dawnscanner 1.6.8 → 2.0.0.rc4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.ruby-version +1 -1
- data/Changelog.md +27 -1
- data/LICENSE.txt +1 -1
- data/README.md +59 -57
- data/Rakefile +10 -242
- data/Roadmap.md +15 -23
- data/VERSION +1 -1
- data/bin/dawn +17 -273
- data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
- data/dawnscanner.gemspec +10 -9
- data/doc/change.sh +13 -0
- data/doc/kickstart_kb.tar.gz +0 -0
- data/doc/knowledge_base.rb +650 -0
- data/docs/.placeholder +0 -0
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/lib/dawn/cli/dawn_cli.rb +139 -0
- data/lib/dawn/core.rb +8 -7
- data/lib/dawn/engine.rb +93 -34
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -2
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/operating_system_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +10 -9
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
- data/lib/dawn/kb/version_check.rb +41 -24
- data/lib/dawn/knowledge_base.rb +259 -595
- data/lib/dawn/reporter.rb +2 -1
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +7 -6
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
- data/spec/lib/kb/dependency_check.yml +29 -0
- metadata +30 -496
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
- metadata.gz.sig +0 -0
data/docs/.placeholder
ADDED
|
File without changes
|
data/docs/CNAME
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
www.dawnscanner.org
|
data/docs/_config.yml
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
theme: jekyll-theme-cayman
|
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
require 'thor'
|
|
2
|
+
require 'dawn/utils'
|
|
3
|
+
|
|
4
|
+
module Dawn
|
|
5
|
+
module Cli
|
|
6
|
+
# This class is responsible for the "dawn kb" command and related
|
|
7
|
+
# subcommands.
|
|
8
|
+
class Kb < Thor
|
|
9
|
+
package_name "dawnscanner"
|
|
10
|
+
desc "find", "Searches the knowledge base for a given security test"
|
|
11
|
+
def find(string)
|
|
12
|
+
kb = Dawn::KnowledgeBase.instance
|
|
13
|
+
kb.find(string)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
desc "lint", "Checks knowledge base content for correcteness"
|
|
17
|
+
def lint
|
|
18
|
+
kb = Dawn::KnowledgeBase.instance
|
|
19
|
+
kb.load(true)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
desc "unpack", "Unpacks security checks in KB library path"
|
|
23
|
+
def unpack
|
|
24
|
+
$logger.helo APPNAME, Dawn::VERSION
|
|
25
|
+
kb = Dawn::KnowledgeBase.instance
|
|
26
|
+
kb.unpack
|
|
27
|
+
$logger.bye
|
|
28
|
+
Kernel.exit(0)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
desc "status", "Checks the status of the knowledge base"
|
|
32
|
+
def status
|
|
33
|
+
$logger.helo APPNAME, Dawn::VERSION
|
|
34
|
+
Dawn::KnowledgeBase.enabled_checks=[:bulletin, :generic_check]
|
|
35
|
+
kb = Dawn::KnowledgeBase.instance
|
|
36
|
+
kb.load
|
|
37
|
+
if kb.security_checks.empty?
|
|
38
|
+
$logger.error(kb.error)
|
|
39
|
+
end
|
|
40
|
+
$logger.info("" + kb.security_checks.count.to_s + " security checks loaded")
|
|
41
|
+
if kb.is_packed?
|
|
42
|
+
$logger.error "The knowledge base is packed. It must be unpacked with the 'unpack' command before it can be used"
|
|
43
|
+
end
|
|
44
|
+
$logger.bye
|
|
45
|
+
Kernel.exit(0)
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
class DawnCli < Thor
|
|
50
|
+
package_name "dawnscanner"
|
|
51
|
+
class_option :verbose, :type=>:boolean
|
|
52
|
+
class_option :debug, :type=>:boolean
|
|
53
|
+
|
|
54
|
+
map %w[--version -v] => :__print_version
|
|
55
|
+
|
|
56
|
+
desc "--version, -v", "Prints the dawnscanner version"
|
|
57
|
+
def __print_version
|
|
58
|
+
puts Dawn::VERSION
|
|
59
|
+
Kernel.exit(0)
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
desc "kb SUBCOMMAND ... ARGS", "Interacts with the knowledge base"
|
|
63
|
+
subcommand "kb", Dawn::Cli::Kb
|
|
64
|
+
|
|
65
|
+
desc "scan", "scans a ruby written web application for security issues"
|
|
66
|
+
method_option :config_file, :type=>:string, :default=>"", :aliases => "-c", :desc=>"tells dawn to load configuration from filename"
|
|
67
|
+
method_option :gemfile, :type=>:boolean, :default=>true, :aliases => "-G", :desc => "uses Gemfile.lock to detect MVC"
|
|
68
|
+
method_option :skip, :type=>:array, :aliases => "-S", :desc => "specify a list of security checks to be skipped"
|
|
69
|
+
method_option :report_format, :type=>:string, :aliases => "-F", :desc=>"specify the report format (text, html, json). Default is plain text files."
|
|
70
|
+
method_option :exit_on_warn, :type=>:boolean, :default=>false, :aliases => "-z", :desc =>"return number of found vulnerabilities as exit code"
|
|
71
|
+
method_option :count, :type=>:boolean, :default=>false, :aliases => "-C", :desc=>"count vulnerabilities (useful for scripts)"
|
|
72
|
+
method_option :output, :type=>:string, :aliases => "-O", :desc=>"write output to a file with the name specified by the parameter"
|
|
73
|
+
method_option :dependencies, :type=>:boolean, :default=>false, :aliases => "-d", :desc=>"scan only for vulnerabilities affecting dependencies in Gemfile.lock"
|
|
74
|
+
|
|
75
|
+
def scan(target)
|
|
76
|
+
$logger.helo APPNAME, Dawn::VERSION
|
|
77
|
+
trap("INT") { $logger.die('[INTERRUPTED]') }
|
|
78
|
+
|
|
79
|
+
$logger.die("invalid directory (#{target})") unless Dawn::Core.is_good_target?(target)
|
|
80
|
+
|
|
81
|
+
$debug = true if options[:debug]
|
|
82
|
+
$verbose = true if options[:verbose]
|
|
83
|
+
checks_to_be_skipped = []
|
|
84
|
+
checks_to_be_skipped = options[:skip] unless options[:skip].nil?
|
|
85
|
+
|
|
86
|
+
debug_me("scanning #{target}")
|
|
87
|
+
|
|
88
|
+
$config_file= Dawn::Core.find_conf(true) if options[:config_file].nil?
|
|
89
|
+
$config = Dawn::Core.read_conf($config_file)
|
|
90
|
+
|
|
91
|
+
debug_me($config)
|
|
92
|
+
|
|
93
|
+
$telemetry_url = $config[:telemetry][:endpoint] if $config[:telemetry][:enabled]
|
|
94
|
+
debug_me("telemetry url is " + $telemetry_url) unless @telemetry_url.nil?
|
|
95
|
+
|
|
96
|
+
$telemetry_id = $config[:telemetry][:id] if $config[:telemetry][:enabled]
|
|
97
|
+
debug_me("telemetry id is " + $telemetry_id) unless @telemetry_id.nil?
|
|
98
|
+
|
|
99
|
+
debug_me("telemetry is disabled in config file") unless $config[:telemetry][:enabled]
|
|
100
|
+
|
|
101
|
+
engine = Dawn::Core.detect_mvc(target) unless options[:gemfile]
|
|
102
|
+
engine = Dawn::GemfileLock.new(target) if options[:gemfile]
|
|
103
|
+
|
|
104
|
+
if engine.nil?
|
|
105
|
+
$logger.error("MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues")
|
|
106
|
+
$logger.die('ruby framework auto detect failed.')
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
if options[:exit_on_warn]
|
|
110
|
+
Kernel.at_exit do
|
|
111
|
+
if engine.count_vulnerabilities != 0
|
|
112
|
+
Kernel.exit(engine.count_vulnerabilities)
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
|
|
118
|
+
engine.load_knowledge_base
|
|
119
|
+
|
|
120
|
+
ret = engine.apply_all(checks_to_be_skipped)
|
|
121
|
+
|
|
122
|
+
|
|
123
|
+
if options[:report_format] and options[:report_format].eql? "json"
|
|
124
|
+
STDERR.puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json
|
|
125
|
+
$logger.bye
|
|
126
|
+
Kernel.exit(0)
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
$logger.info("#{engine.count_vulnerabilities} issues found")
|
|
130
|
+
|
|
131
|
+
Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret}).report
|
|
132
|
+
$logger.bye
|
|
133
|
+
|
|
134
|
+
Kernel.exit(0)
|
|
135
|
+
|
|
136
|
+
end
|
|
137
|
+
end
|
|
138
|
+
end
|
|
139
|
+
end
|
data/lib/dawn/core.rb
CHANGED
|
@@ -24,9 +24,6 @@ module Dawn
|
|
|
24
24
|
puts "\t$ dawn -C --json a_sinatra_webapp_directory"
|
|
25
25
|
puts "\t$ dawn --ascii-tabular-report my_rails_blog_ecommerce"
|
|
26
26
|
puts "\t$ dawn --html -F my_report.html my_rails_blog_ecommerce"
|
|
27
|
-
printf "\n -r, --rails\t\t\t\t\tforce dawn to consider the target a rails application (DEPRECATED)"
|
|
28
|
-
printf "\n -s, --sinatra\t\t\t\tforce dawn to consider the target a sinatra application (DEPRECATED)"
|
|
29
|
-
printf "\n -p, --padrino\t\t\t\tforce dawn to consider the target a padrino application (DEPRECATED)"
|
|
30
27
|
printf "\n -G, --gem-lock\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock (DEPRECATED)"
|
|
31
28
|
printf "\n -d, --dependencies\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock"
|
|
32
29
|
printf "\n\nReporting\n"
|
|
@@ -115,6 +112,7 @@ module Dawn
|
|
|
115
112
|
fn = p + conf_name if p.start_with?('/')
|
|
116
113
|
# if outside $HOME the config file must be hidden
|
|
117
114
|
fn = File.expand_path(p) + '/.'+conf_name if ! p.start_with?('/')
|
|
115
|
+
debug_me("found a config file: " + fn) if File.exist?(fn)
|
|
118
116
|
return fn if File.exist?(fn)
|
|
119
117
|
end
|
|
120
118
|
|
|
@@ -125,7 +123,7 @@ module Dawn
|
|
|
125
123
|
|
|
126
124
|
# If create_if_none flag is set to true, than I'll create a config file
|
|
127
125
|
# on the current directory with the default configuration.
|
|
128
|
-
conf = {
|
|
126
|
+
conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES, :telemetry=>{:enabled=>false, :endpoint=>"", :id=>""}}
|
|
129
127
|
|
|
130
128
|
# Calculate the conf file path
|
|
131
129
|
conf_path = File.expand_path('~') +'/.'+conf_name
|
|
@@ -134,13 +132,15 @@ module Dawn
|
|
|
134
132
|
File.open(conf_path, 'w') do |f|
|
|
135
133
|
rv = f.write(YAML.dump(conf))
|
|
136
134
|
end
|
|
135
|
+
debug_me(conf_path)
|
|
137
136
|
|
|
138
137
|
conf_path
|
|
139
138
|
end
|
|
140
139
|
|
|
141
140
|
def self.read_conf(file=nil)
|
|
142
|
-
conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
|
|
141
|
+
conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES, :telemetry=>{:enabled=>false, :endpoint=>"", :id=>""}}
|
|
143
142
|
begin
|
|
143
|
+
debug_me("returning a default config") if file.nil? or ! File.exist?(file)
|
|
144
144
|
return conf if file.nil?
|
|
145
145
|
file = file.chop if (not file.nil? and file.end_with? '/')
|
|
146
146
|
return conf if ! File.exist?(file)
|
|
@@ -149,9 +149,9 @@ module Dawn
|
|
|
149
149
|
return conf
|
|
150
150
|
end
|
|
151
151
|
|
|
152
|
-
|
|
152
|
+
cf = YAML.load_file(file)
|
|
153
153
|
|
|
154
|
-
|
|
154
|
+
tm = cf[:telemetry]
|
|
155
155
|
cc = cf[:enabled_checks]
|
|
156
156
|
|
|
157
157
|
# TODO
|
|
@@ -160,6 +160,7 @@ module Dawn
|
|
|
160
160
|
conf[:debug] = cf["debug"] unless cf["debug"].nil?
|
|
161
161
|
conf[:output] = cf["output"] unless cf["output"].nil?
|
|
162
162
|
conf[:enabled_checks] = cc unless cc.nil?
|
|
163
|
+
conf[:telemetry] = tm unless tm.nil?
|
|
163
164
|
|
|
164
165
|
return conf
|
|
165
166
|
end
|
data/lib/dawn/engine.rb
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
|
+
require 'net/http'
|
|
2
|
+
require 'json'
|
|
3
|
+
require 'socket'
|
|
1
4
|
# Statistics stuff
|
|
2
5
|
# require 'code_metrics/statistics'
|
|
3
6
|
|
|
4
7
|
module Dawn
|
|
5
8
|
module Engine
|
|
6
|
-
include Dawn::Utils
|
|
7
9
|
|
|
8
10
|
attr_reader :target
|
|
9
11
|
attr_reader :name
|
|
@@ -37,7 +39,7 @@ module Dawn
|
|
|
37
39
|
attr_reader :controllers
|
|
38
40
|
|
|
39
41
|
# Models I don't know right now. Let them initialized as Array... we
|
|
40
|
-
# will see later
|
|
42
|
+
# will see later
|
|
41
43
|
attr_reader :models
|
|
42
44
|
|
|
43
45
|
attr_accessor :debug
|
|
@@ -61,15 +63,16 @@ module Dawn
|
|
|
61
63
|
@applied = []
|
|
62
64
|
@reflected_xss = []
|
|
63
65
|
@engine_error = false
|
|
64
|
-
@debug = false
|
|
65
|
-
@debug = options[:debug] unless options[:debug].nil?
|
|
66
66
|
@applied_checks = 0
|
|
67
67
|
@skipped_checks = 0
|
|
68
68
|
@gemfile_lock_sudo = false
|
|
69
69
|
|
|
70
70
|
set_target(dir) unless dir.nil?
|
|
71
|
+
|
|
72
|
+
|
|
73
|
+
|
|
71
74
|
@ruby_version = get_ruby_version if dir.nil?
|
|
72
|
-
@gemfile_lock = options[:gemfile_name] unless options[:gemfile_name].nil?
|
|
75
|
+
@gemfile_lock = options[:gemfile_name] unless options[:gemfile_name].nil?
|
|
73
76
|
|
|
74
77
|
# @stats = gather_statistics
|
|
75
78
|
|
|
@@ -83,16 +86,15 @@ module Dawn
|
|
|
83
86
|
require 'logger'
|
|
84
87
|
$logger = Logger.new(STDOUT)
|
|
85
88
|
$logger.helo "dawn-engine", Dawn::VERSION
|
|
86
|
-
|
|
87
89
|
end
|
|
88
90
|
$logger.warn "pattern matching security checks are disabled for Gemfile.lock scan" if @name == "Gemfile.lock"
|
|
89
91
|
$logger.warn "combo security checks are disabled for Gemfile.lock scan" if @name == "Gemfile.lock"
|
|
90
|
-
debug_me "engine is in debug mode"
|
|
92
|
+
debug_me "engine is in debug mode"
|
|
91
93
|
|
|
92
94
|
if @name == "Gemfile.lock" && ! options[:guessed_mvc].nil?
|
|
93
95
|
# since all checks relies on @name a Gemfile.lock engine must
|
|
94
96
|
# impersonificate the engine for the mvc it was detected
|
|
95
|
-
debug_me "now I'm switching my name from #{@name} to #{options[:guessed_mvc][:name]}"
|
|
97
|
+
debug_me "now I'm switching my name from #{@name} to #{options[:guessed_mvc][:name]}"
|
|
96
98
|
$logger.err "there are no connected gems... it seems Gemfile.lock parsing failed" if options[:guessed_mvc][:connected_gems].empty?
|
|
97
99
|
@name = options[:guessed_mvc][:name]
|
|
98
100
|
@mvc_version = options[:guessed_mvc][:version]
|
|
@@ -109,6 +111,8 @@ module Dawn
|
|
|
109
111
|
# load_knowledge_base
|
|
110
112
|
end
|
|
111
113
|
|
|
114
|
+
|
|
115
|
+
|
|
112
116
|
def detect_views
|
|
113
117
|
[]
|
|
114
118
|
end
|
|
@@ -121,10 +125,10 @@ module Dawn
|
|
|
121
125
|
|
|
122
126
|
def build_view_array(dir)
|
|
123
127
|
|
|
124
|
-
return [] unless File.exist?(dir) and File.directory?(dir)
|
|
128
|
+
return [] unless File.exist?(dir) and File.directory?(dir)
|
|
125
129
|
|
|
126
130
|
ret = []
|
|
127
|
-
Dir.glob(File.join("#{dir}", "*")).each do |filename|
|
|
131
|
+
Dir.glob(File.join("#{dir}", "*")).each do |filename|
|
|
128
132
|
ret << {:filename=>filename, :language=>:haml} if File.extname(filename) == ".haml"
|
|
129
133
|
end
|
|
130
134
|
|
|
@@ -147,9 +151,9 @@ module Dawn
|
|
|
147
151
|
# does the target use rvm?
|
|
148
152
|
ver = get_rvm_ruby_ver if ver[:version].empty? && ver[:patchlevel].empty?
|
|
149
153
|
# take the running ruby otherwise
|
|
150
|
-
ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} if ver[:version].empty? && ver[:patchlevel].empty?
|
|
154
|
+
ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} if ver[:version].empty? && ver[:patchlevel].empty?
|
|
151
155
|
else
|
|
152
|
-
ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"}
|
|
156
|
+
ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"}
|
|
153
157
|
|
|
154
158
|
end
|
|
155
159
|
|
|
@@ -169,13 +173,11 @@ module Dawn
|
|
|
169
173
|
|
|
170
174
|
def load_knowledge_base(enabled_checks=[])
|
|
171
175
|
debug_me("load_knowledge_base called. Enabled checks are: #{enabled_checks}")
|
|
172
|
-
if @name == "Gemfile.lock"
|
|
173
|
-
@checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all if @force.empty?
|
|
174
|
-
@checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@force) unless @force.empty?
|
|
175
|
-
else
|
|
176
|
-
@checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@name)
|
|
177
176
|
|
|
178
|
-
|
|
177
|
+
Dawn::KnowledgeBase.enabled_checks=[:bulletin, :generic_check]
|
|
178
|
+
kb = Dawn::KnowledgeBase.instance
|
|
179
|
+
|
|
180
|
+
@checks=kb.load
|
|
179
181
|
debug_me("#{@checks.count} checks loaded")
|
|
180
182
|
@checks
|
|
181
183
|
end
|
|
@@ -188,13 +190,13 @@ module Dawn
|
|
|
188
190
|
return ver unless has_gemfile_lock?
|
|
189
191
|
|
|
190
192
|
my_dir = Dir.pwd
|
|
191
|
-
Dir.chdir(@target)
|
|
193
|
+
Dir.chdir(@target)
|
|
192
194
|
lockfile = Bundler::LockfileParser.new(Bundler.read_file("Gemfile.lock"))
|
|
193
195
|
lockfile.specs.each do |s|
|
|
194
196
|
# detecting MVC version using @name in case of sinatra, padrino or rails engine
|
|
195
|
-
ver= s.version.to_s if s.name == @name && @name != "Gemfile.lock"
|
|
197
|
+
ver= s.version.to_s if s.name == @name && @name != "Gemfile.lock"
|
|
196
198
|
# detecting MVC version using @force in case of Gemfile.lock engine
|
|
197
|
-
ver= s.version.to_s if s.name == @force.to_s && @name == "Gemfile.lock"
|
|
199
|
+
ver= s.version.to_s if s.name == @force.to_s && @name == "Gemfile.lock"
|
|
198
200
|
@connected_gems << {:name=>s.name, :version=>s.version.to_s}
|
|
199
201
|
end
|
|
200
202
|
Dir.chdir(my_dir)
|
|
@@ -267,6 +269,8 @@ module Dawn
|
|
|
267
269
|
# otherwise
|
|
268
270
|
def apply(name)
|
|
269
271
|
|
|
272
|
+
telemetry
|
|
273
|
+
|
|
270
274
|
# FIXME.20140325
|
|
271
275
|
# Now if no checks are loaded because knowledge base was not previously called, apply and apply_all proudly refuse to run.
|
|
272
276
|
# Reason is simple, load_knowledge_base now needs enabled check array
|
|
@@ -288,31 +292,85 @@ module Dawn
|
|
|
288
292
|
false
|
|
289
293
|
end
|
|
290
294
|
|
|
291
|
-
def
|
|
295
|
+
def have_a_telemetry_id?
|
|
296
|
+
debug_me ($telemetry_id != "" and ! $telemetry_id.nil?)
|
|
297
|
+
return ($telemetry_id != "" and ! $telemetry_id.nil?)
|
|
298
|
+
|
|
299
|
+
end
|
|
300
|
+
|
|
301
|
+
def get_a_telemetry_id
|
|
302
|
+
return "" if ($telemetry_url == "" or $telemetry_url.nil?)
|
|
303
|
+
debug_me("T: " + $telemetry_url)
|
|
304
|
+
|
|
305
|
+
url = URI.parse($telemetry_url+"/new")
|
|
306
|
+
res = Net::HTTP.get_response(url)
|
|
307
|
+
|
|
308
|
+
return "" unless res.code.to_i == 200
|
|
309
|
+
return JSON.parse(res.body)["uuid"]
|
|
310
|
+
end
|
|
311
|
+
|
|
312
|
+
def telemetry
|
|
313
|
+
unless $config[:telemetry][:enabled]
|
|
314
|
+
debug_me("telemetry is disabled")
|
|
315
|
+
return false
|
|
316
|
+
end
|
|
317
|
+
|
|
318
|
+
unless have_a_telemetry_id?
|
|
319
|
+
$telemetry_id = get_a_telemetry_id
|
|
320
|
+
$config[:telemetry][:id] = $telemetry_id
|
|
321
|
+
debug_me($config)
|
|
322
|
+
debug_me("saving config to " + $config_name)
|
|
323
|
+
File.open($config_name, 'w') { |f| f.write $config.to_yaml }
|
|
324
|
+
end
|
|
325
|
+
|
|
326
|
+
debug_me("Telemetry ID is: " + $telemetry_id)
|
|
327
|
+
|
|
328
|
+
uri=URI.parse($telemetry_url+"/"+$telemetry_id)
|
|
329
|
+
header = {'Content-Type': 'text/json'}
|
|
330
|
+
tele = { "kb_version" => Dawn::KnowledgeBase::VERSION ,
|
|
331
|
+
"ip" => Socket.ip_address_list.detect{|intf| intf.ipv4_private?}.ip_address,
|
|
332
|
+
"message"=> Dawn::KnowledgeBase
|
|
333
|
+
}
|
|
334
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
335
|
+
request = Net::HTTP::Post.new(uri.request_uri, header)
|
|
336
|
+
request.body = tele.to_json
|
|
337
|
+
|
|
338
|
+
begin
|
|
339
|
+
response=http.request(request)
|
|
340
|
+
debug_me(response.inspect)
|
|
341
|
+
return true
|
|
342
|
+
rescue => e
|
|
343
|
+
$logger.error "telemetry: #{e.message}"
|
|
344
|
+
return false
|
|
345
|
+
end
|
|
346
|
+
end
|
|
347
|
+
|
|
348
|
+
def apply_all(checks_to_be_skipped=[])
|
|
292
349
|
@scan_start = Time.now
|
|
350
|
+
debug_me("I'm asked to skip those checks #{checks_to_be_skipped}")
|
|
293
351
|
debug_me("SCAN STARTED: #{@scan_start}")
|
|
294
352
|
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
# Reason is simple, load_knowledge_base now needs enabled check array
|
|
298
|
-
# and I don't want to pollute engine API to propagate this value. It's
|
|
299
|
-
# a param to load_knowledge_base and then bin/dawn calls it
|
|
300
|
-
# accordingly.
|
|
301
|
-
# load_knowledge_base if @checks.nil?
|
|
353
|
+
telemetry
|
|
354
|
+
|
|
302
355
|
if @checks.nil?
|
|
303
|
-
$logger.
|
|
356
|
+
$logger.error "you must load knowledge base before trying to apply security checks"
|
|
304
357
|
@scan_stop = Time.now
|
|
305
358
|
debug_me("SCAN STOPPED: #{@scan_stop}")
|
|
306
359
|
return false
|
|
307
360
|
end
|
|
308
361
|
if @checks.empty?
|
|
362
|
+
$logger.warn "no security checks found. This is strange"
|
|
309
363
|
@scan_stop = Time.now
|
|
310
364
|
debug_me("SCAN STOPPED: #{@scan_stop}")
|
|
311
365
|
return false
|
|
312
366
|
end
|
|
313
367
|
|
|
314
368
|
@checks.each do |check|
|
|
315
|
-
|
|
369
|
+
if checks_to_be_skipped.include?(check.name)
|
|
370
|
+
$logger.info("skipping security check #{check.name}")
|
|
371
|
+
else
|
|
372
|
+
_do_apply(check)
|
|
373
|
+
end
|
|
316
374
|
end
|
|
317
375
|
|
|
318
376
|
@scan_stop = Time.now
|
|
@@ -373,18 +431,19 @@ module Dawn
|
|
|
373
431
|
def get_rvm_ruby_ver
|
|
374
432
|
return {:version=>"", :patchlevel=>""} unless File.exist?(File.join(@target, ".ruby-version"))
|
|
375
433
|
hash = File.read(File.join(@target, '.ruby-version')).split('-')
|
|
376
|
-
return {:version=>hash[0], :patchlevel=>hash[1]}
|
|
434
|
+
return {:version=>hash[0].chop, :patchlevel=>hash[1]}
|
|
377
435
|
end
|
|
378
436
|
def _do_apply(check)
|
|
379
437
|
unless ((check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Dawn::KnowledgeBase::COMBO_CHECK ) && @gemfile_lock_sudo)
|
|
380
438
|
|
|
381
439
|
@applied << { :name => name }
|
|
382
|
-
debug_me "applying check #{check.name}"
|
|
440
|
+
debug_me "applying check #{check.name} - #{check.kind}"
|
|
383
441
|
@applied_checks += 1
|
|
384
442
|
|
|
385
443
|
check.ruby_version = @ruby_version[:version]
|
|
386
444
|
check.detected_ruby = @ruby_version if check.kind == Dawn::KnowledgeBase::RUBY_VERSION_CHECK
|
|
387
|
-
check.dependencies = self.connected_gems if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK
|
|
445
|
+
check.dependencies = self.connected_gems if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK or
|
|
446
|
+
check.kind == Dawn::KnowledgeBase::UNSAFE_DEPENDENCY_CHECK
|
|
388
447
|
check.root_dir = self.target if check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
|
|
389
448
|
check.options = {:detected_ruby => self.ruby_version,
|
|
390
449
|
:dependencies => self.connected_gems,
|