scanny 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +5 -0
- data/Gemfile +11 -0
- data/LICENSE +23 -0
- data/README.md +185 -0
- data/Rakefile +5 -0
- data/bin/scanny +61 -0
- data/lib/scanny.rb +12 -0
- data/lib/scanny/checks/access_control_check.rb +52 -0
- data/lib/scanny/checks/backticks_check.rb +18 -0
- data/lib/scanny/checks/before_filters_check.rb +35 -0
- data/lib/scanny/checks/check.rb +33 -0
- data/lib/scanny/checks/csrf_check.rb +19 -0
- data/lib/scanny/checks/denial_of_service_check.rb +42 -0
- data/lib/scanny/checks/file_open_check.rb +46 -0
- data/lib/scanny/checks/frameworks_check.rb +24 -0
- data/lib/scanny/checks/helpers.rb +28 -0
- data/lib/scanny/checks/http_basic_auth_check.rb +39 -0
- data/lib/scanny/checks/http_header/header_injection_check.rb +38 -0
- data/lib/scanny/checks/http_redirect_check.rb +37 -0
- data/lib/scanny/checks/http_request_check.rb +74 -0
- data/lib/scanny/checks/http_usage_check.rb +31 -0
- data/lib/scanny/checks/information_leak_check.rb +55 -0
- data/lib/scanny/checks/input_filtering_check.rb +39 -0
- data/lib/scanny/checks/insecure_config/set_rails_env_check.rb +24 -0
- data/lib/scanny/checks/insecure_config/set_secret_check.rb +25 -0
- data/lib/scanny/checks/insecure_config/set_session_key_check.rb +23 -0
- data/lib/scanny/checks/insecure_method/eval_method_check.rb +26 -0
- data/lib/scanny/checks/insecure_method/marshal_check.rb +33 -0
- data/lib/scanny/checks/insecure_method/system_method_check.rb +46 -0
- data/lib/scanny/checks/mass_assignment_check.rb +48 -0
- data/lib/scanny/checks/random_numbers_check.rb +54 -0
- data/lib/scanny/checks/redirect_with_params_check.rb +48 -0
- data/lib/scanny/checks/regexp_check.rb +23 -0
- data/lib/scanny/checks/reset_session_check.rb +24 -0
- data/lib/scanny/checks/session/access_to_session_check.rb +49 -0
- data/lib/scanny/checks/session/session_secure_check.rb +47 -0
- data/lib/scanny/checks/shell_expanding_methods_check.rb +54 -0
- data/lib/scanny/checks/skip_before_filters_check.rb +41 -0
- data/lib/scanny/checks/sql_injection/find_method_check.rb +81 -0
- data/lib/scanny/checks/sql_injection/find_method_with_dynamic_string_check.rb +43 -0
- data/lib/scanny/checks/sql_injection/find_method_with_params_check.rb +80 -0
- data/lib/scanny/checks/sql_injection/sanitize_sql_check.rb +25 -0
- data/lib/scanny/checks/sql_injection/sql_check.rb +14 -0
- data/lib/scanny/checks/sql_injection/string_interpolation_with_params_check.rb +39 -0
- data/lib/scanny/checks/ssl/verify_check.rb +53 -0
- data/lib/scanny/checks/ssl/verify_peer_check.rb +37 -0
- data/lib/scanny/checks/system_tools/gpg_usage_check.rb +51 -0
- data/lib/scanny/checks/system_tools/sudo_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_commands_check.rb +27 -0
- data/lib/scanny/checks/system_tools/unzip_check.rb +30 -0
- data/lib/scanny/checks/temp_file_open_check.rb +57 -0
- data/lib/scanny/checks/user_find_check.rb +40 -0
- data/lib/scanny/checks/validates_check.rb +32 -0
- data/lib/scanny/checks/verify_check.rb +44 -0
- data/lib/scanny/checks/xss/xss_flash_check.rb +70 -0
- data/lib/scanny/checks/xss/xss_logger_check.rb +78 -0
- data/lib/scanny/checks/xss/xss_mark_check.rb +48 -0
- data/lib/scanny/checks/xss/xss_send_check.rb +70 -0
- data/lib/scanny/cli.rb +47 -0
- data/lib/scanny/issue.rb +28 -0
- data/lib/scanny/rake_task.rb +56 -0
- data/lib/scanny/reporters.rb +3 -0
- data/lib/scanny/reporters/reporter.rb +22 -0
- data/lib/scanny/reporters/simple_reporter.rb +19 -0
- data/lib/scanny/reporters/xml_reporter.rb +64 -0
- data/lib/scanny/ruby_version_check.rb +15 -0
- data/lib/scanny/runner.rb +90 -0
- data/scanny.gemspec +22 -0
- data/spec/scanny/check_spec.rb +22 -0
- data/spec/scanny/checks/access_control_check_spec.rb +43 -0
- data/spec/scanny/checks/backticks_check_spec.rb +22 -0
- data/spec/scanny/checks/before_filters_check_spec.rb +45 -0
- data/spec/scanny/checks/csrf_check_spec.rb +16 -0
- data/spec/scanny/checks/denial_of_service_check_spec.rb +28 -0
- data/spec/scanny/checks/file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/frameworks_check_spec.rb +16 -0
- data/spec/scanny/checks/http_basic_auth_check_spec.rb +20 -0
- data/spec/scanny/checks/http_header/header_injection_check_spec.rb +21 -0
- data/spec/scanny/checks/http_redirect_check_spec.rb +15 -0
- data/spec/scanny/checks/http_request_check_spec.rb +37 -0
- data/spec/scanny/checks/http_usage_check_spec.rb +20 -0
- data/spec/scanny/checks/information_leak_check_spec.rb +32 -0
- data/spec/scanny/checks/input_filtering_check_spec.rb +19 -0
- data/spec/scanny/checks/insecure_config/set_rails_env_check_spec.rb +17 -0
- data/spec/scanny/checks/insecure_config/set_secret_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_config/set_session_key_check_spec.rb +21 -0
- data/spec/scanny/checks/insecure_method/eval_method_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_method/marshal_check_spec.rb +26 -0
- data/spec/scanny/checks/insecure_method/system_method_check_spec.rb +33 -0
- data/spec/scanny/checks/mass_assignment_check_spec.rb +30 -0
- data/spec/scanny/checks/random_numbers_check_spec.rb +41 -0
- data/spec/scanny/checks/redirect_with_params_check_spec.rb +24 -0
- data/spec/scanny/checks/regexp_check_spec.rb +22 -0
- data/spec/scanny/checks/reset_session_check_spec.rb +15 -0
- data/spec/scanny/checks/session/access_to_session_check_spec.rb +29 -0
- data/spec/scanny/checks/session/session_secure_check_spec.rb +22 -0
- data/spec/scanny/checks/shell_expanding_methods_check_spec.rb +67 -0
- data/spec/scanny/checks/skip_before_filters_check_spec.rb +81 -0
- data/spec/scanny/checks/sql_injection/find_method_check_spec.rb +62 -0
- data/spec/scanny/checks/sql_injection/find_method_with_dynamic_string_check_spec.rb +27 -0
- data/spec/scanny/checks/sql_injection/find_method_with_params_check_spec.rb +93 -0
- data/spec/scanny/checks/sql_injection/sanitize_sql_check_spec.rb +16 -0
- data/spec/scanny/checks/sql_injection/string_interpolation_with_params_check_spec.rb +18 -0
- data/spec/scanny/checks/ssl/verify_check_spec.rb +25 -0
- data/spec/scanny/checks/ssl/verify_peer_check_spec.rb +17 -0
- data/spec/scanny/checks/system_tools/gpg_usage_check_spec.rb +43 -0
- data/spec/scanny/checks/system_tools/sudo_check_spec.rb +24 -0
- data/spec/scanny/checks/system_tools/tar_check_spec.rb +20 -0
- data/spec/scanny/checks/system_tools/tar_commands_check_spec.rb +41 -0
- data/spec/scanny/checks/system_tools/unizp_check_spec.rb +29 -0
- data/spec/scanny/checks/temp_file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/user_find_check_spec.rb +22 -0
- data/spec/scanny/checks/validates_check_spec.rb +19 -0
- data/spec/scanny/checks/verify_check_spec.rb +27 -0
- data/spec/scanny/checks/xss/xss_flash_check_spec.rb +22 -0
- data/spec/scanny/checks/xss/xss_logger_check_spec.rb +24 -0
- data/spec/scanny/checks/xss/xss_mark_check_spec.rb +31 -0
- data/spec/scanny/checks/xss/xss_send_check_spec.rb +34 -0
- data/spec/scanny/cli_spec.rb +167 -0
- data/spec/scanny/issue_spec.rb +82 -0
- data/spec/scanny/rake_taks_spec.rb +82 -0
- data/spec/scanny/reporters/reporter_spec.rb +24 -0
- data/spec/scanny/reporters/simple_reporter_spec.rb +48 -0
- data/spec/scanny/reporters/xml_reporter_spec.rb +52 -0
- data/spec/scanny/ruby_version_check_spec.rb +24 -0
- data/spec/scanny/runner_spec.rb +128 -0
- data/spec/spec_helper.rb +10 -0
- data/spec/support/aruba.rb +4 -0
- data/spec/support/check_spec_helpers.rb +5 -0
- data/spec/support/checks/extend_test_check.rb +11 -0
- data/spec/support/checks/test_check.rb +15 -0
- data/spec/support/checks/test_strict_check.rb +17 -0
- data/spec/support/const_spec_helpers.rb +36 -0
- data/spec/support/matchers/check_matcher.rb +43 -0
- data/spec/support/matchers/xpath_matcher.rb +30 -0
- data/spec/support/mock_task.rb +43 -0
- metadata +242 -0
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
# Checks for use of the "protect_from_forgery" method.
|
|
4
|
+
class CSRFCheck < Check
|
|
5
|
+
# protect_from_forgery
|
|
6
|
+
def pattern
|
|
7
|
+
"Send<receiver = Self, name = :protect_from_forgery>"
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def check(node)
|
|
11
|
+
issue :info, "The \"protect_from_forgery\" method is used.", :cwe => 352
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def strict?
|
|
15
|
+
true
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class DenialOfServiceCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
pattern_find_with_like
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def check(node)
|
|
9
|
+
issue :medium, warning_message, :cwe => 400
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
def warning_message
|
|
15
|
+
"Using \"LIKE\" in queries may lead to " +
|
|
16
|
+
"the unavailability of the application"
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# User.find(:first, :conditions => "user LIKE %pattern%")
|
|
20
|
+
def pattern_find_with_like
|
|
21
|
+
<<-EOT
|
|
22
|
+
SendWithArguments<
|
|
23
|
+
arguments = ActualArguments<
|
|
24
|
+
array = [
|
|
25
|
+
any+,
|
|
26
|
+
HashLiteral<
|
|
27
|
+
array = [
|
|
28
|
+
any{even},
|
|
29
|
+
SymbolLiteral<value = :limit | :conditions>,
|
|
30
|
+
StringLiteral<string *= 'LIKE'>,
|
|
31
|
+
any{even}
|
|
32
|
+
]
|
|
33
|
+
>
|
|
34
|
+
]
|
|
35
|
+
>,
|
|
36
|
+
name *= /^find/
|
|
37
|
+
>
|
|
38
|
+
EOT
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class FileOpenCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
[
|
|
6
|
+
pattern_file_open,
|
|
7
|
+
pattern_fileutils
|
|
8
|
+
].join("|")
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def check(node)
|
|
12
|
+
issue :info, warning_message
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def strict?
|
|
16
|
+
true
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
def warning_message
|
|
22
|
+
"Operations on files in code can lead to" +
|
|
23
|
+
"unauthorized access to data"
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
# File.open
|
|
27
|
+
def pattern_file_open
|
|
28
|
+
<<-EOT
|
|
29
|
+
SendWithArguments<
|
|
30
|
+
receiver = ConstantAccess<name = :File>,
|
|
31
|
+
name = :open
|
|
32
|
+
>
|
|
33
|
+
EOT
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# FileUtils.any_method
|
|
37
|
+
def pattern_fileutils
|
|
38
|
+
<<-EOT
|
|
39
|
+
SendWithArguments<
|
|
40
|
+
receiver = ConstantAccess<name = :FileUtils>
|
|
41
|
+
>
|
|
42
|
+
EOT
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class FrameworksCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
pattern_http_username
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def check(node)
|
|
9
|
+
issue :info, warning_message
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
def warning_message
|
|
15
|
+
"Using the methods from frameworks can lead to security problems"
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
# env["HTTP_X_USERNAME"]
|
|
19
|
+
def pattern_http_username
|
|
20
|
+
"StringLiteral<string *= 'HTTP_X_USERNAME'>"
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
module Helpers
|
|
4
|
+
# system("command")
|
|
5
|
+
# `command`
|
|
6
|
+
def build_pattern_exec_command(command)
|
|
7
|
+
command = command.to_s if command.is_a?(Symbol)
|
|
8
|
+
result = command.inspect
|
|
9
|
+
|
|
10
|
+
<<-EOT
|
|
11
|
+
SendWithArguments
|
|
12
|
+
<
|
|
13
|
+
name = :system | :exec | :spawn,
|
|
14
|
+
arguments = ActualArguments<
|
|
15
|
+
array = [
|
|
16
|
+
any*,
|
|
17
|
+
StringLiteral<string *= #{result}>,
|
|
18
|
+
any*
|
|
19
|
+
]
|
|
20
|
+
>
|
|
21
|
+
>
|
|
22
|
+
|
|
|
23
|
+
ExecuteString<string *= #{result}>
|
|
24
|
+
EOT
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class HTTPBasicAuthCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
[
|
|
6
|
+
pattern_basic_auth,
|
|
7
|
+
pattern_http_authentication
|
|
8
|
+
].join("|")
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def check(node)
|
|
12
|
+
issue :info, warning_message, :cwe => [301, 718]
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def warning_message
|
|
18
|
+
"Basic HTTP authentication can lead to security problems"
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# Net::HTTPHeader.basic_auth('user', 'password')
|
|
22
|
+
def pattern_basic_auth
|
|
23
|
+
<<-EOT
|
|
24
|
+
SendWithArguments<
|
|
25
|
+
arguments = ActualArguments<
|
|
26
|
+
array = [any{2}]
|
|
27
|
+
>,
|
|
28
|
+
name = :basic_auth
|
|
29
|
+
>
|
|
30
|
+
EOT
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# HttpAuthentication
|
|
34
|
+
def pattern_http_authentication
|
|
35
|
+
"ConstantAccess<name = :HttpAuthentication>"
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
module HttpHeader
|
|
4
|
+
class HeaderInjectionCheck < Check
|
|
5
|
+
def pattern
|
|
6
|
+
pattern_environment_params
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def check(node)
|
|
10
|
+
issue :medium, warning_message, :cwe => [20, 113]
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
private
|
|
14
|
+
|
|
15
|
+
def warning_message
|
|
16
|
+
"Directly use of the HTTP_* headers in code. " +
|
|
17
|
+
"Possible injection vulnerabilities"
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
# env["HTTP_HEADER"]
|
|
21
|
+
# headers["HTTP_HEADER"]
|
|
22
|
+
def pattern_environment_params
|
|
23
|
+
<<-EOT
|
|
24
|
+
SendWithArguments<
|
|
25
|
+
arguments = ActualArguments<
|
|
26
|
+
array = [
|
|
27
|
+
StringLiteral<string ^= "HTTP_">
|
|
28
|
+
]
|
|
29
|
+
>,
|
|
30
|
+
name = :[],
|
|
31
|
+
receiver = Send<name = :env | :headers>
|
|
32
|
+
>
|
|
33
|
+
EOT
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class HTTPRedirectCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
pattern_open_uri
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def check(node)
|
|
9
|
+
issue :medium, warning_message, :cwe => 441
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def strict?
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
|
|
18
|
+
def warning_message
|
|
19
|
+
"HTTP redirects can be emitted by the Application"
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
# require 'open-uri'
|
|
23
|
+
def pattern_open_uri
|
|
24
|
+
<<-EOT
|
|
25
|
+
SendWithArguments<
|
|
26
|
+
arguments = ActualArguments<
|
|
27
|
+
array = [
|
|
28
|
+
StringLiteral<string = 'open-uri'>
|
|
29
|
+
]
|
|
30
|
+
>,
|
|
31
|
+
name = :require
|
|
32
|
+
>
|
|
33
|
+
EOT
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class HTTPRequestCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
[
|
|
6
|
+
pattern_net_http,
|
|
7
|
+
pattern_net_http_method,
|
|
8
|
+
pattern_net_http_proxy
|
|
9
|
+
].join("|")
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def check(node)
|
|
13
|
+
issue :low, warning_message, :cwe => 441
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def strict?
|
|
17
|
+
true
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def warning_message
|
|
23
|
+
"Connecting to the server without encryption " +
|
|
24
|
+
"can facilitate sniffing traffic"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Net::HTTP.new
|
|
28
|
+
def pattern_net_http
|
|
29
|
+
<<-EOT
|
|
30
|
+
SendWithArguments<
|
|
31
|
+
receiver = ScopedConstant<
|
|
32
|
+
name = :HTTP,
|
|
33
|
+
parent = ConstantAccess<name = :Net>
|
|
34
|
+
>,
|
|
35
|
+
name = :new
|
|
36
|
+
>
|
|
37
|
+
EOT
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def pattern_net_http_method
|
|
41
|
+
<<-EOT
|
|
42
|
+
SendWithArguments<
|
|
43
|
+
receiver = ScopedConstant<
|
|
44
|
+
name = any,
|
|
45
|
+
parent = ScopedConstant<
|
|
46
|
+
name = :HTTP,
|
|
47
|
+
parent = ConstantAccess<
|
|
48
|
+
name = :Net
|
|
49
|
+
>
|
|
50
|
+
>
|
|
51
|
+
>,
|
|
52
|
+
name = :new
|
|
53
|
+
>
|
|
54
|
+
EOT
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# Net::HTTP::Proxy('proxy.example.com', 8080)
|
|
58
|
+
def pattern_net_http_proxy
|
|
59
|
+
<<-EOT
|
|
60
|
+
SendWithArguments
|
|
61
|
+
<
|
|
62
|
+
receiver = ScopedConstant<
|
|
63
|
+
parent = ConstantAccess<
|
|
64
|
+
name = :Net
|
|
65
|
+
>,
|
|
66
|
+
name = :HTTP
|
|
67
|
+
>,
|
|
68
|
+
name = :Proxy
|
|
69
|
+
>
|
|
70
|
+
EOT
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class HTTPUsageCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
pattern_http_url
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def check(node)
|
|
9
|
+
issue :low, warning_message, :cwe => 319
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def strict?
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
|
|
18
|
+
def warning_message
|
|
19
|
+
"Connecting to the server without encryption " +
|
|
20
|
+
"can facilitate sniffing traffic"
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
# "http://example.com"
|
|
24
|
+
def pattern_http_url
|
|
25
|
+
<<-EOT
|
|
26
|
+
StringLiteral<string *= "http://">
|
|
27
|
+
EOT
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
module Scanny
|
|
2
|
+
module Checks
|
|
3
|
+
class InformationLeakCheck < Check
|
|
4
|
+
def pattern
|
|
5
|
+
[
|
|
6
|
+
pattern_logger_filter,
|
|
7
|
+
pattern_find
|
|
8
|
+
].join("|")
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def check(node)
|
|
12
|
+
issue :medium, warning_message, :cwe => 200
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def warning_message
|
|
18
|
+
"There is a possibility of data leakage"
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# filter_parameter_logging()
|
|
22
|
+
def pattern_logger_filter
|
|
23
|
+
<<-EOT
|
|
24
|
+
Send<name = :filter_parameter_logging>
|
|
25
|
+
|
|
|
26
|
+
SendWithArguments<name = :filter_parameter_logging>
|
|
27
|
+
EOT
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# find_by_id(params[:input])
|
|
31
|
+
def pattern_find
|
|
32
|
+
<<-EOT
|
|
33
|
+
SendWithArguments<
|
|
34
|
+
arguments = ActualArguments<
|
|
35
|
+
array = [
|
|
36
|
+
any*,
|
|
37
|
+
SendWithArguments<
|
|
38
|
+
arguments = ActualArguments<
|
|
39
|
+
array = [
|
|
40
|
+
SymbolLiteral<value = :id>
|
|
41
|
+
]
|
|
42
|
+
>,
|
|
43
|
+
name = :[],
|
|
44
|
+
receiver = Send<name = :params>
|
|
45
|
+
>,
|
|
46
|
+
any*
|
|
47
|
+
]
|
|
48
|
+
>,
|
|
49
|
+
name *= /^find/
|
|
50
|
+
>
|
|
51
|
+
EOT
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|