scanny 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +5 -0
- data/Gemfile +11 -0
- data/LICENSE +23 -0
- data/README.md +185 -0
- data/Rakefile +5 -0
- data/bin/scanny +61 -0
- data/lib/scanny.rb +12 -0
- data/lib/scanny/checks/access_control_check.rb +52 -0
- data/lib/scanny/checks/backticks_check.rb +18 -0
- data/lib/scanny/checks/before_filters_check.rb +35 -0
- data/lib/scanny/checks/check.rb +33 -0
- data/lib/scanny/checks/csrf_check.rb +19 -0
- data/lib/scanny/checks/denial_of_service_check.rb +42 -0
- data/lib/scanny/checks/file_open_check.rb +46 -0
- data/lib/scanny/checks/frameworks_check.rb +24 -0
- data/lib/scanny/checks/helpers.rb +28 -0
- data/lib/scanny/checks/http_basic_auth_check.rb +39 -0
- data/lib/scanny/checks/http_header/header_injection_check.rb +38 -0
- data/lib/scanny/checks/http_redirect_check.rb +37 -0
- data/lib/scanny/checks/http_request_check.rb +74 -0
- data/lib/scanny/checks/http_usage_check.rb +31 -0
- data/lib/scanny/checks/information_leak_check.rb +55 -0
- data/lib/scanny/checks/input_filtering_check.rb +39 -0
- data/lib/scanny/checks/insecure_config/set_rails_env_check.rb +24 -0
- data/lib/scanny/checks/insecure_config/set_secret_check.rb +25 -0
- data/lib/scanny/checks/insecure_config/set_session_key_check.rb +23 -0
- data/lib/scanny/checks/insecure_method/eval_method_check.rb +26 -0
- data/lib/scanny/checks/insecure_method/marshal_check.rb +33 -0
- data/lib/scanny/checks/insecure_method/system_method_check.rb +46 -0
- data/lib/scanny/checks/mass_assignment_check.rb +48 -0
- data/lib/scanny/checks/random_numbers_check.rb +54 -0
- data/lib/scanny/checks/redirect_with_params_check.rb +48 -0
- data/lib/scanny/checks/regexp_check.rb +23 -0
- data/lib/scanny/checks/reset_session_check.rb +24 -0
- data/lib/scanny/checks/session/access_to_session_check.rb +49 -0
- data/lib/scanny/checks/session/session_secure_check.rb +47 -0
- data/lib/scanny/checks/shell_expanding_methods_check.rb +54 -0
- data/lib/scanny/checks/skip_before_filters_check.rb +41 -0
- data/lib/scanny/checks/sql_injection/find_method_check.rb +81 -0
- data/lib/scanny/checks/sql_injection/find_method_with_dynamic_string_check.rb +43 -0
- data/lib/scanny/checks/sql_injection/find_method_with_params_check.rb +80 -0
- data/lib/scanny/checks/sql_injection/sanitize_sql_check.rb +25 -0
- data/lib/scanny/checks/sql_injection/sql_check.rb +14 -0
- data/lib/scanny/checks/sql_injection/string_interpolation_with_params_check.rb +39 -0
- data/lib/scanny/checks/ssl/verify_check.rb +53 -0
- data/lib/scanny/checks/ssl/verify_peer_check.rb +37 -0
- data/lib/scanny/checks/system_tools/gpg_usage_check.rb +51 -0
- data/lib/scanny/checks/system_tools/sudo_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_commands_check.rb +27 -0
- data/lib/scanny/checks/system_tools/unzip_check.rb +30 -0
- data/lib/scanny/checks/temp_file_open_check.rb +57 -0
- data/lib/scanny/checks/user_find_check.rb +40 -0
- data/lib/scanny/checks/validates_check.rb +32 -0
- data/lib/scanny/checks/verify_check.rb +44 -0
- data/lib/scanny/checks/xss/xss_flash_check.rb +70 -0
- data/lib/scanny/checks/xss/xss_logger_check.rb +78 -0
- data/lib/scanny/checks/xss/xss_mark_check.rb +48 -0
- data/lib/scanny/checks/xss/xss_send_check.rb +70 -0
- data/lib/scanny/cli.rb +47 -0
- data/lib/scanny/issue.rb +28 -0
- data/lib/scanny/rake_task.rb +56 -0
- data/lib/scanny/reporters.rb +3 -0
- data/lib/scanny/reporters/reporter.rb +22 -0
- data/lib/scanny/reporters/simple_reporter.rb +19 -0
- data/lib/scanny/reporters/xml_reporter.rb +64 -0
- data/lib/scanny/ruby_version_check.rb +15 -0
- data/lib/scanny/runner.rb +90 -0
- data/scanny.gemspec +22 -0
- data/spec/scanny/check_spec.rb +22 -0
- data/spec/scanny/checks/access_control_check_spec.rb +43 -0
- data/spec/scanny/checks/backticks_check_spec.rb +22 -0
- data/spec/scanny/checks/before_filters_check_spec.rb +45 -0
- data/spec/scanny/checks/csrf_check_spec.rb +16 -0
- data/spec/scanny/checks/denial_of_service_check_spec.rb +28 -0
- data/spec/scanny/checks/file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/frameworks_check_spec.rb +16 -0
- data/spec/scanny/checks/http_basic_auth_check_spec.rb +20 -0
- data/spec/scanny/checks/http_header/header_injection_check_spec.rb +21 -0
- data/spec/scanny/checks/http_redirect_check_spec.rb +15 -0
- data/spec/scanny/checks/http_request_check_spec.rb +37 -0
- data/spec/scanny/checks/http_usage_check_spec.rb +20 -0
- data/spec/scanny/checks/information_leak_check_spec.rb +32 -0
- data/spec/scanny/checks/input_filtering_check_spec.rb +19 -0
- data/spec/scanny/checks/insecure_config/set_rails_env_check_spec.rb +17 -0
- data/spec/scanny/checks/insecure_config/set_secret_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_config/set_session_key_check_spec.rb +21 -0
- data/spec/scanny/checks/insecure_method/eval_method_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_method/marshal_check_spec.rb +26 -0
- data/spec/scanny/checks/insecure_method/system_method_check_spec.rb +33 -0
- data/spec/scanny/checks/mass_assignment_check_spec.rb +30 -0
- data/spec/scanny/checks/random_numbers_check_spec.rb +41 -0
- data/spec/scanny/checks/redirect_with_params_check_spec.rb +24 -0
- data/spec/scanny/checks/regexp_check_spec.rb +22 -0
- data/spec/scanny/checks/reset_session_check_spec.rb +15 -0
- data/spec/scanny/checks/session/access_to_session_check_spec.rb +29 -0
- data/spec/scanny/checks/session/session_secure_check_spec.rb +22 -0
- data/spec/scanny/checks/shell_expanding_methods_check_spec.rb +67 -0
- data/spec/scanny/checks/skip_before_filters_check_spec.rb +81 -0
- data/spec/scanny/checks/sql_injection/find_method_check_spec.rb +62 -0
- data/spec/scanny/checks/sql_injection/find_method_with_dynamic_string_check_spec.rb +27 -0
- data/spec/scanny/checks/sql_injection/find_method_with_params_check_spec.rb +93 -0
- data/spec/scanny/checks/sql_injection/sanitize_sql_check_spec.rb +16 -0
- data/spec/scanny/checks/sql_injection/string_interpolation_with_params_check_spec.rb +18 -0
- data/spec/scanny/checks/ssl/verify_check_spec.rb +25 -0
- data/spec/scanny/checks/ssl/verify_peer_check_spec.rb +17 -0
- data/spec/scanny/checks/system_tools/gpg_usage_check_spec.rb +43 -0
- data/spec/scanny/checks/system_tools/sudo_check_spec.rb +24 -0
- data/spec/scanny/checks/system_tools/tar_check_spec.rb +20 -0
- data/spec/scanny/checks/system_tools/tar_commands_check_spec.rb +41 -0
- data/spec/scanny/checks/system_tools/unizp_check_spec.rb +29 -0
- data/spec/scanny/checks/temp_file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/user_find_check_spec.rb +22 -0
- data/spec/scanny/checks/validates_check_spec.rb +19 -0
- data/spec/scanny/checks/verify_check_spec.rb +27 -0
- data/spec/scanny/checks/xss/xss_flash_check_spec.rb +22 -0
- data/spec/scanny/checks/xss/xss_logger_check_spec.rb +24 -0
- data/spec/scanny/checks/xss/xss_mark_check_spec.rb +31 -0
- data/spec/scanny/checks/xss/xss_send_check_spec.rb +34 -0
- data/spec/scanny/cli_spec.rb +167 -0
- data/spec/scanny/issue_spec.rb +82 -0
- data/spec/scanny/rake_taks_spec.rb +82 -0
- data/spec/scanny/reporters/reporter_spec.rb +24 -0
- data/spec/scanny/reporters/simple_reporter_spec.rb +48 -0
- data/spec/scanny/reporters/xml_reporter_spec.rb +52 -0
- data/spec/scanny/ruby_version_check_spec.rb +24 -0
- data/spec/scanny/runner_spec.rb +128 -0
- data/spec/spec_helper.rb +10 -0
- data/spec/support/aruba.rb +4 -0
- data/spec/support/check_spec_helpers.rb +5 -0
- data/spec/support/checks/extend_test_check.rb +11 -0
- data/spec/support/checks/test_check.rb +15 -0
- data/spec/support/checks/test_strict_check.rb +17 -0
- data/spec/support/const_spec_helpers.rb +36 -0
- data/spec/support/matchers/check_matcher.rb +43 -0
- data/spec/support/matchers/xpath_matcher.rb +30 -0
- data/spec/support/mock_task.rb +43 -0
- metadata +242 -0
@@ -0,0 +1,81 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks
|
4
|
+
describe SkipBeforeFiltersCheck do
|
5
|
+
before :each do
|
6
|
+
@runner = Scanny::Runner.new(SkipBeforeFiltersCheck.new)
|
7
|
+
@login_required_issue = issue(:info,
|
8
|
+
"The \"skip_before_filter\" method with :login_required filter is used.",
|
9
|
+
[285, 288, 425])
|
10
|
+
@admin_required_issue = issue(:info,
|
11
|
+
"The \"skip_before_filter\" method with :admin_required filter is used.",
|
12
|
+
[285, 288, 425])
|
13
|
+
@verify_authenticity_token_issue = issue(:info,
|
14
|
+
"The \"skip_before_filter\" method with :verify_authenticity_token filter is used.",
|
15
|
+
[285, 288, 425])
|
16
|
+
@authenticate_issue = issue(:info,
|
17
|
+
"The \"skip_before_filter\" method with :authenticate filter is used.",
|
18
|
+
[285, 288, 425])
|
19
|
+
end
|
20
|
+
|
21
|
+
it "reports \"skip_before_filter\" with :login_required filter correctly" do
|
22
|
+
@runner.should check(
|
23
|
+
'skip_before_filter :login_required'
|
24
|
+
).with_issue(@login_required_issue)
|
25
|
+
@runner.should check(
|
26
|
+
'self.skip_before_filter :login_required'
|
27
|
+
).with_issue(@login_required_issue)
|
28
|
+
@runner.should check('foo.skip_before_filter :login_required').without_issues
|
29
|
+
@runner.should check('skip_after_filter :login_required').without_issues
|
30
|
+
@runner.should check(
|
31
|
+
'skip_before_filter :some_filter, :login_required, :another_filter'
|
32
|
+
).with_issue(@login_required_issue)
|
33
|
+
@runner.should check('skip_before_filter :some_filter').without_issues
|
34
|
+
end
|
35
|
+
|
36
|
+
it "reports \"skip_before_filter\" with :admin_required filter correctly" do
|
37
|
+
@runner.should check(
|
38
|
+
'skip_before_filter :admin_required'
|
39
|
+
).with_issue(@admin_required_issue)
|
40
|
+
@runner.should check(
|
41
|
+
'self.skip_before_filter :admin_required'
|
42
|
+
).with_issue(@admin_required_issue)
|
43
|
+
@runner.should check('foo.skip_before_filter :admin_required').without_issues
|
44
|
+
@runner.should check('skip_after_filter :admin_required').without_issues
|
45
|
+
@runner.should check(
|
46
|
+
'skip_before_filter :some_filter, :admin_required, :another_filter'
|
47
|
+
).with_issue(@admin_required_issue)
|
48
|
+
@runner.should check('skip_before_filter :some_filter').without_issues
|
49
|
+
end
|
50
|
+
|
51
|
+
it "reports \"skip_before_filter\" with :verify_authenticity_token filter correctly" do
|
52
|
+
@runner.should check(
|
53
|
+
'skip_before_filter :verify_authenticity_token'
|
54
|
+
).with_issue(@verify_authenticity_token_issue)
|
55
|
+
@runner.should check(
|
56
|
+
'self.skip_before_filter :verify_authenticity_token'
|
57
|
+
).with_issue(@verify_authenticity_token_issue)
|
58
|
+
@runner.should check('foo.skip_before_filter :verify_authenticity_token').without_issues
|
59
|
+
@runner.should check('skip_after_filter :verify_authenticity_token').without_issues
|
60
|
+
@runner.should check(
|
61
|
+
'skip_before_filter :some_filter, :verify_authenticity_token, :another_filter'
|
62
|
+
).with_issue(@verify_authenticity_token_issue)
|
63
|
+
@runner.should check('skip_before_filter :some_filter').without_issues
|
64
|
+
end
|
65
|
+
|
66
|
+
it "reports \"skip_before_filter\" with :authenticate filter correctly" do
|
67
|
+
@runner.should check(
|
68
|
+
'skip_before_filter :authenticate'
|
69
|
+
).with_issue(@authenticate_issue)
|
70
|
+
@runner.should check(
|
71
|
+
'self.skip_before_filter :authenticate'
|
72
|
+
).with_issue(@authenticate_issue)
|
73
|
+
@runner.should check('foo.skip_before_filter :authenticate').without_issues
|
74
|
+
@runner.should check('skip_after_filter :authenticate').without_issues
|
75
|
+
@runner.should check(
|
76
|
+
'skip_before_filter :some_filter, :authenticate, :another_filter'
|
77
|
+
).with_issue(@authenticate_issue)
|
78
|
+
@runner.should check('skip_before_filter :some_filter').without_issues
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::Sql
|
4
|
+
describe FindMethodCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(FindMethodCheck.new)
|
7
|
+
@message = "Use of external parameters in queries to the database " +
|
8
|
+
"can lead to SQL injection issue"
|
9
|
+
@issue_low = issue(:low, @message, 89)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"find\" calls with :conditions key and static value correctly" do
|
13
|
+
@runner.should check("find(:first, :conditions => { :id => 10 })").
|
14
|
+
with_issue(@issue_low)
|
15
|
+
end
|
16
|
+
|
17
|
+
it "does not report \"find\" calls without first argument" do
|
18
|
+
@runner.should check("find(:conditions => { :id => 10 })").
|
19
|
+
without_issues
|
20
|
+
end
|
21
|
+
|
22
|
+
it "does not report \"find\" with wrong key" do
|
23
|
+
@runner.should check("find(:first, :hello => :conditions)").
|
24
|
+
without_issues
|
25
|
+
end
|
26
|
+
|
27
|
+
it "reports \"find\" calls with :conditions key and dynamic value correctly" do
|
28
|
+
@runner.should check('find(:first, :conditions => "#{method}")').
|
29
|
+
with_issue(@issue_low)
|
30
|
+
end
|
31
|
+
|
32
|
+
it "reports \"find\" calls with :conditions key and params method as value correctly" do
|
33
|
+
@runner.should check("find(:first, :conditions => params[:id])").
|
34
|
+
with_issue(@issue_low)
|
35
|
+
end
|
36
|
+
|
37
|
+
it "reports \"execute\" calls on class correctly" do
|
38
|
+
@runner.should check('User.execute("sql")').with_issue(@issue_low)
|
39
|
+
end
|
40
|
+
|
41
|
+
it "reports \"find_by_sql\" calls on class correctly" do
|
42
|
+
@runner.should check('User.find_by_sql("sql")').with_issue(@issue_low)
|
43
|
+
end
|
44
|
+
|
45
|
+
it "reports \"paginate\" calls on class correctly" do
|
46
|
+
@runner.should check('User.paginate').with_issue(@issue_low)
|
47
|
+
end
|
48
|
+
|
49
|
+
it "reports \"paginage\" calls on object correctly" do
|
50
|
+
@runner.should check("array.paginate").with_issue(@issue_low)
|
51
|
+
end
|
52
|
+
|
53
|
+
it "reports \"paginage\" calls on object with arguments correctly" do
|
54
|
+
@runner.should check("array.paginate(options)").with_issue(@issue_low)
|
55
|
+
end
|
56
|
+
|
57
|
+
it "reports \"find_by_sql\" calls on class with params correctly" do
|
58
|
+
@runner.should check('User.find_by_sql params[:password]').
|
59
|
+
with_issue(@issue_low)
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::Sql
|
4
|
+
describe FindMethodWithDynamicStringCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(FindMethodWithDynamicStringCheck.new)
|
7
|
+
@message = "Use of external parameters in queries to the database " +
|
8
|
+
"can lead to SQL injection issue"
|
9
|
+
@issue_medium = issue(:medium, @message, 89)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"find\" calls with :conditions key and dynamic value correctly" do
|
13
|
+
@runner.should check('find(:first, :conditions => "#{method}")').
|
14
|
+
with_issue(@issue_medium)
|
15
|
+
@runner.should check('find(:first, :conditions => "normal_string")').without_issues
|
16
|
+
end
|
17
|
+
|
18
|
+
it "does not report \"find\" calls without first argument" do
|
19
|
+
@runner.should check("find(:conditions => :value)").without_issues
|
20
|
+
end
|
21
|
+
|
22
|
+
it "does not report \"find\" calls with incorrect hash value" do
|
23
|
+
@runner.should check('find(:first, "#{conditions}" => :value)').
|
24
|
+
without_issues
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,93 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::Sql
|
4
|
+
describe FindMethodWithParamsCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(FindMethodWithParamsCheck.new)
|
7
|
+
@message = "Use of external parameters in queries to the database " +
|
8
|
+
"can lead to SQL injection issue"
|
9
|
+
@issue_high = issue(:high, @message, 89)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"find\" calls with :conditions key and params method as value correctly" do
|
13
|
+
@runner.should check("find(:first, :conditions => params[:id])").
|
14
|
+
with_issue(@issue_high)
|
15
|
+
@runner.should_not check("find(:first, :conditions => no_params[:id])").
|
16
|
+
with_issue(@issue_high)
|
17
|
+
end
|
18
|
+
|
19
|
+
it "reports \"find\" calls with :limit key and params method as value correctly" do
|
20
|
+
@runner.should check("find(:first, :limit => params[:id])").
|
21
|
+
with_issue(@issue_high)
|
22
|
+
@runner.should_not check("find(:first, :limit => no_params[:id])").
|
23
|
+
with_issue(@issue_high)
|
24
|
+
end
|
25
|
+
|
26
|
+
it "reports \"find\" calls with :conditions key and session method as value correctly" do
|
27
|
+
@runner.should check("find(:first, :conditions => session[:password])").
|
28
|
+
with_issue(@issue_high)
|
29
|
+
@runner.should_not check("find(:first, :conditions => no_session[:password])").
|
30
|
+
with_issue(@issue_high)
|
31
|
+
end
|
32
|
+
|
33
|
+
it "reports \"find\" calls with :limit key and session method as value correctly" do
|
34
|
+
@runner.should check("find(:first, :limit => session[:password])").
|
35
|
+
with_issue(@issue_high)
|
36
|
+
@runner.should_not check("find(:first, :limit => no_session[:password])").
|
37
|
+
with_issue(@issue_high)
|
38
|
+
end
|
39
|
+
|
40
|
+
it "does not report \"find\" calls when no first argument is given" do
|
41
|
+
@runner.should check("find(:limit => session[:password])").
|
42
|
+
without_issues
|
43
|
+
end
|
44
|
+
|
45
|
+
it "does not report \"find\" when hash keys are incorrect" do
|
46
|
+
@runner.should check("find(:first, :key => :limit, params[:hello] => :value)").
|
47
|
+
without_issues
|
48
|
+
end
|
49
|
+
|
50
|
+
it "reports \"execute\" calls on class with params correctly" do
|
51
|
+
@runner.should check('User.execute params[:password]').with_issue(@issue_high)
|
52
|
+
end
|
53
|
+
|
54
|
+
it "reports \"find_by_sql\" calls on class with params correctly" do
|
55
|
+
@runner.should check('User.find_by_sql params[:password]').
|
56
|
+
with_issue(@issue_high)
|
57
|
+
end
|
58
|
+
|
59
|
+
it "reports \"paginate\" calls on class with params correctly" do
|
60
|
+
@runner.should check('User.paginate params[:password]').with_issue(@issue_high)
|
61
|
+
end
|
62
|
+
|
63
|
+
it "reports \"execute\" calls on class with string interpolation correctly" do
|
64
|
+
@runner.should check('User.execute "#{params[:password]}"').
|
65
|
+
with_issue(@issue_high)
|
66
|
+
end
|
67
|
+
|
68
|
+
it "reports \"find_by_sql\" calls on class with string interpolation correctly" do
|
69
|
+
@runner.should check('User.find_by_sql "#{params[:password]}"').
|
70
|
+
with_issue(@issue_high)
|
71
|
+
end
|
72
|
+
|
73
|
+
it "reports \"paginate\" calls on class with string interpolation correctly" do
|
74
|
+
@runner.should check('User.paginate "#{params[:password]}"').
|
75
|
+
with_issue(@issue_high)
|
76
|
+
end
|
77
|
+
|
78
|
+
it "reports \"execute\" calls on object with string interpolation correctly" do
|
79
|
+
@runner.should check('@object.execute "#{params[:password]}"').
|
80
|
+
with_issue(@issue_high)
|
81
|
+
end
|
82
|
+
|
83
|
+
it "reports \"find_by_sql\" calls on object with string interpolation correctly" do
|
84
|
+
@runner.should check('@object.find_by_sql "#{params[:password]}"').
|
85
|
+
with_issue(@issue_high)
|
86
|
+
end
|
87
|
+
|
88
|
+
it "reports \"paginate\" calls on object with string interpolation correctly" do
|
89
|
+
@runner.should check('@object.paginate "#{params[:password]}"').
|
90
|
+
with_issue(@issue_high)
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::Sql
|
4
|
+
describe SanitizeCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(SanitizeCheck.new)
|
7
|
+
@message = "Use of external parameters in queries to the database " +
|
8
|
+
"can lead to SQL injection issue"
|
9
|
+
@issue_info = issue(:info, @message, 89)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"sanitize_sql\" calls correctly" do
|
13
|
+
@runner.should check("sanitize_sql('mysql_query')").with_issue(@issue_info)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::Sql
|
4
|
+
describe StringInterpolationWithParamsCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(StringInterpolationWithParamsCheck.new)
|
7
|
+
@message = "Use of external parameters in queries to the database " +
|
8
|
+
"can lead to SQL injection issue"
|
9
|
+
@issue_high = issue(:high, @message, 89)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports string interpolation with \"params[:input]\" correctly" do
|
13
|
+
@runner.should check('"SELECT #{params[:input]}"').with_issue(@issue_high)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::SSL
|
4
|
+
describe VerifyCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(VerifyCheck.new)
|
7
|
+
@message = "Disable certificate verification can " +
|
8
|
+
"lead to connect to an unauthorized server"
|
9
|
+
@issue = issue(:high, @message, [296, 297, 298, 299, 300, 599])
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports usage of \"OpenSSL::SSL::VERIFY_NONE\" correctly" do
|
13
|
+
@runner.should check("OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE").
|
14
|
+
with_issue(@issue)
|
15
|
+
end
|
16
|
+
|
17
|
+
it "reports \"ca_file = nil\" correctly" do
|
18
|
+
@runner.should check("ssl_context.ca_file = nil").with_issue(@issue)
|
19
|
+
end
|
20
|
+
|
21
|
+
it "reports \"ca_file = nil\" correctly" do
|
22
|
+
@runner.should check("ssl_context.ca_path = nil").with_issue(@issue)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::SSL
|
4
|
+
describe VerifyPeerCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(VerifyPeerCheck.new)
|
7
|
+
@message = "Change the value of of VERIFY_PEER" +
|
8
|
+
"can lead to faulty accepted certificate"
|
9
|
+
@issue = issue(:info, @message)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE\" correctly" do
|
13
|
+
@runner.should check("OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE").
|
14
|
+
with_issue(@issue)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::SystemTools
|
4
|
+
describe GpgUsageCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(GpgUsageCheck.new)
|
7
|
+
@message = "Using gpg tool in the wrong way can lead to security problems"
|
8
|
+
@issue = issue(:info, @message)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports \"GPG.method\" correctly" do
|
12
|
+
@runner.should check("GPG.method").with_issue(@issue)
|
13
|
+
end
|
14
|
+
|
15
|
+
it "reports \"Gpg.method\" correctly" do
|
16
|
+
@runner.should check("Gpg.method").with_issue(@issue)
|
17
|
+
end
|
18
|
+
|
19
|
+
it "reports \"GpgKey.method\" correctly" do
|
20
|
+
@runner.should check("GpgKey.method").with_issue(@issue)
|
21
|
+
end
|
22
|
+
|
23
|
+
it "reports \"GPGME.method\" correctly" do
|
24
|
+
@runner.should check("GPGME.method").with_issue(@issue)
|
25
|
+
end
|
26
|
+
|
27
|
+
it "reports \"Gpgr.method\" correctly" do
|
28
|
+
@runner.should check("Gpgr.method").with_issue(@issue)
|
29
|
+
end
|
30
|
+
|
31
|
+
it "reports \"RubyGpg.method\" correctly" do
|
32
|
+
@runner.should check("RubyGpg.method").with_issue(@issue)
|
33
|
+
end
|
34
|
+
|
35
|
+
it "reports \"system('gpg --example-flag')\" correctly" do
|
36
|
+
@runner.should check("system('gpg --example-flag')").with_issue(@issue)
|
37
|
+
end
|
38
|
+
|
39
|
+
it "reports \"`gpg --example-flag`\" correctly" do
|
40
|
+
@runner.should check("`gpg --example-flag`").with_issue(@issue)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::SystemTools
|
4
|
+
describe SudoCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(SudoCheck.new)
|
7
|
+
@message = "Using sudo can lead to the execution" +
|
8
|
+
"of programs on root administrator rights"
|
9
|
+
@issue = issue(:info, @message)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"system('sudo shutdown -h now')\" correctly" do
|
13
|
+
@runner.should check("system('sudo shutdown -h now')").with_issue(@issue)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "reports \"exec('sudo shutdown -h now')\" correctly" do
|
17
|
+
@runner.should check("exec('sudo shutdown -h now')").with_issue(@issue)
|
18
|
+
end
|
19
|
+
|
20
|
+
it "reports \"`sudo shutdown -h now`\" correctly" do
|
21
|
+
@runner.should check("`sudo shutdown -h now`").with_issue(@issue)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::SystemTools
|
4
|
+
describe TarCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(TarCheck.new)
|
7
|
+
@message = "Tar command can execute dangerous operations on files" +
|
8
|
+
"and can travel through directories"
|
9
|
+
@issue = issue(:medium, @message, 88)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "reports \"system('tar xvf archive.tar.gz')\" correctly" do
|
13
|
+
@runner.should check("system('tar xvf archive.tar.gz')").with_issue(@issue)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "reports \"`tar xvf archive.tar.gz`\" correctly" do
|
17
|
+
@runner.should check("`tar xvf archive.tar.gz`").with_issue(@issue)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny::Checks::SystemTools
|
4
|
+
describe TarCommandsCheck do
|
5
|
+
before do
|
6
|
+
@runner = Scanny::Runner.new(TarCommandsCheck.new)
|
7
|
+
@message = "Tar command has an option that allows to run external programs"
|
8
|
+
@issue = issue(:high, @message, 88)
|
9
|
+
end
|
10
|
+
|
11
|
+
it "reports \"system('tar xvf --to-command=exploit archive.tar')`\" correctly" do
|
12
|
+
@runner.should check("system('tar xvf --to-command=exploit archive.tar')").
|
13
|
+
with_issue(@issue)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "reports \"`tar xvf --to-command=exploit archive.tar`\" correctly" do
|
17
|
+
@runner.should check("`tar xvf --to-command=exploit archive.tar`").
|
18
|
+
with_issue(@issue)
|
19
|
+
end
|
20
|
+
|
21
|
+
it "reports \"system('tar xvf --rmt-command=exploit archive.tar')`\" correctly" do
|
22
|
+
@runner.should check("system('tar xvf --rmt-command=exploit archive.tar')").
|
23
|
+
with_issue(@issue)
|
24
|
+
end
|
25
|
+
|
26
|
+
it "reports \"`tar xvf --rmt-command=exploit archive.tar`\" correctly" do
|
27
|
+
@runner.should check("`tar xvf --rmt-command=exploit archive.tar`").
|
28
|
+
with_issue(@issue)
|
29
|
+
end
|
30
|
+
|
31
|
+
it "reports \"system('tar xvf --rsh-command=exploit archive.tar')`\" correctly" do
|
32
|
+
@runner.should check("system('tar xvf --rsh-command=exploit archive.tar')").
|
33
|
+
with_issue(@issue)
|
34
|
+
end
|
35
|
+
|
36
|
+
it "reports \"`tar xvf --rsh-command=exploit archive.tar`\" correctly" do
|
37
|
+
@runner.should check("`tar xvf --rsh-command=exploit archive.tar`").
|
38
|
+
with_issue(@issue)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|