* Adding a check for CVE-2014-3483: Ruby on Rails 4.x SQL Injection d…

…ue to

  PostgreSQL adapter (issue #75)

Changelog.md

@@ -9,6 +9,8 @@ _latest update: Fri Apr 18 07:55:10 CEST 2014_
 
 * Fix issue #62 about codesake-dawn config filename
 * Adding a check for CVE-2013-2105: HTML injection in show_in_browser rubygem
+* Adding a check for CVE-2014-3483: Ruby on Rails 4.x SQL Injection due to
+  PostgreSQL adapter (issue #75)
 
 ## Version 1.1.3 - codename: Lightning McQueen (2014-05-06)
 

lib/codesake/dawn/kb/cve_2014_3483.rb

@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-07-07
+			class CVE_2014_3483
+				include DependencyCheck
+
+				def initialize
+          message = "Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting ranges. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data."
+           super({
+            :name=>"CVE-2014-3483",
+            :cve=>"2014-3483",
+            :osvdb=>"108665",
+            :cvss=>"",
+            :release_date => Date.new(2014, 7, 2),
+            :cwe=>"",
+            :owasp=>"A1",
+            :applies=>["rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rails at least to version 4.0.7 or 4.1.3. As a general rule, using the latest stable rails version is recommended.",
+            :aux_links=>[""]
+           })
+           self.safe_dependencies = [{:name=>"rails", :version=>['4.0.7', '4.1.3']}]
+				end
+			end
+		end
+	end
+end

lib/codesake/dawn/knowledge_base.rb

@@ -218,6 +218,7 @@
 require "codesake/dawn/kb/cve_2014_2322"
 require "codesake/dawn/kb/cve_2014_2525"
 require "codesake/dawn/kb/cve_2014_2538"
+require "codesake/dawn/kb/cve_2014_3483"
 
 # OSVDB
 
@@ -463,6 +464,7 @@ def load_security_checks
           Codesake::Dawn::Kb::CVE_2014_2322.new,
           Codesake::Dawn::Kb::CVE_2014_2525.new,
           Codesake::Dawn::Kb::CVE_2014_2538.new,
+          Codesake::Dawn::Kb::CVE_2014_3483.new,
 
           # OSVDB Checks are still here since are all about dependencies
           Codesake::Dawn::Kb::OSVDB_105971.new

spec/lib/dawn/codesake_knowledgebase_spec.rb

@@ -903,4 +903,10 @@
     sc.should_not   be_nil
     sc.class.should == Codesake::Dawn::Kb::CVE_2013_2105
   end
+
+  it "must have test for CVE-2014-3483" do
+      sc = kb.find("CVE-2014-3483")
+        sc.should_not   be_nil
+          sc.class.should == Codesake::Dawn::Kb::CVE_2014_3483
+  end
 end

spec/lib/kb/cve_2014_3483_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+describe "The CVE-2014-3483 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_3483.new
+		# @check.debug = true
+	end
+  it "must be filled with CVSS information"
+  it "must be filled with auxiliary link"
+  it "is reported when a rails gem version 4.0.6 is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>"4.0.6"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when a rails gem version 4.1.2 is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>"4.1.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a rails gem version 4.0.7 is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>"4.0.7"}]
+    @check.vuln?.should   be_false
+  end
+  it "is not reported when a rails gem version 4.1.3 is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>"4.1.3"}]
+    @check.vuln?.should   be_false
+  end
+end