From 4ec31ef069f0287812117a37aed72e2ec9e94aeb Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 9 Dec 2015 17:03:26 +0100 Subject: [PATCH 01/28] v1.5.1 --- README.md | 2 +- VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8e1a3ed2..df45556b 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ box: --- -dawnscanner version 1.5.0 has 209 security checks loaded in its knowledge +dawnscanner version 1.5.1 has 209 security checks loaded in its knowledge base. Most of them are CVE bulletins applying to gems or the ruby interpreter itself. There are also some check coming from Owasp Ruby on Rails cheatsheet. diff --git a/VERSION b/VERSION index d23719c7..98ca4ea6 100644 --- a/VERSION +++ b/VERSION @@ -13,4 +13,4 @@ # | "Guido" | x.x.0 | # | "Luigi" | x.x.0 | # | "Doc Hudson" | x.x.0 | -1.5.0 - Tow Mater +1.5.1 - Tow Mater From 1d43c6281090a04d8c078650cbb2d2e1ff5e75c1 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 9 Dec 2015 17:04:06 +0100 Subject: [PATCH 02/28] v1.5.1 --- lib/dawn/version.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/dawn/version.rb b/lib/dawn/version.rb index 7894adf5..bf03c4d1 100644 --- a/lib/dawn/version.rb +++ b/lib/dawn/version.rb @@ -1,7 +1,7 @@ module Dawn - VERSION = "1.5.0" + VERSION = "1.5.1" CODENAME = "Tow Mater" RELEASE = "20151209" - BUILD = "60" - COMMIT = "g24e3b7e" + BUILD = "4" + COMMIT = "g4ec31ef" end From c6cbba25bbfb520333337d0e042e07df9fe835d2 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 9 Dec 2015 17:05:02 +0100 Subject: [PATCH 03/28] Adding 1.5.1 checksum to repo --- checksum/dawnscanner-1.5.1.gem.sha1 | 1 + 1 file changed, 1 insertion(+) create mode 100644 checksum/dawnscanner-1.5.1.gem.sha1 diff --git a/checksum/dawnscanner-1.5.1.gem.sha1 b/checksum/dawnscanner-1.5.1.gem.sha1 new file mode 100644 index 00000000..53d4d313 --- /dev/null +++ b/checksum/dawnscanner-1.5.1.gem.sha1 @@ -0,0 +1 @@ +cf4452f73eebf4d51e6c7116be78ab835f05157d \ No newline at end of file From 58ddd79ed21fa3fac17ac37c21dd36f025c3d04f Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 16 Dec 2015 16:26:45 +0100 Subject: [PATCH 04/28] Commenting out stats --- Changelog.md | 5 +++++ lib/dawn/engine.rb | 14 +++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/Changelog.md b/Changelog.md index 386fbde1..c3659ee0 100644 --- a/Changelog.md +++ b/Changelog.md @@ -7,6 +7,11 @@ frameworks. _latest update: Thu Dec 3 18:29:33 CET 2015_ +## Version 1.5.2 - codename: Tow Mater (2015-12-16) + +* Back on issue #170. Engine.rb still requires code metrics stuff. Commented + out. + ## Version 1.5.1 - codename: Tow Mater (2015-12-09) * Issue #170 - Error with code_metrics library cause Dawn to exit. Stats are diff --git a/lib/dawn/engine.rb b/lib/dawn/engine.rb index 62376114..41ed7d7a 100644 --- a/lib/dawn/engine.rb +++ b/lib/dawn/engine.rb @@ -1,5 +1,5 @@ # Statistics stuff -require 'code_metrics/statistics' +# require 'code_metrics/statistics' module Dawn module Engine @@ -425,11 +425,11 @@ def _do_apply(check) true end - def gather_statistics - dirs = CodeMetrics::StatsDirectories.new - puts target - dirs.add_directories("#{target}/**/*.rb", "#{target}") - puts CodeMetrics::Statistics.new(*dirs).to_s - end + # def gather_statistics + # dirs = CodeMetrics::StatsDirectories.new + # puts target + # dirs.add_directories("#{target}/**/*.rb", "#{target}") + # puts CodeMetrics::Statistics.new(*dirs).to_s + # end end end From ee917331da40e47b19d3416cff341e63e70e9c49 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 16 Dec 2015 16:28:56 +0100 Subject: [PATCH 05/28] v 1.5.2 --- README.md | 2 +- VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index df45556b..e3ce949d 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ box: --- -dawnscanner version 1.5.1 has 209 security checks loaded in its knowledge +dawnscanner version 1.5.2 has 209 security checks loaded in its knowledge base. Most of them are CVE bulletins applying to gems or the ruby interpreter itself. There are also some check coming from Owasp Ruby on Rails cheatsheet. diff --git a/VERSION b/VERSION index 98ca4ea6..dcc1fc57 100644 --- a/VERSION +++ b/VERSION @@ -13,4 +13,4 @@ # | "Guido" | x.x.0 | # | "Luigi" | x.x.0 | # | "Doc Hudson" | x.x.0 | -1.5.1 - Tow Mater +1.5.2 - Tow Mater From 561bd40526f2287dcb9d268988d3e986cc078f24 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 16 Dec 2015 16:29:59 +0100 Subject: [PATCH 06/28] v 1.5.2 --- lib/dawn/version.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/dawn/version.rb b/lib/dawn/version.rb index bf03c4d1..3ef68380 100644 --- a/lib/dawn/version.rb +++ b/lib/dawn/version.rb @@ -1,7 +1,7 @@ module Dawn - VERSION = "1.5.1" + VERSION = "1.5.2" CODENAME = "Tow Mater" - RELEASE = "20151209" + RELEASE = "20151216" BUILD = "4" - COMMIT = "g4ec31ef" + COMMIT = "gee91733" end From f5aa19a44d076ff1108866967da0df17b0031d4c Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 16 Dec 2015 16:30:51 +0100 Subject: [PATCH 07/28] Adding 1.5.2 checksum to repo --- checksum/dawnscanner-1.5.2.gem.sha1 | 1 + 1 file changed, 1 insertion(+) create mode 100644 checksum/dawnscanner-1.5.2.gem.sha1 diff --git a/checksum/dawnscanner-1.5.2.gem.sha1 b/checksum/dawnscanner-1.5.2.gem.sha1 new file mode 100644 index 00000000..754e1a3b --- /dev/null +++ b/checksum/dawnscanner-1.5.2.gem.sha1 @@ -0,0 +1 @@ +632579913def064e10c4d6c76cb722140bcb5925 \ No newline at end of file From 56ccaf514638113b5f885ac17464ffb92f068e03 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 20 Jan 2016 09:38:36 +0100 Subject: [PATCH 08/28] Add Gitter badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e3ce949d..a37edcc8 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ box: [![Coverage Status](https://coveralls.io/repos/thesp0nge/dawnscanner/badge.png)](https://coveralls.io/r/thesp0nge/dawnscanner) [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thesp0nge/dawnscanner/trend.png)](https://bitdeli.com/free "Bitdeli Badge") [![Inline docs](http://inch-ci.org/github/thesp0nge/dawnscanner.png?branch=master)](http://inch-ci.org/github/thesp0nge/dawnscanner) +[![Gitter](https://badges.gitter.im/thesp0nge/dawnscanner.svg)](https://gitter.im/thesp0nge/dawnscanner?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) --- From 7acb0f7b719240afc22dbeb789d5d6afe3fbb351 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 20 Jan 2016 10:28:41 +0100 Subject: [PATCH 09/28] Adding travis webhook for gitter --- .travis.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e881a4b5..28501e3e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,8 +1,15 @@ language: ruby rvm: + - 2.3.0 - 2.2.3 - 2.1.0 - 2.0.0 - - 1.9.3 - ruby-head - rbx +notifications: + webhooks: + urls: + - https://webhooks.gitter.im/e/968de5e2c7eb03759e38 + on_success: change # options: [always|never|change] default: always + on_failure: always # options: [always|never|change] default: always + on_start: never # options: [always|never|change] default: always From 0637d410a8accc8049e0a148e6145599e4f0c07b Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Thu, 28 Jan 2016 23:31:01 +0100 Subject: [PATCH 10/28] Issue #186 - Adding a check for CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller --- Changelog.md | 7 ++- lib/dawn/kb/cve_2015_7576.rb | 33 +++++++++++++ lib/dawn/knowledge_base.rb | 2 + spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++ spec/lib/kb/cve_2015_7576_spec.rb | 51 ++++++++++++++++++++ 5 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 lib/dawn/kb/cve_2015_7576.rb create mode 100644 spec/lib/kb/cve_2015_7576_spec.rb diff --git a/Changelog.md b/Changelog.md index c3659ee0..f9648449 100644 --- a/Changelog.md +++ b/Changelog.md @@ -5,7 +5,12 @@ It supports [Sinatra](http://www.sinatrarb.com), [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org) frameworks. -_latest update: Thu Dec 3 18:29:33 CET 2015_ +_latest update: Thu Jan 28 23:30:47 CET 2016_ + +## Version 1.5.3 - codename: Tow Mater (2016-xx-xx) + +* Issue #186 - Adding a check for CVE-2015-7576: Timing attack vulnerability in + basic authentication in Action Controller ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7576.rb b/lib/dawn/kb/cve_2015_7576.rb new file mode 100644 index 00000000..29b9b10e --- /dev/null +++ b/lib/dawn/kb/cve_2015_7576.rb @@ -0,0 +1,33 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-01-28 + class CVE_2015_7576 + # Include the testing skeleton for this CVE + # include PatternMatchCheck + include DependencyCheck + # include RubyVersionCheck + + def initialize + message = "There is a timing attack vulnerability in the basic authentication support in Action Controller. Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password." + super({ + :title=>title, + :name=> "CVE-2015-7576", + :cve=>"2015-7576", + :osvdb=>"", + :cvss=>"", + :release_date => Date.new(2016, 1, 26), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade actionpack gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.", + :aux_links=>["http://securitytracker.com/id/1034816"] + }) + self.safe_dependencies = [{:name=>"actionpack", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}] + + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 2010b78d..838562f6 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -243,6 +243,7 @@ require "dawn/kb/cve_2015_3227" require "dawn/kb/cve_2015_3448" require "dawn/kb/cve_2015_4020" +require "dawn/kb/cve_2015_7576" # OSVDB @@ -525,6 +526,7 @@ def load_security_checks Dawn::Kb::CVE_2015_3227.new, Dawn::Kb::CVE_2015_3448.new, Dawn::Kb::CVE_2015_4020.new, + Dawn::Kb::CVE_2015_7576.new, # OSVDB Checks are still here since are all about dependencies diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 3b07a555..edacf750 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1074,4 +1074,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_1819 end + it "must have test for CVE-2015-7576" do + sc = kb.find("CVE-2015-7576") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7576 + end end diff --git a/spec/lib/kb/cve_2015_7576_spec.rb b/spec/lib/kb/cve_2015_7576_spec.rb new file mode 100644 index 00000000..10a2ad93 --- /dev/null +++ b/spec/lib/kb/cve_2015_7576_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' +describe "The CVE-2015-7576 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7576.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"5.0.0"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"4.2.5.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"4.2.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"4.1.14.2"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"4.1.15"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"3.2.22.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"3.2.23"}] + @check.vuln?.should == false + end +end From dad079bcc36ff25c2d530af412df0aa42ae299fb Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Thu, 28 Jan 2016 23:36:45 +0100 Subject: [PATCH 11/28] Issue #185 - Adding a check for CVE-2016-0751: Possible Object Leak and Denial of Service attack in Action Pack --- Changelog.md | 2 + lib/dawn/kb/cve_2016_0751.rb | 30 ++++++++++++ lib/dawn/knowledge_base.rb | 4 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++ spec/lib/kb/cve_2016_0751_spec.rb | 51 ++++++++++++++++++++ 5 files changed, 92 insertions(+) create mode 100644 lib/dawn/kb/cve_2016_0751.rb create mode 100644 spec/lib/kb/cve_2016_0751_spec.rb diff --git a/Changelog.md b/Changelog.md index f9648449..2c30f957 100644 --- a/Changelog.md +++ b/Changelog.md @@ -11,6 +11,8 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ * Issue #186 - Adding a check for CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller +* Issue #185 - Adding a check for CVE-2016-0751: Possible Object Leak and + Denial of Service attack in Action Pack ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2016_0751.rb b/lib/dawn/kb/cve_2016_0751.rb new file mode 100644 index 00000000..57c7d486 --- /dev/null +++ b/lib/dawn/kb/cve_2016_0751.rb @@ -0,0 +1,30 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-01-28 + class CVE_2016_0751 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "There is a possible object leak which can lead to a denial of service vulnerability in Action Pack. A carefully crafted accept header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack." + super({ + :title=>title, + :name=> "CVE-2016-0751", + :cve=>"2016-0751", + :osvdb=>"", + :cvss=>"", + :release_date => Date.new(2016, 1, 26), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade actionpack gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.", + :aux_links=>["http://securitytracker.com/id/1034816"] + }) + self.safe_dependencies = [{:name=>"actionpack", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}] + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 838562f6..9b7be6c9 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -245,6 +245,9 @@ require "dawn/kb/cve_2015_4020" require "dawn/kb/cve_2015_7576" +# CVE - 2016 + +require "dawn/kb/cve_2016_0751" # OSVDB @@ -527,6 +530,7 @@ def load_security_checks Dawn::Kb::CVE_2015_3448.new, Dawn::Kb::CVE_2015_4020.new, Dawn::Kb::CVE_2015_7576.new, + Dawn::Kb::CVE_2016_0751.new, # OSVDB Checks are still here since are all about dependencies diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index edacf750..4a32049c 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1079,4 +1079,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7576 end + it "must have test for CVE-2016-0751" do + sc = kb.find("CVE-2016-0751") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2016_0751 +end end diff --git a/spec/lib/kb/cve_2016_0751_spec.rb b/spec/lib/kb/cve_2016_0751_spec.rb new file mode 100644 index 00000000..2b396ca3 --- /dev/null +++ b/spec/lib/kb/cve_2016_0751_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' +describe "The CVE-2016-0751 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2016_0751.new + # @check.debug = true + end +it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"5.0.0"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"4.2.5.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"4.2.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"4.1.14.2"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"4.1.15"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"3.2.22.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"3.2.23"}] + @check.vuln?.should == false + end +end From 45259c9fb4f869e5cea39b900c10ea1fe5e8a5b6 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Sun, 31 Jan 2016 18:20:03 +0100 Subject: [PATCH 12/28] =?UTF-8?q?*=20BUGFIX=20in=20is=5Fvulnerable=5Fminor?= =?UTF-8?q?=3F=20in=20case=20of=20version=20length=20mismatch,=20=20=20the?= =?UTF-8?q?re=20was=20an=20error=20evaluating=20if=20safe=5Fversion.length?= =?UTF-8?q?=20>=20=20=20detected=5Fversion.length=20block=20*=20BUGFIX=20i?= =?UTF-8?q?n=20is=5Fvulnerable=5Faux=5Fpatch=3F=20when=20detected=20versio?= =?UTF-8?q?n=20has=20no=20=20=20auxiliary=20patch=20(eg.=203.5.3)=20and=20?= =?UTF-8?q?safe=20version=20has=20it=20(eg.=203.5.3.1)=20the=20=20=20check?= =?UTF-8?q?=20was=20not=20triggered=20the=20right=20way.=20Now=20aux=20pat?= =?UTF-8?q?ch=20is=20forced=20to=200=20=20=20when=20missing=20and=20when?= =?UTF-8?q?=20one=20of=20twos=20has=20it.=20*=20Issue=C2=A0#184=20-=20Addi?= =?UTF-8?q?ng=20a=20check=20for=20CVE-2015-7577:=20Nested=20attributes=20?= =?UTF-8?q?=20=20rejection=20proc=20bypass=20in=20Active=20Record.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Changelog.md | 8 +++ lib/dawn/kb/cve_2015_7576.rb | 2 + lib/dawn/kb/cve_2015_7577.rb | 32 ++++++++++++ lib/dawn/kb/version_check.rb | 20 +++++--- lib/dawn/knowledge_base.rb | 2 + spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++ spec/lib/kb/cve_2015_7576_spec.rb | 14 +++--- spec/lib/kb/cve_2015_7577_spec.rb | 51 ++++++++++++++++++++ 8 files changed, 121 insertions(+), 13 deletions(-) create mode 100644 lib/dawn/kb/cve_2015_7577.rb create mode 100644 spec/lib/kb/cve_2015_7577_spec.rb diff --git a/Changelog.md b/Changelog.md index 2c30f957..20672c7d 100644 --- a/Changelog.md +++ b/Changelog.md @@ -13,6 +13,14 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ basic authentication in Action Controller * Issue #185 - Adding a check for CVE-2016-0751: Possible Object Leak and Denial of Service attack in Action Pack +* BUGFIX in is_vulnerable_minor? in case of version length mismatch, there was + an error evaluating if safe_version.length > detected_version.length block +* BUGFIX in is_vulnerable_aux_patch? when detected version has no auxiliary + patch (eg. 3.5.3) and safe version has it (eg. 3.5.3.1) the check was not + triggered the right way. Now aux patch is forced to 0 when missing and when + one of twos has it. +* Issue #184 - Adding a check for CVE-2015-7577: Nested attributes rejection + proc bypass in Active Record. ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7576.rb b/lib/dawn/kb/cve_2015_7576.rb index 29b9b10e..e4c2afc0 100644 --- a/lib/dawn/kb/cve_2015_7576.rb +++ b/lib/dawn/kb/cve_2015_7576.rb @@ -24,6 +24,8 @@ def initialize :mitigation=>"Please upgrade actionpack gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.", :aux_links=>["http://securitytracker.com/id/1034816"] }) + self.save_minor=true + self.save_major=true self.safe_dependencies = [{:name=>"actionpack", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}] diff --git a/lib/dawn/kb/cve_2015_7577.rb b/lib/dawn/kb/cve_2015_7577.rb new file mode 100644 index 00000000..5993b0dc --- /dev/null +++ b/lib/dawn/kb/cve_2015_7577.rb @@ -0,0 +1,32 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-01-29 + class CVE_2015_7577 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled." + super({ + :title=>title, + :name=> "CVE-2015-7577", + :cve=>"2015-7577", + :osvdb=>"", + :cvss=>"", + :release_date => Date.new(2016, 1, 26), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade activerecord gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.", + :aux_links=>["http://securitytracker.com/id/1034816"] + }) + self.save_minor=true + self.save_major=true + self.safe_dependencies = [{:name=>"activerecord", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}] + + end + end + end +end diff --git a/lib/dawn/kb/version_check.rb b/lib/dawn/kb/version_check.rb index 4ea6aa98..1fbf37dc 100644 --- a/lib/dawn/kb/version_check.rb +++ b/lib/dawn/kb/version_check.rb @@ -42,6 +42,7 @@ def vuln? return debug_me_and_return_false("detected version #{@detected} is higher than all version marked safe") if is_detected_highest? @safe.sort.each do |s| + debug_me "vuln?: evaluating #{@detected} against save version: #{s}" @save_minor_fix = save_minor_fix @save_major_fix = save_major_fix @@ -49,7 +50,7 @@ def vuln? vuln = is_vulnerable_version?(s, @detected) - debug_me "VULN=#{vuln} SAVE_MINOR=#{@save_minor_fix} SAVE_MAJOR=#{@save_major_fix}" + debug_me "DETECTED #{@detected} is marked VULN=#{vuln} against #{s} ( SAVE_MINOR_FIX=#{@save_minor_fix} SAVE_MAJOR_FIX=#{@save_major_fix})" return true if vuln end @@ -164,9 +165,12 @@ def save_minor_fix dva = version_string_to_array(@detected)[:version] @safe.sort.each do |s| sva = version_string_to_array(s)[:version] - debug_me("#SVA=#{sva};DVA=#{dva};SM=#{is_same_major?(sva, dva)};sm=#{is_same_minor?(sva, dva)}; ( dva[2] >= sva[2] )=#{(dva[2] >= sva[2])}") - return true if is_same_major?(sva, dva) && is_same_minor?(sva, dva) && dva[2] >= sva[2] && hm - return true if is_same_major?(sva, dva) && hm + sM = is_same_major?(sva, dva) + sm = is_same_minor?(sva, dva) + debug_me("save_minor_fix: SVA=#{sva};DVA=#{dva};SAME_MAJOR? = #{sM}; SAME_MINOR?=#{sm}; ( dva[2] >= sva[2] )=#{(dva[2] >= sva[2])}") + debug_me("save_minor_fix: is_there_higher_minor_version? = #{hm}") + return true if sM and sm and dva[2] >= sva[2] && hm + return true if sM and hm end return false end @@ -204,6 +208,8 @@ def is_vulnerable_patch?(safe_version, detected_version) return (safe_version[2] > detected_version[2]) end def is_vulnerable_aux_patch?(safe_version, detected_version) + debug_me "is_vulnerable_aux_patch?: SV[3]=#{safe_version[3]}, DV[3]=#{detected_version[3]}" + return true if detected_version[3].nil? and ! safe_version[3].nil? return false if safe_version[3].nil? || detected_version[3].nil? return (safe_version[3] > detected_version[3]) end @@ -221,7 +227,7 @@ def is_vulnerable_minor?(safe_version, detected_version) # safe version is kinda more complex e.g. 2.3.2 # in this case we return the version is vulnerable if the # detected_version major is less or equal the safe one. - return (safe_version[0] <= detected_version[0]) + return (safe_version[0] < detected_version[0]) end # support for x as safe minor version @@ -323,7 +329,9 @@ def is_vulnerable_version?(safe_version, detected_version) patch = is_vulnerable_patch?(safe_version_array, detected_version_array) aux_patch = is_vulnerable_aux_patch?(safe_version_array, detected_version_array) - debug_me "is_vulnerable_version? S=#{safe_version},D=#{detected_version} -> MAJOR=#{major} MINOR=#{minor} PATCH=#{patch} AUX_PATCH=#{aux_patch} SAVE_MINOR=#{@save_minor_fix} SAVE_MAJOR=#{@save_major_fix}" + debug_me "is_vulnerable_version? SAVE_VERSION=#{safe_version},DETECTED=#{detected_version} -> IS_VULN_MAJOR?=#{major} IS_VULN_MINOR?=#{minor} IS_VULN_PATCH?=#{patch} IS_VULN_AUX_PATCH=#{aux_patch} SAVE_MINOR_FIX=#{@save_minor_fix} SAVE_MAJOR_FIX=#{@save_major_fix}" + + return debug_me_and_return_false("#{detected_version} doesn't have a vulnerable MAJOR number") if is_higher_major?(detected_version, safe_version) #and minor and patch return is_vulnerable_beta?(sva[:beta], dva[:beta]) if is_same_version?(safe_version_array, detected_version_array) && is_beta_check?(sva[:beta], dva[:beta]) return is_vulnerable_rc?(sva[:rc], dva[:rc]) if is_same_version?(safe_version_array, detected_version_array) && is_rc_check?(sva[:rc], dva[:rc]) diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 9b7be6c9..632b81c6 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -244,6 +244,7 @@ require "dawn/kb/cve_2015_3448" require "dawn/kb/cve_2015_4020" require "dawn/kb/cve_2015_7576" +require "dawn/kb/cve_2015_7577" # CVE - 2016 @@ -530,6 +531,7 @@ def load_security_checks Dawn::Kb::CVE_2015_3448.new, Dawn::Kb::CVE_2015_4020.new, Dawn::Kb::CVE_2015_7576.new, + Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2016_0751.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 4a32049c..4496c0ba 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1083,5 +1083,10 @@ sc = kb.find("CVE-2016-0751") sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2016_0751 +end + it "must have test for CVE-2015-7577" do + sc = kb.find("CVE-2015-7577") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7577 end end diff --git a/spec/lib/kb/cve_2015_7576_spec.rb b/spec/lib/kb/cve_2015_7576_spec.rb index 10a2ad93..27eccd59 100644 --- a/spec/lib/kb/cve_2015_7576_spec.rb +++ b/spec/lib/kb/cve_2015_7576_spec.rb @@ -21,31 +21,31 @@ @check.vuln?.should == true end it "is not reported when a fixed release is detected" do - @check.dependencies = [{:name=>"", :version=>"5.0.0"}] + @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}] @check.vuln?.should == false end it "is not reported when a fixed release is detected" do - @check.dependencies = [{:name=>"", :version=>"4.2.5.1"}] + @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}] @check.vuln?.should == false end it "is not reported when a fixed release is detected" do - @check.dependencies = [{:name=>"", :version=>"4.2.6"}] + @check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}] @check.vuln?.should == false end it "is not reported when a fixed release is detected" do - @check.dependencies = [{:name=>"", :version=>"4.1.14.2"}] + @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}] @check.vuln?.should == false end it "is not reported when a fixed release is detected" do - @check.dependencies = [{:name=>"", :version=>"4.1.15"}] + @check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}] @check.vuln?.should == false end it "is not reported when a fixed release is detected" do - @check.dependencies = [{:name=>"", :version=>"3.2.22.1"}] + @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}] @check.vuln?.should == false end it "is not reported when a fixed release is detected" do - @check.dependencies = [{:name=>"", :version=>"3.2.23"}] + @check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}] @check.vuln?.should == false end end diff --git a/spec/lib/kb/cve_2015_7577_spec.rb b/spec/lib/kb/cve_2015_7577_spec.rb new file mode 100644 index 00000000..f7517356 --- /dev/null +++ b/spec/lib/kb/cve_2015_7577_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' +describe "The CVE-2015-7577 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7577.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.beta.1"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"4.2.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14.2"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"4.1.15"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activerecord", :version=>"3.2.23"}] + @check.vuln?.should == false + end +end From 2538d198ef05cc1f55092a0271f58420e1de1269 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Sun, 31 Jan 2016 18:34:56 +0100 Subject: [PATCH 13/28] * Issue #183 - Adding a check for CVE-2015-7579: XSS vulnerability in rails-html-sanitizer --- Changelog.md | 2 ++ lib/dawn/kb/cve_2015_7579.rb | 30 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++++ spec/lib/kb/cve_2015_7579_spec.rb | 23 +++++++++++++++ 5 files changed, 62 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_7579.rb create mode 100644 spec/lib/kb/cve_2015_7579_spec.rb diff --git a/Changelog.md b/Changelog.md index 20672c7d..faca044c 100644 --- a/Changelog.md +++ b/Changelog.md @@ -21,6 +21,8 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ one of twos has it. * Issue #184 - Adding a check for CVE-2015-7577: Nested attributes rejection proc bypass in Active Record. +* Issue #183 - Adding a check for CVE-2015-7579: XSS vulnerability in + rails-html-sanitizer ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7579.rb b/lib/dawn/kb/cve_2015_7579.rb new file mode 100644 index 00000000..9ade6ea7 --- /dev/null +++ b/lib/dawn/kb/cve_2015_7579.rb @@ -0,0 +1,30 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-01-31 + class CVE_2015_7579 + include DependencyCheck + + def initialize + message = "There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's strip_tags. Due to the way that Rails::Html::FullSanitizer is implemented, if an attacker passes an already escaped HTML entity to the input of Action View's strip_tags these entities will be unescaped what may cause a XSS attack if used in combination with raw or html_safe." + super({ + :title=>title, + :name=> "CVE-2015-7579", + :cve=>"2015-7579", + :osvdb=>"", + :cvss=>"", + :release_date => Date.new(2016, 1, 26), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade rails-html-sanitizer to version 1.0.3 or later.", + :aux_links=>["http://securitytracker.com/id/1034816"] + }) + self.safe_dependencies = [{:name=>"rails-html-sanitizer", :version=>['1.0.3']}] + self.not_affected = {:name=>"rails-html-sanitizer", :version=>['1.0.0', '1.0.1']} + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 632b81c6..aa1da028 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -245,6 +245,7 @@ require "dawn/kb/cve_2015_4020" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" +require "dawn/kb/cve_2015_7579" # CVE - 2016 @@ -532,6 +533,7 @@ def load_security_checks Dawn::Kb::CVE_2015_4020.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, + Dawn::Kb::CVE_2015_7579.new, Dawn::Kb::CVE_2016_0751.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 4496c0ba..5313cafc 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1089,4 +1089,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7577 end +it "must have test for CVE-2015-7579" do + sc = kb.find("CVE-2015-7579") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7579 +end end diff --git a/spec/lib/kb/cve_2015_7579_spec.rb b/spec/lib/kb/cve_2015_7579_spec.rb new file mode 100644 index 00000000..dc7acb1a --- /dev/null +++ b/spec/lib/kb/cve_2015_7579_spec.rb @@ -0,0 +1,23 @@ +require 'spec_helper' +describe "The CVE-2015-7579 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7579.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"1.0.3"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"1.0.0"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"", :version=>"1.0.1"}] + @check.vuln?.should == false + end +end From 6d082fefab75704ae506622690bb2f85d3133d6a Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Sun, 31 Jan 2016 18:43:08 +0100 Subject: [PATCH 14/28] * Issue #182 - Adding a check for CVE-2016-0752: Possible Information Leak Vulnerability in Action View --- Changelog.md | 2 + lib/dawn/kb/cve_2016_0752.rb | 35 ++++++++++++++ lib/dawn/knowledge_base.rb | 2 + spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++ spec/lib/kb/cve_2016_0752_spec.rb | 51 ++++++++++++++++++++ 5 files changed, 95 insertions(+) create mode 100644 lib/dawn/kb/cve_2016_0752.rb create mode 100644 spec/lib/kb/cve_2016_0752_spec.rb diff --git a/Changelog.md b/Changelog.md index faca044c..9b1d17f4 100644 --- a/Changelog.md +++ b/Changelog.md @@ -23,6 +23,8 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ proc bypass in Active Record. * Issue #183 - Adding a check for CVE-2015-7579: XSS vulnerability in rails-html-sanitizer +* Issue #182 - Adding a check for CVE-2016-0752: Possible Information Leak + Vulnerability in Action View ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2016_0752.rb b/lib/dawn/kb/cve_2016_0752.rb new file mode 100644 index 00000000..818c05df --- /dev/null +++ b/lib/dawn/kb/cve_2016_0752.rb @@ -0,0 +1,35 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-01-31 + class CVE_2016_0752 + # Include the testing skeleton for this CVE + # include PatternMatchCheck + include DependencyCheck + # include RubyVersionCheck + + def initialize + message = "There is a possible directory traversal and information leak vulnerability in Action View. Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability." + super({ + :title=>title, + :name=> "CVE-2016-0752", + :cve=>"2016-0752", + :osvdb=>"", + :cvss=>"", + :release_date => Date.new(2016, 1, 26), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade actionview gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.", + :aux_links=>["http://securitytracker.com/id/1034816"] + }) + self.save_minor=true + self.save_major=true + self.safe_dependencies = [{:name=>"actionview", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}] + + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index aa1da028..e29445bd 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -250,6 +250,7 @@ # CVE - 2016 require "dawn/kb/cve_2016_0751" +require "dawn/kb/cve_2016_0752" # OSVDB @@ -535,6 +536,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7579.new, Dawn::Kb::CVE_2016_0751.new, + Dawn::Kb::CVE_2016_0752.new, # OSVDB Checks are still here since are all about dependencies diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 5313cafc..8798addb 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1094,4 +1094,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7579 end +it "must have test for CVE-2016-0752" do + sc = kb.find("CVE-2016-0752") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2016_0752 +end end diff --git a/spec/lib/kb/cve_2016_0752_spec.rb b/spec/lib/kb/cve_2016_0752_spec.rb new file mode 100644 index 00000000..8905ea53 --- /dev/null +++ b/spec/lib/kb/cve_2016_0752_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' +describe "The CVE-2016-0752 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2016_0752.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"5.0.0.beta.1"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"4.2.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"4.1.14"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"3.2.22"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"5.0.0"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"4.2.5.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"4.2.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"4.1.14.2"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"4.1.15"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"3.2.22.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionview", :version=>"3.2.23"}] + @check.vuln?.should == false + end +end From 1de83dd2f6fc5172301606391206280e7da07919 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Mon, 1 Feb 2016 08:08:34 +0100 Subject: [PATCH 15/28] * Issue #181 - Adding a check for CVE-2016:0753: Possible Input Validation Circumvention in Active Model --- Changelog.md | 2 + lib/dawn/kb/cve_2016_0753.rb | 31 ++++++++++++ lib/dawn/knowledge_base.rb | 2 + spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++ spec/lib/kb/cve_2016_0753_spec.rb | 51 ++++++++++++++++++++ 5 files changed, 91 insertions(+) create mode 100644 lib/dawn/kb/cve_2016_0753.rb create mode 100644 spec/lib/kb/cve_2016_0753_spec.rb diff --git a/Changelog.md b/Changelog.md index 9b1d17f4..176f044a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -25,6 +25,8 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ rails-html-sanitizer * Issue #182 - Adding a check for CVE-2016-0752: Possible Information Leak Vulnerability in Action View +* Issue #181 - Adding a check for CVE-2016:0753: Possible Input Validation + Circumvention in Active Model ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2016_0753.rb b/lib/dawn/kb/cve_2016_0753.rb new file mode 100644 index 00000000..f5355d11 --- /dev/null +++ b/lib/dawn/kb/cve_2016_0753.rb @@ -0,0 +1,31 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-01 + class CVE_2016_0753 + include DependencyCheck + + def initialize + message = "There is a possible input validation circumvention vulnerability in Active Model. Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations." + super({ + :title=>title, + :name=> "CVE-2016-0753", + :cve=>"2016-0753", + :osvdb=>"", + :cvss=>"", + :release_date => Date.new(2016, 1, 26), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade activemodel gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.", + :aux_links=>["http://securitytracker.com/id/1034816"] + }) + self.save_minor=true + self.save_major=true + self.safe_dependencies = [{:name=>"activemodel", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}] + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index e29445bd..025c44cc 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -251,6 +251,7 @@ require "dawn/kb/cve_2016_0751" require "dawn/kb/cve_2016_0752" +require "dawn/kb/cve_2016_0753" # OSVDB @@ -537,6 +538,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7579.new, Dawn::Kb::CVE_2016_0751.new, Dawn::Kb::CVE_2016_0752.new, + Dawn::Kb::CVE_2016_0753.new, # OSVDB Checks are still here since are all about dependencies diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 8798addb..debfc5db 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1099,4 +1099,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2016_0752 end +it "must have test for CVE-2016-0753" do + sc = kb.find("CVE-2016-0753") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2016_0753 +end end diff --git a/spec/lib/kb/cve_2016_0753_spec.rb b/spec/lib/kb/cve_2016_0753_spec.rb new file mode 100644 index 00000000..f582b5b5 --- /dev/null +++ b/spec/lib/kb/cve_2016_0753_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' +describe "The CVE-2016-0753 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2016_0753.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"5.0.0.beta.1"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"4.2.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"4.1.14"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"3.2.22"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"5.0.0"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"4.2.5.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"4.2.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"4.1.14.2"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"4.1.15"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"3.2.22.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"activemodel", :version=>"3.2.23"}] + @check.vuln?.should == false + end +end From 544d75e0b5ed198525b3abc17acc2352cbe1c831 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Mon, 1 Feb 2016 08:12:48 +0100 Subject: [PATCH 16/28] * Issue #180 - Adding a check for CVE-2015-7578: Possible XSS vulnerability in rails-html-sanitizer --- Changelog.md | 2 ++ lib/dawn/kb/cve_2015_7578.rb | 30 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++++ spec/lib/kb/cve_2015_7578_spec.rb | 15 ++++++++++ 5 files changed, 54 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_7578.rb create mode 100644 spec/lib/kb/cve_2015_7578_spec.rb diff --git a/Changelog.md b/Changelog.md index 176f044a..7d204cfa 100644 --- a/Changelog.md +++ b/Changelog.md @@ -27,6 +27,8 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ Vulnerability in Action View * Issue #181 - Adding a check for CVE-2016:0753: Possible Input Validation Circumvention in Active Model +* Issue #180 - Adding a check for CVE-2015-7578: Possible XSS vulnerability in + rails-html-sanitizer ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7578.rb b/lib/dawn/kb/cve_2015_7578.rb new file mode 100644 index 00000000..4dd6d32c --- /dev/null +++ b/lib/dawn/kb/cve_2015_7578.rb @@ -0,0 +1,30 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-01 + class CVE_2015_7578 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "There is a possible XSS vulnerability in rails-html-sanitizer. Certain attributes are not removed from tags when they are sanitized, and these attributes can lead to an XSS attack on target applications." + super({ + :title=>title, + :name=> "CVE-2015-7578", + :cve=>"2015-7578", + :osvdb=>"", + :cvss=>"", + :release_date => Date.new(2016, 1, 26), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade rails-html-sanitizer gem to version 1.0.3 or later.", + :aux_links=>["http://securitytracker.com/id/1034816"] + }) + self.safe_dependencies = [{:name=>"rails-html-sanitizer", :version=>['1.0.3']}] + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 025c44cc..00047840 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -245,6 +245,7 @@ require "dawn/kb/cve_2015_4020" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" +require "dawn/kb/cve_2015_7578" require "dawn/kb/cve_2015_7579" # CVE - 2016 @@ -535,6 +536,7 @@ def load_security_checks Dawn::Kb::CVE_2015_4020.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, + Dawn::Kb::CVE_2015_7578.new, Dawn::Kb::CVE_2015_7579.new, Dawn::Kb::CVE_2016_0751.new, Dawn::Kb::CVE_2016_0752.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index debfc5db..87f5114f 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1104,4 +1104,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2016_0753 end +it "must have test for CVE-2015-7578" do + sc = kb.find("CVE-2015-7578") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7578 +end end diff --git a/spec/lib/kb/cve_2015_7578_spec.rb b/spec/lib/kb/cve_2015_7578_spec.rb new file mode 100644 index 00000000..30d5035d --- /dev/null +++ b/spec/lib/kb/cve_2015_7578_spec.rb @@ -0,0 +1,15 @@ +require 'spec_helper' +describe "The CVE-2015-7578 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7578.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.3"}] + @check.vuln?.should == false + end +end From 62a798faae920605bc01cf0aae83632e08f05f63 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Mon, 1 Feb 2016 08:16:15 +0100 Subject: [PATCH 17/28] * Issue #179 - Adding a check for CVE-2015-7581: Object leak vulnerability for wildcard controller routes in Action Pack --- Changelog.md | 2 + lib/dawn/kb/cve_2015_7581.rb | 33 +++++++++++++ lib/dawn/knowledge_base.rb | 2 + spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++ spec/lib/kb/cve_2015_7581_spec.rb | 51 ++++++++++++++++++++ 5 files changed, 93 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_7581.rb create mode 100644 spec/lib/kb/cve_2015_7581_spec.rb diff --git a/Changelog.md b/Changelog.md index 7d204cfa..63661122 100644 --- a/Changelog.md +++ b/Changelog.md @@ -29,6 +29,8 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ Circumvention in Active Model * Issue #180 - Adding a check for CVE-2015-7578: Possible XSS vulnerability in rails-html-sanitizer +* Issue #179 - Adding a check for CVE-2015-7581: Object leak vulnerability for + wildcard controller routes in Action Pack ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7581.rb b/lib/dawn/kb/cve_2015_7581.rb new file mode 100644 index 00000000..0e9f2938 --- /dev/null +++ b/lib/dawn/kb/cve_2015_7581.rb @@ -0,0 +1,33 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-01 + class CVE_2015_7581 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "There is an object leak vulnerability for wildcard controllers in Action Pack. Users that have a route that contains the string \":controller\" are susceptible to objects being leaked globally which can lead to unbounded memory growth. " + super({ + :title=>title, + :name=> "CVE-2015-7581", + :cve=>"2015-7581", + :osvdb=>"", + :cvss=>"", + :release_date => Date.new(2016, 1, 26), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade actionpack gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.", + :aux_links=>["http://securitytracker.com/id/1034816"] + }) + self.save_minor=true + self.save_major=true + self.safe_dependencies = [{:name=>"actionpack", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}] + + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 00047840..8caa2c31 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -247,6 +247,7 @@ require "dawn/kb/cve_2015_7577" require "dawn/kb/cve_2015_7578" require "dawn/kb/cve_2015_7579" +require "dawn/kb/cve_2015_7581" # CVE - 2016 @@ -538,6 +539,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7578.new, Dawn::Kb::CVE_2015_7579.new, + Dawn::Kb::CVE_2015_7581.new, Dawn::Kb::CVE_2016_0751.new, Dawn::Kb::CVE_2016_0752.new, Dawn::Kb::CVE_2016_0753.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 87f5114f..ee9abbe3 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1109,4 +1109,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7578 end +it "must have test for CVE-2015-7581" do + sc = kb.find("CVE-2015-7581") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7581 +end end diff --git a/spec/lib/kb/cve_2015_7581_spec.rb b/spec/lib/kb/cve_2015_7581_spec.rb new file mode 100644 index 00000000..3997301f --- /dev/null +++ b/spec/lib/kb/cve_2015_7581_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' +describe "The CVE-2015-7581 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7581.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}] + @check.vuln?.should == false + end +end From 723b787287215ff15134c129d1de3fa75e62a378 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:06:41 +0100 Subject: [PATCH 18/28] * BUGFIX in is_same_version? when a beta version is to be evaluated, during comparison the beta number must be discarded. * BUGFIX in is_vulnerable_beta? handling situation when either safe version or detected version doesn't have the beta number * BUGFIX in is_vulnerable_rc? handling situation when either safe version or detected version doesn't have the rc number * BUGFIX in is_vulnerable_pre? handling situation when either safe version or detected version doesn't have the pre number * Issue #173 handles a lot of CVE about nokogiri: - CVE-2015-5312: DoS in xmlStringLenDecodeEntities() --- Changelog.md | 13 ++++ lib/dawn/kb/cve_2015_5312.rb | 30 ++++++++ lib/dawn/kb/version_check.rb | 72 +++++++++++++------- lib/dawn/knowledge_base.rb | 2 + spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++ spec/lib/kb/codesake_version_check_spec.rb | 4 +- spec/lib/kb/cve_2015_5312_spec.rb | 31 +++++++++ spec/lib/kb/cve_2015_7576_spec.rb | 2 +- 8 files changed, 132 insertions(+), 27 deletions(-) create mode 100644 lib/dawn/kb/cve_2015_5312.rb create mode 100644 spec/lib/kb/cve_2015_5312_spec.rb diff --git a/Changelog.md b/Changelog.md index 63661122..ea7008d1 100644 --- a/Changelog.md +++ b/Changelog.md @@ -31,6 +31,19 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ rails-html-sanitizer * Issue #179 - Adding a check for CVE-2015-7581: Object leak vulnerability for wildcard controller routes in Action Pack +* BUGFIX in is_higher? when a version with an aux patch number was compared + with a one without ('1.2.3.4' vs '1.2.3') the incorrect result were + triggered. +* BUGFIX in is_same_version? when a beta version is to be evaluated, during + comparison the beta number must be discarded. +* BUGFIX in is_vulnerable_beta? handling situation when either safe version or + detected version doesn't have the beta number +* BUGFIX in is_vulnerable_rc? handling situation when either safe version or + detected version doesn't have the rc number +* BUGFIX in is_vulnerable_pre? handling situation when either safe version or + detected version doesn't have the pre number +* Issue #173 handles a lot of CVE about nokogiri: + - CVE-2015-5312: DoS in xmlStringLenDecodeEntities() ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_5312.rb b/lib/dawn/kb/cve_2015_5312.rb new file mode 100644 index 00000000..71d263f3 --- /dev/null +++ b/lib/dawn/kb/cve_2015_5312.rb @@ -0,0 +1,30 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-01 + class CVE_2015_5312 + include DependencyCheck + + def initialize + message = "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660." + super({ + :title=>title, + :name=> "CVE-2015-5312", + :cve=>"2015-5312", + :osvdb=>"", + :cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:C", + :release_date => Date.new(2015, 12, 15), + :cwe=>"", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", + :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] + }) + + self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] + self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} + end + end + end +end diff --git a/lib/dawn/kb/version_check.rb b/lib/dawn/kb/version_check.rb index 1fbf37dc..c14ea69a 100644 --- a/lib/dawn/kb/version_check.rb +++ b/lib/dawn/kb/version_check.rb @@ -103,6 +103,10 @@ def is_higher?(a, b) # patchlevel is 0 for sake of comparison. aa[:version] << 0 if aa[:version].count == 2 ba[:version] << 0 if ba[:version].count == 2 + + # Handling a = '1.2.3.4' and b = '1.2.3' + ba[:version] << 0 if aa[:version].count == 4 and ba[:version].count == 3 + ver = true if aa[:version][0] > ba[:version][0] ver = true if aa[:version][0] == ba[:version][0] && aa[:version][1] > ba[:version][1] ver = true if aa[:version].count == 3 && ba[:version].count == 3 && aa[:version][0] == ba[:version][0] && aa[:version][1] == ba[:version][1] && aa[:version][2] > ba[:version][2] @@ -238,7 +242,7 @@ def is_vulnerable_minor?(safe_version, detected_version) return false if safe_version[1] <= detected_version[1] end - def is_same_version?(safe_version_array, detected_version_array) + def is_same_version?(safe_version_array, detected_version_array, limit=false) ret = false ret = true if (safe_version_array[0] == detected_version_array[0]) if (safe_version_array[1] == 'x') @@ -246,6 +250,15 @@ def is_same_version?(safe_version_array, detected_version_array) ret = true if (safe_version_array[0] == detected_version_array[0]) && (safe_version_array[1] == detected_version_array[1]) && (safe_version_array[2] == detected_version_array[2]) && (safe_version_array.count == 3) && (detected_version_array.count == 3) ret = true if (safe_version_array[0] == detected_version_array[0]) && (safe_version_array[1] == detected_version_array[1]) && (safe_version_array[2] == detected_version_array[2]) && (safe_version_array[3] == detected_version_array[3]) && (safe_version_array.count == 4) && (detected_version_array.count == 4) + if limit + # this if handles comparison limited to first 3 items in version arrays + # eg. in case of a beta release, the array is [5,0,0,1] meaning + # 5.0.0.beta1. Of course it must be handled in a different way than + # 5.0.0.1 release that it will result in the same array + debug_me "is_same_version? with limit=TRUE" + ret = true if (safe_version_array[0] == detected_version_array[0]) && (safe_version_array[1] == detected_version_array[1]) && (safe_version_array[2] == detected_version_array[2]) + end + debug_me "is_same_version? SVA=#{safe_version_array} DVA=#{detected_version_array} RET=#{ret}" return ret @@ -256,16 +269,19 @@ def is_same_version?(safe_version_array, detected_version_array) ######################### def is_beta_check?(safe_version_beta, detected_version_beta) - ( safe_version_beta != 0 || detected_version_beta != 0) + ( safe_version_beta != -1 || detected_version_beta != -1) end def is_vulnerable_beta?(safe_version_beta, detected_version_beta) # if the safe_version_beta is 0 then the detected_version_beta is # vulnerable by design, since the safe version is a stable and we # detected a beta. - return true if safe_version_beta == 0 && detected_version_beta != 0 - return false if safe_version_beta <= detected_version_beta - return true if safe_version_beta > detected_version_beta + debug_me("is_vulnerable_beta?: safe_version_beta=#{safe_version_beta} - detected_version_beta=#{detected_version_beta}") + return debug_me_and_return_false("is_vulnerable_beta? = FALSE") if safe_version_beta != -1 and detected_version_beta == -1 + return debug_me_and_return_true("is_vulnerable_beta? = TRUE") if safe_version_beta == -1 and detected_version_beta != -1 + return debug_me_and_return_true("is_vulnerable_beta? = TRUE") if safe_version_beta == 0 && detected_version_beta != -1 + return debug_me_and_return_false("is_vulnerable_beta? = FALSE") if safe_version_beta <= detected_version_beta + return debug_me_and_return_true("is_vulnerable_beta? = TRUE") if safe_version_beta > detected_version_beta # fallback return false @@ -277,7 +293,7 @@ def is_vulnerable_beta?(safe_version_beta, detected_version_beta) ######################### def is_rc_check?(safe_version_rc, detected_version_rc) - ( safe_version_rc != 0 || detected_version_rc != 0) + ( safe_version_rc != -1 || detected_version_rc != -1 ) end def is_vulnerable_rc?(safe_version_rc, detected_version_rc) @@ -285,10 +301,13 @@ def is_vulnerable_rc?(safe_version_rc, detected_version_rc) # vulnerable by design, since the safe version is a stable and we # detected a rc. debug_me "entering is_vulnerable_rc?: s=#{safe_version_rc}, d=#{detected_version_rc}" - return true if safe_version_rc == 0 && detected_version_rc != 0 - return false if safe_version_rc != 0 && detected_version_rc == 0 - return false if safe_version_rc <= detected_version_rc - return true if safe_version_rc > detected_version_rc + return debug_me_and_return_false("is_vulnerable_rc? = FALSE") if detected_version_rc == -1 + + return debug_me_and_return_false("is_vulnerable_rc? = FALSE") if safe_version_rc != -1 and detected_version_rc == -1 + return debug_me_and_return_true("is_vulnerable_rc? = TRUE") if safe_version_rc == -1 and detected_version_rc != -1 + return debug_me_and_return_true("is_vulnerable_rc? = TRUE") if safe_version_rc == 0 && detected_version_rc != -1 + return debug_me_and_return_false("is_vulnerable_rc? = FALSE") if safe_version_rc <= detected_version_rc + return debug_me_and_return_true("is_vulnerable_rc? = TRUE") if safe_version_rc > detected_version_rc # fallback return false @@ -300,16 +319,19 @@ def is_vulnerable_rc?(safe_version_rc, detected_version_rc) ######################### def is_pre_check?(safe_version_pre, detected_version_pre) - ( safe_version_pre != 0 || detected_version_pre != 0) + ( safe_version_pre != -1 || detected_version_pre != -1 ) end def is_vulnerable_pre?(safe_version_pre, detected_version_pre) # if the safe_version_pre is 0 then the detected_version_pre is # vulnerable by design, since the safe version is a stable and we # detected a pre. - return true if safe_version_pre == 0 && detected_version_pre != 0 - return false if safe_version_pre <= detected_version_pre - return true if safe_version_pre > detected_version_pre + return debug_me_and_return_false("is_vulnerable_pre? = FALSE") if safe_version_pre != -1 and detected_version_pre == -1 + return debug_me_and_return_true("is_vulnerable_pre? = TRUE") if safe_version_pre == -1 and detected_version_pre != -1 + return debug_me_and_return_true("is_vulnerable_pre? = TRUE") if safe_version_pre == 0 && detected_version_pre != -1 + return debug_me_and_return_false("is_vulnerable_pre? = FALSE") if safe_version_pre <= detected_version_pre + return debug_me_and_return_true("is_vulnerable_pre? = TRUE") if safe_version_pre > detected_version_pre + # fallback return false @@ -318,6 +340,8 @@ def is_vulnerable_pre?(safe_version_pre, detected_version_pre) def is_vulnerable_version?(safe_version, detected_version) sva = version_string_to_array(safe_version) dva = version_string_to_array(detected_version) + debug_me("SVA=#{sva.inspect}") + debug_me("DVA=#{dva.inspect}") safe_version_array = sva[:version] detected_version_array = dva[:version] @@ -331,11 +355,11 @@ def is_vulnerable_version?(safe_version, detected_version) debug_me "is_vulnerable_version? SAVE_VERSION=#{safe_version},DETECTED=#{detected_version} -> IS_VULN_MAJOR?=#{major} IS_VULN_MINOR?=#{minor} IS_VULN_PATCH?=#{patch} IS_VULN_AUX_PATCH=#{aux_patch} SAVE_MINOR_FIX=#{@save_minor_fix} SAVE_MAJOR_FIX=#{@save_major_fix}" - return debug_me_and_return_false("#{detected_version} doesn't have a vulnerable MAJOR number") if is_higher_major?(detected_version, safe_version) #and minor and patch + return debug_me_and_return_false("#{detected_version} doesn't have a vulnerable MAJOR number") if is_higher_major?(detected_version, safe_version) #and minor and patch - return is_vulnerable_beta?(sva[:beta], dva[:beta]) if is_same_version?(safe_version_array, detected_version_array) && is_beta_check?(sva[:beta], dva[:beta]) - return is_vulnerable_rc?(sva[:rc], dva[:rc]) if is_same_version?(safe_version_array, detected_version_array) && is_rc_check?(sva[:rc], dva[:rc]) - return is_vulnerable_pre?(sva[:pre], dva[:pre]) if is_same_version?(safe_version_array, detected_version_array) && is_pre_check?(sva[:pre], dva[:pre]) + return is_vulnerable_beta?(sva[:beta], dva[:beta]) if is_same_version?(safe_version_array, detected_version_array, true) && is_beta_check?(sva[:beta], dva[:beta]) + return is_vulnerable_rc?(sva[:rc], dva[:rc]) if is_same_version?(safe_version_array, detected_version_array, true) && is_rc_check?(sva[:rc], dva[:rc]) + return is_vulnerable_pre?(sva[:pre], dva[:pre]) if is_same_version?(safe_version_array, detected_version_array, true) && is_pre_check?(sva[:pre], dva[:pre]) # we have a non vulnerable major, but the minor is and there is an higher version in array # eg. we detected v1.3.2, safe version is 1.3.3 and there is also a safe 2.x.x @@ -407,17 +431,17 @@ def version_string_to_array(string) # I can't use this nice onliner... stays here until I finish writing new code. # return string.split(".").map! { |n| (n=='x')? n : n.to_i } ver = [] - beta = 0 - rc = 0 - pre = 0 + beta = -1 + rc = -1 + pre = -1 string.split(".").each do |x| ver << x.to_i unless x == 'x' || x.start_with?('beta') || x.start_with?('rc') || x.start_with?('pre') ver << x if x == 'x' - beta = x.split("beta")[1].to_i if x.class == String && x.start_with?('beta') && beta == 0 - rc = x.split("rc")[1].to_i if x.class == String && x.start_with?('rc') && rc == 0 - pre = x.split("pre")[1].to_i if x.class == String && x.start_with?('pre') && pre == 0 + beta = x.split("beta")[1].to_i if x.class == String && x.start_with?('beta') && beta == -1 + rc = x.split("rc")[1].to_i if x.class == String && x.start_with?('rc') && rc == -1 + pre = x.split("pre")[1].to_i if x.class == String && x.start_with?('pre') && pre == -1 end {:version=>ver, :beta=>beta, :rc=>rc, :pre=>pre} diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 8caa2c31..9910757c 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -243,6 +243,7 @@ require "dawn/kb/cve_2015_3227" require "dawn/kb/cve_2015_3448" require "dawn/kb/cve_2015_4020" +require "dawn/kb/cve_2015_5312" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" require "dawn/kb/cve_2015_7578" @@ -535,6 +536,7 @@ def load_security_checks Dawn::Kb::CVE_2015_3227.new, Dawn::Kb::CVE_2015_3448.new, Dawn::Kb::CVE_2015_4020.new, + Dawn::Kb::CVE_2015_5312.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7578.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index ee9abbe3..4357249f 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1114,4 +1114,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7581 end +it "must have test for CVE-2015-5312" do + sc = kb.find("CVE-2015-5312") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_5312 +end end diff --git a/spec/lib/kb/codesake_version_check_spec.rb b/spec/lib/kb/codesake_version_check_spec.rb index 06359f70..c112c4ca 100644 --- a/spec/lib/kb/codesake_version_check_spec.rb +++ b/spec/lib/kb/codesake_version_check_spec.rb @@ -64,7 +64,7 @@ @check.is_vulnerable_version?('2.3.0', '2.3.0.beta9').should == true end it "reports a safe condition when a beta version is safe and the stable version is detected" do - @check.is_vulnerable_version?('2.3.0.beta9', '2.3.0').should == true + @check.is_vulnerable_version?('2.3.0.beta9', '2.3.0').should == false end it "reports a vulnerability when a previous beta version is detected" do @check.is_vulnerable_version?('2.3.0', '2.2.10.beta2').should == true @@ -124,7 +124,7 @@ @check.is_vulnerable_version?('2.3.0', '2.3.0.pre9').should == true end it "reports a safe condition when a pre version is safe and the stable version is detected" do - @check.is_vulnerable_version?('2.3.0.pre9', '2.3.0').should == true + @check.is_vulnerable_version?('2.3.0.pre9', '2.3.0').should == false end it "reports a vulnerability when a previous pre version is detected" do @check.is_vulnerable_version?('2.3.0', '2.2.10.pre2').should == true diff --git a/spec/lib/kb/cve_2015_5312_spec.rb b/spec/lib/kb/cve_2015_5312_spec.rb new file mode 100644 index 00000000..2e7d730c --- /dev/null +++ b/spec/lib/kb/cve_2015_5312_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' +describe "The CVE-2015-5312 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_5312.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}] + @check.vuln?.should == false + end +end diff --git a/spec/lib/kb/cve_2015_7576_spec.rb b/spec/lib/kb/cve_2015_7576_spec.rb index 27eccd59..e2fd2689 100644 --- a/spec/lib/kb/cve_2015_7576_spec.rb +++ b/spec/lib/kb/cve_2015_7576_spec.rb @@ -2,7 +2,7 @@ describe "The CVE-2015-7576 vulnerability" do before(:all) do @check = Dawn::Kb::CVE_2015_7576.new - # @check.debug = true + @check.debug = true end it "is reported when the vulnerable gem is detected" do @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}] From c6fa5fa3ef7c5b8d8c5f5c0440f5008316d47cc1 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:19:44 +0100 Subject: [PATCH 19/28] * Issue #173 handles a lot of CVE about nokogiri: - CVE-2015-7497: DoS in xmlDictComputeFastQKey() --- Changelog.md | 1 + lib/dawn/kb/cve_2015_5312.rb | 2 +- lib/dawn/kb/cve_2015_7497.rb | 32 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 +++ spec/lib/kb/cve_2015_7497_spec.rb | 31 +++++++++++++++++++ 6 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 lib/dawn/kb/cve_2015_7497.rb create mode 100644 spec/lib/kb/cve_2015_7497_spec.rb diff --git a/Changelog.md b/Changelog.md index ea7008d1..a4e7a72e 100644 --- a/Changelog.md +++ b/Changelog.md @@ -44,6 +44,7 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ detected version doesn't have the pre number * Issue #173 handles a lot of CVE about nokogiri: - CVE-2015-5312: DoS in xmlStringLenDecodeEntities() + - CVE-2015-7497: DoS in xmlDictComputeFastQKey() ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_5312.rb b/lib/dawn/kb/cve_2015_5312.rb index 71d263f3..56898e6f 100644 --- a/lib/dawn/kb/cve_2015_5312.rb +++ b/lib/dawn/kb/cve_2015_5312.rb @@ -13,7 +13,7 @@ def initialize :osvdb=>"", :cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:C", :release_date => Date.new(2015, 12, 15), - :cwe=>"", + :cwe=>"119", :owasp=>"A9", :applies=>["rails", "sinatra", "padrino"], :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, diff --git a/lib/dawn/kb/cve_2015_7497.rb b/lib/dawn/kb/cve_2015_7497.rb new file mode 100644 index 00000000..8d22dbb6 --- /dev/null +++ b/lib/dawn/kb/cve_2015_7497.rb @@ -0,0 +1,32 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_7497 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message ="Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors." + super({ + :title=>title, + :name=> "CVE-2015-7497", + :cve=>"2015-7497", + :osvdb=>"", + :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P", + :release_date => Date.new(2015, 12, 15), + :cwe=>"119", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", + :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] + }) + + self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] + self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 9910757c..04969b6f 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -244,6 +244,7 @@ require "dawn/kb/cve_2015_3448" require "dawn/kb/cve_2015_4020" require "dawn/kb/cve_2015_5312" +require "dawn/kb/cve_2015_7497" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" require "dawn/kb/cve_2015_7578" @@ -537,6 +538,7 @@ def load_security_checks Dawn::Kb::CVE_2015_3448.new, Dawn::Kb::CVE_2015_4020.new, Dawn::Kb::CVE_2015_5312.new, + Dawn::Kb::CVE_2015_7497.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7578.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 4357249f..a1c70c84 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1119,4 +1119,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_5312 end +it "must have test for CVE-2015-7497" do + sc = kb.find("CVE-2015-7497") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7497 +end end diff --git a/spec/lib/kb/cve_2015_7497_spec.rb b/spec/lib/kb/cve_2015_7497_spec.rb new file mode 100644 index 00000000..5d77f210 --- /dev/null +++ b/spec/lib/kb/cve_2015_7497_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' +describe "The CVE-2015-7497 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7497.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}] + @check.vuln?.should == false + end +end From ad20d315238abd0fd9d0974b830abc9866b7b299 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:23:17 +0100 Subject: [PATCH 20/28] * Issue #173 handles a lot of CVE about nokogiri: - CVE-2015-7498: DoS in xmlParseXmlDecl() --- Changelog.md | 1 + lib/dawn/kb/cve_2015_7498.rb | 32 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 +++ spec/lib/kb/cve_2015_7498_spec.rb | 31 +++++++++++++++++++ 5 files changed, 71 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_7498.rb create mode 100644 spec/lib/kb/cve_2015_7498_spec.rb diff --git a/Changelog.md b/Changelog.md index a4e7a72e..44089187 100644 --- a/Changelog.md +++ b/Changelog.md @@ -45,6 +45,7 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ * Issue #173 handles a lot of CVE about nokogiri: - CVE-2015-5312: DoS in xmlStringLenDecodeEntities() - CVE-2015-7497: DoS in xmlDictComputeFastQKey() + - CVE-2015-7498: DoS in xmlParseXmlDecl() ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7498.rb b/lib/dawn/kb/cve_2015_7498.rb new file mode 100644 index 00000000..77b1b085 --- /dev/null +++ b/lib/dawn/kb/cve_2015_7498.rb @@ -0,0 +1,32 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_7498 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure." + super({ + :title=>title, + :name=> "CVE-2015-7498", + :cve=>"2015-7498", + :osvdb=>"", + :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P", + :release_date => Date.new(2015, 12, 15), + :cwe=>"119", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", + :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] + }) + + self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] + self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 04969b6f..bf2d2a83 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -245,6 +245,7 @@ require "dawn/kb/cve_2015_4020" require "dawn/kb/cve_2015_5312" require "dawn/kb/cve_2015_7497" +require "dawn/kb/cve_2015_7498" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" require "dawn/kb/cve_2015_7578" @@ -539,6 +540,7 @@ def load_security_checks Dawn::Kb::CVE_2015_4020.new, Dawn::Kb::CVE_2015_5312.new, Dawn::Kb::CVE_2015_7497.new, + Dawn::Kb::CVE_2015_7498.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7578.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index a1c70c84..933b2c78 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1124,4 +1124,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7497 end +it "must have test for CVE-2015-7498" do + sc = kb.find("CVE-2015-7498") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7498 +end end diff --git a/spec/lib/kb/cve_2015_7498_spec.rb b/spec/lib/kb/cve_2015_7498_spec.rb new file mode 100644 index 00000000..b22f5c97 --- /dev/null +++ b/spec/lib/kb/cve_2015_7498_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' +describe "The CVE-2015-7498 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7498.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}] + @check.vuln?.should == false + end +end From 2be5e8415da73adab7293999a857b49b94055edf Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:26:47 +0100 Subject: [PATCH 21/28] * Issue #173 handles a lot of CVE about nokogiri: - CVE-2015-7499: In memory information disclosure due to heap-based buffer overflow in the xmlGROW() --- Changelog.md | 1 + lib/dawn/kb/cve_2015_7499.rb | 32 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 +++ spec/lib/kb/cve_2015_7499_spec.rb | 31 +++++++++++++++++++ 5 files changed, 71 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_7499.rb create mode 100644 spec/lib/kb/cve_2015_7499_spec.rb diff --git a/Changelog.md b/Changelog.md index 44089187..7fee07f6 100644 --- a/Changelog.md +++ b/Changelog.md @@ -46,6 +46,7 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ - CVE-2015-5312: DoS in xmlStringLenDecodeEntities() - CVE-2015-7497: DoS in xmlDictComputeFastQKey() - CVE-2015-7498: DoS in xmlParseXmlDecl() + - CVE-2015-7499: In memory information disclosure due to heap-based buffer overflow in the xmlGROW() ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7499.rb b/lib/dawn/kb/cve_2015_7499.rb new file mode 100644 index 00000000..8a6c6130 --- /dev/null +++ b/lib/dawn/kb/cve_2015_7499.rb @@ -0,0 +1,32 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_7499 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message="Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors." + super({ + :title=>title, + :name=> "CVE-2015-7499", + :cve=>"2015-7499", + :osvdb=>"", + :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N", + :release_date => Date.new(2015, 12, 15), + :cwe=>"119", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", + :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] + }) + + self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] + self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index bf2d2a83..b5fea40a 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -246,6 +246,7 @@ require "dawn/kb/cve_2015_5312" require "dawn/kb/cve_2015_7497" require "dawn/kb/cve_2015_7498" +require "dawn/kb/cve_2015_7499" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" require "dawn/kb/cve_2015_7578" @@ -541,6 +542,7 @@ def load_security_checks Dawn::Kb::CVE_2015_5312.new, Dawn::Kb::CVE_2015_7497.new, Dawn::Kb::CVE_2015_7498.new, + Dawn::Kb::CVE_2015_7499.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7578.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 933b2c78..58210e7a 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1129,4 +1129,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7498 end +it "must have test for CVE-2015-7499" do + sc = kb.find("CVE-2015-7499") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7499 +end end diff --git a/spec/lib/kb/cve_2015_7499_spec.rb b/spec/lib/kb/cve_2015_7499_spec.rb new file mode 100644 index 00000000..521648fa --- /dev/null +++ b/spec/lib/kb/cve_2015_7499_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' +describe "The CVE-2015-7499 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7499.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}] + @check.vuln?.should == false + end +end From e49fef6b632c04d68d84736589a98903e4241618 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:29:30 +0100 Subject: [PATCH 22/28] * Issue #173 handles a lot of CVE about nokogiri: - CVE-2015-7500: DoS in xmlParseMisc() --- Changelog.md | 1 + lib/dawn/kb/cve_2015_7500.rb | 32 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 +++ spec/lib/kb/cve_2015_7500_spec.rb | 31 +++++++++++++++++++ 5 files changed, 71 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_7500.rb create mode 100644 spec/lib/kb/cve_2015_7500_spec.rb diff --git a/Changelog.md b/Changelog.md index 7fee07f6..d83e3394 100644 --- a/Changelog.md +++ b/Changelog.md @@ -47,6 +47,7 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ - CVE-2015-7497: DoS in xmlDictComputeFastQKey() - CVE-2015-7498: DoS in xmlParseXmlDecl() - CVE-2015-7499: In memory information disclosure due to heap-based buffer overflow in the xmlGROW() + - CVE-2015-7500: DoS in xmlParseMisc() ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7500.rb b/lib/dawn/kb/cve_2015_7500.rb new file mode 100644 index 00000000..261c12bf --- /dev/null +++ b/lib/dawn/kb/cve_2015_7500.rb @@ -0,0 +1,32 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_7500 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags." + super({ + :title=>title, + :name=> "CVE-2015-7500", + :cve=>"2015-7500", + :osvdb=>"", + :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P", + :release_date => Date.new(2015, 12, 15), + :cwe=>"119", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", + :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] + }) + + self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] + self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index b5fea40a..b8c1ca35 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -247,6 +247,7 @@ require "dawn/kb/cve_2015_7497" require "dawn/kb/cve_2015_7498" require "dawn/kb/cve_2015_7499" +require "dawn/kb/cve_2015_7500" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" require "dawn/kb/cve_2015_7578" @@ -543,6 +544,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7497.new, Dawn::Kb::CVE_2015_7498.new, Dawn::Kb::CVE_2015_7499.new, + Dawn::Kb::CVE_2015_7500.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7578.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 58210e7a..6fea4854 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1134,4 +1134,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7499 end +it "must have test for CVE-2015-7500" do + sc = kb.find("CVE-2015-7500") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7500 +end end diff --git a/spec/lib/kb/cve_2015_7500_spec.rb b/spec/lib/kb/cve_2015_7500_spec.rb new file mode 100644 index 00000000..f953af68 --- /dev/null +++ b/spec/lib/kb/cve_2015_7500_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' +describe "The CVE-2015-7500 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7500.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}] + @check.vuln?.should == false + end +end From 650539020d28bd1874bef4b94b616b4421f866d4 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:32:55 +0100 Subject: [PATCH 23/28] * Issue #173 handles a lot of CVE about nokogiri rubygem due to libxml version embedded on it: - CVE-2015-8241: Information disclosure and DoS in xmlNextChar() --- Changelog.md | 3 +- lib/dawn/kb/cve_2015_8241.rb | 32 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 +++ spec/lib/kb/cve_2015_8241_spec.rb | 31 +++++++++++++++++++ 5 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 lib/dawn/kb/cve_2015_8241.rb create mode 100644 spec/lib/kb/cve_2015_8241_spec.rb diff --git a/Changelog.md b/Changelog.md index d83e3394..320ac91c 100644 --- a/Changelog.md +++ b/Changelog.md @@ -42,12 +42,13 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ detected version doesn't have the rc number * BUGFIX in is_vulnerable_pre? handling situation when either safe version or detected version doesn't have the pre number -* Issue #173 handles a lot of CVE about nokogiri: +* Issue #173 handles a lot of CVE about nokogiri rubygem due to libxml version embedded on it: - CVE-2015-5312: DoS in xmlStringLenDecodeEntities() - CVE-2015-7497: DoS in xmlDictComputeFastQKey() - CVE-2015-7498: DoS in xmlParseXmlDecl() - CVE-2015-7499: In memory information disclosure due to heap-based buffer overflow in the xmlGROW() - CVE-2015-7500: DoS in xmlParseMisc() + - CVE-2015-8241: Information disclosure and DoS in xmlNextChar() ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_8241.rb b/lib/dawn/kb/cve_2015_8241.rb new file mode 100644 index 00000000..b9f417c8 --- /dev/null +++ b/lib/dawn/kb/cve_2015_8241.rb @@ -0,0 +1,32 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_8241 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message ="The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data." + super({ + :title=>title, + :name=> "CVE-2015-8241", + :cve=>"2015-8241", + :osvdb=>"", + :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:P", + :release_date => Date.new(2015, 12, 15), + :cwe=>"119", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", + :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] + }) + + self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] + self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index b8c1ca35..e4d107e6 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -253,6 +253,7 @@ require "dawn/kb/cve_2015_7578" require "dawn/kb/cve_2015_7579" require "dawn/kb/cve_2015_7581" +require "dawn/kb/cve_2015_8241" # CVE - 2016 @@ -550,6 +551,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7578.new, Dawn::Kb::CVE_2015_7579.new, Dawn::Kb::CVE_2015_7581.new, + Dawn::Kb::CVE_2015_8241.new, Dawn::Kb::CVE_2016_0751.new, Dawn::Kb::CVE_2016_0752.new, Dawn::Kb::CVE_2016_0753.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 6fea4854..67c480f1 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1139,4 +1139,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7500 end +it "must have test for CVE-2015-8241" do + sc = kb.find("CVE-2015-8241") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_8241 +end end diff --git a/spec/lib/kb/cve_2015_8241_spec.rb b/spec/lib/kb/cve_2015_8241_spec.rb new file mode 100644 index 00000000..0b0c3115 --- /dev/null +++ b/spec/lib/kb/cve_2015_8241_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' +describe "The CVE-2015-8241 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_8241.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}] + @check.vuln?.should == false + end +end From 898864e34d9556df77ea63119d2eb0b5fb9cd8a6 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:35:34 +0100 Subject: [PATCH 24/28] * Issue #173 handles a lot of CVE about nokogiri rubygem due to libxml version embedded on it: - CVE-2015-8242: Information disclosure and DoS in xmlSAX2TextNode() --- Changelog.md | 1 + lib/dawn/kb/cve_2015_8242.rb | 32 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 +++ spec/lib/kb/cve_2015_8242_spec.rb | 31 +++++++++++++++++++ 5 files changed, 71 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_8242.rb create mode 100644 spec/lib/kb/cve_2015_8242_spec.rb diff --git a/Changelog.md b/Changelog.md index 320ac91c..13b14e0b 100644 --- a/Changelog.md +++ b/Changelog.md @@ -49,6 +49,7 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ - CVE-2015-7499: In memory information disclosure due to heap-based buffer overflow in the xmlGROW() - CVE-2015-7500: DoS in xmlParseMisc() - CVE-2015-8241: Information disclosure and DoS in xmlNextChar() + - CVE-2015-8242: Information disclosure and DoS in xmlSAX2TextNode() ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_8242.rb b/lib/dawn/kb/cve_2015_8242.rb new file mode 100644 index 00000000..cd80a7c3 --- /dev/null +++ b/lib/dawn/kb/cve_2015_8242.rb @@ -0,0 +1,32 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_8242 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data." + super({ + :title=>title, + :name=> "CVE-2015-8242", + :cve=>"2015-8242", + :osvdb=>"", + :cvss=>"AV:N/AC:M/Au:N/C:P/I:N/A:P", + :release_date => Date.new(2015, 12, 15), + :cwe=>"119", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", + :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] + }) + + self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] + self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index e4d107e6..bb7cb363 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -254,6 +254,7 @@ require "dawn/kb/cve_2015_7579" require "dawn/kb/cve_2015_7581" require "dawn/kb/cve_2015_8241" +require "dawn/kb/cve_2015_8242" # CVE - 2016 @@ -552,6 +553,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7579.new, Dawn::Kb::CVE_2015_7581.new, Dawn::Kb::CVE_2015_8241.new, + Dawn::Kb::CVE_2015_8242.new, Dawn::Kb::CVE_2016_0751.new, Dawn::Kb::CVE_2016_0752.new, Dawn::Kb::CVE_2016_0753.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 67c480f1..c6a2d3d4 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1144,4 +1144,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_8241 end +it "must have test for CVE-2015-8242" do + sc = kb.find("CVE-2015-8242") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_8242 +end end diff --git a/spec/lib/kb/cve_2015_8242_spec.rb b/spec/lib/kb/cve_2015_8242_spec.rb new file mode 100644 index 00000000..5abb3ff1 --- /dev/null +++ b/spec/lib/kb/cve_2015_8242_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' +describe "The CVE-2015-8242 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_8242.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}] + @check.vuln?.should == false + end +end From 6228ccf39e0422021f9c339b6dfbac5f97af20e8 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:38:39 +0100 Subject: [PATCH 25/28] * Issue #173 handles a lot of CVE about nokogiri rubygem due to libxml version embedded on it: - CVE-2015-8317: Information disclosure in xmlParseXMLDecl() --- Changelog.md | 1 + lib/dawn/kb/cve_2015_8317.rb | 32 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 +++ spec/lib/kb/cve_2015_8317_spec.rb | 31 +++++++++++++++++++ 5 files changed, 71 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_8317.rb create mode 100644 spec/lib/kb/cve_2015_8317_spec.rb diff --git a/Changelog.md b/Changelog.md index 13b14e0b..902f224c 100644 --- a/Changelog.md +++ b/Changelog.md @@ -50,6 +50,7 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ - CVE-2015-7500: DoS in xmlParseMisc() - CVE-2015-8241: Information disclosure and DoS in xmlNextChar() - CVE-2015-8242: Information disclosure and DoS in xmlSAX2TextNode() + - CVE-2015-8317: Information disclosure in xmlParseXMLDecl() ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_8317.rb b/lib/dawn/kb/cve_2015_8317.rb new file mode 100644 index 00000000..a0202718 --- /dev/null +++ b/lib/dawn/kb/cve_2015_8317.rb @@ -0,0 +1,32 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_8317 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read" + super({ + :title=>title, + :name=> "CVE-2015-8317", + :cve=>"2015-8317", + :osvdb=>"", + :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N", + :release_date => Date.new(2015, 12, 15), + :cwe=>"119", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", + :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] + }) + + self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] + self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index bb7cb363..f0f034e9 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -255,6 +255,7 @@ require "dawn/kb/cve_2015_7581" require "dawn/kb/cve_2015_8241" require "dawn/kb/cve_2015_8242" +require "dawn/kb/cve_2015_8317" # CVE - 2016 @@ -554,6 +555,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7581.new, Dawn::Kb::CVE_2015_8241.new, Dawn::Kb::CVE_2015_8242.new, + Dawn::Kb::CVE_2015_8317.new, Dawn::Kb::CVE_2016_0751.new, Dawn::Kb::CVE_2016_0752.new, Dawn::Kb::CVE_2016_0753.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index c6a2d3d4..038badda 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1149,4 +1149,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_8242 end +it "must have test for CVE-2015-8317" do + sc = kb.find("CVE-2015-8317") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_8317 +end end diff --git a/spec/lib/kb/cve_2015_8317_spec.rb b/spec/lib/kb/cve_2015_8317_spec.rb new file mode 100644 index 00000000..3ed2af30 --- /dev/null +++ b/spec/lib/kb/cve_2015_8317_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' +describe "The CVE-2015-8317 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_8317.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}] + @check.vuln?.should == false + end +end From eb93699dcef2feb9f32701cf7b964b9e6ec49617 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:50:17 +0100 Subject: [PATCH 26/28] * Issue #171 - Adding a check for CVE-2015-7541: colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection --- Changelog.md | 1 + lib/dawn/kb/cve_2015_7541.rb | 31 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++++ spec/lib/kb/cve_2015_7541_spec.rb | 15 ++++++++++ 5 files changed, 54 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_7541.rb create mode 100644 spec/lib/kb/cve_2015_7541_spec.rb diff --git a/Changelog.md b/Changelog.md index 902f224c..ee1a47fb 100644 --- a/Changelog.md +++ b/Changelog.md @@ -51,6 +51,7 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ - CVE-2015-8241: Information disclosure and DoS in xmlNextChar() - CVE-2015-8242: Information disclosure and DoS in xmlSAX2TextNode() - CVE-2015-8317: Information disclosure in xmlParseXMLDecl() +* Issue #171 - Adding a check for CVE-2015-7541: colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7541.rb b/lib/dawn/kb/cve_2015_7541.rb new file mode 100644 index 00000000..a20f21c6 --- /dev/null +++ b/lib/dawn/kb/cve_2015_7541.rb @@ -0,0 +1,31 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_7541 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message = "The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable." + super({ + :title=>title, + :name=> "CVE-2015-7541", + :cve=>"2015-7541", + :osvdb=>"", + :cvss=>"AV:N/AC:L/Au:N/C:C/I:C/A:C", + :release_date => Date.new(2016, 1, 8), + :cwe=>"77", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade colorscore gem to version 0.0.5 or later.", + :aux_links=>["http://seclists.org/oss-sec/2016/q1/17"] + }) + + self.safe_dependencies = [{:name=>"colorscore", :version=>['0.0.5']}] + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index f0f034e9..773a3e2e 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -248,6 +248,7 @@ require "dawn/kb/cve_2015_7498" require "dawn/kb/cve_2015_7499" require "dawn/kb/cve_2015_7500" +require "dawn/kb/cve_2015_7541" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" require "dawn/kb/cve_2015_7578" @@ -548,6 +549,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7498.new, Dawn::Kb::CVE_2015_7499.new, Dawn::Kb::CVE_2015_7500.new, + Dawn::Kb::CVE_2015_7541.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7578.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index 038badda..e1d6b542 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1154,4 +1154,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_8317 end +it "must have test for CVE-2015-7541" do + sc = kb.find("CVE-2015-7541") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7541 +end end diff --git a/spec/lib/kb/cve_2015_7541_spec.rb b/spec/lib/kb/cve_2015_7541_spec.rb new file mode 100644 index 00000000..9493e6d1 --- /dev/null +++ b/spec/lib/kb/cve_2015_7541_spec.rb @@ -0,0 +1,15 @@ +require 'spec_helper' +describe "The CVE-2015-7541 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7541.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"colorscore", :version=>"0.0.4"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"colorscore", :version=>"0.0.5"}] + @check.vuln?.should == false + end +end From ca1381ce779752012658157bf798c0279959226e Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Tue, 2 Feb 2016 23:56:07 +0100 Subject: [PATCH 27/28] * Issue #169 - Adding a check for CVE-2015-7519: Phusion Passenger Server allows to overwrite headers in some cases --- Changelog.md | 1 + lib/dawn/kb/cve_2015_7519.rb | 31 ++++++++++++++++++++ lib/dawn/knowledge_base.rb | 2 ++ spec/lib/dawn/codesake_knowledgebase_spec.rb | 5 ++++ spec/lib/kb/cve_2015_7519_spec.rb | 23 +++++++++++++++ 5 files changed, 62 insertions(+) create mode 100644 lib/dawn/kb/cve_2015_7519.rb create mode 100644 spec/lib/kb/cve_2015_7519_spec.rb diff --git a/Changelog.md b/Changelog.md index ee1a47fb..c1f582ee 100644 --- a/Changelog.md +++ b/Changelog.md @@ -52,6 +52,7 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ - CVE-2015-8242: Information disclosure and DoS in xmlSAX2TextNode() - CVE-2015-8317: Information disclosure in xmlParseXMLDecl() * Issue #171 - Adding a check for CVE-2015-7541: colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection +* Issue #169 - Adding a check for CVE-2015-7519: Phusion Passenger Server allows to overwrite headers in some cases ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/lib/dawn/kb/cve_2015_7519.rb b/lib/dawn/kb/cve_2015_7519.rb new file mode 100644 index 00000000..69895c15 --- /dev/null +++ b/lib/dawn/kb/cve_2015_7519.rb @@ -0,0 +1,31 @@ +module Dawn + module Kb + # Automatically created with rake on 2016-02-02 + class CVE_2015_7519 + # Include the testing skeleton for this CVE + include DependencyCheck + + def initialize + message ="agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header." + super({ + :title=>title, + :name=> "CVE-2015-7519", + :cve=>"2015-7519", + :osvdb=>"", + :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N", + :release_date => Date.new(2016, 1, 8), + :cwe=>"119", + :owasp=>"A9", + :applies=>["rails", "sinatra", "padrino"], + :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, + :message=>message, + :mitigation=>"Please upgrade passenger gem to version 4.0.60, 5.0.22 or later.", + :aux_links=>["https://blog.phusion.nl/2015/12/07/cve-2015-7519/"] + }) + + self.safe_dependencies = [{:name=>"passenger", :version=>['4.0.60', '5.0.22']}] + + end + end + end +end diff --git a/lib/dawn/knowledge_base.rb b/lib/dawn/knowledge_base.rb index 773a3e2e..3a6c96d9 100644 --- a/lib/dawn/knowledge_base.rb +++ b/lib/dawn/knowledge_base.rb @@ -248,6 +248,7 @@ require "dawn/kb/cve_2015_7498" require "dawn/kb/cve_2015_7499" require "dawn/kb/cve_2015_7500" +require "dawn/kb/cve_2015_7519" require "dawn/kb/cve_2015_7541" require "dawn/kb/cve_2015_7576" require "dawn/kb/cve_2015_7577" @@ -549,6 +550,7 @@ def load_security_checks Dawn::Kb::CVE_2015_7498.new, Dawn::Kb::CVE_2015_7499.new, Dawn::Kb::CVE_2015_7500.new, + Dawn::Kb::CVE_2015_7519.new, Dawn::Kb::CVE_2015_7541.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb index e1d6b542..096cee37 100644 --- a/spec/lib/dawn/codesake_knowledgebase_spec.rb +++ b/spec/lib/dawn/codesake_knowledgebase_spec.rb @@ -1159,4 +1159,9 @@ sc.should_not be_nil sc.class.should == Dawn::Kb::CVE_2015_7541 end +it "must have test for CVE-2015-7519" do + sc = kb.find("CVE-2015-7519") + sc.should_not be_nil + sc.class.should == Dawn::Kb::CVE_2015_7519 +end end diff --git a/spec/lib/kb/cve_2015_7519_spec.rb b/spec/lib/kb/cve_2015_7519_spec.rb new file mode 100644 index 00000000..d202ba9c --- /dev/null +++ b/spec/lib/kb/cve_2015_7519_spec.rb @@ -0,0 +1,23 @@ +require 'spec_helper' +describe "The CVE-2015-7519 vulnerability" do + before(:all) do + @check = Dawn::Kb::CVE_2015_7519.new + # @check.debug = true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"passenger", :version=>"4.0.54"}] + @check.vuln?.should == true + end + it "is reported when the vulnerable gem is detected" do + @check.dependencies = [{:name=>"passenger", :version=>"5.0.12"}] + @check.vuln?.should == true + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"passenger", :version=>"4.0.60"}] + @check.vuln?.should == false + end + it "is not reported when a fixed release is detected" do + @check.dependencies = [{:name=>"passenger", :version=>"5.0.22"}] + @check.vuln?.should == false + end +end From 60668c0547c779369af375aa1e20b882c2d63582 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Wed, 3 Feb 2016 10:37:58 +0100 Subject: [PATCH 28/28] * Issue #177 BUGFIX. HTML reporting is broken. The line "support_path = File.join(Dir.pwd, 'support')" in reporter.rb:40 is used to build the path for support files (css, js) to be copied in the output directory. If you call dawn using '.' as target directory name, an exeception is raised. Fixed changing the line this way: "support_path = File.join(File.dirname(__FILE__), '..', '..', 'support')" * Issue #177 BUGFIX. HTML filename creation is honored when -F flag is used. * Issue #177 IMPROVEMENT. As @mort666 suggested, now bootstrap and jquery are loaded from CDN and specific CSS is now embedded in the HTML report in a minified form. --- Changelog.md | 22 +++++++++++++++++++--- bin/dawn | 2 ++ lib/dawn/reporter.rb | 25 +++++++++++++++++-------- 3 files changed, 38 insertions(+), 11 deletions(-) diff --git a/Changelog.md b/Changelog.md index c1f582ee..6f80eaf9 100644 --- a/Changelog.md +++ b/Changelog.md @@ -46,13 +46,29 @@ _latest update: Thu Jan 28 23:30:47 CET 2016_ - CVE-2015-5312: DoS in xmlStringLenDecodeEntities() - CVE-2015-7497: DoS in xmlDictComputeFastQKey() - CVE-2015-7498: DoS in xmlParseXmlDecl() - - CVE-2015-7499: In memory information disclosure due to heap-based buffer overflow in the xmlGROW() + - CVE-2015-7499: In memory information disclosure due to heap-based buffer + overflow in the xmlGROW() - CVE-2015-7500: DoS in xmlParseMisc() - CVE-2015-8241: Information disclosure and DoS in xmlNextChar() - CVE-2015-8242: Information disclosure and DoS in xmlSAX2TextNode() - CVE-2015-8317: Information disclosure in xmlParseXMLDecl() -* Issue #171 - Adding a check for CVE-2015-7541: colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection -* Issue #169 - Adding a check for CVE-2015-7519: Phusion Passenger Server allows to overwrite headers in some cases +* Issue #171 - Adding a check for CVE-2015-7541: colorscore Gem for Ruby + lib/colorscore/histogram.rb Arbitrary Command Injection +* Issue #169 - Adding a check for CVE-2015-7519: Phusion Passenger Server + allows to overwrite headers in some cases +* BUGFIX in bin/dawn when target from command line is '.'. The directory name + must be expanded to save results +* Issue #177 BUGFIX. HTML reporting is broken. The line "support_path = + File.join(Dir.pwd, 'support')" in reporter.rb:40 is used to build the path + for support files (css, js) to be copied in the output directory. If you call + dawn using '.' as target directory name, an exeception is raised. Fixed + changing the line this way: "support_path = File.join(File.dirname(__FILE__), + '..', '..', 'support')" +* Issue #177 BUGFIX. HTML filename creation is honored when -F flag is used. +* Issue #177 IMPROVEMENT. As @mort666 suggested, now bootstrap and jquery are + loaded from CDN and specific CSS is now embedded in the HTML report in a + minified form. + ## Version 1.5.2 - codename: Tow Mater (2015-12-16) diff --git a/bin/dawn b/bin/dawn index 2a77ded3..1c8f0eab 100755 --- a/bin/dawn +++ b/bin/dawn @@ -190,6 +190,8 @@ end target=ARGV.shift +target = File.expand_path(".") if target == "." + $logger.helo APPNAME, Dawn::VERSION r = Dawn::Registry.new diff --git a/lib/dawn/reporter.rb b/lib/dawn/reporter.rb index f6d71820..7809129e 100644 --- a/lib/dawn/reporter.rb +++ b/lib/dawn/reporter.rb @@ -26,7 +26,7 @@ def write(output) puts output if @filename.nil? unless @filename.nil? - $logger.warn "I will use codesake.css, bootstrap.min.css and bootstrap.js stored in ./support/ directory" if @format == :html + # $logger.warn "I will use codesake.css, bootstrap.min.css and bootstrap.js stored in ./support/ directory" if @format == :html File.open(@filename, "w") do |f| f.puts output end @@ -37,7 +37,7 @@ def write(output) def write_html(path, content) css_path = File.join(path, 'css') js_path = File.join(path, 'js') - support_path = File.join(Dir.pwd, 'support') + support_path = File.join(File.dirname(__FILE__), '..', '..', 'support') FileUtils.mkdir_p(File.join(path, 'css')) FileUtils.mkdir_p(File.join(path, 'js')) @@ -67,13 +67,18 @@ def is_valid_format?(format) end def html_report - output = @engine.create_output_dir - + output = @engine.create_output_dir if @filename.nil? html_head = "\n\n\nDawnscanner report for #{File.basename(@engine.target)}" - html_head += "\n" - html_head += "\n" - html_head += "\n" + html_head +=" " + + html_head += "" + html_head += "" + + html_head += "" + html_head += "" html_head += "\n" + html_body = "\n" html_body += "" html_body += "
\n" @@ -144,7 +149,11 @@ def html_report html = html_head + html_body - write_html(output, html) + unless @filename.nil? + write(html) + else + write_html(output, html) + end true end