Added a task to check ruby-advisory-rb for CVE bulletins missing in dawn

thesp0nge · Mar 28, 2014 · 6696f1e · 6696f1e
1 parent 5447ef2
commit 6696f1e
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 3 deletions.
diff --git a/Rakefile b/Rakefile
@@ -24,6 +24,12 @@ task :test => :spec
 task :prepare => [:build, :'checksum:calculate', :'checksum:commit']
 task :release => [:prepare]
 
+# namespace :check do
+# desc "Create a dependency check"
+# task :dependency, :name do |t, args|
+# end
+
+# end
 desc "Create a new CVE test"
 task :cve, :name do |t,args|
   name      = args.name
@@ -189,3 +195,34 @@ task :commit do
   system "git commit -v #{checksum_path} -m \"Adding #{Codesake::Dawn::VERSION} checksum to repo\""
 end
 end
+
+###############################################################################
+# ruby-advisory-rb integration
+###############################################################################
+
+namespace :rubysec do
+  desc 'Find new CVE bulletins to add to Codesake::Dawn'
+  task :find do
+    git_url = 'git@github.com:rubysec/ruby-advisory-db.git'
+    target_dir = './tmp/'
+    system "mkdir -p #{target_dir}"
+    # system "rm -rf #{target_dir}ruby-advisory-db"
+    # system "git clone #{git_url} #{target_dir}ruby-advisory-db"
+    list = []
+    Dir.glob("#{target_dir}ruby-advisory-db/gems/*/*.yml") do |path|
+      advisory = YAML.load_file(path)
+      if advisory['cve']
+        cve = "CVE-"+advisory['cve']
+        found = Codesake::Dawn::KnowledgeBase.find(nil, cve)
+        puts "#{cve} NOT in dawn v#{Codesake::Dawn::VERSION} knowledge base" unless found
+        list << cve unless found
+      end
+    end
+    File.open("missing_rubyadvisory_cvs_#{Time.now.strftime("%Y%m%d")}.txt", "w") do |f|
+      f.puts "Missing CVE bulletins - v#{Codesake::Dawn::VERSION} - #{Time.now.strftime("%d %B %Y")}"
+      f.puts list
+    end
+    # system "rm -rf #{target_dir}ruby-advisory-db"
+
+  end
+end
diff --git a/bin/dawn b/bin/dawn
@@ -129,7 +129,7 @@ opts.each do |opt, val|
     Kernel.exit(0)
 
   when '--list-knowledge-base'
-    puts Codesake::Dawn::Core.dump_knowledge_base(options[:verbose]) 
+    puts Codesake::Dawn::Core.dump_knowledge_base(options[:verbose])
     Kernel.exit(0)
   when '--list-known-framework'
     puts "Ruby MVC framework supported by #{APPNAME}:"

diff --git a/lib/codesake/dawn/kb/basic_check.rb b/lib/codesake/dawn/kb/basic_check.rb
@@ -118,6 +118,7 @@ def initialize(options={})
           @check_family = :cve if !options[:name].nil? && options[:name].start_with?('CVE-')
 
           if $logger.nil?
+            require 'codesake-commons'
             $logger  = Codesake::Commons::Logging.instance
             $logger.helo "dawn-basic-check", Codesake::Dawn::VERSION
           end

diff --git a/lib/codesake/dawn/version.rb b/lib/codesake/dawn/version.rb
@@ -17,11 +17,12 @@ module Dawn
     # |"Holly Shiftwell"|  5.0.0  |
     # |   "Guido"       |  6.0.0  |
     # |   "Luigi"       |  7.0.0  |
+    # | "Doc Hudson"    |  8.0.0  |
 
-    VERSION   = "1.1.0.rc1"
+    VERSION   = "1.1.0.rc2"
     CODENAME  = "Lightning McQueen"
     #RELEASE   = "(development)"
-    RELEASE   = "20140326"
+    RELEASE   = "20140328"
 
   end
 end