dawnscanner 2.0.0.rc1 → 2.0.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Changelog.md +3 -0
- data/README.md +9 -0
- data/VERSION +1 -1
- data/bin/dawn +8 -201
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/lib/dawn/cli/dawn_cli.rb +25 -12
- data/lib/dawn/core.rb +7 -3
- data/lib/dawn/engine.rb +57 -1
- data/lib/dawn/kb/basic_check.rb +0 -2
- data/lib/dawn/knowledge_base.rb +9 -9
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +4 -4
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2b6bee4d3b7a5f1fd9189a556dccfe88631e1eed526de637cc0d74dbecea9a71
|
4
|
+
data.tar.gz: f8ad2cf91ce1e212abcfd9732534512aa54794512853f8a200a6d8d0396d5c53
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 547d98cc3af2c146a7ad987e98c9b67f1f6f7237a669ed509dc08bbbc885d4c4638598b683624ce9efd627e70c6500d42f5d11204caa45a9c3f916a44c863ac5
|
7
|
+
data.tar.gz: b75df8fc99cee42cba08919c7a56ff4eb41e1b0c234502f779d5957ab40efde8f4bbd5ef1c562cc113dee4489d8c718fccb615dc2bf3688526b832c2c6bc9e28
|
data/Changelog.md
CHANGED
@@ -14,6 +14,9 @@ _latest update: mer 28 nov 2018, 11.03.53, CET_
|
|
14
14
|
invoke dawn the right way or use the 'dawn help' command
|
15
15
|
* Added a new debug\_verbosely API for engines and checks
|
16
16
|
* Removed rake osvdb[name] and rake cve[name] tasks
|
17
|
+
* Adding telemetry
|
18
|
+
* Dawn::Utils include refactory. Now it's available application wide
|
19
|
+
* debug information refactory.
|
17
20
|
|
18
21
|
## Version 1.6.9 - codename: Tow Mater (2018-11-28)
|
19
22
|
|
data/README.md
CHANGED
@@ -12,6 +12,15 @@ box:
|
|
12
12
|
* [Sinatra](http://www.sinatrarb.com)
|
13
13
|
* [Padrino](http://www.padrinorb.com)
|
14
14
|
|
15
|
+
## Quick update from April, 2019
|
16
|
+
|
17
|
+
We just released version 2.0.0 release candidate 1 with a YAML powered revamped
|
18
|
+
knowledge base. Please note that dawnscanner will include a telemetry facility
|
19
|
+
sending a POST on https://dawnscanner.org/telemetry with an application id and
|
20
|
+
some information about version and knowledge base.
|
21
|
+
|
22
|
+
We won't now and ever collect your source code on our side.
|
23
|
+
|
15
24
|
## Quick update from November, 2018
|
16
25
|
|
17
26
|
As you can see dawnscanner is on hold since more then an year. Sorry for that.
|
data/VERSION
CHANGED
data/bin/dawn
CHANGED
@@ -19,215 +19,22 @@ VALID_OUTPUT_FORMAT = %w(console json csv html)
|
|
19
19
|
|
20
20
|
require 'logger'
|
21
21
|
$logger = Logger.new(STDOUT)
|
22
|
-
$logger.
|
22
|
+
$logger.formatter = proc do |severity, datetime, progname, msg|
|
23
|
+
date_format = datetime.strftime("%Y-%m-%d %H:%M:%S")
|
24
|
+
if severity == "INFO" or severity == "WARN"
|
25
|
+
"[#{date_format}] #{severity} (dawn): #{msg}\n"
|
26
|
+
else
|
27
|
+
"[#{date_format}] #{severity} (dawn): #{msg}\n"
|
28
|
+
end
|
29
|
+
end
|
23
30
|
|
24
31
|
engine = nil
|
25
32
|
$debug=false
|
26
33
|
$verbose=false
|
27
34
|
|
28
35
|
|
29
|
-
options = Dawn::Core.read_conf(Dawn::Core.find_conf(true))
|
30
36
|
check = ""
|
31
37
|
guess = {:name=>"", :version=>"", :connected_gems=>[]}
|
32
38
|
|
33
39
|
Dawn::Cli::DawnCli.start
|
34
|
-
$logger.bye
|
35
40
|
Kernel.exit(0)
|
36
|
-
|
37
|
-
###############################################################################
|
38
|
-
# CLI argument start.
|
39
|
-
#
|
40
|
-
# Refactoring is necessary here
|
41
|
-
###############################################################################
|
42
|
-
begin
|
43
|
-
opts.each do |opt, val|
|
44
|
-
case opt
|
45
|
-
when '--version'
|
46
|
-
puts "#{Dawn::VERSION} [#{Dawn::CODENAME}]"
|
47
|
-
Kernel.exit(0)
|
48
|
-
when '--config-file'
|
49
|
-
options = Dawn::Core.read_conf(val)
|
50
|
-
when '--disable-cve-bulletins'
|
51
|
-
options[:enabled_checks].delete(:bulletin)
|
52
|
-
when '--disable-code-quality'
|
53
|
-
options[:enabled_checks].delete(:code_quality)
|
54
|
-
when '--disable-code-style'
|
55
|
-
options[:enabled_checks].delete(:code_style)
|
56
|
-
when '--disable-owasp-ror-cheatsheet'
|
57
|
-
options[:enabled_checks].delete(:owasp_ror_cheatsheet)
|
58
|
-
when '--disable-owasp-top-10'
|
59
|
-
options[:enabled_checks].delete(:owasp_top_10_1)
|
60
|
-
options[:enabled_checks].delete(:owasp_top_10_2)
|
61
|
-
options[:enabled_checks].delete(:owasp_top_10_3)
|
62
|
-
options[:enabled_checks].delete(:owasp_top_10_4)
|
63
|
-
options[:enabled_checks].delete(:owasp_top_10_5)
|
64
|
-
options[:enabled_checks].delete(:owasp_top_10_6)
|
65
|
-
options[:enabled_checks].delete(:owasp_top_10_7)
|
66
|
-
options[:enabled_checks].delete(:owasp_top_10_8)
|
67
|
-
options[:enabled_checks].delete(:owasp_top_10_9)
|
68
|
-
options[:enabled_checks].delete(:owasp_top_10_10)
|
69
|
-
when '--list-known-families'
|
70
|
-
printf "Dawn supports following check families:\n\n"
|
71
|
-
puts Dawn::Kb::BasicCheck.families
|
72
|
-
Kernel.exit(0)
|
73
|
-
when '--json'
|
74
|
-
options[:output] = "json"
|
75
|
-
when '--console'
|
76
|
-
options[:output] = "console"
|
77
|
-
when '--tabular'
|
78
|
-
options[:output] = "tabular"
|
79
|
-
when '--ascii-tabular-report'
|
80
|
-
$logger.warn "--ascii-tabular-report' it has been deprecated. It will be removed in version 2.0.0. Please use '--tabular' instead"
|
81
|
-
options[:output] = "tabular"
|
82
|
-
when '--html'
|
83
|
-
options[:output] = "html"
|
84
|
-
when '--file'
|
85
|
-
options[:filename] = val
|
86
|
-
when '--gem-lock'
|
87
|
-
options[:gemfile_scan] = true
|
88
|
-
$logger.warn "--gem-lock flag it has been deprecated. It will be removed in version 2.0.0. Please use '--dependencies' instead"
|
89
|
-
unless val.empty?
|
90
|
-
options[:gemfile_name] = val
|
91
|
-
guess = Dawn::Core.guess_mvc(val)
|
92
|
-
end
|
93
|
-
when '--dependencies'
|
94
|
-
options[:gemfile_scan] = true
|
95
|
-
unless val.empty?
|
96
|
-
options[:gemfile_name] = val
|
97
|
-
guess = Dawn::Core.guess_mvc(val)
|
98
|
-
end
|
99
|
-
|
100
|
-
when '--verbose'
|
101
|
-
options[:verbose]=true
|
102
|
-
when '--count-only'
|
103
|
-
options[:output] = "count"
|
104
|
-
when '--debug'
|
105
|
-
options[:debug] = true
|
106
|
-
when '--exit-on-warn'
|
107
|
-
options[:exit_on_warn] = true
|
108
|
-
|
109
|
-
when '--search-knowledge-base'
|
110
|
-
found = Dawn::KnowledgeBase.find(nil, val)
|
111
|
-
puts "#{val} found in knowledgebase." if found
|
112
|
-
puts "#{val} not found in knowledgebase" if ! found
|
113
|
-
Kernel.exit(0)
|
114
|
-
when '--list-scan-registry'
|
115
|
-
puts "#{APPNAME} scan registry\n\n"
|
116
|
-
Dawn::Registry.dump
|
117
|
-
Kernel.exit(0)
|
118
|
-
|
119
|
-
when '--list-knowledge-base'
|
120
|
-
Dawn::KnowledgeBase.dump(options[:verbose])
|
121
|
-
Kernel.exit(0)
|
122
|
-
when '--list-known-framework'
|
123
|
-
puts "Ruby MVC framework supported by #{APPNAME}:"
|
124
|
-
LIST_KNOWN_FRAMEWORK.each do |mvc|
|
125
|
-
puts "* #{mvc}"
|
126
|
-
end
|
127
|
-
Kernel.exit(0)
|
128
|
-
when '--help'
|
129
|
-
Kernel.exit(Dawn::Core.help)
|
130
|
-
end
|
131
|
-
end
|
132
|
-
rescue GetoptLong::InvalidOption => e
|
133
|
-
$logger.helo APPNAME, Dawn::VERSION
|
134
|
-
$logger.error e.message
|
135
|
-
Kernel.exit(Dawn::Core.help)
|
136
|
-
end
|
137
|
-
###############################################################################
|
138
|
-
# CLI argument stop
|
139
|
-
###############################################################################
|
140
|
-
|
141
|
-
target=ARGV.shift
|
142
|
-
|
143
|
-
target = File.expand_path(".") if target == "."
|
144
|
-
|
145
|
-
|
146
|
-
## It will be migrated to active record in 2019
|
147
|
-
# r = Dawn::Registry.new
|
148
|
-
|
149
|
-
# unless Dir.exist?(Dawn::Core.registry_db_folder)
|
150
|
-
# FileUtils.mkdir_p(Dawn::Core.registry_db_folder)
|
151
|
-
# $logger.info "#{Dawn::Core.registry_db_folder} created" if Dir.exist?(Dawn::Core.registry_db_folder)
|
152
|
-
# end
|
153
|
-
|
154
|
-
trap("INT") { $logger.die('[INTERRUPTED]') }
|
155
|
-
$logger.die("missing target") if target.nil? && options[:gemfile_name].empty?
|
156
|
-
$logger.die("invalid directory (#{target})") if options[:gemfile_name].empty? &&! Dawn::Core.is_good_target?(target)
|
157
|
-
$logger.debug("security check enabled: #{options[:enabled_checks]}") if options[:debug]
|
158
|
-
|
159
|
-
## MVC auto detect.
|
160
|
-
|
161
|
-
# Skipping MVC autodetect if it's already been done by guess_mvc when choosing
|
162
|
-
# Gemfile.lock scan
|
163
|
-
|
164
|
-
unless options[:gemfile_scan]
|
165
|
-
begin
|
166
|
-
engine = Dawn::Core.detect_mvc(target)
|
167
|
-
$logger.debug("using #{engine.class.name} engine via autodect") if options[:debug]
|
168
|
-
rescue ArgumentError => e
|
169
|
-
# r.do_save({:target=>File.basename(target), :scan_started=>DateTime.now, :scan_duration => 0, :issues_found=> -1, :output_dir=> "", :message=>e.message, :scan_status=>:failed})
|
170
|
-
$logger.die(e.message)
|
171
|
-
end
|
172
|
-
else
|
173
|
-
engine = Dawn::GemfileLock.new(target, options[:gemfile_name], guess) # if options[:gemfile_scan]
|
174
|
-
end
|
175
|
-
|
176
|
-
|
177
|
-
if engine.nil?
|
178
|
-
$logger.error("MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues")
|
179
|
-
# r.do_save({:target=>File.basename(target), :message=>"MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues", :scan_status=>:failed})
|
180
|
-
$logger.die('ruby framework auto detect failed.')
|
181
|
-
end
|
182
|
-
## end MVC auto detect.
|
183
|
-
|
184
|
-
if options[:exit_on_warn]
|
185
|
-
Kernel.at_exit do
|
186
|
-
if engine.count_vulnerabilities != 0
|
187
|
-
Kernel.exit(engine.count_vulnerabilities)
|
188
|
-
end
|
189
|
-
end
|
190
|
-
end
|
191
|
-
|
192
|
-
if options[:debug]
|
193
|
-
$logger.warn "putting engine in debug mode"
|
194
|
-
engine.debug = true
|
195
|
-
end
|
196
|
-
|
197
|
-
$logger.warn "this is a development Dawn version" if Dawn::RELEASE == "(development)"
|
198
|
-
|
199
|
-
if engine.nil?
|
200
|
-
# r.do_save({:target=>File.basename(target), :message=>"missing target framework option", :scan_status=>:failed})
|
201
|
-
$logger.die "missing target framework option"
|
202
|
-
end
|
203
|
-
|
204
|
-
if ! options[:gemfile_scan] && ! engine.can_apply?
|
205
|
-
# r.do_save({:target=>File.basename(target), :message=>"nothing to do on #{target}", :scan_status=>:failed})
|
206
|
-
$logger.die "nothing to do on #{target}"
|
207
|
-
end
|
208
|
-
|
209
|
-
engine.load_knowledge_base(options[:enabled_checks])
|
210
|
-
ret = engine.apply_all
|
211
|
-
|
212
|
-
if options[:output] == "count"
|
213
|
-
STDERR.puts (ret)? engine.vulnerabilities.count : "-1" unless options[:output] == "json"
|
214
|
-
STDERR.puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json if options[:output] == "json"
|
215
|
-
|
216
|
-
# r.do_save({:target=>engine.target, :scan_started=>engine.scan_start, :scan_duration => engine.scan_time.round(3), :issues_found=>engine.vulnerabilities.count, :output_dir=>engine.output_dir_name, :scan_status=>:completed})
|
217
|
-
$logger.bye
|
218
|
-
Kernel.exit(0)
|
219
|
-
end
|
220
|
-
|
221
|
-
Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret, :format=>options[:output].to_sym, :filename=>options[:filename]}).report
|
222
|
-
#if (r.do_save({:target=>File.basename(engine.target),
|
223
|
-
# :scan_started=>engine.scan_start,
|
224
|
-
# :scan_duration => engine.scan_time.round(3),
|
225
|
-
# :issues_found=>engine.vulnerabilities.count,
|
226
|
-
# :output_dir=>engine.output_dir_name,
|
227
|
-
# :scan_status=>:completed}))
|
228
|
-
# $logger.info "#{Dawn::Core.registry_db_name} updated with scan infos"
|
229
|
-
#else
|
230
|
-
# r.errors.each do |error|
|
231
|
-
# $logger.error error
|
232
|
-
# end
|
233
|
-
#end
|
@@ -0,0 +1 @@
|
|
1
|
+
04dc5b15006b4ee5912b789160756c57b4c9036a
|
data/lib/dawn/cli/dawn_cli.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'thor'
|
2
|
+
require 'dawn/utils'
|
2
3
|
|
3
4
|
module Dawn
|
4
5
|
module Cli
|
@@ -6,6 +7,7 @@ module Dawn
|
|
6
7
|
# This class is responsible for the "dawn kb" command and related
|
7
8
|
# subcommands.
|
8
9
|
class Kb < Thor
|
10
|
+
package_name "dawnscanner"
|
9
11
|
desc "search", "Searches the knowledge base for a given security test"
|
10
12
|
def search(string)
|
11
13
|
kb = Dawn::KnowledgeBase.instance
|
@@ -19,14 +21,13 @@ module Dawn
|
|
19
21
|
Dawn::KnowledgeBase.enabled_checks=[:bulletin, :generic_check]
|
20
22
|
kb = Dawn::KnowledgeBase.instance
|
21
23
|
kb.load
|
24
|
+
if kb.security_checks.empty?
|
25
|
+
$logger.error(kb.error)
|
26
|
+
end
|
27
|
+
|
28
|
+
$logger.info("" + kb.security_checks.count.to_s + " security checks loaded")
|
22
29
|
if kb.is_packed?
|
23
30
|
$logger.error "The knowledge base is packed. It must be unpacked with the 'unpack' command before it can be used"
|
24
|
-
else
|
25
|
-
if kb.is_valid?
|
26
|
-
$logger.info "Good Knowledge base found"
|
27
|
-
else
|
28
|
-
$logger.error "Invalid knowledge base found"
|
29
|
-
end
|
30
31
|
end
|
31
32
|
$logger.bye
|
32
33
|
Kernel.exit(0)
|
@@ -34,7 +35,9 @@ module Dawn
|
|
34
35
|
end
|
35
36
|
|
36
37
|
class DawnCli < Thor
|
38
|
+
package_name "dawnscanner"
|
37
39
|
class_option :verbose, :type=>:boolean
|
40
|
+
class_option :debug, :type=>:boolean
|
38
41
|
|
39
42
|
map %w[--version -v] => :__print_version
|
40
43
|
|
@@ -48,16 +51,14 @@ module Dawn
|
|
48
51
|
subcommand "kb", Dawn::Cli::Kb
|
49
52
|
|
50
53
|
desc "scan", "scans a folder for security issues"
|
54
|
+
option :config_file
|
51
55
|
option :gemfile, :type=>:boolean
|
52
56
|
option :exit_on_warn, :type=>:boolean
|
53
|
-
option :debug, :type=>:boolean
|
54
|
-
option :verbose, :type=>:boolean
|
55
57
|
option :count, :type=>:boolean
|
56
58
|
option :output
|
57
59
|
|
58
60
|
def scan(target)
|
59
61
|
$logger.helo APPNAME, Dawn::VERSION
|
60
|
-
$logger.debug "scanning #{target}"
|
61
62
|
trap("INT") { $logger.die('[INTERRUPTED]') }
|
62
63
|
|
63
64
|
$logger.die("invalid directory (#{target})") unless Dawn::Core.is_good_target?(target)
|
@@ -65,7 +66,19 @@ module Dawn
|
|
65
66
|
$debug = true if options[:debug]
|
66
67
|
$verbose = true if options[:verbose]
|
67
68
|
|
68
|
-
|
69
|
+
debug_me("scanning #{target}")
|
70
|
+
|
71
|
+
$config_file= Dawn::Core.find_conf(true) if options[:config_file].nil?
|
72
|
+
$config = Dawn::Core.read_conf($config_file)
|
73
|
+
|
74
|
+
$telemetry_url = $config[:telemetry][:endpoint] if $config[:telemetry][:enabled]
|
75
|
+
debug_me("telemetry url is " + $telemetry_url) unless @telemetry_url.nil?
|
76
|
+
$telemetry_id = $config[:telemetry][:id] if $config[:telemetry][:enabled]
|
77
|
+
|
78
|
+
debug_me("telemetry id is " + $telemetry_id) unless @telemetry_id.nil?
|
79
|
+
$logger.info("telemetry is disabled in config file") unless $config[:telemetry][:enabled]
|
80
|
+
|
81
|
+
engine = Dawn::Core.detect_mvc(target) unless options[:gemfile]
|
69
82
|
engine = Dawn::GemfileLock.new(target) if options[:gemfile]
|
70
83
|
|
71
84
|
if engine.nil?
|
@@ -83,17 +96,17 @@ module Dawn
|
|
83
96
|
|
84
97
|
|
85
98
|
engine.load_knowledge_base
|
99
|
+
|
86
100
|
ret = engine.apply_all
|
87
101
|
if options[:output]
|
88
102
|
STDERR.puts (ret)? engine.vulnerabilities.count : "-1" unless options[:output] == "json"
|
89
103
|
STDERR.puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json if options[:output] == "json"
|
90
|
-
|
91
|
-
# r.do_save({:target=>engine.target, :scan_started=>engine.scan_start, :scan_duration => engine.scan_time.round(3), :issues_found=>engine.vulnerabilities.count, :output_dir=>engine.output_dir_name, :scan_status=>:completed})
|
92
104
|
$logger.bye
|
93
105
|
Kernel.exit(0)
|
94
106
|
end
|
95
107
|
|
96
108
|
Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret}).report
|
109
|
+
$logger.bye
|
97
110
|
|
98
111
|
Kernel.exit(0)
|
99
112
|
|
data/lib/dawn/core.rb
CHANGED
@@ -112,6 +112,7 @@ module Dawn
|
|
112
112
|
fn = p + conf_name if p.start_with?('/')
|
113
113
|
# if outside $HOME the config file must be hidden
|
114
114
|
fn = File.expand_path(p) + '/.'+conf_name if ! p.start_with?('/')
|
115
|
+
debug_me("found a config file: " + fn) if File.exist?(fn)
|
115
116
|
return fn if File.exist?(fn)
|
116
117
|
end
|
117
118
|
|
@@ -122,7 +123,7 @@ module Dawn
|
|
122
123
|
|
123
124
|
# If create_if_none flag is set to true, than I'll create a config file
|
124
125
|
# on the current directory with the default configuration.
|
125
|
-
conf = {
|
126
|
+
conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
|
126
127
|
|
127
128
|
# Calculate the conf file path
|
128
129
|
conf_path = File.expand_path('~') +'/.'+conf_name
|
@@ -131,6 +132,7 @@ module Dawn
|
|
131
132
|
File.open(conf_path, 'w') do |f|
|
132
133
|
rv = f.write(YAML.dump(conf))
|
133
134
|
end
|
135
|
+
debug_me(conf_path)
|
134
136
|
|
135
137
|
conf_path
|
136
138
|
end
|
@@ -138,6 +140,7 @@ module Dawn
|
|
138
140
|
def self.read_conf(file=nil)
|
139
141
|
conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
|
140
142
|
begin
|
143
|
+
debug_me("returning a default config") if file.nil? or ! File.exist?(file)
|
141
144
|
return conf if file.nil?
|
142
145
|
file = file.chop if (not file.nil? and file.end_with? '/')
|
143
146
|
return conf if ! File.exist?(file)
|
@@ -146,9 +149,9 @@ module Dawn
|
|
146
149
|
return conf
|
147
150
|
end
|
148
151
|
|
149
|
-
|
152
|
+
cf = YAML.load_file(file)
|
150
153
|
|
151
|
-
|
154
|
+
tm = cf[:telemetry]
|
152
155
|
cc = cf[:enabled_checks]
|
153
156
|
|
154
157
|
# TODO
|
@@ -157,6 +160,7 @@ module Dawn
|
|
157
160
|
conf[:debug] = cf["debug"] unless cf["debug"].nil?
|
158
161
|
conf[:output] = cf["output"] unless cf["output"].nil?
|
159
162
|
conf[:enabled_checks] = cc unless cc.nil?
|
163
|
+
conf[:telemetry] = tm unless tm.nil?
|
160
164
|
|
161
165
|
return conf
|
162
166
|
end
|
data/lib/dawn/engine.rb
CHANGED
@@ -1,9 +1,11 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
require 'json'
|
3
|
+
require 'socket'
|
1
4
|
# Statistics stuff
|
2
5
|
# require 'code_metrics/statistics'
|
3
6
|
|
4
7
|
module Dawn
|
5
8
|
module Engine
|
6
|
-
include Dawn::Utils
|
7
9
|
|
8
10
|
attr_reader :target
|
9
11
|
attr_reader :name
|
@@ -66,6 +68,9 @@ module Dawn
|
|
66
68
|
@gemfile_lock_sudo = false
|
67
69
|
|
68
70
|
set_target(dir) unless dir.nil?
|
71
|
+
|
72
|
+
|
73
|
+
|
69
74
|
@ruby_version = get_ruby_version if dir.nil?
|
70
75
|
@gemfile_lock = options[:gemfile_name] unless options[:gemfile_name].nil?
|
71
76
|
|
@@ -106,6 +111,8 @@ module Dawn
|
|
106
111
|
# load_knowledge_base
|
107
112
|
end
|
108
113
|
|
114
|
+
|
115
|
+
|
109
116
|
def detect_views
|
110
117
|
[]
|
111
118
|
end
|
@@ -264,6 +271,8 @@ module Dawn
|
|
264
271
|
# otherwise
|
265
272
|
def apply(name)
|
266
273
|
|
274
|
+
telemetry
|
275
|
+
|
267
276
|
# FIXME.20140325
|
268
277
|
# Now if no checks are loaded because knowledge base was not previously called, apply and apply_all proudly refuse to run.
|
269
278
|
# Reason is simple, load_knowledge_base now needs enabled check array
|
@@ -285,10 +294,57 @@ module Dawn
|
|
285
294
|
false
|
286
295
|
end
|
287
296
|
|
297
|
+
def have_a_telemetry_id?
|
298
|
+
debug_me ($telemetry_id != "" and ! $telemetry_id.nil?)
|
299
|
+
return ($telemetry_id != "" and ! $telemetry_id.nil?)
|
300
|
+
|
301
|
+
end
|
302
|
+
|
303
|
+
def get_a_telemetry_id
|
304
|
+
return "" if ($telemetry_url == "" or $telemetry_url.nil?)
|
305
|
+
debug_me("T: " + $telemetry_url)
|
306
|
+
|
307
|
+
url = URI.parse($telemetry_url+"/new")
|
308
|
+
res = Net::HTTP.get_response(url)
|
309
|
+
|
310
|
+
return "" unless res.code.to_i == 200
|
311
|
+
return JSON.parse(res.body)["uuid"]
|
312
|
+
end
|
313
|
+
|
314
|
+
def telemetry
|
315
|
+
unless have_a_telemetry_id?
|
316
|
+
$telemetry_id = get_a_telemetry_id
|
317
|
+
$config[:telemetry][:id] = $telemetry_id
|
318
|
+
debug_me($config)
|
319
|
+
debug_me("saving config to " + $config_name)
|
320
|
+
File.open($config_name, 'w') { |f| f.write $config.to_yaml }
|
321
|
+
end
|
322
|
+
|
323
|
+
debug_me("Telemetry ID is: " + $telemetry_id)
|
324
|
+
|
325
|
+
uri=URI.parse($telemetry_url+"/"+$telemetry_id)
|
326
|
+
header = {'Content-Type': 'text/json'}
|
327
|
+
tele = { "kb_version" => Dawn::KnowledgeBase::VERSION ,
|
328
|
+
"ip" => Socket.ip_address_list.detect{|intf| intf.ipv4_private?}.ip_address,
|
329
|
+
"message"=> Dawn::KnowledgeBase
|
330
|
+
}
|
331
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
332
|
+
request = Net::HTTP::Post.new(uri.request_uri, header)
|
333
|
+
request.body = tele.to_json
|
334
|
+
|
335
|
+
response=http.request(request)
|
336
|
+
debug_me(response.inspect)
|
337
|
+
|
338
|
+
return true
|
339
|
+
|
340
|
+
end
|
341
|
+
|
288
342
|
def apply_all
|
289
343
|
@scan_start = Time.now
|
290
344
|
debug_me("SCAN STARTED: #{@scan_start}")
|
291
345
|
|
346
|
+
telemetry
|
347
|
+
|
292
348
|
# FIXME.20140325
|
293
349
|
# Now if no checks are loaded because knowledge base was not previously called, apply and apply_all proudly refuse to run.
|
294
350
|
# Reason is simple, load_knowledge_base now needs enabled check array
|
data/lib/dawn/kb/basic_check.rb
CHANGED
data/lib/dawn/knowledge_base.rb
CHANGED
@@ -56,11 +56,10 @@ module Dawn
|
|
56
56
|
#
|
57
57
|
# Last update: gio 29 nov 2018, 17.34.57, CET
|
58
58
|
class KnowledgeBase
|
59
|
-
include Dawn::Utils
|
60
59
|
include Singleton
|
61
60
|
|
62
61
|
@@path = ""
|
63
|
-
|
62
|
+
@error = ""
|
64
63
|
@@enabled_checks = [:generic_check, :code_quality, :bulletin, :code_style, :owasp_top_10]
|
65
64
|
|
66
65
|
|
@@ -80,6 +79,7 @@ module Dawn
|
|
80
79
|
attr_reader :security_checks
|
81
80
|
attr_reader :descriptor
|
82
81
|
attr_reader :path
|
82
|
+
attr_reader :error
|
83
83
|
|
84
84
|
def initialize(options={})
|
85
85
|
if $logger.nil?
|
@@ -90,7 +90,7 @@ module Dawn
|
|
90
90
|
@path=@@path
|
91
91
|
@enabled_checks = @@enabled_checks
|
92
92
|
|
93
|
-
|
93
|
+
debug_me "KB root path is #{@path}"
|
94
94
|
end
|
95
95
|
|
96
96
|
def self.enabled_checks= checks
|
@@ -112,7 +112,7 @@ module Dawn
|
|
112
112
|
|
113
113
|
|
114
114
|
def find(name)
|
115
|
-
|
115
|
+
debug_me "I'm asked to find #{name}"
|
116
116
|
end
|
117
117
|
|
118
118
|
def unpack
|
@@ -158,12 +158,12 @@ module Dawn
|
|
158
158
|
# $path = File.join(Dir.pwd, "db")
|
159
159
|
|
160
160
|
unless __valid?
|
161
|
-
|
161
|
+
@error = "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
|
162
162
|
return []
|
163
163
|
end
|
164
164
|
|
165
165
|
unless __load?
|
166
|
-
|
166
|
+
@error = "The library must be consumed with dawnscanner up to v#{@descriptor[:kb][:api]}. You are using dawnscanner v#{Dawn::VERSION}"
|
167
167
|
return []
|
168
168
|
end
|
169
169
|
|
@@ -187,7 +187,7 @@ module Dawn
|
|
187
187
|
|
188
188
|
end
|
189
189
|
|
190
|
-
|
190
|
+
debug_me "#{@security_checks.count}"
|
191
191
|
return @security_checks
|
192
192
|
end
|
193
193
|
|
@@ -236,7 +236,7 @@ module Dawn
|
|
236
236
|
|
237
237
|
v = __verify_hash(hash_orig, hash_file)
|
238
238
|
if v
|
239
|
-
|
239
|
+
debug_me("good kb.yaml file found. Reading knowledge base descriptor")
|
240
240
|
@descriptor = YAML.load(lines)
|
241
241
|
else
|
242
242
|
$logger.error("kb.yaml signature mismatch. Found #{hash_file} while expecting #{hash_orig}. Giving up")
|
@@ -263,7 +263,7 @@ module Dawn
|
|
263
263
|
require "dawn/kb/version_check"
|
264
264
|
|
265
265
|
vc = Dawn::Kb::VersionCheck.new
|
266
|
-
return true if vc.is_higher?(
|
266
|
+
return true if vc.is_higher?(v, api) # => true if v > api
|
267
267
|
return false
|
268
268
|
end
|
269
269
|
|
data/lib/dawn/version.rb
CHANGED
data/lib/dawnscanner.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
require "dawn/utils"
|
2
1
|
require "dawn/core"
|
3
2
|
require "dawn/version"
|
4
3
|
require "dawn/rails"
|
@@ -12,6 +11,7 @@ require "dawn/cli/dawn_cli"
|
|
12
11
|
|
13
12
|
# KB
|
14
13
|
require "dawn/knowledge_base"
|
15
|
-
|
16
|
-
#
|
17
|
-
|
14
|
+
|
15
|
+
# General purpose utilities
|
16
|
+
require "dawn/utils"
|
17
|
+
include Dawn::Utils
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dawnscanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.0.
|
4
|
+
version: 2.0.0.rc2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paolo Perego
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cvss
|
@@ -287,6 +287,7 @@ files:
|
|
287
287
|
- checksum/dawnscanner-1.6.6.gem.sha1
|
288
288
|
- checksum/dawnscanner-1.6.7.gem.sha1
|
289
289
|
- checksum/dawnscanner-1.6.8.gem.sha1
|
290
|
+
- checksum/dawnscanner-2.0.0.rc1.gem.sha1
|
290
291
|
- code_of_conduct.md
|
291
292
|
- dawnscanner.gemspec
|
292
293
|
- doc/change.sh
|