scanny 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +5 -0
- data/Gemfile +11 -0
- data/LICENSE +23 -0
- data/README.md +185 -0
- data/Rakefile +5 -0
- data/bin/scanny +61 -0
- data/lib/scanny.rb +12 -0
- data/lib/scanny/checks/access_control_check.rb +52 -0
- data/lib/scanny/checks/backticks_check.rb +18 -0
- data/lib/scanny/checks/before_filters_check.rb +35 -0
- data/lib/scanny/checks/check.rb +33 -0
- data/lib/scanny/checks/csrf_check.rb +19 -0
- data/lib/scanny/checks/denial_of_service_check.rb +42 -0
- data/lib/scanny/checks/file_open_check.rb +46 -0
- data/lib/scanny/checks/frameworks_check.rb +24 -0
- data/lib/scanny/checks/helpers.rb +28 -0
- data/lib/scanny/checks/http_basic_auth_check.rb +39 -0
- data/lib/scanny/checks/http_header/header_injection_check.rb +38 -0
- data/lib/scanny/checks/http_redirect_check.rb +37 -0
- data/lib/scanny/checks/http_request_check.rb +74 -0
- data/lib/scanny/checks/http_usage_check.rb +31 -0
- data/lib/scanny/checks/information_leak_check.rb +55 -0
- data/lib/scanny/checks/input_filtering_check.rb +39 -0
- data/lib/scanny/checks/insecure_config/set_rails_env_check.rb +24 -0
- data/lib/scanny/checks/insecure_config/set_secret_check.rb +25 -0
- data/lib/scanny/checks/insecure_config/set_session_key_check.rb +23 -0
- data/lib/scanny/checks/insecure_method/eval_method_check.rb +26 -0
- data/lib/scanny/checks/insecure_method/marshal_check.rb +33 -0
- data/lib/scanny/checks/insecure_method/system_method_check.rb +46 -0
- data/lib/scanny/checks/mass_assignment_check.rb +48 -0
- data/lib/scanny/checks/random_numbers_check.rb +54 -0
- data/lib/scanny/checks/redirect_with_params_check.rb +48 -0
- data/lib/scanny/checks/regexp_check.rb +23 -0
- data/lib/scanny/checks/reset_session_check.rb +24 -0
- data/lib/scanny/checks/session/access_to_session_check.rb +49 -0
- data/lib/scanny/checks/session/session_secure_check.rb +47 -0
- data/lib/scanny/checks/shell_expanding_methods_check.rb +54 -0
- data/lib/scanny/checks/skip_before_filters_check.rb +41 -0
- data/lib/scanny/checks/sql_injection/find_method_check.rb +81 -0
- data/lib/scanny/checks/sql_injection/find_method_with_dynamic_string_check.rb +43 -0
- data/lib/scanny/checks/sql_injection/find_method_with_params_check.rb +80 -0
- data/lib/scanny/checks/sql_injection/sanitize_sql_check.rb +25 -0
- data/lib/scanny/checks/sql_injection/sql_check.rb +14 -0
- data/lib/scanny/checks/sql_injection/string_interpolation_with_params_check.rb +39 -0
- data/lib/scanny/checks/ssl/verify_check.rb +53 -0
- data/lib/scanny/checks/ssl/verify_peer_check.rb +37 -0
- data/lib/scanny/checks/system_tools/gpg_usage_check.rb +51 -0
- data/lib/scanny/checks/system_tools/sudo_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_commands_check.rb +27 -0
- data/lib/scanny/checks/system_tools/unzip_check.rb +30 -0
- data/lib/scanny/checks/temp_file_open_check.rb +57 -0
- data/lib/scanny/checks/user_find_check.rb +40 -0
- data/lib/scanny/checks/validates_check.rb +32 -0
- data/lib/scanny/checks/verify_check.rb +44 -0
- data/lib/scanny/checks/xss/xss_flash_check.rb +70 -0
- data/lib/scanny/checks/xss/xss_logger_check.rb +78 -0
- data/lib/scanny/checks/xss/xss_mark_check.rb +48 -0
- data/lib/scanny/checks/xss/xss_send_check.rb +70 -0
- data/lib/scanny/cli.rb +47 -0
- data/lib/scanny/issue.rb +28 -0
- data/lib/scanny/rake_task.rb +56 -0
- data/lib/scanny/reporters.rb +3 -0
- data/lib/scanny/reporters/reporter.rb +22 -0
- data/lib/scanny/reporters/simple_reporter.rb +19 -0
- data/lib/scanny/reporters/xml_reporter.rb +64 -0
- data/lib/scanny/ruby_version_check.rb +15 -0
- data/lib/scanny/runner.rb +90 -0
- data/scanny.gemspec +22 -0
- data/spec/scanny/check_spec.rb +22 -0
- data/spec/scanny/checks/access_control_check_spec.rb +43 -0
- data/spec/scanny/checks/backticks_check_spec.rb +22 -0
- data/spec/scanny/checks/before_filters_check_spec.rb +45 -0
- data/spec/scanny/checks/csrf_check_spec.rb +16 -0
- data/spec/scanny/checks/denial_of_service_check_spec.rb +28 -0
- data/spec/scanny/checks/file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/frameworks_check_spec.rb +16 -0
- data/spec/scanny/checks/http_basic_auth_check_spec.rb +20 -0
- data/spec/scanny/checks/http_header/header_injection_check_spec.rb +21 -0
- data/spec/scanny/checks/http_redirect_check_spec.rb +15 -0
- data/spec/scanny/checks/http_request_check_spec.rb +37 -0
- data/spec/scanny/checks/http_usage_check_spec.rb +20 -0
- data/spec/scanny/checks/information_leak_check_spec.rb +32 -0
- data/spec/scanny/checks/input_filtering_check_spec.rb +19 -0
- data/spec/scanny/checks/insecure_config/set_rails_env_check_spec.rb +17 -0
- data/spec/scanny/checks/insecure_config/set_secret_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_config/set_session_key_check_spec.rb +21 -0
- data/spec/scanny/checks/insecure_method/eval_method_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_method/marshal_check_spec.rb +26 -0
- data/spec/scanny/checks/insecure_method/system_method_check_spec.rb +33 -0
- data/spec/scanny/checks/mass_assignment_check_spec.rb +30 -0
- data/spec/scanny/checks/random_numbers_check_spec.rb +41 -0
- data/spec/scanny/checks/redirect_with_params_check_spec.rb +24 -0
- data/spec/scanny/checks/regexp_check_spec.rb +22 -0
- data/spec/scanny/checks/reset_session_check_spec.rb +15 -0
- data/spec/scanny/checks/session/access_to_session_check_spec.rb +29 -0
- data/spec/scanny/checks/session/session_secure_check_spec.rb +22 -0
- data/spec/scanny/checks/shell_expanding_methods_check_spec.rb +67 -0
- data/spec/scanny/checks/skip_before_filters_check_spec.rb +81 -0
- data/spec/scanny/checks/sql_injection/find_method_check_spec.rb +62 -0
- data/spec/scanny/checks/sql_injection/find_method_with_dynamic_string_check_spec.rb +27 -0
- data/spec/scanny/checks/sql_injection/find_method_with_params_check_spec.rb +93 -0
- data/spec/scanny/checks/sql_injection/sanitize_sql_check_spec.rb +16 -0
- data/spec/scanny/checks/sql_injection/string_interpolation_with_params_check_spec.rb +18 -0
- data/spec/scanny/checks/ssl/verify_check_spec.rb +25 -0
- data/spec/scanny/checks/ssl/verify_peer_check_spec.rb +17 -0
- data/spec/scanny/checks/system_tools/gpg_usage_check_spec.rb +43 -0
- data/spec/scanny/checks/system_tools/sudo_check_spec.rb +24 -0
- data/spec/scanny/checks/system_tools/tar_check_spec.rb +20 -0
- data/spec/scanny/checks/system_tools/tar_commands_check_spec.rb +41 -0
- data/spec/scanny/checks/system_tools/unizp_check_spec.rb +29 -0
- data/spec/scanny/checks/temp_file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/user_find_check_spec.rb +22 -0
- data/spec/scanny/checks/validates_check_spec.rb +19 -0
- data/spec/scanny/checks/verify_check_spec.rb +27 -0
- data/spec/scanny/checks/xss/xss_flash_check_spec.rb +22 -0
- data/spec/scanny/checks/xss/xss_logger_check_spec.rb +24 -0
- data/spec/scanny/checks/xss/xss_mark_check_spec.rb +31 -0
- data/spec/scanny/checks/xss/xss_send_check_spec.rb +34 -0
- data/spec/scanny/cli_spec.rb +167 -0
- data/spec/scanny/issue_spec.rb +82 -0
- data/spec/scanny/rake_taks_spec.rb +82 -0
- data/spec/scanny/reporters/reporter_spec.rb +24 -0
- data/spec/scanny/reporters/simple_reporter_spec.rb +48 -0
- data/spec/scanny/reporters/xml_reporter_spec.rb +52 -0
- data/spec/scanny/ruby_version_check_spec.rb +24 -0
- data/spec/scanny/runner_spec.rb +128 -0
- data/spec/spec_helper.rb +10 -0
- data/spec/support/aruba.rb +4 -0
- data/spec/support/check_spec_helpers.rb +5 -0
- data/spec/support/checks/extend_test_check.rb +11 -0
- data/spec/support/checks/test_check.rb +15 -0
- data/spec/support/checks/test_strict_check.rb +17 -0
- data/spec/support/const_spec_helpers.rb +36 -0
- data/spec/support/matchers/check_matcher.rb +43 -0
- data/spec/support/matchers/xpath_matcher.rb +30 -0
- data/spec/support/mock_task.rb +43 -0
- metadata +242 -0
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
# Checks for use of the "protect_from_forgery" method.
|
|
4
|
+
class CSRFCheck < Check
|
|
5
|
+
# protect_from_forgery
|
|
6
|
+
def pattern
|
|
7
|
+
"Send<receiver = Self, name = :protect_from_forgery>"
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def check(node)
|
|
11
|
+
issue :info, "The \"protect_from_forgery\" method is used.", :cwe => 352
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def strict?
|
|
15
|
+
true
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class DenialOfServiceCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
pattern_find_with_like
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def check(node)
|
|
9
|
+
issue :medium, warning_message, :cwe => 400
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
def warning_message
|
|
15
|
+
"Using \"LIKE\" in queries may lead to " +
|
|
16
|
+
"the unavailability of the application"
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# User.find(:first, :conditions => "user LIKE %pattern%")
|
|
20
|
+
def pattern_find_with_like
|
|
21
|
+
<<-EOT
|
|
22
|
+
SendWithArguments<
|
|
23
|
+
arguments = ActualArguments<
|
|
24
|
+
array = [
|
|
25
|
+
any+,
|
|
26
|
+
HashLiteral<
|
|
27
|
+
array = [
|
|
28
|
+
any{even},
|
|
29
|
+
SymbolLiteral<value = :limit | :conditions>,
|
|
30
|
+
StringLiteral<string *= 'LIKE'>,
|
|
31
|
+
any{even}
|
|
32
|
+
]
|
|
33
|
+
>
|
|
34
|
+
]
|
|
35
|
+
>,
|
|
36
|
+
name *= /^find/
|
|
37
|
+
>
|
|
38
|
+
EOT
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class FileOpenCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
[
|
|
6
|
+
pattern_file_open,
|
|
7
|
+
pattern_fileutils
|
|
8
|
+
].join("|")
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def check(node)
|
|
12
|
+
issue :info, warning_message
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def strict?
|
|
16
|
+
true
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
def warning_message
|
|
22
|
+
"Operations on files in code can lead to" +
|
|
23
|
+
"unauthorized access to data"
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
# File.open
|
|
27
|
+
def pattern_file_open
|
|
28
|
+
<<-EOT
|
|
29
|
+
SendWithArguments<
|
|
30
|
+
receiver = ConstantAccess<name = :File>,
|
|
31
|
+
name = :open
|
|
32
|
+
>
|
|
33
|
+
EOT
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# FileUtils.any_method
|
|
37
|
+
def pattern_fileutils
|
|
38
|
+
<<-EOT
|
|
39
|
+
SendWithArguments<
|
|
40
|
+
receiver = ConstantAccess<name = :FileUtils>
|
|
41
|
+
>
|
|
42
|
+
EOT
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class FrameworksCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
pattern_http_username
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def check(node)
|
|
9
|
+
issue :info, warning_message
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
def warning_message
|
|
15
|
+
"Using the methods from frameworks can lead to security problems"
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
# env["HTTP_X_USERNAME"]
|
|
19
|
+
def pattern_http_username
|
|
20
|
+
"StringLiteral<string *= 'HTTP_X_USERNAME'>"
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
module Helpers
|
|
4
|
+
# system("command")
|
|
5
|
+
# `command`
|
|
6
|
+
def build_pattern_exec_command(command)
|
|
7
|
+
command = command.to_s if command.is_a?(Symbol)
|
|
8
|
+
result = command.inspect
|
|
9
|
+
|
|
10
|
+
<<-EOT
|
|
11
|
+
SendWithArguments
|
|
12
|
+
<
|
|
13
|
+
name = :system | :exec | :spawn,
|
|
14
|
+
arguments = ActualArguments<
|
|
15
|
+
array = [
|
|
16
|
+
any*,
|
|
17
|
+
StringLiteral<string *= #{result}>,
|
|
18
|
+
any*
|
|
19
|
+
]
|
|
20
|
+
>
|
|
21
|
+
>
|
|
22
|
+
|
|
|
23
|
+
ExecuteString<string *= #{result}>
|
|
24
|
+
EOT
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class HTTPBasicAuthCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
[
|
|
6
|
+
pattern_basic_auth,
|
|
7
|
+
pattern_http_authentication
|
|
8
|
+
].join("|")
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def check(node)
|
|
12
|
+
issue :info, warning_message, :cwe => [301, 718]
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def warning_message
|
|
18
|
+
"Basic HTTP authentication can lead to security problems"
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# Net::HTTPHeader.basic_auth('user', 'password')
|
|
22
|
+
def pattern_basic_auth
|
|
23
|
+
<<-EOT
|
|
24
|
+
SendWithArguments<
|
|
25
|
+
arguments = ActualArguments<
|
|
26
|
+
array = [any{2}]
|
|
27
|
+
>,
|
|
28
|
+
name = :basic_auth
|
|
29
|
+
>
|
|
30
|
+
EOT
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# HttpAuthentication
|
|
34
|
+
def pattern_http_authentication
|
|
35
|
+
"ConstantAccess<name = :HttpAuthentication>"
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
module HttpHeader
|
|
4
|
+
class HeaderInjectionCheck < Check
|
|
5
|
+
def pattern
|
|
6
|
+
pattern_environment_params
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def check(node)
|
|
10
|
+
issue :medium, warning_message, :cwe => [20, 113]
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
private
|
|
14
|
+
|
|
15
|
+
def warning_message
|
|
16
|
+
"Directly use of the HTTP_* headers in code. " +
|
|
17
|
+
"Possible injection vulnerabilities"
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
# env["HTTP_HEADER"]
|
|
21
|
+
# headers["HTTP_HEADER"]
|
|
22
|
+
def pattern_environment_params
|
|
23
|
+
<<-EOT
|
|
24
|
+
SendWithArguments<
|
|
25
|
+
arguments = ActualArguments<
|
|
26
|
+
array = [
|
|
27
|
+
StringLiteral<string ^= "HTTP_">
|
|
28
|
+
]
|
|
29
|
+
>,
|
|
30
|
+
name = :[],
|
|
31
|
+
receiver = Send<name = :env | :headers>
|
|
32
|
+
>
|
|
33
|
+
EOT
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class HTTPRedirectCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
pattern_open_uri
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def check(node)
|
|
9
|
+
issue :medium, warning_message, :cwe => 441
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def strict?
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
|
|
18
|
+
def warning_message
|
|
19
|
+
"HTTP redirects can be emitted by the Application"
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
# require 'open-uri'
|
|
23
|
+
def pattern_open_uri
|
|
24
|
+
<<-EOT
|
|
25
|
+
SendWithArguments<
|
|
26
|
+
arguments = ActualArguments<
|
|
27
|
+
array = [
|
|
28
|
+
StringLiteral<string = 'open-uri'>
|
|
29
|
+
]
|
|
30
|
+
>,
|
|
31
|
+
name = :require
|
|
32
|
+
>
|
|
33
|
+
EOT
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class HTTPRequestCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
[
|
|
6
|
+
pattern_net_http,
|
|
7
|
+
pattern_net_http_method,
|
|
8
|
+
pattern_net_http_proxy
|
|
9
|
+
].join("|")
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def check(node)
|
|
13
|
+
issue :low, warning_message, :cwe => 441
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def strict?
|
|
17
|
+
true
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def warning_message
|
|
23
|
+
"Connecting to the server without encryption " +
|
|
24
|
+
"can facilitate sniffing traffic"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Net::HTTP.new
|
|
28
|
+
def pattern_net_http
|
|
29
|
+
<<-EOT
|
|
30
|
+
SendWithArguments<
|
|
31
|
+
receiver = ScopedConstant<
|
|
32
|
+
name = :HTTP,
|
|
33
|
+
parent = ConstantAccess<name = :Net>
|
|
34
|
+
>,
|
|
35
|
+
name = :new
|
|
36
|
+
>
|
|
37
|
+
EOT
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def pattern_net_http_method
|
|
41
|
+
<<-EOT
|
|
42
|
+
SendWithArguments<
|
|
43
|
+
receiver = ScopedConstant<
|
|
44
|
+
name = any,
|
|
45
|
+
parent = ScopedConstant<
|
|
46
|
+
name = :HTTP,
|
|
47
|
+
parent = ConstantAccess<
|
|
48
|
+
name = :Net
|
|
49
|
+
>
|
|
50
|
+
>
|
|
51
|
+
>,
|
|
52
|
+
name = :new
|
|
53
|
+
>
|
|
54
|
+
EOT
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# Net::HTTP::Proxy('proxy.example.com', 8080)
|
|
58
|
+
def pattern_net_http_proxy
|
|
59
|
+
<<-EOT
|
|
60
|
+
SendWithArguments
|
|
61
|
+
<
|
|
62
|
+
receiver = ScopedConstant<
|
|
63
|
+
parent = ConstantAccess<
|
|
64
|
+
name = :Net
|
|
65
|
+
>,
|
|
66
|
+
name = :HTTP
|
|
67
|
+
>,
|
|
68
|
+
name = :Proxy
|
|
69
|
+
>
|
|
70
|
+
EOT
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class HTTPUsageCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
pattern_http_url
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def check(node)
|
|
9
|
+
issue :low, warning_message, :cwe => 319
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def strict?
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
|
|
18
|
+
def warning_message
|
|
19
|
+
"Connecting to the server without encryption " +
|
|
20
|
+
"can facilitate sniffing traffic"
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
# "http://example.com"
|
|
24
|
+
def pattern_http_url
|
|
25
|
+
<<-EOT
|
|
26
|
+
StringLiteral<string *= "http://">
|
|
27
|
+
EOT
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class InformationLeakCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
[
|
|
6
|
+
pattern_logger_filter,
|
|
7
|
+
pattern_find
|
|
8
|
+
].join("|")
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def check(node)
|
|
12
|
+
issue :medium, warning_message, :cwe => 200
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def warning_message
|
|
18
|
+
"There is a possibility of data leakage"
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# filter_parameter_logging()
|
|
22
|
+
def pattern_logger_filter
|
|
23
|
+
<<-EOT
|
|
24
|
+
Send<name = :filter_parameter_logging>
|
|
25
|
+
|
|
|
26
|
+
SendWithArguments<name = :filter_parameter_logging>
|
|
27
|
+
EOT
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# find_by_id(params[:input])
|
|
31
|
+
def pattern_find
|
|
32
|
+
<<-EOT
|
|
33
|
+
SendWithArguments<
|
|
34
|
+
arguments = ActualArguments<
|
|
35
|
+
array = [
|
|
36
|
+
any*,
|
|
37
|
+
SendWithArguments<
|
|
38
|
+
arguments = ActualArguments<
|
|
39
|
+
array = [
|
|
40
|
+
SymbolLiteral<value = :id>
|
|
41
|
+
]
|
|
42
|
+
>,
|
|
43
|
+
name = :[],
|
|
44
|
+
receiver = Send<name = :params>
|
|
45
|
+
>,
|
|
46
|
+
any*
|
|
47
|
+
]
|
|
48
|
+
>,
|
|
49
|
+
name *= /^find/
|
|
50
|
+
>
|
|
51
|
+
EOT
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|