dawnscanner 2.0.0.rc1 → 2.0.0.rc2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/Changelog.md +3 -0
  3. data/README.md +9 -0
  4. data/VERSION +1 -1
  5. data/bin/dawn +8 -201
  6. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  7. data/lib/dawn/cli/dawn_cli.rb +25 -12
  8. data/lib/dawn/core.rb +7 -3
  9. data/lib/dawn/engine.rb +57 -1
  10. data/lib/dawn/kb/basic_check.rb +0 -2
  11. data/lib/dawn/knowledge_base.rb +9 -9
  12. data/lib/dawn/version.rb +5 -5
  13. data/lib/dawnscanner.rb +4 -4
  14. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fedb521a49d75d72343489c68b9871fea0df9de953a3907dbe57e1ca375d5f65
4
- data.tar.gz: b1e3c420155adf6c0ed829fad272970bca0c17245fcfea1da38ebd2f69d6043c
3
+ metadata.gz: 2b6bee4d3b7a5f1fd9189a556dccfe88631e1eed526de637cc0d74dbecea9a71
4
+ data.tar.gz: f8ad2cf91ce1e212abcfd9732534512aa54794512853f8a200a6d8d0396d5c53
5
5
  SHA512:
6
- metadata.gz: f5f5496969dd2f55cde87c9156e2d4ee55b70516af1b73a08fad3b8c140ad008c77cfb12d701229539ef430caabb4cbfc4cd27413ebe13c4d19d38de8ca87b59
7
- data.tar.gz: 0727f9f752bbb2f99e977ae893cafd765fe602241894a793bfe8000e5327f92932059669313ed7bb0c167b9102d60afc4f3cdfaf229d702f42c750e828eb4b90
6
+ metadata.gz: 547d98cc3af2c146a7ad987e98c9b67f1f6f7237a669ed509dc08bbbc885d4c4638598b683624ce9efd627e70c6500d42f5d11204caa45a9c3f916a44c863ac5
7
+ data.tar.gz: b75df8fc99cee42cba08919c7a56ff4eb41e1b0c234502f779d5957ab40efde8f4bbd5ef1c562cc113dee4489d8c718fccb615dc2bf3688526b832c2c6bc9e28
data/Changelog.md CHANGED
@@ -14,6 +14,9 @@ _latest update: mer 28 nov 2018, 11.03.53, CET_
14
14
  invoke dawn the right way or use the 'dawn help' command
15
15
  * Added a new debug\_verbosely API for engines and checks
16
16
  * Removed rake osvdb[name] and rake cve[name] tasks
17
+ * Adding telemetry
18
+ * Dawn::Utils include refactory. Now it's available application wide
19
+ * debug information refactory.
17
20
 
18
21
  ## Version 1.6.9 - codename: Tow Mater (2018-11-28)
19
22
 
data/README.md CHANGED
@@ -12,6 +12,15 @@ box:
12
12
  * [Sinatra](http://www.sinatrarb.com)
13
13
  * [Padrino](http://www.padrinorb.com)
14
14
 
15
+ ## Quick update from April, 2019
16
+
17
+ We just released version 2.0.0 release candidate 1 with a YAML powered revamped
18
+ knowledge base. Please note that dawnscanner will include a telemetry facility
19
+ sending a POST on https://dawnscanner.org/telemetry with an application id and
20
+ some information about version and knowledge base.
21
+
22
+ We won't now and ever collect your source code on our side.
23
+
15
24
  ## Quick update from November, 2018
16
25
 
17
26
  As you can see dawnscanner is on hold since more then an year. Sorry for that.
data/VERSION CHANGED
@@ -12,4 +12,4 @@
12
12
  # | "Guido" | x.x.0 |
13
13
  # | "Luigi" | x.x.0 |
14
14
  # | "Doc Hudson" | x.x.0 |
15
- 2.0.0.rc1 - Finn McMissile
15
+ 2.0.0.rc2 - Finn McMissile
data/bin/dawn CHANGED
@@ -19,215 +19,22 @@ VALID_OUTPUT_FORMAT = %w(console json csv html)
19
19
 
20
20
  require 'logger'
21
21
  $logger = Logger.new(STDOUT)
22
- $logger.datetime_format = '%Y-%m-%d %H:%M:%S'
22
+ $logger.formatter = proc do |severity, datetime, progname, msg|
23
+ date_format = datetime.strftime("%Y-%m-%d %H:%M:%S")
24
+ if severity == "INFO" or severity == "WARN"
25
+ "[#{date_format}] #{severity} (dawn): #{msg}\n"
26
+ else
27
+ "[#{date_format}] #{severity} (dawn): #{msg}\n"
28
+ end
29
+ end
23
30
 
24
31
  engine = nil
25
32
  $debug=false
26
33
  $verbose=false
27
34
 
28
35
 
29
- options = Dawn::Core.read_conf(Dawn::Core.find_conf(true))
30
36
  check = ""
31
37
  guess = {:name=>"", :version=>"", :connected_gems=>[]}
32
38
 
33
39
  Dawn::Cli::DawnCli.start
34
- $logger.bye
35
40
  Kernel.exit(0)
36
-
37
- ###############################################################################
38
- # CLI argument start.
39
- #
40
- # Refactoring is necessary here
41
- ###############################################################################
42
- begin
43
- opts.each do |opt, val|
44
- case opt
45
- when '--version'
46
- puts "#{Dawn::VERSION} [#{Dawn::CODENAME}]"
47
- Kernel.exit(0)
48
- when '--config-file'
49
- options = Dawn::Core.read_conf(val)
50
- when '--disable-cve-bulletins'
51
- options[:enabled_checks].delete(:bulletin)
52
- when '--disable-code-quality'
53
- options[:enabled_checks].delete(:code_quality)
54
- when '--disable-code-style'
55
- options[:enabled_checks].delete(:code_style)
56
- when '--disable-owasp-ror-cheatsheet'
57
- options[:enabled_checks].delete(:owasp_ror_cheatsheet)
58
- when '--disable-owasp-top-10'
59
- options[:enabled_checks].delete(:owasp_top_10_1)
60
- options[:enabled_checks].delete(:owasp_top_10_2)
61
- options[:enabled_checks].delete(:owasp_top_10_3)
62
- options[:enabled_checks].delete(:owasp_top_10_4)
63
- options[:enabled_checks].delete(:owasp_top_10_5)
64
- options[:enabled_checks].delete(:owasp_top_10_6)
65
- options[:enabled_checks].delete(:owasp_top_10_7)
66
- options[:enabled_checks].delete(:owasp_top_10_8)
67
- options[:enabled_checks].delete(:owasp_top_10_9)
68
- options[:enabled_checks].delete(:owasp_top_10_10)
69
- when '--list-known-families'
70
- printf "Dawn supports following check families:\n\n"
71
- puts Dawn::Kb::BasicCheck.families
72
- Kernel.exit(0)
73
- when '--json'
74
- options[:output] = "json"
75
- when '--console'
76
- options[:output] = "console"
77
- when '--tabular'
78
- options[:output] = "tabular"
79
- when '--ascii-tabular-report'
80
- $logger.warn "--ascii-tabular-report' it has been deprecated. It will be removed in version 2.0.0. Please use '--tabular' instead"
81
- options[:output] = "tabular"
82
- when '--html'
83
- options[:output] = "html"
84
- when '--file'
85
- options[:filename] = val
86
- when '--gem-lock'
87
- options[:gemfile_scan] = true
88
- $logger.warn "--gem-lock flag it has been deprecated. It will be removed in version 2.0.0. Please use '--dependencies' instead"
89
- unless val.empty?
90
- options[:gemfile_name] = val
91
- guess = Dawn::Core.guess_mvc(val)
92
- end
93
- when '--dependencies'
94
- options[:gemfile_scan] = true
95
- unless val.empty?
96
- options[:gemfile_name] = val
97
- guess = Dawn::Core.guess_mvc(val)
98
- end
99
-
100
- when '--verbose'
101
- options[:verbose]=true
102
- when '--count-only'
103
- options[:output] = "count"
104
- when '--debug'
105
- options[:debug] = true
106
- when '--exit-on-warn'
107
- options[:exit_on_warn] = true
108
-
109
- when '--search-knowledge-base'
110
- found = Dawn::KnowledgeBase.find(nil, val)
111
- puts "#{val} found in knowledgebase." if found
112
- puts "#{val} not found in knowledgebase" if ! found
113
- Kernel.exit(0)
114
- when '--list-scan-registry'
115
- puts "#{APPNAME} scan registry\n\n"
116
- Dawn::Registry.dump
117
- Kernel.exit(0)
118
-
119
- when '--list-knowledge-base'
120
- Dawn::KnowledgeBase.dump(options[:verbose])
121
- Kernel.exit(0)
122
- when '--list-known-framework'
123
- puts "Ruby MVC framework supported by #{APPNAME}:"
124
- LIST_KNOWN_FRAMEWORK.each do |mvc|
125
- puts "* #{mvc}"
126
- end
127
- Kernel.exit(0)
128
- when '--help'
129
- Kernel.exit(Dawn::Core.help)
130
- end
131
- end
132
- rescue GetoptLong::InvalidOption => e
133
- $logger.helo APPNAME, Dawn::VERSION
134
- $logger.error e.message
135
- Kernel.exit(Dawn::Core.help)
136
- end
137
- ###############################################################################
138
- # CLI argument stop
139
- ###############################################################################
140
-
141
- target=ARGV.shift
142
-
143
- target = File.expand_path(".") if target == "."
144
-
145
-
146
- ## It will be migrated to active record in 2019
147
- # r = Dawn::Registry.new
148
-
149
- # unless Dir.exist?(Dawn::Core.registry_db_folder)
150
- # FileUtils.mkdir_p(Dawn::Core.registry_db_folder)
151
- # $logger.info "#{Dawn::Core.registry_db_folder} created" if Dir.exist?(Dawn::Core.registry_db_folder)
152
- # end
153
-
154
- trap("INT") { $logger.die('[INTERRUPTED]') }
155
- $logger.die("missing target") if target.nil? && options[:gemfile_name].empty?
156
- $logger.die("invalid directory (#{target})") if options[:gemfile_name].empty? &&! Dawn::Core.is_good_target?(target)
157
- $logger.debug("security check enabled: #{options[:enabled_checks]}") if options[:debug]
158
-
159
- ## MVC auto detect.
160
-
161
- # Skipping MVC autodetect if it's already been done by guess_mvc when choosing
162
- # Gemfile.lock scan
163
-
164
- unless options[:gemfile_scan]
165
- begin
166
- engine = Dawn::Core.detect_mvc(target)
167
- $logger.debug("using #{engine.class.name} engine via autodect") if options[:debug]
168
- rescue ArgumentError => e
169
- # r.do_save({:target=>File.basename(target), :scan_started=>DateTime.now, :scan_duration => 0, :issues_found=> -1, :output_dir=> "", :message=>e.message, :scan_status=>:failed})
170
- $logger.die(e.message)
171
- end
172
- else
173
- engine = Dawn::GemfileLock.new(target, options[:gemfile_name], guess) # if options[:gemfile_scan]
174
- end
175
-
176
-
177
- if engine.nil?
178
- $logger.error("MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues")
179
- # r.do_save({:target=>File.basename(target), :message=>"MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues", :scan_status=>:failed})
180
- $logger.die('ruby framework auto detect failed.')
181
- end
182
- ## end MVC auto detect.
183
-
184
- if options[:exit_on_warn]
185
- Kernel.at_exit do
186
- if engine.count_vulnerabilities != 0
187
- Kernel.exit(engine.count_vulnerabilities)
188
- end
189
- end
190
- end
191
-
192
- if options[:debug]
193
- $logger.warn "putting engine in debug mode"
194
- engine.debug = true
195
- end
196
-
197
- $logger.warn "this is a development Dawn version" if Dawn::RELEASE == "(development)"
198
-
199
- if engine.nil?
200
- # r.do_save({:target=>File.basename(target), :message=>"missing target framework option", :scan_status=>:failed})
201
- $logger.die "missing target framework option"
202
- end
203
-
204
- if ! options[:gemfile_scan] && ! engine.can_apply?
205
- # r.do_save({:target=>File.basename(target), :message=>"nothing to do on #{target}", :scan_status=>:failed})
206
- $logger.die "nothing to do on #{target}"
207
- end
208
-
209
- engine.load_knowledge_base(options[:enabled_checks])
210
- ret = engine.apply_all
211
-
212
- if options[:output] == "count"
213
- STDERR.puts (ret)? engine.vulnerabilities.count : "-1" unless options[:output] == "json"
214
- STDERR.puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json if options[:output] == "json"
215
-
216
- # r.do_save({:target=>engine.target, :scan_started=>engine.scan_start, :scan_duration => engine.scan_time.round(3), :issues_found=>engine.vulnerabilities.count, :output_dir=>engine.output_dir_name, :scan_status=>:completed})
217
- $logger.bye
218
- Kernel.exit(0)
219
- end
220
-
221
- Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret, :format=>options[:output].to_sym, :filename=>options[:filename]}).report
222
- #if (r.do_save({:target=>File.basename(engine.target),
223
- # :scan_started=>engine.scan_start,
224
- # :scan_duration => engine.scan_time.round(3),
225
- # :issues_found=>engine.vulnerabilities.count,
226
- # :output_dir=>engine.output_dir_name,
227
- # :scan_status=>:completed}))
228
- # $logger.info "#{Dawn::Core.registry_db_name} updated with scan infos"
229
- #else
230
- # r.errors.each do |error|
231
- # $logger.error error
232
- # end
233
- #end
data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 ADDED
@@ -0,0 +1 @@
1
+ 04dc5b15006b4ee5912b789160756c57b4c9036a
data/lib/dawn/cli/dawn_cli.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'thor'
2
+ require 'dawn/utils'
2
3
 
3
4
  module Dawn
4
5
  module Cli
@@ -6,6 +7,7 @@ module Dawn
6
7
  # This class is responsible for the "dawn kb" command and related
7
8
  # subcommands.
8
9
  class Kb < Thor
10
+ package_name "dawnscanner"
9
11
  desc "search", "Searches the knowledge base for a given security test"
10
12
  def search(string)
11
13
  kb = Dawn::KnowledgeBase.instance
@@ -19,14 +21,13 @@ module Dawn
19
21
  Dawn::KnowledgeBase.enabled_checks=[:bulletin, :generic_check]
20
22
  kb = Dawn::KnowledgeBase.instance
21
23
  kb.load
24
+ if kb.security_checks.empty?
25
+ $logger.error(kb.error)
26
+ end
27
+
28
+ $logger.info("" + kb.security_checks.count.to_s + " security checks loaded")
22
29
  if kb.is_packed?
23
30
  $logger.error "The knowledge base is packed. It must be unpacked with the 'unpack' command before it can be used"
24
- else
25
- if kb.is_valid?
26
- $logger.info "Good Knowledge base found"
27
- else
28
- $logger.error "Invalid knowledge base found"
29
- end
30
31
  end
31
32
  $logger.bye
32
33
  Kernel.exit(0)
@@ -34,7 +35,9 @@ module Dawn
34
35
  end
35
36
 
36
37
  class DawnCli < Thor
38
+ package_name "dawnscanner"
37
39
  class_option :verbose, :type=>:boolean
40
+ class_option :debug, :type=>:boolean
38
41
 
39
42
  map %w[--version -v] => :__print_version
40
43
 
@@ -48,16 +51,14 @@ module Dawn
48
51
  subcommand "kb", Dawn::Cli::Kb
49
52
 
50
53
  desc "scan", "scans a folder for security issues"
54
+ option :config_file
51
55
  option :gemfile, :type=>:boolean
52
56
  option :exit_on_warn, :type=>:boolean
53
- option :debug, :type=>:boolean
54
- option :verbose, :type=>:boolean
55
57
  option :count, :type=>:boolean
56
58
  option :output
57
59
 
58
60
  def scan(target)
59
61
  $logger.helo APPNAME, Dawn::VERSION
60
- $logger.debug "scanning #{target}"
61
62
  trap("INT") { $logger.die('[INTERRUPTED]') }
62
63
 
63
64
  $logger.die("invalid directory (#{target})") unless Dawn::Core.is_good_target?(target)
@@ -65,7 +66,19 @@ module Dawn
65
66
  $debug = true if options[:debug]
66
67
  $verbose = true if options[:verbose]
67
68
 
68
-
69
+ debug_me("scanning #{target}")
70
+
71
+ $config_file= Dawn::Core.find_conf(true) if options[:config_file].nil?
72
+ $config = Dawn::Core.read_conf($config_file)
73
+
74
+ $telemetry_url = $config[:telemetry][:endpoint] if $config[:telemetry][:enabled]
75
+ debug_me("telemetry url is " + $telemetry_url) unless @telemetry_url.nil?
76
+ $telemetry_id = $config[:telemetry][:id] if $config[:telemetry][:enabled]
77
+
78
+ debug_me("telemetry id is " + $telemetry_id) unless @telemetry_id.nil?
79
+ $logger.info("telemetry is disabled in config file") unless $config[:telemetry][:enabled]
80
+
81
+ engine = Dawn::Core.detect_mvc(target) unless options[:gemfile]
69
82
  engine = Dawn::GemfileLock.new(target) if options[:gemfile]
70
83
 
71
84
  if engine.nil?
@@ -83,17 +96,17 @@ module Dawn
83
96
 
84
97
 
85
98
  engine.load_knowledge_base
99
+
86
100
  ret = engine.apply_all
87
101
  if options[:output]
88
102
  STDERR.puts (ret)? engine.vulnerabilities.count : "-1" unless options[:output] == "json"
89
103
  STDERR.puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json if options[:output] == "json"
90
-
91
- # r.do_save({:target=>engine.target, :scan_started=>engine.scan_start, :scan_duration => engine.scan_time.round(3), :issues_found=>engine.vulnerabilities.count, :output_dir=>engine.output_dir_name, :scan_status=>:completed})
92
104
  $logger.bye
93
105
  Kernel.exit(0)
94
106
  end
95
107
 
96
108
  Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret}).report
109
+ $logger.bye
97
110
 
98
111
  Kernel.exit(0)
99
112
 
data/lib/dawn/core.rb CHANGED
@@ -112,6 +112,7 @@ module Dawn
112
112
  fn = p + conf_name if p.start_with?('/')
113
113
  # if outside $HOME the config file must be hidden
114
114
  fn = File.expand_path(p) + '/.'+conf_name if ! p.start_with?('/')
115
+ debug_me("found a config file: " + fn) if File.exist?(fn)
115
116
  return fn if File.exist?(fn)
116
117
  end
117
118
 
@@ -122,7 +123,7 @@ module Dawn
122
123
 
123
124
  # If create_if_none flag is set to true, than I'll create a config file
124
125
  # on the current directory with the default configuration.
125
- conf = {"config"=>{:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}}
126
+ conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
126
127
 
127
128
  # Calculate the conf file path
128
129
  conf_path = File.expand_path('~') +'/.'+conf_name
@@ -131,6 +132,7 @@ module Dawn
131
132
  File.open(conf_path, 'w') do |f|
132
133
  rv = f.write(YAML.dump(conf))
133
134
  end
135
+ debug_me(conf_path)
134
136
 
135
137
  conf_path
136
138
  end
@@ -138,6 +140,7 @@ module Dawn
138
140
  def self.read_conf(file=nil)
139
141
  conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
140
142
  begin
143
+ debug_me("returning a default config") if file.nil? or ! File.exist?(file)
141
144
  return conf if file.nil?
142
145
  file = file.chop if (not file.nil? and file.end_with? '/')
143
146
  return conf if ! File.exist?(file)
@@ -146,9 +149,9 @@ module Dawn
146
149
  return conf
147
150
  end
148
151
 
149
- c = YAML.load_file(file)
152
+ cf = YAML.load_file(file)
150
153
 
151
- cf = c["config"]
154
+ tm = cf[:telemetry]
152
155
  cc = cf[:enabled_checks]
153
156
 
154
157
  # TODO
@@ -157,6 +160,7 @@ module Dawn
157
160
  conf[:debug] = cf["debug"] unless cf["debug"].nil?
158
161
  conf[:output] = cf["output"] unless cf["output"].nil?
159
162
  conf[:enabled_checks] = cc unless cc.nil?
163
+ conf[:telemetry] = tm unless tm.nil?
160
164
 
161
165
  return conf
162
166
  end
data/lib/dawn/engine.rb CHANGED
@@ -1,9 +1,11 @@
1
+ require 'net/http'
2
+ require 'json'
3
+ require 'socket'
1
4
  # Statistics stuff
2
5
  # require 'code_metrics/statistics'
3
6
 
4
7
  module Dawn
5
8
  module Engine
6
- include Dawn::Utils
7
9
 
8
10
  attr_reader :target
9
11
  attr_reader :name
@@ -66,6 +68,9 @@ module Dawn
66
68
  @gemfile_lock_sudo = false
67
69
 
68
70
  set_target(dir) unless dir.nil?
71
+
72
+
73
+
69
74
  @ruby_version = get_ruby_version if dir.nil?
70
75
  @gemfile_lock = options[:gemfile_name] unless options[:gemfile_name].nil?
71
76
 
@@ -106,6 +111,8 @@ module Dawn
106
111
  # load_knowledge_base
107
112
  end
108
113
 
114
+
115
+
109
116
  def detect_views
110
117
  []
111
118
  end
@@ -264,6 +271,8 @@ module Dawn
264
271
  # otherwise
265
272
  def apply(name)
266
273
 
274
+ telemetry
275
+
267
276
  # FIXME.20140325
268
277
  # Now if no checks are loaded because knowledge base was not previously called, apply and apply_all proudly refuse to run.
269
278
  # Reason is simple, load_knowledge_base now needs enabled check array
@@ -285,10 +294,57 @@ module Dawn
285
294
  false
286
295
  end
287
296
 
297
+ def have_a_telemetry_id?
298
+ debug_me ($telemetry_id != "" and ! $telemetry_id.nil?)
299
+ return ($telemetry_id != "" and ! $telemetry_id.nil?)
300
+
301
+ end
302
+
303
+ def get_a_telemetry_id
304
+ return "" if ($telemetry_url == "" or $telemetry_url.nil?)
305
+ debug_me("T: " + $telemetry_url)
306
+
307
+ url = URI.parse($telemetry_url+"/new")
308
+ res = Net::HTTP.get_response(url)
309
+
310
+ return "" unless res.code.to_i == 200
311
+ return JSON.parse(res.body)["uuid"]
312
+ end
313
+
314
+ def telemetry
315
+ unless have_a_telemetry_id?
316
+ $telemetry_id = get_a_telemetry_id
317
+ $config[:telemetry][:id] = $telemetry_id
318
+ debug_me($config)
319
+ debug_me("saving config to " + $config_name)
320
+ File.open($config_name, 'w') { |f| f.write $config.to_yaml }
321
+ end
322
+
323
+ debug_me("Telemetry ID is: " + $telemetry_id)
324
+
325
+ uri=URI.parse($telemetry_url+"/"+$telemetry_id)
326
+ header = {'Content-Type': 'text/json'}
327
+ tele = { "kb_version" => Dawn::KnowledgeBase::VERSION ,
328
+ "ip" => Socket.ip_address_list.detect{|intf| intf.ipv4_private?}.ip_address,
329
+ "message"=> Dawn::KnowledgeBase
330
+ }
331
+ http = Net::HTTP.new(uri.host, uri.port)
332
+ request = Net::HTTP::Post.new(uri.request_uri, header)
333
+ request.body = tele.to_json
334
+
335
+ response=http.request(request)
336
+ debug_me(response.inspect)
337
+
338
+ return true
339
+
340
+ end
341
+
288
342
  def apply_all
289
343
  @scan_start = Time.now
290
344
  debug_me("SCAN STARTED: #{@scan_start}")
291
345
 
346
+ telemetry
347
+
292
348
  # FIXME.20140325
293
349
  # Now if no checks are loaded because knowledge base was not previously called, apply and apply_all proudly refuse to run.
294
350
  # Reason is simple, load_knowledge_base now needs enabled check array
data/lib/dawn/kb/basic_check.rb CHANGED
@@ -4,8 +4,6 @@ module Dawn
4
4
  module Kb
5
5
  module BasicCheck
6
6
 
7
- include Dawn::Utils
8
-
9
7
  attr_reader :title
10
8
  attr_reader :name
11
9
  attr_reader :cve
data/lib/dawn/knowledge_base.rb CHANGED
@@ -56,11 +56,10 @@ module Dawn
56
56
  #
57
57
  # Last update: gio 29 nov 2018, 17.34.57, CET
58
58
  class KnowledgeBase
59
- include Dawn::Utils
60
59
  include Singleton
61
60
 
62
61
  @@path = ""
63
- @@error = ""
62
+ @error = ""
64
63
  @@enabled_checks = [:generic_check, :code_quality, :bulletin, :code_style, :owasp_top_10]
65
64
 
66
65
 
@@ -80,6 +79,7 @@ module Dawn
80
79
  attr_reader :security_checks
81
80
  attr_reader :descriptor
82
81
  attr_reader :path
82
+ attr_reader :error
83
83
 
84
84
  def initialize(options={})
85
85
  if $logger.nil?
@@ -90,7 +90,7 @@ module Dawn
90
90
  @path=@@path
91
91
  @enabled_checks = @@enabled_checks
92
92
 
93
- $logger.debug "KB root path is #{@path}"
93
+ debug_me "KB root path is #{@path}"
94
94
  end
95
95
 
96
96
  def self.enabled_checks= checks
@@ -112,7 +112,7 @@ module Dawn
112
112
 
113
113
 
114
114
  def find(name)
115
- $logger.debug "I'm asked to find #{name}"
115
+ debug_me "I'm asked to find #{name}"
116
116
  end
117
117
 
118
118
  def unpack
@@ -158,12 +158,12 @@ module Dawn
158
158
  # $path = File.join(Dir.pwd, "db")
159
159
 
160
160
  unless __valid?
161
- @@error = "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
161
+ @error = "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
162
162
  return []
163
163
  end
164
164
 
165
165
  unless __load?
166
- @@error = "The library must be consumed with dawnscanner up to v#{@descriptor[:kb][:api]}. You are using dawnscanner v#{Dawn::VERSION}"
166
+ @error = "The library must be consumed with dawnscanner up to v#{@descriptor[:kb][:api]}. You are using dawnscanner v#{Dawn::VERSION}"
167
167
  return []
168
168
  end
169
169
 
@@ -187,7 +187,7 @@ module Dawn
187
187
 
188
188
  end
189
189
 
190
- $logger.debug "#{@security_checks.count}"
190
+ debug_me "#{@security_checks.count}"
191
191
  return @security_checks
192
192
  end
193
193
 
@@ -236,7 +236,7 @@ module Dawn
236
236
 
237
237
  v = __verify_hash(hash_orig, hash_file)
238
238
  if v
239
- $logger.info("good kb.yaml file found. Reading knowledge base descriptor")
239
+ debug_me("good kb.yaml file found. Reading knowledge base descriptor")
240
240
  @descriptor = YAML.load(lines)
241
241
  else
242
242
  $logger.error("kb.yaml signature mismatch. Found #{hash_file} while expecting #{hash_orig}. Giving up")
@@ -263,7 +263,7 @@ module Dawn
263
263
  require "dawn/kb/version_check"
264
264
 
265
265
  vc = Dawn::Kb::VersionCheck.new
266
- return true if vc.is_higher?(api, v) # => true if v > api
266
+ return true if vc.is_higher?(v, api) # => true if v > api
267
267
  return false
268
268
  end
269
269
 
data/lib/dawn/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Dawn
2
- VERSION = "2.0.0.rc1"
3
- CODENAME = "Finn McMissile"
4
- RELEASE = "(development)"
5
- BUILD = "7"
6
- COMMIT = "g653723d"
2
+ VERSION = "2.0.0.rc2"
3
+ CODENAME = "Finn McMissile"
4
+ RELEASE = "(development)"
5
+ BUILD = "4"
6
+ COMMIT = "g95c13be"
7
7
  end
data/lib/dawnscanner.rb CHANGED
@@ -1,4 +1,3 @@
1
- require "dawn/utils"
2
1
  require "dawn/core"
3
2
  require "dawn/version"
4
3
  require "dawn/rails"
@@ -12,6 +11,7 @@ require "dawn/cli/dawn_cli"
12
11
 
13
12
  # KB
14
13
  require "dawn/knowledge_base"
15
- # Datamapper classes
16
- #require 'data_mapper'
17
- #require "dawn/registry"
14
+
15
+ # General purpose utilities
16
+ require "dawn/utils"
17
+ include Dawn::Utils
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dawnscanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0.rc1
4
+ version: 2.0.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paolo Perego
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-09 00:00:00.000000000 Z
11
+ date: 2019-04-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cvss
@@ -287,6 +287,7 @@ files:
287
287
  - checksum/dawnscanner-1.6.6.gem.sha1
288
288
  - checksum/dawnscanner-1.6.7.gem.sha1
289
289
  - checksum/dawnscanner-1.6.8.gem.sha1
290
+ - checksum/dawnscanner-2.0.0.rc1.gem.sha1
290
291
  - code_of_conduct.md
291
292
  - dawnscanner.gemspec
292
293
  - doc/change.sh