dawnscanner 1.6.9 → 2.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/Changelog.md +8 -0
- data/LICENSE.txt +1 -1
- data/Rakefile +6 -239
- data/VERSION +1 -1
- data/bin/dawn +6 -46
- data/dawnscanner.gemspec +6 -1
- data/doc/change.sh +13 -0
- data/doc/knowledge_base.rb +650 -0
- data/lib/dawn/cli/dawn_cli.rb +103 -0
- data/lib/dawn/engine.rb +9 -11
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -0
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +1 -1
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/version_check.rb +25 -25
- data/lib/dawn/knowledge_base.rb +211 -588
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +4 -3
- metadata +23 -450
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -59
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fedb521a49d75d72343489c68b9871fea0df9de953a3907dbe57e1ca375d5f65
|
4
|
+
data.tar.gz: b1e3c420155adf6c0ed829fad272970bca0c17245fcfea1da38ebd2f69d6043c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f5f5496969dd2f55cde87c9156e2d4ee55b70516af1b73a08fad3b8c140ad008c77cfb12d701229539ef430caabb4cbfc4cd27413ebe13c4d19d38de8ca87b59
|
7
|
+
data.tar.gz: 0727f9f752bbb2f99e977ae893cafd765fe602241894a793bfe8000e5327f92932059669313ed7bb0c167b9102d60afc4f3cdfaf229d702f42c750e828eb4b90
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.5.1
|
data/Changelog.md
CHANGED
@@ -7,6 +7,14 @@ frameworks.
|
|
7
7
|
|
8
8
|
_latest update: mer 28 nov 2018, 11.03.53, CET_
|
9
9
|
|
10
|
+
## Version 2.0.0 - codename: Finn McMissile (2019-xx-xx)
|
11
|
+
|
12
|
+
* New knowledge base, YAML based and distributed separately from the ruby gem.
|
13
|
+
* New CLI based on Thor library. Please read README.md file to know how to
|
14
|
+
invoke dawn the right way or use the 'dawn help' command
|
15
|
+
* Added a new debug\_verbosely API for engines and checks
|
16
|
+
* Removed rake osvdb[name] and rake cve[name] tasks
|
17
|
+
|
10
18
|
## Version 1.6.9 - codename: Tow Mater (2018-11-28)
|
11
19
|
|
12
20
|
* Removed signing certificate. This will solve issue #233 and #229
|
data/LICENSE.txt
CHANGED
data/Rakefile
CHANGED
@@ -8,7 +8,6 @@ require 'cucumber/rake/task'
|
|
8
8
|
require 'fileutils'
|
9
9
|
require "dawn/utils"
|
10
10
|
require "dawn/knowledge_base"
|
11
|
-
require "dawn/knowledge_base_experimental"
|
12
11
|
|
13
12
|
Cucumber::Rake::Task.new(:features) do |t|
|
14
13
|
t.cucumber_opts = "features --format pretty -x"
|
@@ -63,214 +62,6 @@ namespace :version do
|
|
63
62
|
end
|
64
63
|
end
|
65
64
|
|
66
|
-
# namespace :check do
|
67
|
-
# desc "Create a dependency check"
|
68
|
-
# task :dependency, :name do |t, args|
|
69
|
-
# end
|
70
|
-
|
71
|
-
# end
|
72
|
-
desc "Create a new CVE test"
|
73
|
-
task :cve, :name do |t,args|
|
74
|
-
name = args.name
|
75
|
-
SRC_DIR = "./lib/dawn/kb/"
|
76
|
-
SPEC_DIR = "./spec/lib/kb/"
|
77
|
-
|
78
|
-
raise "### It seems that #{name} is already in Dawn knowledge base" unless Dawn::KnowledgeBase.find(nil, name).nil?
|
79
|
-
raise "### Invalid CVE title: #{name}" if name.nil? or name.empty? or /CVE-\d{4}-\d{4}/.match(name).nil?
|
80
|
-
raise "### No target directory: #{SRC_DIR}" unless Dir.exists?(SRC_DIR)
|
81
|
-
raise "### No rspec directory: #{SPEC_DIR}" unless Dir.exists?(SPEC_DIR)
|
82
|
-
|
83
|
-
puts "Adding #{name} to knowledge base..."
|
84
|
-
|
85
|
-
rb_filename = SRC_DIR+name.downcase.gsub("-", "_")+".rb"
|
86
|
-
spec_filename = SPEC_DIR+name.downcase.gsub("-", "_")+"_spec.rb"
|
87
|
-
class_name = name.gsub("-", "_")
|
88
|
-
|
89
|
-
open(rb_filename, "w") do |file|
|
90
|
-
file.puts "module Dawn"
|
91
|
-
file.puts "\t\tmodule Kb"
|
92
|
-
file.puts "\t\t\t# Automatically created with rake on #{Time.now.strftime('%Y-%m-%d')}"
|
93
|
-
file.puts "\t\t\tclass #{class_name}"
|
94
|
-
file.puts "\t\t\t\t# Include the testing skeleton for this CVE"
|
95
|
-
file.puts "\t\t\t\t# include PatternMatchCheck"
|
96
|
-
file.puts "\t\t\t\t# include DependencyCheck"
|
97
|
-
file.puts "\t\t\t\t# include RubyVersionCheck"
|
98
|
-
file.puts ""
|
99
|
-
file.puts "\t\t\t\tdef initialize"
|
100
|
-
file.puts "\t\t\t\t\ttitle = \"\""
|
101
|
-
file.puts "\t\t\t\t\tmessage = \"\""
|
102
|
-
file.puts "\t\t\t\tend"
|
103
|
-
file.puts "\t\t\tend"
|
104
|
-
file.puts "\t\tend"
|
105
|
-
file.puts "end"
|
106
|
-
end
|
107
|
-
puts "#{rb_filename} created"
|
108
|
-
|
109
|
-
open(spec_filename, "w") do |file|
|
110
|
-
file.puts "require 'spec_helper'"
|
111
|
-
|
112
|
-
file.puts "describe \"The #{name} vulnerability\" do"
|
113
|
-
file.puts "\tbefore(:all) do"
|
114
|
-
file.puts "\t\t@check = Dawn::Kb::#{class_name}.new"
|
115
|
-
file.puts "\t\t# @check.debug = true"
|
116
|
-
file.puts "\tend"
|
117
|
-
file.puts "\tit \"is reported when the vulnerable gem is detected\" do"
|
118
|
-
file.puts "\t\t@check.dependencies = [{:name=>\"\", :version=>\"\"}]"
|
119
|
-
file.puts "\t\texpect(@check.vuln?).to eq(true)"
|
120
|
-
file.puts "\tend"
|
121
|
-
file.puts "\tit \"is not reported when a fixed release is detected\" do"
|
122
|
-
file.puts "\t\t@check.dependencies = [{:name=>\"\", :version=>\"\"}]"
|
123
|
-
file.puts "\t\texpect(@check.vuln?).to eq(false)"
|
124
|
-
file.puts "\tend"
|
125
|
-
file.puts "end"
|
126
|
-
end
|
127
|
-
puts "#{spec_filename} created"
|
128
|
-
|
129
|
-
puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN ./spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
|
130
|
-
puts "*** PLEASE ADD THIS CODE IN ./lib/dawn/knowledge_base.rb in order to reflect changes"
|
131
|
-
puts "require \"dawn/kb/#{class_name.downcase}\""
|
132
|
-
puts "it \"must have test for #{name}\" do"
|
133
|
-
puts " sc = kb.find(\"#{name}\")"
|
134
|
-
puts " expect(sc).not_to be_nil"
|
135
|
-
puts " expect(sc.class).to eq(Dawn::Kb::#{class_name})"
|
136
|
-
puts "end"
|
137
|
-
|
138
|
-
|
139
|
-
end
|
140
|
-
|
141
|
-
desc "Create a new OSVDB security check"
|
142
|
-
task :osvdb, :name do |t,args|
|
143
|
-
name = args.name
|
144
|
-
SRC_DIR = "./lib/dawn/kb/"
|
145
|
-
SPEC_DIR = "./spec/lib/kb/"
|
146
|
-
|
147
|
-
raise "### It seems that #{name} is already in Dawn knowledge base" unless Dawn::KnowledgeBase.find(nil, name).nil?
|
148
|
-
raise "### Invalid OSVDB identifier: #{name}" if name.nil? or name.empty? or /\d{6}/.match(name).nil?
|
149
|
-
raise "### No target directory: #{SRC_DIR}" unless Dir.exists?(SRC_DIR)
|
150
|
-
raise "### No rspec directory: #{SPEC_DIR}" unless Dir.exists?(SPEC_DIR)
|
151
|
-
|
152
|
-
puts "Adding #{name} to knowledge base..."
|
153
|
-
|
154
|
-
name = "OSVDB_"+name
|
155
|
-
|
156
|
-
rb_filename = SRC_DIR+name.downcase.gsub("-", "_")+".rb"
|
157
|
-
spec_filename = SPEC_DIR+name.downcase.gsub("-", "_")+"_spec.rb"
|
158
|
-
class_name = name.gsub("-", "_")
|
159
|
-
|
160
|
-
open(rb_filename, "w") do |file|
|
161
|
-
file.puts "module Dawn"
|
162
|
-
file.puts "\t\tmodule Kb"
|
163
|
-
file.puts "\t\t\t# Automatically created with rake on #{Time.now.strftime('%Y-%m-%d')}"
|
164
|
-
file.puts "\t\t\tclass #{class_name}"
|
165
|
-
file.puts "\t\t\t\t# Include the testing skeleton for this Security Check"
|
166
|
-
file.puts "\t\t\t\t# include PatternMatchCheck"
|
167
|
-
file.puts "\t\t\t\t# include DependencyCheck"
|
168
|
-
file.puts "\t\t\t\t# include RubyVersionCheck"
|
169
|
-
file.puts ""
|
170
|
-
file.puts "\t\t\t\tdef initialize"
|
171
|
-
file.puts "\t\t\t\t\ttitle = \"\""
|
172
|
-
file.puts "\t\t\t\t\tmessage = \"\""
|
173
|
-
file.puts "\t\t\t\tend"
|
174
|
-
file.puts "\t\t\tend"
|
175
|
-
file.puts "\t\tend"
|
176
|
-
file.puts "end"
|
177
|
-
end
|
178
|
-
puts "#{rb_filename} created"
|
179
|
-
|
180
|
-
open(spec_filename, "w") do |file|
|
181
|
-
file.puts "require 'spec_helper'"
|
182
|
-
|
183
|
-
file.puts "describe \"The #{name} vulnerability\" do"
|
184
|
-
file.puts "\tbefore(:all) do"
|
185
|
-
file.puts "\t\t@check = Dawn::Kb::#{class_name}.new"
|
186
|
-
file.puts "\t\t# @check.debug = true"
|
187
|
-
file.puts "\tend"
|
188
|
-
file.puts "\tit \"is reported when the vulnerable gem is detected\" do"
|
189
|
-
file.puts "\t\t@check.dependencies = [{:name=>\"\", :version=>\"\"}]"
|
190
|
-
file.puts "\t\texpect(@check.vuln?).to eq(true)"
|
191
|
-
file.puts "\tend"
|
192
|
-
file.puts "\tit \"is not reported when a fixed release is detected\" do"
|
193
|
-
file.puts "\t\t@check.dependencies = [{:name=>\"\", :version=>\"\"}]"
|
194
|
-
file.puts "\t\texpect(@check.vuln?).to eq(false)"
|
195
|
-
file.puts "\tend"
|
196
|
-
file.puts "end"
|
197
|
-
end
|
198
|
-
puts "#{spec_filename} created"
|
199
|
-
|
200
|
-
|
201
|
-
puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN ./spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
|
202
|
-
puts "*** PLEASE ADD THIS CODE IN ./lib/dawn/knowledge_base.rb in order to reflect changes"
|
203
|
-
puts "require \"dawn/kb/#{class_name.downcase}\""
|
204
|
-
puts "it \"must have test for #{name}\" do"
|
205
|
-
puts " sc = kb.find(\"#{name}\")"
|
206
|
-
puts " expect(sc).not_to be_nil"
|
207
|
-
puts " expect(sc.class).to eq(Dawn::Kb::#{class_name})"
|
208
|
-
puts "end"
|
209
|
-
|
210
|
-
end
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
desc "Create a new Generic security check"
|
215
|
-
task :check, :name do |t,args|
|
216
|
-
name = args.name
|
217
|
-
SRC_DIR = "./lib/dawn/kb/"
|
218
|
-
SPEC_DIR = "./spec/lib/kb/"
|
219
|
-
|
220
|
-
raise "### It seems that #{name} is already in Dawn knowledge base" unless Dawn::KnowledgeBase.find(nil, name).nil?
|
221
|
-
raise "### No target directory: #{SRC_DIR}" unless Dir.exists?(SRC_DIR)
|
222
|
-
raise "### No rspec directory: #{SPEC_DIR}" unless Dir.exists?(SPEC_DIR)
|
223
|
-
|
224
|
-
puts "Adding #{name} to knowledge base..."
|
225
|
-
|
226
|
-
rb_filename = SRC_DIR+name.downcase.gsub("-", "_")+".rb"
|
227
|
-
spec_filename = SPEC_DIR+name.downcase.gsub("-", "_")+"_spec.rb"
|
228
|
-
class_name = name.gsub("-", "_")
|
229
|
-
|
230
|
-
open(rb_filename, "w") do |file|
|
231
|
-
file.puts "module Dawn"
|
232
|
-
file.puts "\t\tmodule Kb"
|
233
|
-
file.puts "\t\t\t# Automatically created with rake on #{Time.now.strftime('%Y-%m-%d')}"
|
234
|
-
file.puts "\t\t\tclass #{class_name}"
|
235
|
-
file.puts "\t\t\t\t# Include the testing skeleton for this Security Check"
|
236
|
-
file.puts "\t\t\t\t# include PatternMatchCheck"
|
237
|
-
file.puts "\t\t\t\t# include DependencyCheck"
|
238
|
-
file.puts "\t\t\t\t# include RubyVersionCheck"
|
239
|
-
file.puts ""
|
240
|
-
file.puts "\t\t\t\tdef initialize"
|
241
|
-
file.puts "\t\t\t\tend"
|
242
|
-
file.puts "\t\t\tend"
|
243
|
-
file.puts "\t\tend"
|
244
|
-
file.puts "end"
|
245
|
-
end
|
246
|
-
puts "#{rb_filename} created"
|
247
|
-
|
248
|
-
open(spec_filename, "w") do |file|
|
249
|
-
file.puts "require 'spec_helper'"
|
250
|
-
|
251
|
-
file.puts "describe \"The #{name} vulnerability\" do"
|
252
|
-
file.puts "\tbefore(:all) do"
|
253
|
-
file.puts "\t\t@check = Dawn::Kb::#{class_name}.new"
|
254
|
-
file.puts "\t\t# @check.debug = true"
|
255
|
-
file.puts "\tend"
|
256
|
-
file.puts "\tit \"is reported when...\""
|
257
|
-
file.puts "end"
|
258
|
-
end
|
259
|
-
puts "#{spec_filename} created"
|
260
|
-
|
261
|
-
|
262
|
-
puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN ./spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
|
263
|
-
puts "*** PLEASE ADD THIS CODE IN ./lib/dawn/knowledge_base.rb in order to reflect changes"
|
264
|
-
puts "require \"dawn/kb/#{class_name.downcase}\""
|
265
|
-
puts "it \"must have test for #{name}\" do"
|
266
|
-
puts " sc = kb.find(\"#{name}\")"
|
267
|
-
puts " sc.should_not be_nil"
|
268
|
-
puts " sc.class.should == Dawn::Kb::#{class_name}"
|
269
|
-
puts "end"
|
270
|
-
|
271
|
-
|
272
|
-
end
|
273
|
-
|
274
65
|
namespace :kb do
|
275
66
|
desc 'Check information lint'
|
276
67
|
task :lint do
|
@@ -287,26 +78,6 @@ namespace :kb do
|
|
287
78
|
__kb_pack
|
288
79
|
end
|
289
80
|
|
290
|
-
desc 'Transform all checks to YAML file and pack the library for shipping'
|
291
|
-
task :to_yaml do
|
292
|
-
YAML_KB = File.join(Dir.pwd, 'db')
|
293
|
-
FileUtils.rm_rf YAML_KB
|
294
|
-
FileUtils.mkdir_p YAML_KB
|
295
|
-
|
296
|
-
Dawn::KnowledgeBase.new.all.each do |check|
|
297
|
-
out_dir = File.join(YAML_KB, check.check_family.to_s)
|
298
|
-
FileUtils.mkdir_p(out_dir) unless Dir.exists? out_dir
|
299
|
-
|
300
|
-
filename = File.join(out_dir, check.name.gsub(" ", "_").gsub("-", "_") + '.yml')
|
301
|
-
open(filename, 'w') do |f|
|
302
|
-
f.puts(check.to_yaml)
|
303
|
-
end
|
304
|
-
puts "#{filename} created"
|
305
|
-
end
|
306
|
-
|
307
|
-
__kb_pack
|
308
|
-
end
|
309
|
-
|
310
81
|
desc 'Creates a KnowledgeBase.md file'
|
311
82
|
task :create do
|
312
83
|
checks = Dawn::KnowledgeBase.new.all
|
@@ -393,35 +164,35 @@ end
|
|
393
164
|
|
394
165
|
def __kb_pack
|
395
166
|
if Dir.exists? "#{YAML_KB}/bulletin"
|
396
|
-
system "tar cfvz #{YAML_KB}/bulletin.tar.gz #{YAML_KB}
|
167
|
+
system "tar cfvz #{YAML_KB}/bulletin.tar.gz -C #{YAML_KB} bulletin"
|
397
168
|
system "rm -rf #{YAML_KB}/bulletin"
|
398
169
|
system "shasum -a 256 #{YAML_KB}/bulletin.tar.gz > #{YAML_KB}/bulletin.tar.gz.sig"
|
399
170
|
end
|
400
171
|
|
401
172
|
if Dir.exists? "#{YAML_KB}/generic_check"
|
402
|
-
system "tar cfvz #{YAML_KB}/generic_check.tar.gz #{YAML_KB}
|
173
|
+
system "tar cfvz #{YAML_KB}/generic_check.tar.gz -C #{YAML_KB} generic_check"
|
403
174
|
system "rm -rf #{YAML_KB}/generic_check"
|
404
175
|
system "shasum -a 256 #{YAML_KB}/generic_check.tar.gz > #{YAML_KB}/generic_check.tar.gz.sig"
|
405
176
|
end
|
406
177
|
|
407
178
|
if Dir.exists? "#{YAML_KB}/owasp_ror_cheatsheet"
|
408
|
-
system "tar cfvz #{YAML_KB}/owasp_ror_cheatsheet.tar.gz #{YAML_KB}
|
179
|
+
system "tar cfvz #{YAML_KB}/owasp_ror_cheatsheet.tar.gz -C #{YAML_KB} owasp_ror_cheatsheet"
|
409
180
|
system "rm -rf #{YAML_KB}/owasp_ror_cheatsheet"
|
410
181
|
system "shasum -a 256 #{YAML_KB}/owasp_ror_cheatsheet.tar.gz > #{YAML_KB}/owasp_ror_cheatsheet.tar.gz.sig"
|
411
182
|
end
|
412
183
|
|
413
184
|
if Dir.exists? "#{YAML_KB}/code_style"
|
414
|
-
system "tar cfvz #{YAML_KB}/code_style.tar.gz #{YAML_KB}
|
185
|
+
system "tar cfvz #{YAML_KB}/code_style.tar.gz -C #{YAML_KB} code_style"
|
415
186
|
system "rm -rf #{YAML_KB}/code_style"
|
416
187
|
system "shasum -a 256 #{YAML_KB}/code_style.tar.gz > #{YAML_KB}/code_style.tar.gz.sig"
|
417
188
|
end
|
418
189
|
if Dir.exists? "#{YAML_KB}/code_quality"
|
419
|
-
system "tar cfvz #{YAML_KB}/code_quality.tar.gz #{YAML_KB}
|
190
|
+
system "tar cfvz #{YAML_KB}/code_quality.tar.gz -C #{YAML_KB} code_quality"
|
420
191
|
system "rm -rf #{YAML_KB}/code_quality"
|
421
192
|
system "shasum -a 256 #{YAML_KB}/code_quality.tar.gz > #{YAML_KB}/code_quality.tar.gz.sig"
|
422
193
|
end
|
423
194
|
if Dir.exists? "#{YAML_KB}/owasp_top_10"
|
424
|
-
system "tar cfvz #{YAML_KB}/owasp_top_10.tar.gz #{YAML_KB}
|
195
|
+
system "tar cfvz #{YAML_KB}/owasp_top_10.tar.gz -C #{YAML_KB} owasp_top_10"
|
425
196
|
system "rm -rf #{YAML_KB}/owasp_top_10"
|
426
197
|
system "shasum -a 256 #{YAML_KB}/owasp_top_10.tar.gz > #{YAML_KB}/owasp_top_10.tar.gz.sig"
|
427
198
|
end
|
@@ -433,10 +204,6 @@ def __kb_pack
|
|
433
204
|
puts "kb.yaml created"
|
434
205
|
system "shasum -a 256 #{YAML_KB}/kb.yaml > #{YAML_KB}/kb.yaml.sig"
|
435
206
|
|
436
|
-
system "tar cfvz #{YAML_KB}/signatures.tar.gz #{YAML_KB}/*.tar.gz.sig"
|
437
|
-
system "rm -rf #{YAML_KB}/*.tar.gz.sig "
|
438
|
-
puts "#{YAML_KB}/signatures.tar.gz created"
|
439
|
-
|
440
207
|
puts "Library ready to be shipped"
|
441
208
|
|
442
209
|
end
|
data/VERSION
CHANGED
data/bin/dawn
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
3
|
require 'bundler'
|
4
|
-
require 'getoptlong'
|
5
4
|
require 'json'
|
6
5
|
require 'terminal-table'
|
7
6
|
require 'justify'
|
@@ -22,55 +21,19 @@ require 'logger'
|
|
22
21
|
$logger = Logger.new(STDOUT)
|
23
22
|
$logger.datetime_format = '%Y-%m-%d %H:%M:%S'
|
24
23
|
|
25
|
-
opts = GetoptLong.new(
|
26
|
-
# report formatting options
|
27
|
-
|
28
|
-
[ '--ascii-tabular-report', '-a', GetoptLong::NO_ARGUMENT], # Deprecated in 1.5.x - To be removed in 2.0.0
|
29
|
-
[ '--tabular', '-T', GetoptLong::NO_ARGUMENT],
|
30
|
-
[ '--json', '-j', GetoptLong::NO_ARGUMENT],
|
31
|
-
[ '--html', '-H', GetoptLong::NO_ARGUMENT],
|
32
|
-
[ '--console', '-K', GetoptLong::NO_ARGUMENT],
|
33
|
-
|
34
|
-
[ '--gem-lock', '-G', GetoptLong::REQUIRED_ARGUMENT], # Deprecated in 1.5.x - To be removed in 2.0.0
|
35
|
-
[ '--dependencies', '-d', GetoptLong::REQUIRED_ARGUMENT],
|
36
|
-
|
37
|
-
[ '--count-only', '-C', GetoptLong::NO_ARGUMENT],
|
38
|
-
[ '--exit-on-warn', '-z', GetoptLong::NO_ARGUMENT],
|
39
|
-
|
40
|
-
# Disable checks by family type
|
41
|
-
[ '--disable-cve-bulletins', GetoptLong::NO_ARGUMENT],
|
42
|
-
[ '--disable-code-quality', GetoptLong::NO_ARGUMENT],
|
43
|
-
[ '--disable-code-style', GetoptLong::NO_ARGUMENT],
|
44
|
-
[ '--disable-owasp-ror-cheatsheet', GetoptLong::NO_ARGUMENT],
|
45
|
-
[ '--disable-owasp-top-10', GetoptLong::NO_ARGUMENT],
|
46
|
-
|
47
|
-
# Search knowledge base
|
48
|
-
[ '--search-knowledge-base', '-S', GetoptLong::REQUIRED_ARGUMENT],
|
49
|
-
# List stuff
|
50
|
-
[ '--list-knowledge-base', GetoptLong::NO_ARGUMENT],
|
51
|
-
[ '--list-known-framework', GetoptLong::NO_ARGUMENT],
|
52
|
-
[ '--list-known-families', GetoptLong::NO_ARGUMENT],
|
53
|
-
[ '--list-scan-registry', GetoptLong::NO_ARGUMENT],
|
54
|
-
# please save output to file
|
55
|
-
[ '--file', '-F', GetoptLong::REQUIRED_ARGUMENT],
|
56
|
-
# specify an alternate config file
|
57
|
-
[ '--config-file', '-c', GetoptLong::REQUIRED_ARGUMENT],
|
58
|
-
|
59
|
-
# service options
|
60
|
-
[ '--verbose', '-V', GetoptLong::NO_ARGUMENT],
|
61
|
-
[ '--debug', '-D', GetoptLong::NO_ARGUMENT],
|
62
|
-
[ '--version', '-v', GetoptLong::NO_ARGUMENT],
|
63
|
-
[ '--help', '-h', GetoptLong::NO_ARGUMENT]
|
64
|
-
)
|
65
|
-
opts.quiet=true
|
66
|
-
|
67
24
|
engine = nil
|
25
|
+
$debug=false
|
26
|
+
$verbose=false
|
68
27
|
|
69
28
|
|
70
29
|
options = Dawn::Core.read_conf(Dawn::Core.find_conf(true))
|
71
30
|
check = ""
|
72
31
|
guess = {:name=>"", :version=>"", :connected_gems=>[]}
|
73
32
|
|
33
|
+
Dawn::Cli::DawnCli.start
|
34
|
+
$logger.bye
|
35
|
+
Kernel.exit(0)
|
36
|
+
|
74
37
|
###############################################################################
|
75
38
|
# CLI argument start.
|
76
39
|
#
|
@@ -179,7 +142,6 @@ target=ARGV.shift
|
|
179
142
|
|
180
143
|
target = File.expand_path(".") if target == "."
|
181
144
|
|
182
|
-
$logger.helo APPNAME, Dawn::VERSION
|
183
145
|
|
184
146
|
## It will be migrated to active record in 2019
|
185
147
|
# r = Dawn::Registry.new
|
@@ -222,7 +184,6 @@ end
|
|
222
184
|
if options[:exit_on_warn]
|
223
185
|
Kernel.at_exit do
|
224
186
|
if engine.count_vulnerabilities != 0
|
225
|
-
# r.do_save({:target=>engine.target, :scan_started=>engine.scan_start, :scan_duration => engine.scan_time.round(3), :issues_found=>engine.vulnerabilities.count, :output_dir=>engine.output_dir_name, :scan_status=>:completed})
|
226
187
|
Kernel.exit(engine.count_vulnerabilities)
|
227
188
|
end
|
228
189
|
end
|
@@ -270,4 +231,3 @@ Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret, :format=>options[:out
|
|
270
231
|
# $logger.error error
|
271
232
|
# end
|
272
233
|
#end
|
273
|
-
$logger.bye
|
data/dawnscanner.gemspec
CHANGED
@@ -27,7 +27,12 @@ Gem::Specification.new do |gem|
|
|
27
27
|
gem.add_dependency 'justify'
|
28
28
|
gem.add_dependency 'logger-colors'
|
29
29
|
gem.add_dependency 'ptools'
|
30
|
-
gem.add_dependency '
|
30
|
+
gem.add_dependency 'psych'
|
31
|
+
|
32
|
+
# For CLI we will use thor
|
33
|
+
gem.add_dependency 'thor'
|
34
|
+
|
35
|
+
# gem.add_dependency 'sqlite3'
|
31
36
|
# gem.add_dependency 'datamapper'
|
32
37
|
# gem.add_dependency 'dm-sqlite-adapter'
|
33
38
|
|