nasl-pedant 0.0.3 → 0.0.4

data/Rakefile

@@ -1,3 +1,29 @@
+################################################################################
+# Copyright (c) 2011-2014, Tenable Network Security
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+################################################################################
+
 $LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
 
 require 'bundler/gem_tasks'
@@ -17,4 +43,16 @@ task :build => :compile do
   system "gem build pedant.gemspec"
 end
 
+task :tag_and_bag do
+	system "git tag -a v#{Pedant::VERSION} -m 'version #{Pedant::VERSION}'"
+	system "git push --tags"
+	system "git checkout master"
+	#system "git merge #{Pedant::VERSION}"
+	system "git push"
+end
+
+task :release => [:tag_and_bag, :build] do
+ 	system "gem push #{Pedant::APP_NAME}-#{Pedant::VERSION}.gem"
+end
+
 task :default => :compile

data/bin/pedant

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/pedant.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,7 @@
 require 'nasl'
 require 'pathname'
 require 'rainbow'
+require 'rainbow/ext/string'
 
 module Pedant
   def self.root
@@ -46,6 +47,7 @@ module Pedant
   autoload :Command,       'pedant/command'
   autoload :KnowledgeBase, 'pedant/knowledge_base'
   autoload :Test,          'pedant/test'
+  autoload :VERSION,       'pedant/version'
 end
 
 $LOAD_PATH.unshift(Pedant.lib.to_s)

data/lib/pedant/check.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -29,12 +29,12 @@ module Pedant
     attr_reader :result
 
     @@statuses = {
-      :died => 'DIED'.color(:red),
-      :fail => 'FAIL'.color(:red),
-      :pass => 'PASS'.color(:green),
-      :skip => 'SKIP'.color(:green),
-      :warn => 'WARN'.color(:yellow),
-      :void => 'VOID'.color(:magenta)
+      :died => Rainbow('DIED').color(:red),
+      :fail => Rainbow('FAIL').color(:red),
+      :pass => Rainbow('PASS').color(:green),
+      :skip => Rainbow('SKIP').color(:green),
+      :warn => Rainbow('WARN').color(:yellow),
+      :void => Rainbow('VOID').color(:magenta)
     }
 
     @@levels = [:error, :warn, :info]
@@ -57,6 +57,10 @@ module Pedant
       end
     end
 
+    def self.list
+      all.map{ |cls| cls.friendly_name }.sort
+    end
+
     def self.all
       (@_all ||= [])
     end
@@ -88,7 +92,11 @@ module Pedant
     end
 
     def report(level, text=nil)
-      if !text.nil?
+      unless text.nil?
+        if @@levels.index(level).nil?
+          raise "Reporting level #{level} is not known."
+        end
+
         @report << [level, text]
         return
       end
@@ -101,14 +109,14 @@ module Pedant
       msg << "\n" unless msg.empty?
 
       # Format the check's result.
-      msg = "[#{@@statuses[@result]}] #{self.name}\n#{msg}"
+      msg = "[#{@@statuses[@result]}] #{self.class.friendly_name}\n#{msg}"
 
       return msg
     end
 
-    def name
-      # Mangle the classes name to be more user-friendly.
-      self.class.name.gsub(/.*::/, '').gsub(/^Check/, '').gsub(/([A-Z][^A-Z]*)/, ' \1').strip
+    def self.friendly_name
+      # Mangle the class name to be more user-friendly.
+      self.name.gsub(/.*::/, '').gsub(/^Check/, '').gsub(/[A-Z][^A-Z]*/, ' \&').strip
     end
 
     def fail

data/lib/pedant/checks/conditional_or_loop_is_empty.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/pedant/checks/contains_ip_address_literals.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/pedant/checks/contains_no_carriage_returns.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/pedant/checks/contains_no_tabs.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/pedant/checks/contains_registration_section.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -41,7 +41,7 @@ module Pedant
 
       # Find the registration If statement.
       regs = tree.all(:If).select do |node|
-        (node.cond.is_a?(Nasl::Lvalue) && node.cond.ident.name == 'description')
+        (node.cond.is_a?(Nasl::Lvalue) && node.cond.ident.name == 'description' && node.cond.indexes == [])
       end
 
       # Ensure there's a registration section.
@@ -82,8 +82,14 @@ module Pedant
         return fail
       end
 
-      unless statement.name.name == 'exit'
-        report(:error, "The registration section ends with a call to #{statement.name.name}, not exit as expected.")
+      unless statement.name.indexes == []
+        report(:error, "The registration section ends with a call to something other than exit.")
+        report(:error, statement.context(reg))
+        return fail
+      end
+
+      unless statement.name.ident.name == 'exit'
+        report(:error, "The registration section ends with a call to #{statement.name.ident.name}, not exit as expected.")
         report(:error, statement.context(reg))
         return fail
       end

data/lib/pedant/checks/contains_unreachable_code.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -36,7 +36,7 @@ module Pedant
           # Check if the Node is capable of jumping out of the Block, without
           # resuming where it left off (i.e., Call). The exception is exit(),
           # which is a builtin Function that terminates execution.
-          if node.is_a?(Nasl::Break) || node.is_a?(Nasl::Continue) || node.is_a?(Nasl::Return) || (node.is_a?(Nasl::Call) && node.name.name == 'exit')
+          if node.is_a?(Nasl::Break) || node.is_a?(Nasl::Continue) || node.is_a?(Nasl::Return) || (node.is_a?(Nasl::Call) && node.name.ident.name == 'exit' && node.name.indexes == [])
             # If this is not the final node in the list, then there is
             # absolutely no way for the later nodes to be accessed.
             if node != list.last

data/lib/pedant/checks/ends_with_newline.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/pedant/checks/{files_parse_without_error.rb → files_parse_without_errors.rb}

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/pedant/checks/local_variable_unused.rb

@@ -0,0 +1,51 @@
+################################################################################
+# Copyright (c) 2011-2014, Tenable Network Security
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+################################################################################
+
+module Pedant
+  class CheckLocalVariableUnused < Check
+    def self.requires
+      super + [:trees]
+    end
+
+    def check(file, tree)
+      def check_function(id, blk)
+        report(:warn, "Function #{id.name} was not analyzed since this check is unfinished.")
+      end
+
+      # Local variable statements can technically occur anywhere, they only
+      # create new variables when found in functions.
+      tree.all(:Function).each { |fn| check_function(fn.name, fn.body) }
+    end
+
+    def run
+      # This check will pass by default.
+      pass
+
+      # Run this check on the tree from every file.
+      @kb[:trees].each { |file, tree| check(file, tree) }
+    end
+  end
+end

data/lib/pedant/checks/parse_test_code.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/pedant/checks/plugin_type_not_specified.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011-2012, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -39,7 +39,8 @@ module Pedant
       tree = @kb[:trees][@kb[:main]]
 
       tree.all(:Call).each do |node|
-        next unless node.name.name == 'script_set_attribute'
+        next unless node.name.ident.name == 'script_set_attribute'
+        next unless node.name.indexes == []
         next unless node.arg.has_key? 'attribute'
 
         # Pull out the attribute argument.
@@ -52,7 +53,7 @@ module Pedant
         next if !arg.is_a? Nasl::String
 
         # Ensure that the plugin type is valid.
-        unless ['combined', 'local', 'reputation', 'remote', 'settings', 'thirdparty'].include? arg.text
+        unless ['combined', 'local', 'reputation', 'remote', 'settings', 'summary', 'thirdparty'].include? arg.text
           report(:info, "Plugin is of unknown type #{arg.text}:\n#{arg.context(node)}")
           return fail
         end

data/lib/pedant/checks/script_category.rb

@@ -0,0 +1,111 @@
+################################################################################
+# Copyright (c) 2012, Mak Kolybabi
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+################################################################################
+
+module Pedant
+  class CheckScriptCategory < Check
+    def self.requires
+      super + [:main, :trees]
+    end
+
+    def run
+      # This check only applies to plugins.
+      return skip unless @kb[:main].extname == '.nasl'
+
+      sc_nodes = []
+      tree = @kb[:trees][@kb[:main]]
+
+      tree.all(:Call).each do |node|
+        next unless node.name.ident.name == 'script_category'
+        next unless node.name.indexes == []
+        sc_nodes << node
+      end
+
+      if sc_nodes.length == 0
+        report(:error, "Plugin does not specify a script_category.")
+        return fail
+      elsif sc_nodes.length > 1
+        report(:error, "Plugin specifies multiple script categories:")
+        sc_nodes.each { |call| report(:error, call.context()) }
+        return fail
+      end
+
+      sc_node = sc_nodes.first
+
+      if sc_node.args.empty?
+        report(:error, "script_category() was called with no arguments:\n#{sc_node.context()}")
+        return fail
+      end
+
+      if sc_node.args.length > 1
+        report(:error, "script_category() was called with too many arguments:\n#{sc_node.context()}")
+        return fail
+      end
+        
+      # Pull out argument
+      arg = sc_node.args.first.expr
+       
+      unless sc_node.args.first.expr.is_a? Nasl::Lvalue
+        report(
+          :error,
+          "script_category() was called with the wrong type of argument.\n" +
+          "A variable (not a string literal) starting with ACT_ must be provided:\n" +
+          arg.context(sc_node)
+        )
+        return fail
+      end
+
+      # Ensure that the script category is valid.
+      unless [
+        "ACT_INIT",
+        "ACT_SCANNER",
+        "ACT_SETTINGS",
+        "ACT_GATHER_INFO",
+        "ACT_ATTACK",
+        "ACT_MIXED",
+        "ACT_DESTRUCTIVE_ATTACK",
+        "ACT_COMPLIANCE_CHECK",
+        "ACT_PATCH_SETUP",
+        "ACT_PATCH_APPLY",
+        "ACT_PATCH_POST_APPLY",
+        "ACT_THIRD_PARTY_INFO",
+        "ACT_DENIAL",
+        "ACT_KILL_HOST",
+        "ACT_FLOOD",
+        "ACT_END"
+      ].include? arg.ident.name
+        report(
+          :error,
+          "Plugin belongs to unknown category #{arg.ident.name}:\n" +
+          arg.context(sc_node)
+        )
+        return fail
+      end
+
+      report(:info, "Plugin belongs to script category #{arg.ident.name}:\n#{arg.context(sc_node)}")
+      pass
+    end
+  end
+end

data/lib/pedant/checks/script_family_not_specified.rb

@@ -39,7 +39,8 @@ module Pedant
       tree = @kb[:trees][@kb[:main]]
 
       tree.all(:Call).each do |node|
-        next unless node.name.name == 'script_family'
+        next unless node.name.ident.name == 'script_family'
+        next unless node.name.indexes == []
         next if node.args.empty?
         next unless node.args.first.expr.is_a? Nasl::String
 
@@ -47,21 +48,57 @@ module Pedant
         arg = node.args.first.expr
 
         # Ensure that the script family is valid.
-        unless ["AIX Local Security Checks", "Backdoors", "Brute force attacks",
-          "CentOS Local Security Checks", "CGI abuses", "CISCO", "Databases",
-          "Debian Local Security Checks", "Default Unix Accounts",
-          "Denial of Service", "DNS", "Fedora Local Security Checks",
-          "Finger abuses", "Firewalls", "FTP", "Gain a shell remotely",
-          "General", "Gentoo Local Security Checks", "HP-UX Local Security Checks",
-          "MacOS X Local Security Checks", "Mandriva Local Security Checks",
-          "Misc.", "Netware", "Peer-To-Peer File Sharing", "Port scanners",
-          "Red Hat Local Security Checks", "RPC", "SCADA", "Service detection",
-          "Settings", "Slackware Local Security Checks", "SMTP problems",
-          "SNMP", "Solaris Local Security Checks", "SuSE Local Security Checks",
-          "Ubuntu Local Security Checks", "VMware ESX Local Security Checks",
-          "Web Servers", "Windows"].include? arg.text
+        unless [
+          "AIX Local Security Checks",
+          "Backdoors",
+          "Brute force attacks",
+          "CentOS Local Security Checks",
+          "CGI abuses",
+          "CGI abuses : XSS",
+          "CISCO",
+          "Databases",
+          "Debian Local Security Checks",
+          "Default Unix Accounts",
+          "Denial of Service",
+          "DNS",
+          "Fedora Local Security Checks",
+          #"Finger abuses", # removed december 2011
+          "Firewalls",
+          "FreeBSD Local Security Checks",
+          "FTP",
+          "Gain a shell remotely",
+          "General",
+          "Gentoo Local Security Checks",
+          "HP-UX Local Security Checks",
+          "Junos Local Security Checks",
+          "MacOS X Local Security Checks",
+          "Mandriva Local Security Checks",
+          "Misc.",
+          "Mobile Devices",
+          "Netware",
+          "Peer-To-Peer File Sharing",
+          "Policy Compliance",
+          "Port scanners",
+          "Red Hat Local Security Checks",
+          "RPC",
+          "SCADA",
+          "Scientific Linux Local Security Checks",
+          "Service detection",
+          "Settings",
+          "Slackware Local Security Checks",
+          "SMTP problems",
+          "SNMP",
+          "Solaris Local Security Checks",
+          "SuSE Local Security Checks",
+          "Ubuntu Local Security Checks",
+          "VMware ESX Local Security Checks",
+          "Web Servers",
+          "Windows",
+          "Windows : Microsoft Bulletins",
+          "Windows : User management"
+        ].include? arg.text
 
-          report(:info, "Plugin belongs to unknown #{arg.text}:\n#{arg.context(node)}")
+          report(:info, "Plugin belongs to unknown family #{arg.text}:\n#{arg.context(node)}")
           return fail
         end
 
@@ -78,7 +115,7 @@ module Pedant
         report(:info, "Plugin belongs to script family #{arg.text}:\n#{arg.context(call)}")
         pass
       else
-        report(:error, "Plugin specifies multiple script family's.")
+        report(:error, "Plugin specifies multiple script families.")
         args.each { |arg, call| report(:error, arg.context(call)) }
         fail
       end