66
66
  @applied_checks = 0
67
67
  @skipped_checks = 0
68
68
  @gemfile_lock_sudo = false
69
69
 
70
70
  set_target(dir) unless dir.nil?
71
+
72
+
73
+
71
74
  @ruby_version = get_ruby_version if dir.nil?
72
- @gemfile_lock = options[:gemfile_name] unless options[:gemfile_name].nil?
75
+ @gemfile_lock = options[:gemfile_name] unless options[:gemfile_name].nil?
73
76
 
74
77
  # @stats = gather_statistics
75
78
 
@@ -83,16 +86,15 @@ module Dawn
83
86
  require 'logger'
84
87
  $logger = Logger.new(STDOUT)
85
88
  $logger.helo "dawn-engine", Dawn::VERSION
86
-
87
89
  end
88
90
  $logger.warn "pattern matching security checks are disabled for Gemfile.lock scan" if @name == "Gemfile.lock"
89
91
  $logger.warn "combo security checks are disabled for Gemfile.lock scan" if @name == "Gemfile.lock"
90
- debug_me "engine is in debug mode"
92
+ debug_me "engine is in debug mode"
91
93
 
92
94
  if @name == "Gemfile.lock" && ! options[:guessed_mvc].nil?
93
95
  # since all checks relies on @name a Gemfile.lock engine must
94
96
  # impersonificate the engine for the mvc it was detected
95
- debug_me "now I'm switching my name from #{@name} to #{options[:guessed_mvc][:name]}"
97
+ debug_me "now I'm switching my name from #{@name} to #{options[:guessed_mvc][:name]}"
96
98
  $logger.err "there are no connected gems... it seems Gemfile.lock parsing failed" if options[:guessed_mvc][:connected_gems].empty?
97
99
  @name = options[:guessed_mvc][:name]
98
100
  @mvc_version = options[:guessed_mvc][:version]
@@ -109,6 +111,8 @@ module Dawn
109
111
  # load_knowledge_base
110
112
  end
111
113
 
114
+
115
+
112
116
  def detect_views
113
117
  []
114
118
  end
@@ -121,10 +125,10 @@ module Dawn
121
125
 
122
126
  def build_view_array(dir)
123
127
 
124
- return [] unless File.exist?(dir) and File.directory?(dir)
128
+ return [] unless File.exist?(dir) and File.directory?(dir)
125
129
 
126
130
  ret = []
127
- Dir.glob(File.join("#{dir}", "*")).each do |filename|
131
+ Dir.glob(File.join("#{dir}", "*")).each do |filename|
128
132
  ret << {:filename=>filename, :language=>:haml} if File.extname(filename) == ".haml"
129
133
  end
130
134
 
@@ -147,9 +151,9 @@ module Dawn
147
151
  # does the target use rvm?
148
152
  ver = get_rvm_ruby_ver if ver[:version].empty? && ver[:patchlevel].empty?
149
153
  # take the running ruby otherwise
150
- ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} if ver[:version].empty? && ver[:patchlevel].empty?
154
+ ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} if ver[:version].empty? && ver[:patchlevel].empty?
151
155
  else
152
- ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"}
156
+ ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"}
153
157
 
154
158
  end
155
159
 
@@ -169,13 +173,11 @@ module Dawn
169
173
 
170
174
  def load_knowledge_base(enabled_checks=[])
171
175
  debug_me("load_knowledge_base called. Enabled checks are: #{enabled_checks}")
172
- if @name == "Gemfile.lock"
173
- @checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all if @force.empty?
174
- @checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@force) unless @force.empty?
175
- else
176
- @checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@name)
177
176
 
178
- end
177
+ Dawn::KnowledgeBase.enabled_checks=[:bulletin, :generic_check]
178
+ kb = Dawn::KnowledgeBase.instance
179
+
180
+ @checks=kb.load
179
181
  debug_me("#{@checks.count} checks loaded")
180
182
  @checks
181
183
  end
@@ -188,13 +190,13 @@ module Dawn
188
190
  return ver unless has_gemfile_lock?
189
191
 
190
192
  my_dir = Dir.pwd
191
- Dir.chdir(@target)
193
+ Dir.chdir(@target)
192
194
  lockfile = Bundler::LockfileParser.new(Bundler.read_file("Gemfile.lock"))
193
195
  lockfile.specs.each do |s|
194
196
  # detecting MVC version using @name in case of sinatra, padrino or rails engine
195
- ver= s.version.to_s if s.name == @name && @name != "Gemfile.lock"
197
+ ver= s.version.to_s if s.name == @name && @name != "Gemfile.lock"
196
198
  # detecting MVC version using @force in case of Gemfile.lock engine
197
- ver= s.version.to_s if s.name == @force.to_s && @name == "Gemfile.lock"
199
+ ver= s.version.to_s if s.name == @force.to_s && @name == "Gemfile.lock"
198
200
  @connected_gems << {:name=>s.name, :version=>s.version.to_s}
199
201
  end
200
202
  Dir.chdir(my_dir)
@@ -267,6 +269,8 @@ module Dawn
267
269
  # otherwise
268
270
  def apply(name)
269
271
 
272
+ telemetry
273
+
270
274
  # FIXME.20140325
271
275
  # Now if no checks are loaded because knowledge base was not previously called, apply and apply_all proudly refuse to run.
272
276
  # Reason is simple, load_knowledge_base now needs enabled check array
@@ -288,31 +292,85 @@ module Dawn
288
292
  false
289
293
  end
290
294
 
291
- def apply_all
295
+ def have_a_telemetry_id?
296
+ debug_me ($telemetry_id != "" and ! $telemetry_id.nil?)
297
+ return ($telemetry_id != "" and ! $telemetry_id.nil?)
298
+
299
+ end
300
+
301
+ def get_a_telemetry_id
302
+ return "" if ($telemetry_url == "" or $telemetry_url.nil?)
303
+ debug_me("T: " + $telemetry_url)
304
+
305
+ url = URI.parse($telemetry_url+"/new")
306
+ res = Net::HTTP.get_response(url)
307
+
308
+ return "" unless res.code.to_i == 200
309
+ return JSON.parse(res.body)["uuid"]
310
+ end
311
+
312
+ def telemetry
313
+ unless $config[:telemetry][:enabled]
314
+ debug_me("telemetry is disabled")
315
+ return false
316
+ end
317
+
318
+ unless have_a_telemetry_id?
319
+ $telemetry_id = get_a_telemetry_id
320
+ $config[:telemetry][:id] = $telemetry_id
321
+ debug_me($config)
322
+ debug_me("saving config to " + $config_name)
323
+ File.open($config_name, 'w') { |f| f.write $config.to_yaml }
324
+ end
325
+
326
+ debug_me("Telemetry ID is: " + $telemetry_id)
327
+
328
+ uri=URI.parse($telemetry_url+"/"+$telemetry_id)
329
+ header = {'Content-Type': 'text/json'}
330
+ tele = { "kb_version" => Dawn::KnowledgeBase::VERSION ,
331
+ "ip" => Socket.ip_address_list.detect{|intf| intf.ipv4_private?}.ip_address,
332
+ "message"=> Dawn::KnowledgeBase
333
+ }
334
+ http = Net::HTTP.new(uri.host, uri.port)
335
+ request = Net::HTTP::Post.new(uri.request_uri, header)
336
+ request.body = tele.to_json
337
+
338
+ begin
339
+ response=http.request(request)
340
+ debug_me(response.inspect)
341
+ return true
342
+ rescue => e
343
+ $logger.error "telemetry: #{e.message}"
344
+ return false
345
+ end
346
+ end
347
+
348
+ def apply_all(checks_to_be_skipped=[])
292
349
  @scan_start = Time.now
350
+ debug_me("I'm asked to skip those checks #{checks_to_be_skipped}")
293
351
  debug_me("SCAN STARTED: #{@scan_start}")
294
352
 
295
- # FIXME.20140325
296
- # Now if no checks are loaded because knowledge base was not previously called, apply and apply_all proudly refuse to run.
297
- # Reason is simple, load_knowledge_base now needs enabled check array
298
- # and I don't want to pollute engine API to propagate this value. It's
299
- # a param to load_knowledge_base and then bin/dawn calls it
300
- # accordingly.
301
- # load_knowledge_base if @checks.nil?
353
+ telemetry
354
+
302
355
  if @checks.nil?
303
- $logger.err "you must load knowledge base before trying to apply security checks"
356
+ $logger.error "you must load knowledge base before trying to apply security checks"
304
357
  @scan_stop = Time.now
305
358
  debug_me("SCAN STOPPED: #{@scan_stop}")
306
359
  return false
307
360
  end
308
361
  if @checks.empty?
362
+ $logger.warn "no security checks found. This is strange"
309
363
  @scan_stop = Time.now
310
364
  debug_me("SCAN STOPPED: #{@scan_stop}")
311
365
  return false
312
366
  end
313
367
 
314
368
  @checks.each do |check|
315
- _do_apply(check)
369
+ if checks_to_be_skipped.include?(check.name)
370
+ $logger.info("skipping security check #{check.name}")
371
+ else
372
+ _do_apply(check)
373
+ end
316
374
  end
317
375
 
318
376
  @scan_stop = Time.now
@@ -373,18 +431,19 @@ module Dawn
373
431
  def get_rvm_ruby_ver
374
432
  return {:version=>"", :patchlevel=>""} unless File.exist?(File.join(@target, ".ruby-version"))
375
433
  hash = File.read(File.join(@target, '.ruby-version')).split('-')
376
- return {:version=>hash[0], :patchlevel=>hash[1]}
434
+ return {:version=>hash[0].chop, :patchlevel=>hash[1]}
377
435
  end
378
436
  def _do_apply(check)
379
437
  unless ((check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Dawn::KnowledgeBase::COMBO_CHECK ) && @gemfile_lock_sudo)
380
438
 
381
439
  @applied << { :name => name }
382
- debug_me "applying check #{check.name}"
440
+ debug_me "applying check #{check.name} - #{check.kind}"
383
441
  @applied_checks += 1
384
442
 
385
443
  check.ruby_version = @ruby_version[:version]
386
444
  check.detected_ruby = @ruby_version if check.kind == Dawn::KnowledgeBase::RUBY_VERSION_CHECK
387
- check.dependencies = self.connected_gems if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK
445
+ check.dependencies = self.connected_gems if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK or
446
+ check.kind == Dawn::KnowledgeBase::UNSAFE_DEPENDENCY_CHECK
388
447
  check.root_dir = self.target if check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
389
448
  check.options = {:detected_ruby => self.ruby_version,
390
449
  :dependencies => self.connected_gems,