scanny 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +5 -0
- data/Gemfile +11 -0
- data/LICENSE +23 -0
- data/README.md +185 -0
- data/Rakefile +5 -0
- data/bin/scanny +61 -0
- data/lib/scanny.rb +12 -0
- data/lib/scanny/checks/access_control_check.rb +52 -0
- data/lib/scanny/checks/backticks_check.rb +18 -0
- data/lib/scanny/checks/before_filters_check.rb +35 -0
- data/lib/scanny/checks/check.rb +33 -0
- data/lib/scanny/checks/csrf_check.rb +19 -0
- data/lib/scanny/checks/denial_of_service_check.rb +42 -0
- data/lib/scanny/checks/file_open_check.rb +46 -0
- data/lib/scanny/checks/frameworks_check.rb +24 -0
- data/lib/scanny/checks/helpers.rb +28 -0
- data/lib/scanny/checks/http_basic_auth_check.rb +39 -0
- data/lib/scanny/checks/http_header/header_injection_check.rb +38 -0
- data/lib/scanny/checks/http_redirect_check.rb +37 -0
- data/lib/scanny/checks/http_request_check.rb +74 -0
- data/lib/scanny/checks/http_usage_check.rb +31 -0
- data/lib/scanny/checks/information_leak_check.rb +55 -0
- data/lib/scanny/checks/input_filtering_check.rb +39 -0
- data/lib/scanny/checks/insecure_config/set_rails_env_check.rb +24 -0
- data/lib/scanny/checks/insecure_config/set_secret_check.rb +25 -0
- data/lib/scanny/checks/insecure_config/set_session_key_check.rb +23 -0
- data/lib/scanny/checks/insecure_method/eval_method_check.rb +26 -0
- data/lib/scanny/checks/insecure_method/marshal_check.rb +33 -0
- data/lib/scanny/checks/insecure_method/system_method_check.rb +46 -0
- data/lib/scanny/checks/mass_assignment_check.rb +48 -0
- data/lib/scanny/checks/random_numbers_check.rb +54 -0
- data/lib/scanny/checks/redirect_with_params_check.rb +48 -0
- data/lib/scanny/checks/regexp_check.rb +23 -0
- data/lib/scanny/checks/reset_session_check.rb +24 -0
- data/lib/scanny/checks/session/access_to_session_check.rb +49 -0
- data/lib/scanny/checks/session/session_secure_check.rb +47 -0
- data/lib/scanny/checks/shell_expanding_methods_check.rb +54 -0
- data/lib/scanny/checks/skip_before_filters_check.rb +41 -0
- data/lib/scanny/checks/sql_injection/find_method_check.rb +81 -0
- data/lib/scanny/checks/sql_injection/find_method_with_dynamic_string_check.rb +43 -0
- data/lib/scanny/checks/sql_injection/find_method_with_params_check.rb +80 -0
- data/lib/scanny/checks/sql_injection/sanitize_sql_check.rb +25 -0
- data/lib/scanny/checks/sql_injection/sql_check.rb +14 -0
- data/lib/scanny/checks/sql_injection/string_interpolation_with_params_check.rb +39 -0
- data/lib/scanny/checks/ssl/verify_check.rb +53 -0
- data/lib/scanny/checks/ssl/verify_peer_check.rb +37 -0
- data/lib/scanny/checks/system_tools/gpg_usage_check.rb +51 -0
- data/lib/scanny/checks/system_tools/sudo_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_commands_check.rb +27 -0
- data/lib/scanny/checks/system_tools/unzip_check.rb +30 -0
- data/lib/scanny/checks/temp_file_open_check.rb +57 -0
- data/lib/scanny/checks/user_find_check.rb +40 -0
- data/lib/scanny/checks/validates_check.rb +32 -0
- data/lib/scanny/checks/verify_check.rb +44 -0
- data/lib/scanny/checks/xss/xss_flash_check.rb +70 -0
- data/lib/scanny/checks/xss/xss_logger_check.rb +78 -0
- data/lib/scanny/checks/xss/xss_mark_check.rb +48 -0
- data/lib/scanny/checks/xss/xss_send_check.rb +70 -0
- data/lib/scanny/cli.rb +47 -0
- data/lib/scanny/issue.rb +28 -0
- data/lib/scanny/rake_task.rb +56 -0
- data/lib/scanny/reporters.rb +3 -0
- data/lib/scanny/reporters/reporter.rb +22 -0
- data/lib/scanny/reporters/simple_reporter.rb +19 -0
- data/lib/scanny/reporters/xml_reporter.rb +64 -0
- data/lib/scanny/ruby_version_check.rb +15 -0
- data/lib/scanny/runner.rb +90 -0
- data/scanny.gemspec +22 -0
- data/spec/scanny/check_spec.rb +22 -0
- data/spec/scanny/checks/access_control_check_spec.rb +43 -0
- data/spec/scanny/checks/backticks_check_spec.rb +22 -0
- data/spec/scanny/checks/before_filters_check_spec.rb +45 -0
- data/spec/scanny/checks/csrf_check_spec.rb +16 -0
- data/spec/scanny/checks/denial_of_service_check_spec.rb +28 -0
- data/spec/scanny/checks/file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/frameworks_check_spec.rb +16 -0
- data/spec/scanny/checks/http_basic_auth_check_spec.rb +20 -0
- data/spec/scanny/checks/http_header/header_injection_check_spec.rb +21 -0
- data/spec/scanny/checks/http_redirect_check_spec.rb +15 -0
- data/spec/scanny/checks/http_request_check_spec.rb +37 -0
- data/spec/scanny/checks/http_usage_check_spec.rb +20 -0
- data/spec/scanny/checks/information_leak_check_spec.rb +32 -0
- data/spec/scanny/checks/input_filtering_check_spec.rb +19 -0
- data/spec/scanny/checks/insecure_config/set_rails_env_check_spec.rb +17 -0
- data/spec/scanny/checks/insecure_config/set_secret_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_config/set_session_key_check_spec.rb +21 -0
- data/spec/scanny/checks/insecure_method/eval_method_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_method/marshal_check_spec.rb +26 -0
- data/spec/scanny/checks/insecure_method/system_method_check_spec.rb +33 -0
- data/spec/scanny/checks/mass_assignment_check_spec.rb +30 -0
- data/spec/scanny/checks/random_numbers_check_spec.rb +41 -0
- data/spec/scanny/checks/redirect_with_params_check_spec.rb +24 -0
- data/spec/scanny/checks/regexp_check_spec.rb +22 -0
- data/spec/scanny/checks/reset_session_check_spec.rb +15 -0
- data/spec/scanny/checks/session/access_to_session_check_spec.rb +29 -0
- data/spec/scanny/checks/session/session_secure_check_spec.rb +22 -0
- data/spec/scanny/checks/shell_expanding_methods_check_spec.rb +67 -0
- data/spec/scanny/checks/skip_before_filters_check_spec.rb +81 -0
- data/spec/scanny/checks/sql_injection/find_method_check_spec.rb +62 -0
- data/spec/scanny/checks/sql_injection/find_method_with_dynamic_string_check_spec.rb +27 -0
- data/spec/scanny/checks/sql_injection/find_method_with_params_check_spec.rb +93 -0
- data/spec/scanny/checks/sql_injection/sanitize_sql_check_spec.rb +16 -0
- data/spec/scanny/checks/sql_injection/string_interpolation_with_params_check_spec.rb +18 -0
- data/spec/scanny/checks/ssl/verify_check_spec.rb +25 -0
- data/spec/scanny/checks/ssl/verify_peer_check_spec.rb +17 -0
- data/spec/scanny/checks/system_tools/gpg_usage_check_spec.rb +43 -0
- data/spec/scanny/checks/system_tools/sudo_check_spec.rb +24 -0
- data/spec/scanny/checks/system_tools/tar_check_spec.rb +20 -0
- data/spec/scanny/checks/system_tools/tar_commands_check_spec.rb +41 -0
- data/spec/scanny/checks/system_tools/unizp_check_spec.rb +29 -0
- data/spec/scanny/checks/temp_file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/user_find_check_spec.rb +22 -0
- data/spec/scanny/checks/validates_check_spec.rb +19 -0
- data/spec/scanny/checks/verify_check_spec.rb +27 -0
- data/spec/scanny/checks/xss/xss_flash_check_spec.rb +22 -0
- data/spec/scanny/checks/xss/xss_logger_check_spec.rb +24 -0
- data/spec/scanny/checks/xss/xss_mark_check_spec.rb +31 -0
- data/spec/scanny/checks/xss/xss_send_check_spec.rb +34 -0
- data/spec/scanny/cli_spec.rb +167 -0
- data/spec/scanny/issue_spec.rb +82 -0
- data/spec/scanny/rake_taks_spec.rb +82 -0
- data/spec/scanny/reporters/reporter_spec.rb +24 -0
- data/spec/scanny/reporters/simple_reporter_spec.rb +48 -0
- data/spec/scanny/reporters/xml_reporter_spec.rb +52 -0
- data/spec/scanny/ruby_version_check_spec.rb +24 -0
- data/spec/scanny/runner_spec.rb +128 -0
- data/spec/spec_helper.rb +10 -0
- data/spec/support/aruba.rb +4 -0
- data/spec/support/check_spec_helpers.rb +5 -0
- data/spec/support/checks/extend_test_check.rb +11 -0
- data/spec/support/checks/test_check.rb +15 -0
- data/spec/support/checks/test_strict_check.rb +17 -0
- data/spec/support/const_spec_helpers.rb +36 -0
- data/spec/support/matchers/check_matcher.rb +43 -0
- data/spec/support/matchers/xpath_matcher.rb +30 -0
- data/spec/support/mock_task.rb +43 -0
- metadata +242 -0
@@ -0,0 +1,20 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe HTTPUsageCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(HTTPUsageCheck.new)
|
7
|
+
@message = "Connecting to the server without encryption " +
|
8
|
+
"can facilitate sniffing traffic"
|
9
|
+
@issue = issue(:low, @message, 319)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"http://\" correctly" do
|
13
|
+
@runner.should check("'http://'").with_issue(@issue)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "reports \"@http.connect('http://server.com')\" correctly" do
|
17
|
+
@runner.should check("@http.connect('http://server.com')").with_issue(@issue)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe InformationLeakCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(InformationLeakCheck.new)
|
7
|
+
@message = "There is a possibility of data leakage"
|
8
|
+
@issue = issue(:medium, @message, 200)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports \"filter_parameter_logging\" correctly" do
|
12
|
+
@runner.should check("filter_parameter_logging").with_issue(@issue)
|
13
|
+
end
|
14
|
+
|
15
|
+
it "reports \"filter_parameter_logging :password\" correctly" do
|
16
|
+
@runner.should check("filter_parameter_logging :password").
|
17
|
+
with_issue(@issue)
|
18
|
+
end
|
19
|
+
|
20
|
+
it "reports \"User.find(params[:id])\" correctly" do
|
21
|
+
@runner.should check("User.find(params[:id])").with_issue(@issue)
|
22
|
+
end
|
23
|
+
|
24
|
+
it "reports \"User.find_by_id(params[:id])\" correctly" do
|
25
|
+
@runner.should check("User.find_by_id(params[:id])").with_issue(@issue)
|
26
|
+
end
|
27
|
+
|
28
|
+
it "reports \"User.find_by_object_id(params[:name])\" correctly" do
|
29
|
+
@runner.should check("User.find_by_object_id(params[:id])").with_issue(@issue)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe InputFilteringCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(InputFilteringCheck.new)
|
7
|
+
@message = "Possible injection vulnerabilities"
|
8
|
+
@issue = issue(:low, @message, 20)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports \"logger(params[:password])\" correctly" do
|
12
|
+
@runner.should check("params[:password]").with_issue(@issue)
|
13
|
+
end
|
14
|
+
|
15
|
+
it "reports \"system('\\033]30;command\\007')\" correctly" do
|
16
|
+
@runner.should check('system("\\033]30;command\\007")').with_issue(@issue)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe SetRailsEnvCheck do
|
5
|
+
before :each do
|
6
|
+
@runner = Scanny::Runner.new(SetRailsEnvCheck.new)
|
7
|
+
@issue = issue(:info,
|
8
|
+
"Setting ENV[\"RAILS_ENV\"] can indicate insecure configuration.", 209)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports setting ENV[\"RAILS_ENV\"] correctly" do
|
12
|
+
@runner.should check('ENV["RAILS_ENV"] = "test"').with_issue(@issue)
|
13
|
+
@runner.should check('FOO["RAILS_ENV"] = "test"').without_issues
|
14
|
+
@runner.should check('ENV["FOO"] = "test"').without_issues
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe SetSecretCheck do
|
5
|
+
before :each do
|
6
|
+
@runner = Scanny::Runner.new(SetSecretCheck.new)
|
7
|
+
@issue = issue(:info,
|
8
|
+
"Setting :secret can indicate using hard-coded cryptographic key.", 321)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports setting :secret correctly" do
|
12
|
+
@runner.should check('{ :secret => "secret" }').with_issue(@issue)
|
13
|
+
@runner.should check(
|
14
|
+
'{ :foo => 42, :secret => "secret", :bar => 43 }'
|
15
|
+
).with_issue(@issue)
|
16
|
+
@runner.should check('{}').without_issues(@issue)
|
17
|
+
@runner.should check(
|
18
|
+
'{ :foo => 42, :bar => 43, :baz => 43 }'
|
19
|
+
).without_issues(@issue)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe SetSessionKeyCheck do
|
5
|
+
before :each do
|
6
|
+
@runner = Scanny::Runner.new(SetSessionKeyCheck.new)
|
7
|
+
@issue = issue(:info, "Setting :session_key.", nil)
|
8
|
+
end
|
9
|
+
|
10
|
+
it "reports setting :session_key correctly" do
|
11
|
+
@runner.should check('{ :session_key => "secret" }').with_issue(@issue)
|
12
|
+
@runner.should check(
|
13
|
+
'{ :foo => 42, :session_key => "secret", :bar => 43 }'
|
14
|
+
).with_issue(@issue)
|
15
|
+
@runner.should check('{}').without_issues(@issue)
|
16
|
+
@runner.should check(
|
17
|
+
'{ :foo => 42, :bar => 43, :baz => 43 }'
|
18
|
+
).without_issues(@issue)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
module Scanny
|
2
|
+
module Checks
|
3
|
+
module InsecureMethod
|
4
|
+
describe EvalMethodCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(EvalMethodCheck.new)
|
7
|
+
@message = "Execute eval method can lead the ruby interpreter to run dangerous code"
|
8
|
+
|
9
|
+
@issue = issue(:high, @message, 95)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"eval\" correctly" do
|
13
|
+
@runner.should check("eval").without_issues
|
14
|
+
end
|
15
|
+
|
16
|
+
it "reports \"eval('ruby_code')\" correctly" do
|
17
|
+
@runner.should check("eval('ruby_code')").with_issue(@issue)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny
|
4
|
+
module Checks
|
5
|
+
module InsecureMethod
|
6
|
+
describe MarshalCheck do
|
7
|
+
before do
|
8
|
+
@runner = Scanny::Runner.new(MarshalCheck.new)
|
9
|
+
@message = "Execute deserialize method can load to memory dangerous object"
|
10
|
+
|
11
|
+
@issue = issue(:high, @message, 502)
|
12
|
+
end
|
13
|
+
|
14
|
+
it "reports \"object.deserialize\" correctly" do
|
15
|
+
@runner.should check("Marshal.load(object)").with_issue(@issue)
|
16
|
+
@runner.should check("load(object)").without_issues
|
17
|
+
end
|
18
|
+
|
19
|
+
it "reports \"deserialize('string')\" correctly" do
|
20
|
+
@runner.should check("Marshal.restore(object)").with_issue(@issue)
|
21
|
+
@runner.should check("restore(object)").without_issues
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny
|
4
|
+
module Checks
|
5
|
+
module InsecureMethod
|
6
|
+
describe SystemMethodCheck do
|
7
|
+
before do
|
8
|
+
@runner = Scanny::Runner.new(SystemMethodCheck.new)
|
9
|
+
@message = "Execute system commands can lead the system to run dangerous code"
|
10
|
+
|
11
|
+
@issue = issue(:high, @message, [88, 78])
|
12
|
+
end
|
13
|
+
|
14
|
+
it "reports \"popen\" correctly" do
|
15
|
+
@runner.should check("IO.popen(arguments)").with_issue(@issue)
|
16
|
+
@runner.should check("IO.popen3(arguments)").with_issue(@issue)
|
17
|
+
end
|
18
|
+
|
19
|
+
it "reports \"system\" correctly" do
|
20
|
+
@runner.should check("system('rm -rf /')").with_issue(@issue)
|
21
|
+
end
|
22
|
+
|
23
|
+
it "reports \"spawn\" correctly" do
|
24
|
+
@runner.should check("spawn('rm -rf /')").with_issue(@issue)
|
25
|
+
end
|
26
|
+
|
27
|
+
it "reports \"`ls`\" correctly" do
|
28
|
+
@runner.should check("`ls`").with_issue(@issue)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe MassAssignmentCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(MassAssignmentCheck.new)
|
7
|
+
@message = "Create objects without defense against mass assignment" +
|
8
|
+
"can cause dangerous errors in the database"
|
9
|
+
@issue = issue(:high, @message, 642)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"User.new(params[:user])\" correctly" do
|
13
|
+
@runner.should check("User.new(params[:user])").with_issue(@issue)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "reports \"User.new(:email => params[:input])\" correctly" do
|
17
|
+
@runner.should check("User.new(:email => params[:input])").with_issue(@issue)
|
18
|
+
@runner.should check("User.new(params[:input] => :value)").without_issues
|
19
|
+
end
|
20
|
+
|
21
|
+
it "reports \"User.create(params[:user])\" correctly" do
|
22
|
+
@runner.should check("User.create(params[:user])").with_issue(@issue)
|
23
|
+
end
|
24
|
+
|
25
|
+
it "reports \"@user.update_attributes(params[:user])\" correctly" do
|
26
|
+
@runner.should check("@user.update_attributes(params[:user])").with_issue(@issue)
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe RandomNumbersCheck do
|
5
|
+
before :each do
|
6
|
+
@runner = Scanny::Runner.new(RandomNumbersCheck.new)
|
7
|
+
@message = "This action indicates using low-entropy random number generator"
|
8
|
+
@issue = issue(:medium, @message, 331)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports \"Kernel.rand\" correctly" do
|
12
|
+
@runner.should check('rand').with_issue(@issue)
|
13
|
+
@runner.should check('Kernel.rand').with_issue(@issue)
|
14
|
+
@runner.should check('Foo.rand').without_issues
|
15
|
+
@runner.should check('foo.rand').without_issues
|
16
|
+
end
|
17
|
+
|
18
|
+
it "reports \"Kernel.srand\" correctly" do
|
19
|
+
@runner.should check('srand').with_issue(@issue)
|
20
|
+
@runner.should check('Kernel.srand').with_issue(@issue)
|
21
|
+
@runner.should check('Foo.srand').without_issues
|
22
|
+
@runner.should check('foo.srand').without_issues
|
23
|
+
end
|
24
|
+
|
25
|
+
it "reports calls with one argument only" do
|
26
|
+
@runner.should check('rand').with_issue(@issue)
|
27
|
+
@runner.should check('rand(42)').with_issue(@issue)
|
28
|
+
@runner.should check('rand(42, 43, 44)').with_issue(@issue)
|
29
|
+
end
|
30
|
+
|
31
|
+
it "reports \"urandom\" usage" do
|
32
|
+
@runner.should check('File.open("/dev/urandom")').with_issue(@issue)
|
33
|
+
@runner.should check('urandom').without_issues
|
34
|
+
end
|
35
|
+
|
36
|
+
it "reports \"seed\" correctly" do
|
37
|
+
@runner.should check('seed').with_issue(@issue)
|
38
|
+
@runner.should check('seed(Time.now)').with_issue(@issue)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe RedirectWithParamsCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(RedirectWithParamsCheck.new)
|
7
|
+
@message = "Use of external parameters in redirect_to method" +
|
8
|
+
"can lead to unauthorized redirects"
|
9
|
+
@issue = issue(:medium, @message, [79, 113, 601, 698])
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"redirect_to(params[:to])\" correctly" do
|
13
|
+
@runner.should check("redirect_to(params[:to])").with_issue(@issue)
|
14
|
+
@runner.should check("redirect_to(@user)").without_issues
|
15
|
+
end
|
16
|
+
|
17
|
+
it "reports \"redirect_to\" with hash correctly" do
|
18
|
+
@runner.should
|
19
|
+
check("redirect_to :controller => :my, :action => params[:action]").with_issue(@issue)
|
20
|
+
@runner.should
|
21
|
+
check("redirect_to :controller => :my, :action => :new").without_issues
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe RegexpCheck do
|
5
|
+
before :each do
|
6
|
+
@runner = Scanny::Runner.new(RegexpCheck.new)
|
7
|
+
@issue = issue(:low,
|
8
|
+
"Possible improper regular expression usage.",
|
9
|
+
[185, 625, 791])
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports regexps with starting with \"^\" or ending with \"$\" correctly" do
|
13
|
+
@runner.should check('/^foo/').with_issue(@issue)
|
14
|
+
@runner.should check('/foo$/').with_issue(@issue)
|
15
|
+
@runner.should check('/foo/').without_issues
|
16
|
+
|
17
|
+
@runner.should check('/^foo#{bar}baz/').with_issue(@issue)
|
18
|
+
@runner.should check('/foo#{bar}baz$/').with_issue(@issue)
|
19
|
+
@runner.should check('/foo#{bar}baz/').without_issues
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe ResetSessionCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(ResetSessionCheck.new)
|
7
|
+
@message = "Improper resetting the session may lead to security problems"
|
8
|
+
@issue = issue(:info, @message, 384)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports \"reset_session\" correctly" do
|
12
|
+
@runner.should check("reset_session").with_issue(@issue)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::Session
|
4
|
+
describe AccessToSessionCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(AccessToSessionCheck.new)
|
7
|
+
@message = "Referring to a session in the wrong way" +
|
8
|
+
"can lead to errors that reduce security level"
|
9
|
+
@issue = issue(:info, @message)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"session[:password]\" correctly" do
|
13
|
+
@runner.should check("session[:password]").with_issue(@issue)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "reports \"cookie[:password]\" correctly" do
|
17
|
+
@runner.should check("cookie[:password]").with_issue(@issue)
|
18
|
+
end
|
19
|
+
|
20
|
+
it "reports \"session[:password] = params[:input]\" correctly" do
|
21
|
+
@runner.should check("session[:password] = nil").with_issue(@issue)
|
22
|
+
end
|
23
|
+
|
24
|
+
it "reports \"cookie[:password] = params[:input]\" correctly" do
|
25
|
+
@runner.should check("cookie[:password] = nil").with_issue(@issue)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::Session
|
4
|
+
describe SessionSecureCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(SessionSecureCheck.new)
|
7
|
+
@message = "Bad session security setting can cause problems"
|
8
|
+
@issue = issue(:info, @message, 614)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports \"ActionController::Base.session_options[:session_secure] = false\" correctly" do
|
12
|
+
@runner.should check("ActionController::Base.session_options[:session_secure] = false").
|
13
|
+
with_issue(@issue)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "reports \"ActionController::Base.session_options[:secure] = false\" correctly" do
|
17
|
+
@runner.should check("ActionController::Base.session_options[:secure] = false").
|
18
|
+
with_issue(@issue)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
@@ -0,0 +1,67 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe ShellExpandingMethodsCheck do
|
5
|
+
before :each do
|
6
|
+
@runner = Scanny::Runner.new(ShellExpandingMethodsCheck.new)
|
7
|
+
|
8
|
+
@backtick_issue = issue(:high,
|
9
|
+
"The \"`\" method passes the executed command through shell expansion.",
|
10
|
+
[88, 78])
|
11
|
+
@exec_issue = issue(:high,
|
12
|
+
"The \"exec\" method passes the executed command through shell expansion.",
|
13
|
+
[88, 78])
|
14
|
+
@system_issue = issue(:high,
|
15
|
+
"The \"system\" method passes the executed command through shell expansion.",
|
16
|
+
[88, 78])
|
17
|
+
@popen_issue = issue(:high,
|
18
|
+
"The \"popen\" method passes the executed command through shell expansion.",
|
19
|
+
[88, 78])
|
20
|
+
@popen3_issue = issue(:high,
|
21
|
+
"The \"popen3\" method passes the executed command through shell expansion.",
|
22
|
+
[88, 78])
|
23
|
+
@spawn_issue = issue(:high,
|
24
|
+
"The \"spawn\" method passes the executed command through shell expansion.",
|
25
|
+
[88, 78])
|
26
|
+
end
|
27
|
+
|
28
|
+
it "reports \"Kernel.`\" correctly" do
|
29
|
+
@runner.should check('Kernel.` "ls -l"').with_issue(@backtick_issue)
|
30
|
+
@runner.should check('Foo.` "ls -l"').without_issues
|
31
|
+
@runner.should check('foo.` "ls -l"').without_issues
|
32
|
+
end
|
33
|
+
|
34
|
+
it "reports \"Kernel.exec\" correctly" do
|
35
|
+
@runner.should check('exec "ls -l"').with_issue(@exec_issue)
|
36
|
+
@runner.should check('Kernel.exec "ls -l"').with_issue(@exec_issue)
|
37
|
+
@runner.should check('Foo.exec "ls -l"').without_issues
|
38
|
+
@runner.should check('foo.exec "ls -l"').without_issues
|
39
|
+
end
|
40
|
+
|
41
|
+
it "reports \"Kernel.system\" correctly" do
|
42
|
+
@runner.should check('system "ls -l"').with_issue(@system_issue)
|
43
|
+
@runner.should check('Kernel.system "ls -l"').with_issue(@system_issue)
|
44
|
+
@runner.should check('Foo.system "ls -l"').without_issues
|
45
|
+
@runner.should check('foo.system "ls -l"').without_issues
|
46
|
+
end
|
47
|
+
|
48
|
+
it "reports calls with one argument only" do
|
49
|
+
@runner.should check('exec').without_issues
|
50
|
+
@runner.should check('exec "ls -l"').with_issue(@exec_issue)
|
51
|
+
@runner.should check('exec "ls", "-l"').without_issues
|
52
|
+
end
|
53
|
+
|
54
|
+
it "reports \"popen\" correctly" do
|
55
|
+
@runner.should check("IO.popen(arguments)").with_issue(@popen_issue)
|
56
|
+
@runner.should check("IO.popen3(arguments)").with_issue(@popen3_issue)
|
57
|
+
end
|
58
|
+
|
59
|
+
it "reports \"spawn\" correctly" do
|
60
|
+
@runner.should check("spawn('rm -rf /')").with_issue(@spawn_issue)
|
61
|
+
end
|
62
|
+
|
63
|
+
it "reports \"`ls`\" correctly" do
|
64
|
+
@runner.should check("`ls`").with_issue(@backtick_issue)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|