nasl-pedant 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- data/README.md +1 -1
- data/lib/pedant/checks/contains_display.rb +53 -0
- data/lib/pedant/checks/contains_unreachable_code.rb +4 -1
- data/lib/pedant/checks/get_byte_used.rb +62 -0
- data/lib/pedant/checks/script_missing_audit_inc.rb +67 -0
- data/lib/pedant/checks/script_not_signed_and_using_secret_kb_item.rb +90 -0
- data/lib/pedant/checks/script_not_signed_and_using_trusted_function.rb +195 -0
- data/lib/pedant/checks/socket_leak.rb +189 -0
- data/lib/pedant/version.rb +1 -1
- data/pedant.gemspec +1 -0
- data/test/unit/checks/test_contains_display.rb +53 -0
- data/test/unit/checks/test_contains_unreachable_code.rb +14 -0
- data/test/unit/checks/test_get_byte_used.rb +105 -0
- data/test/unit/checks/test_script_missing_audit_inc.rb +61 -0
- data/test/unit/checks/test_script_not_signed_and_using_secret_kb_item.rb +251 -0
- data/test/unit/checks/test_script_not_signed_and_using_trusted_functions.rb +89 -0
- data/test/unit/checks/test_socket_leak.rb +174 -0
- metadata +44 -13
@@ -0,0 +1,251 @@
|
|
1
|
+
################################################################################
|
2
|
+
# Copyright (c) 2016, Tenable Network Security
|
3
|
+
# All rights reserved.
|
4
|
+
#
|
5
|
+
# Redistribution and use in source and binary forms, with or without
|
6
|
+
# modification, are permitted provided that the following conditions are met:
|
7
|
+
#
|
8
|
+
# 1. Redistributions of source code must retain the above copyright notice, this
|
9
|
+
# list of conditions and the following disclaimer.
|
10
|
+
#
|
11
|
+
# 2. Redistributions in binary form must reproduce the above copyright notice,
|
12
|
+
# this list of conditions and the following disclaimer in the documentation
|
13
|
+
# and/or other materials provided with the distribution.
|
14
|
+
#
|
15
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
16
|
+
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
17
|
+
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
18
|
+
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
19
|
+
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
20
|
+
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
21
|
+
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
22
|
+
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
23
|
+
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
24
|
+
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
25
|
+
################################################################################
|
26
|
+
|
27
|
+
class TestScriptNotSignedAndUsingSecretKBItem < Test::Unit::TestCase
|
28
|
+
include Pedant::Test
|
29
|
+
|
30
|
+
def test_get_kb_item_and_not_signed
|
31
|
+
check(
|
32
|
+
:fail,
|
33
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
34
|
+
%q|get_kb_item("Secret/SSH/Username");|
|
35
|
+
)
|
36
|
+
end
|
37
|
+
|
38
|
+
def test_get_kb_item_and_signed
|
39
|
+
check(
|
40
|
+
:pass,
|
41
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
42
|
+
%q|#TRUSTED blah| +
|
43
|
+
%q|get_kb_item("Secret/SSH/Username");|
|
44
|
+
)
|
45
|
+
end
|
46
|
+
|
47
|
+
def test_rm_kb_item_and_not_signed
|
48
|
+
check(
|
49
|
+
:fail,
|
50
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
51
|
+
%q|rm_kb_item("Secret/SSH/Username");|
|
52
|
+
)
|
53
|
+
end
|
54
|
+
|
55
|
+
def test_rm_kb_item_and_signed
|
56
|
+
check(
|
57
|
+
:pass,
|
58
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
59
|
+
%q|#TRUSTED blah| +
|
60
|
+
%q|rm_kb_item("Secret/SSH/Username");|
|
61
|
+
)
|
62
|
+
end
|
63
|
+
|
64
|
+
def test_get_kb_list_and_not_signed
|
65
|
+
check(
|
66
|
+
:fail,
|
67
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
68
|
+
%q|get_kb_list("Secret/SSH/Username");|
|
69
|
+
)
|
70
|
+
end
|
71
|
+
|
72
|
+
def test_get_kb_list_and_signed
|
73
|
+
check(
|
74
|
+
:pass,
|
75
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
76
|
+
%q|#TRUSTED blah| +
|
77
|
+
%q|get_kb_list("Secret/SSH/Username");|
|
78
|
+
)
|
79
|
+
end
|
80
|
+
|
81
|
+
def test_replace_kb_item_and_not_signed
|
82
|
+
check(
|
83
|
+
:fail,
|
84
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
85
|
+
%q|replace_kb_item(name:"Secret/SSH/Username", value:"yoda");|
|
86
|
+
)
|
87
|
+
end
|
88
|
+
|
89
|
+
def test_replace_kb_item_and_signed
|
90
|
+
check(
|
91
|
+
:pass,
|
92
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
93
|
+
%q|#TRUSTED blah| +
|
94
|
+
%q|replace_kb_item(name:"Secret/SSH/Username", value:"yoda");|
|
95
|
+
)
|
96
|
+
end
|
97
|
+
|
98
|
+
def test_set_kb_item_and_not_signed
|
99
|
+
check(
|
100
|
+
:fail,
|
101
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
102
|
+
%q|set_kb_item(name:"Secret/SSH/Username", value:"yoda");|
|
103
|
+
)
|
104
|
+
end
|
105
|
+
|
106
|
+
def test_set_kb_item_and_signed
|
107
|
+
check(
|
108
|
+
:pass,
|
109
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
110
|
+
%q|#TRUSTED blah| +
|
111
|
+
%q|set_kb_item(name:"Secret/SSH/Username", value:"yoda");|
|
112
|
+
)
|
113
|
+
end
|
114
|
+
|
115
|
+
def test_script_require_keys_and_not_signed
|
116
|
+
check(
|
117
|
+
:fail,
|
118
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
119
|
+
%q|script_require_keys("Secret/SSH/Username");|
|
120
|
+
)
|
121
|
+
end
|
122
|
+
|
123
|
+
def test_script_require_keys_and_signed
|
124
|
+
check(
|
125
|
+
:pass,
|
126
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
127
|
+
%q|#TRUSTED blah| +
|
128
|
+
%q|script_require_keys("Secret/SSH/Username");|
|
129
|
+
)
|
130
|
+
end
|
131
|
+
|
132
|
+
def test_set_global_kb_item_and_not_signed
|
133
|
+
check(
|
134
|
+
:fail,
|
135
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
136
|
+
%q|set_global_kb_item(name:"Secret/SSH/Username", value:"yoda");|
|
137
|
+
)
|
138
|
+
end
|
139
|
+
|
140
|
+
def test_set_global_kb_item_and_signed
|
141
|
+
check(
|
142
|
+
:pass,
|
143
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
144
|
+
%q|#TRUSTED blah| +
|
145
|
+
%q|set_global_kb_item(name:"Secret/SSH/Username", value:"yoda");|
|
146
|
+
)
|
147
|
+
end
|
148
|
+
|
149
|
+
def test_get_global_kb_item_and_not_signed
|
150
|
+
check(
|
151
|
+
:fail,
|
152
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
153
|
+
%q|get_global_kb_item("Secret/SSH/Username");|
|
154
|
+
)
|
155
|
+
end
|
156
|
+
|
157
|
+
def test_get_global_kb_item_and_signed
|
158
|
+
check(
|
159
|
+
:pass,
|
160
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
161
|
+
%q|#TRUSTED blah| +
|
162
|
+
%q|get_global_kb_item("Secret/SSH/Username");|
|
163
|
+
)
|
164
|
+
end
|
165
|
+
|
166
|
+
def test_get_global_kb_list_and_not_signed
|
167
|
+
check(
|
168
|
+
:fail,
|
169
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
170
|
+
%q|get_global_kb_list("Secret/SSH/Username");|
|
171
|
+
)
|
172
|
+
end
|
173
|
+
|
174
|
+
def test_get_global_kb_list_and_signed
|
175
|
+
check(
|
176
|
+
:pass,
|
177
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
178
|
+
%q|#TRUSTED blah| +
|
179
|
+
%q|get_global_kb_list("Secret/SSH/Username");|
|
180
|
+
)
|
181
|
+
end
|
182
|
+
|
183
|
+
def test_get_kb_item_or_exit_and_not_signed
|
184
|
+
check(
|
185
|
+
:fail,
|
186
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
187
|
+
%q|get_kb_item_or_exit("Secret/SSH/Username");|
|
188
|
+
)
|
189
|
+
end
|
190
|
+
|
191
|
+
def test_get_kb_item_or_exit_and_signed
|
192
|
+
check(
|
193
|
+
:pass,
|
194
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
195
|
+
%q|#TRUSTED blah| +
|
196
|
+
%q|get_kb_item_or_exit("Secret/SSH/Username");|
|
197
|
+
)
|
198
|
+
end
|
199
|
+
|
200
|
+
def test_get_fresh_kb_item_and_not_signed
|
201
|
+
check(
|
202
|
+
:fail,
|
203
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
204
|
+
%q|get_fresh_kb_item("Secret/SSH/Username");|
|
205
|
+
)
|
206
|
+
end
|
207
|
+
|
208
|
+
def test_get_fresh_kb_item_and_signed
|
209
|
+
check(
|
210
|
+
:pass,
|
211
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
212
|
+
%q|#TRUSTED blah| +
|
213
|
+
%q|get_fresh_kb_item("Secret/SSH/Username");|
|
214
|
+
)
|
215
|
+
end
|
216
|
+
|
217
|
+
def test_set_kb_item_value_first_signed
|
218
|
+
check(
|
219
|
+
:pass,
|
220
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
221
|
+
%q|#TRUSTED blah| +
|
222
|
+
%q|set_kb_item(value:20, name:"Secret/SSH/Username");|
|
223
|
+
)
|
224
|
+
end
|
225
|
+
|
226
|
+
def test_set_kb_item_value_first_not_signed
|
227
|
+
check(
|
228
|
+
:fail,
|
229
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
230
|
+
%q|set_kb_item(value:20, name:"Secret/SSH/Username");|
|
231
|
+
)
|
232
|
+
end
|
233
|
+
|
234
|
+
def test_get_kb_item_name_expr_signed
|
235
|
+
check(
|
236
|
+
:pass,
|
237
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
238
|
+
%q|#TRUSTED blah| +
|
239
|
+
%q|get_kb_item(name:"Secret/"+var+"lol");|
|
240
|
+
)
|
241
|
+
end
|
242
|
+
|
243
|
+
def test_get_kb_item_name_expr_not_signed
|
244
|
+
check(
|
245
|
+
:fail,
|
246
|
+
:CheckScriptNotSignedAndUsingSecretKBItem,
|
247
|
+
%q|get_kb_item(name:"Secret/"+var+"lol");|
|
248
|
+
)
|
249
|
+
end
|
250
|
+
|
251
|
+
end
|
@@ -0,0 +1,89 @@
|
|
1
|
+
################################################################################
|
2
|
+
# Copyright (c) 2016, Tenable Network Security
|
3
|
+
# All rights reserved.
|
4
|
+
#
|
5
|
+
# Redistribution and use in source and binary forms, with or without
|
6
|
+
# modification, are permitted provided that the following conditions are met:
|
7
|
+
#
|
8
|
+
# 1. Redistributions of source code must retain the above copyright notice, this
|
9
|
+
# list of conditions and the following disclaimer.
|
10
|
+
#
|
11
|
+
# 2. Redistributions in binary form must reproduce the above copyright notice,
|
12
|
+
# this list of conditions and the following disclaimer in the documentation
|
13
|
+
# and/or other materials provided with the distribution.
|
14
|
+
#
|
15
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
16
|
+
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
17
|
+
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
18
|
+
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
19
|
+
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
20
|
+
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
21
|
+
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
22
|
+
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
23
|
+
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
24
|
+
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
25
|
+
################################################################################
|
26
|
+
|
27
|
+
class TestScriptNotSignedAndUsingTrustedFunction < Test::Unit::TestCase
|
28
|
+
include Pedant::Test
|
29
|
+
|
30
|
+
def test_bind_sock_tcp_not_signed
|
31
|
+
check(
|
32
|
+
:fail,
|
33
|
+
:CheckScriptNotSignedAndUsingTrustedFunction,
|
34
|
+
%q|var = bind_sock_tcp();|
|
35
|
+
)
|
36
|
+
end
|
37
|
+
|
38
|
+
def test_bind_sock_tcp_signed
|
39
|
+
check(
|
40
|
+
:pass,
|
41
|
+
:CheckScriptNotSignedAndUsingTrustedFunction,
|
42
|
+
%q|#TRUSTED blah| +
|
43
|
+
%q|var = bind_sock_tcp();|
|
44
|
+
)
|
45
|
+
end
|
46
|
+
|
47
|
+
def test_exec_cmds_not_signed
|
48
|
+
check(
|
49
|
+
:fail,
|
50
|
+
:CheckScriptNotSignedAndUsingTrustedFunction,
|
51
|
+
%q|var = exec_cmds(cmds:"lol");|
|
52
|
+
)
|
53
|
+
end
|
54
|
+
|
55
|
+
def test_exec_cmds_signed
|
56
|
+
check(
|
57
|
+
:pass,
|
58
|
+
:CheckScriptNotSignedAndUsingTrustedFunction,
|
59
|
+
%q|#TRUSTED blah| +
|
60
|
+
%q|var = exec_cmds(cmds:"lol");|
|
61
|
+
)
|
62
|
+
end
|
63
|
+
|
64
|
+
def test_http_send_recv3_with_target_not_signed
|
65
|
+
check(
|
66
|
+
:fail,
|
67
|
+
:CheckScriptNotSignedAndUsingTrustedFunction,
|
68
|
+
%q|var = http_send_recv3(target:blah);|
|
69
|
+
)
|
70
|
+
end
|
71
|
+
|
72
|
+
def test_http_send_recv3_with_target_signed
|
73
|
+
check(
|
74
|
+
:pass,
|
75
|
+
:CheckScriptNotSignedAndUsingTrustedFunction,
|
76
|
+
%q|#TRUSTED blah| +
|
77
|
+
%q|var = http_send_recv3(target:blah);|
|
78
|
+
)
|
79
|
+
end
|
80
|
+
|
81
|
+
def test_http_send_recv3_without_target_not_signed
|
82
|
+
check(
|
83
|
+
:pass,
|
84
|
+
:CheckScriptNotSignedAndUsingTrustedFunction,
|
85
|
+
%q|var = http_send_recv3(something:blah, something_else:blah2);|
|
86
|
+
)
|
87
|
+
end
|
88
|
+
|
89
|
+
end
|
@@ -0,0 +1,174 @@
|
|
1
|
+
################################################################################
|
2
|
+
# Copyright (c) 2016, Tenable Network Security
|
3
|
+
# All rights reserved.
|
4
|
+
#
|
5
|
+
# Redistribution and use in source and binary forms, with or without
|
6
|
+
# modification, are permitted provided that the following conditions are met:
|
7
|
+
#
|
8
|
+
# 1. Redistributions of source code must retain the above copyright notice, this
|
9
|
+
# list of conditions and the following disclaimer.
|
10
|
+
#
|
11
|
+
# 2. Redistributions in binary form must reproduce the above copyright notice,
|
12
|
+
# this list of conditions and the following disclaimer in the documentation
|
13
|
+
# and/or other materials provided with the distribution.
|
14
|
+
#
|
15
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
16
|
+
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
17
|
+
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
18
|
+
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
19
|
+
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
20
|
+
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
21
|
+
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
22
|
+
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
23
|
+
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
24
|
+
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
25
|
+
################################################################################
|
26
|
+
|
27
|
+
class TestSockLeak < Test::Unit::TestCase
|
28
|
+
include Pedant::Test
|
29
|
+
|
30
|
+
def test_none
|
31
|
+
check(
|
32
|
+
:pass,
|
33
|
+
:CheckSocketLeak,
|
34
|
+
%q||
|
35
|
+
)
|
36
|
+
end
|
37
|
+
|
38
|
+
def test_simple_no_close
|
39
|
+
check(
|
40
|
+
:warn,
|
41
|
+
:CheckSocketLeak,
|
42
|
+
%q|soc = open_sock_tcp(8080); exit(0);|
|
43
|
+
)
|
44
|
+
end
|
45
|
+
|
46
|
+
def test_good_close
|
47
|
+
check(
|
48
|
+
:pass,
|
49
|
+
:CheckSocketLeak,
|
50
|
+
%q|soc = open_sock_tcp(8080); close(soc);|
|
51
|
+
)
|
52
|
+
end
|
53
|
+
|
54
|
+
def test_wrong_handle_close
|
55
|
+
check(
|
56
|
+
:warn,
|
57
|
+
:CheckSocketLeak,
|
58
|
+
%q|soc = open_sock_tcp(8080); close(sock);|
|
59
|
+
)
|
60
|
+
end
|
61
|
+
|
62
|
+
def test_local_var_no_close
|
63
|
+
check(
|
64
|
+
:warn,
|
65
|
+
:CheckSocketLeak,
|
66
|
+
%q|local_var soc = open_sock_tcp(8080); exit(0);|
|
67
|
+
)
|
68
|
+
end
|
69
|
+
|
70
|
+
def test_local_var_close
|
71
|
+
check(
|
72
|
+
:pass,
|
73
|
+
:CheckSocketLeak,
|
74
|
+
%q|local_var soc = open_sock_tcp(8080); close(soc);|
|
75
|
+
)
|
76
|
+
end
|
77
|
+
|
78
|
+
def test_local_var_close_wrong_handle
|
79
|
+
check(
|
80
|
+
:warn,
|
81
|
+
:CheckSocketLeak,
|
82
|
+
%q|local_var soc = open_sock_tcp(8080); close(sock);|
|
83
|
+
)
|
84
|
+
end
|
85
|
+
|
86
|
+
# To avoid false positives the check won't mark returned sockets as leaks
|
87
|
+
def test_created_socket_returned
|
88
|
+
check(
|
89
|
+
:pass,
|
90
|
+
:CheckSocketLeak,
|
91
|
+
%q|soc = open_sock_tcp(8080); return soc;|
|
92
|
+
)
|
93
|
+
end
|
94
|
+
|
95
|
+
def test_local_if_close
|
96
|
+
check(
|
97
|
+
:pass,
|
98
|
+
:CheckSocketLeak,
|
99
|
+
%q|local_var soc = open_sock_tcp(8080); if (soc) close(soc); exit(0);|
|
100
|
+
)
|
101
|
+
end
|
102
|
+
|
103
|
+
def test_block_if_close
|
104
|
+
check(
|
105
|
+
:pass,
|
106
|
+
:CheckSocketLeak,
|
107
|
+
%q|local_var soc = open_sock_tcp(8080); if (soc) { local_var test = 0; close(soc); } exit(0);|
|
108
|
+
)
|
109
|
+
end
|
110
|
+
|
111
|
+
def test_ftp_close
|
112
|
+
check(
|
113
|
+
:pass,
|
114
|
+
:CheckSocketLeak,
|
115
|
+
%q|{ soc = open_sock_tcp(8080); ftp_close(soc); exit(0); };|
|
116
|
+
)
|
117
|
+
end
|
118
|
+
|
119
|
+
def test_smtp_close
|
120
|
+
check(
|
121
|
+
:pass,
|
122
|
+
:CheckSocketLeak,
|
123
|
+
%q|{ soc = open_sock_tcp(8080); smtp_close(soc); exit(0); };|
|
124
|
+
)
|
125
|
+
end
|
126
|
+
|
127
|
+
def test_http_open_close
|
128
|
+
check(
|
129
|
+
:pass,
|
130
|
+
:CheckSocketLeak,
|
131
|
+
%q|{ soc = http_open_socket(8080); http_close_socket(soc); exit(0); };|
|
132
|
+
)
|
133
|
+
end
|
134
|
+
|
135
|
+
def test_http_leak
|
136
|
+
check(
|
137
|
+
:warn,
|
138
|
+
:CheckSocketLeak,
|
139
|
+
%q|{ soc = http_open_socket(8080); exit(0); };|
|
140
|
+
)
|
141
|
+
end
|
142
|
+
|
143
|
+
def ignore_smb
|
144
|
+
check(
|
145
|
+
:pass,
|
146
|
+
:CheckSocketLeak,
|
147
|
+
%q|{ soc = http_open_socket(8080); session_init(0); };|
|
148
|
+
)
|
149
|
+
end
|
150
|
+
|
151
|
+
def ignore_ssh
|
152
|
+
check(
|
153
|
+
:pass,
|
154
|
+
:CheckSocketLeak,
|
155
|
+
%q|{ soc = open_sock_tcp(8080); ssh_close_connection(); };|
|
156
|
+
)
|
157
|
+
end
|
158
|
+
|
159
|
+
def test_ignore_soc_check
|
160
|
+
check(
|
161
|
+
:warn,
|
162
|
+
:CheckSocketLeak,
|
163
|
+
%q|{ soc = http_open_socket(8080); if (!soc) close(soc); exit(0); };|
|
164
|
+
)
|
165
|
+
end
|
166
|
+
|
167
|
+
def test_check_early_exit
|
168
|
+
check(
|
169
|
+
:warn,
|
170
|
+
:CheckSocketLeak,
|
171
|
+
%q|{ soc = open_sock_tcp(8080); if(test()) exit(1); close(soc); };|
|
172
|
+
)
|
173
|
+
end
|
174
|
+
end
|