Module: Dawn::Kb::BasicCheck
- Includes:
- Utils
- Included in:
- CVE_2014_2525_a, ComboCheck, DependencyCheck, DeprecationCheck, OperatingSystemCheck, PatternMatchCheck, RubyVersionCheck, VersionCheck
- Defined in:
- lib/dawn/kb/basic_check.rb
Constant Summary collapse
- ALLOWED_FAMILIES =
[:generic_check, :code_quality, :cve_bulletin, :code_style, :owasp_ror_cheatsheet, :owasp_top_10_1, :owasp_top_10_2, :owasp_top_10_3, :owasp_top_10_4, :owasp_top_10_5, :owasp_top_10_6, :owasp_top_10_7, :owasp_top_10_8, :owasp_top_10_9, :owasp_top_10_10]
Instance Attribute Summary collapse
-
#applies ⇒ Object
readonly
Returns the value of attribute applies.
-
#aux_links ⇒ Object
readonly
Returns the value of attribute aux_links.
-
#check_family ⇒ Object
This is a flag for the security check family.
-
#cve ⇒ Object
readonly
Returns the value of attribute cve.
-
#cvss ⇒ Object
readonly
Returns the value of attribute cvss.
-
#cwe ⇒ Object
readonly
Returns the value of attribute cwe.
-
#debug ⇒ Object
Put the check in debug mode.
-
#evidences ⇒ Object
readonly
Vulnerability evidences.
-
#fixes_version ⇒ Object
readonly
The versions of the framework that fixes the vulnerability.
-
#kind ⇒ Object
readonly
Returns the value of attribute kind.
-
#message ⇒ Object
readonly
Returns the value of attribute message.
-
#mitigated ⇒ Object
readonly
Returns the value of attribute mitigated.
-
#name ⇒ Object
readonly
Returns the value of attribute name.
-
#osvdb ⇒ Object
readonly
Returns the value of attribute osvdb.
-
#owasp ⇒ Object
readonly
Returns the value of attribute owasp.
-
#priority ⇒ Object
This is the check priority level.
-
#release_date ⇒ Object
readonly
Returns the value of attribute release_date.
-
#remediation ⇒ Object
readonly
Returns the value of attribute remediation.
-
#ruby_version ⇒ Object
This is the ruby version used by the target application.
-
#ruby_vulnerable_versions ⇒ Object
readonly
This is an array of ruby versions that lead a parcitular version to be exploitable.
-
#severity ⇒ Object
This is the check severity level.
-
#status ⇒ Object
readonly
Check status.
-
#target_version ⇒ Object
readonly
The framework target version.
Class Method Summary collapse
Instance Method Summary collapse
- #applies_to?(name) ⇒ Boolean
- #cve_link ⇒ Object
- #cvss_score ⇒ Object
- #family ⇒ Object
- #family=(item) ⇒ Object
- #initialize(options = {}) ⇒ Object
-
#lint ⇒ Object
Performs a self check against some core values from being not nil.
- #mitigated? ⇒ Boolean
- #nvd_link ⇒ Object
- #osvdb_link ⇒ Object
- #rubysec_advisories_link ⇒ Object
Methods included from Utils
#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true
Instance Attribute Details
#applies ⇒ Object (readonly)
Returns the value of attribute applies.
16 17 18 |
# File 'lib/dawn/kb/basic_check.rb', line 16 def applies @applies end |
#aux_links ⇒ Object (readonly)
Returns the value of attribute aux_links.
20 21 22 |
# File 'lib/dawn/kb/basic_check.rb', line 20 def aux_links @aux_links end |
#check_family ⇒ Object
This is a flag for the security check family. Valid values are:
+ generic_check
+ code_quality
+ cve_bulletin
+ code_style
+ owasp_ror_cheatsheet
+ owasp_top_10_n (where n is a number between 1 and 10)
55 56 57 |
# File 'lib/dawn/kb/basic_check.rb', line 55 def check_family @check_family end |
#cve ⇒ Object (readonly)
Returns the value of attribute cve.
10 11 12 |
# File 'lib/dawn/kb/basic_check.rb', line 10 def cve @cve end |
#cvss ⇒ Object (readonly)
Returns the value of attribute cvss.
12 13 14 |
# File 'lib/dawn/kb/basic_check.rb', line 12 def cvss @cvss end |
#cwe ⇒ Object (readonly)
Returns the value of attribute cwe.
13 14 15 |
# File 'lib/dawn/kb/basic_check.rb', line 13 def cwe @cwe end |
#debug ⇒ Object
Put the check in debug mode
46 47 48 |
# File 'lib/dawn/kb/basic_check.rb', line 46 def debug @debug end |
#evidences ⇒ Object (readonly)
Vulnerability evidences
40 41 42 |
# File 'lib/dawn/kb/basic_check.rb', line 40 def evidences @evidences end |
#fixes_version ⇒ Object (readonly)
The versions of the framework that fixes the vulnerability
37 38 39 |
# File 'lib/dawn/kb/basic_check.rb', line 37 def fixes_version @fixes_version end |
#kind ⇒ Object (readonly)
Returns the value of attribute kind.
17 18 19 |
# File 'lib/dawn/kb/basic_check.rb', line 17 def kind @kind end |
#message ⇒ Object (readonly)
Returns the value of attribute message.
18 19 20 |
# File 'lib/dawn/kb/basic_check.rb', line 18 def @message end |
#mitigated ⇒ Object (readonly)
Returns the value of attribute mitigated.
21 22 23 |
# File 'lib/dawn/kb/basic_check.rb', line 21 def mitigated @mitigated end |
#name ⇒ Object (readonly)
Returns the value of attribute name.
9 10 11 |
# File 'lib/dawn/kb/basic_check.rb', line 9 def name @name end |
#osvdb ⇒ Object (readonly)
Returns the value of attribute osvdb.
11 12 13 |
# File 'lib/dawn/kb/basic_check.rb', line 11 def osvdb @osvdb end |
#owasp ⇒ Object (readonly)
Returns the value of attribute owasp.
14 15 16 |
# File 'lib/dawn/kb/basic_check.rb', line 14 def owasp @owasp end |
#priority ⇒ Object
This is the check priority level. It tells how fast you should mitigate the vulnerability.
Valid values are:
+ :critical
+ :high
+ :medium
+ :low
+ :info
+ :none
80 81 82 |
# File 'lib/dawn/kb/basic_check.rb', line 80 def priority @priority end |
#release_date ⇒ Object (readonly)
Returns the value of attribute release_date.
15 16 17 |
# File 'lib/dawn/kb/basic_check.rb', line 15 def release_date @release_date end |
#remediation ⇒ Object (readonly)
Returns the value of attribute remediation.
19 20 21 |
# File 'lib/dawn/kb/basic_check.rb', line 19 def remediation @remediation end |
#ruby_version ⇒ Object
This is the ruby version used by the target application. set in Engine class around line #107
25 26 27 |
# File 'lib/dawn/kb/basic_check.rb', line 25 def ruby_version @ruby_version end |
#ruby_vulnerable_versions ⇒ Object (readonly)
This is an array of ruby versions that lead a parcitular version to be exploitable. In example, consider CVE-2013-1655, the Puppet rubygem version vulnerability can be exploited only if ruby version is 1.9.3 or higher
32 33 34 |
# File 'lib/dawn/kb/basic_check.rb', line 32 def ruby_vulnerable_versions @ruby_vulnerable_versions end |
#severity ⇒ Object
This is the check severity level. It tells how dangerous is the vulnerability for you application.
Valid values are:
+ :critical
+ :high
+ :medium
+ :low
+ :info
+ :none
68 69 70 |
# File 'lib/dawn/kb/basic_check.rb', line 68 def severity @severity end |
#status ⇒ Object (readonly)
Check status. Returns the latest vuln? call result
43 44 45 |
# File 'lib/dawn/kb/basic_check.rb', line 43 def status @status end |
#target_version ⇒ Object (readonly)
The framework target version
35 36 37 |
# File 'lib/dawn/kb/basic_check.rb', line 35 def target_version @target_version end |
Class Method Details
.families ⇒ Object
140 141 142 |
# File 'lib/dawn/kb/basic_check.rb', line 140 def self.families return ALLOWED_FAMILIES.map { |x| x.to_s } end |
Instance Method Details
#applies_to?(name) ⇒ Boolean
201 202 203 |
# File 'lib/dawn/kb/basic_check.rb', line 201 def applies_to?(name) ! @applies.find_index(name).nil? end |
#cve_link ⇒ Object
204 205 206 |
# File 'lib/dawn/kb/basic_check.rb', line 204 def cve_link "http://cve.mitre.org/cgi-bin/cvename.cgi?name=#{@name}" end |
#cvss_score ⇒ Object
217 218 219 220 |
# File 'lib/dawn/kb/basic_check.rb', line 217 def cvss_score return Cvss::Engine.new.score(self.cvss) unless self.cvss.nil? " " end |
#family ⇒ Object
155 156 157 158 159 160 161 162 |
# File 'lib/dawn/kb/basic_check.rb', line 155 def family return "CVE bulletin" if @check_family == :cve return "Ruby coding style" if @check_family == :code_style return "Ruby code quality check" if @check_family == :code_quality return "Owasp Ruby on Rails cheatsheet" if @check_family == :owasp_ror_cheatsheet return "Owasp Top 10" if @check_family.to_s.start_with?('owasp_top_10') return "Unknown" end |
#family=(item) ⇒ Object
144 145 146 147 148 149 150 151 152 153 |
# File 'lib/dawn/kb/basic_check.rb', line 144 def family=(item) if ! ALLOWED_FAMILIES.find_index(item.to_sym).nil? instance_variable_set(:@check_family, item.to_sym) return item else $logger.err("invalid check family: #{item}") instance_variable_set(:@check_family, :generic_check) return @family end end |
#initialize(options = {}) ⇒ Object
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 |
# File 'lib/dawn/kb/basic_check.rb', line 82 def initialize(={}) @applies = [] @ruby_version = "" @ruby_vulnerable_versions = [] @name = [:name] @cvss = [:cvss] @cwe = [:cwe] @cve = [:cve] @osvdb = [:osvdb] @owasp = [:owasp] @release_date = [:release_date] @applies = [:applies] unless [:applies].nil? @kind = [:kind] @message = [:message] @remediation = [:mitigation] @aux_links = [:aux_links] @target_version = [:target_version] @fixes_version = [:fixes_version] @ruby_version = [:ruby_version] @evidences = [] @evidences = [:evidences] unless [:evidences].nil? @mitigated = false @status = false @debug = false @severity = :none @priority = :none @check_family = :generic_check @severity = [:severity] unless [:severity].nil? @priority = [:priority] unless [:priority].nil? @check_family = [:check_family] unless [:check_family].nil? # FIXME.20140325 # # I don't want to manually fix 150+ ruby files to add something I can # deal here @check_family = :cve if ![:name].nil? && [:name].start_with?('CVE-') if $logger.nil? # This is the old codesake-commons logging. # # Starting from 20150720 we will use the standard library Logger # class. This is mainly to remove codesake-commons dependency and to # have a clean API # # require 'codesake-commons' # $logger = Codesake::Commons::Logging.instance # $logger.helo "dawn-basic-check", Dawn::VERSION require 'dawn/logger' $logger = Logger.new(STDOUT) $logger.helo "dawn-basic-check", Dawn::VERSION end end |
#lint ⇒ Object
Performs a self check against some core values from being not nil
229 230 231 232 233 234 235 236 237 238 |
# File 'lib/dawn/kb/basic_check.rb', line 229 def lint ret = [] ret << :cve if self.cve.nil? ret << :osvdb if @osvdb.nil? ret << :cvss if self.cvss.nil? || self.cvss.empty? || self.cvss == "not assigned" ret << :severity if self.severity == "unknown" ret << :priority if self.priority == "unknown" ret end |
#mitigated? ⇒ Boolean
222 223 224 |
# File 'lib/dawn/kb/basic_check.rb', line 222 def mitigated? self.mitigated end |
#nvd_link ⇒ Object
207 208 209 |
# File 'lib/dawn/kb/basic_check.rb', line 207 def nvd_link "http://web.nvd.nist.gov/view/vuln/detail?vulnId=#{@name}" end |
#osvdb_link ⇒ Object
213 214 215 |
# File 'lib/dawn/kb/basic_check.rb', line 213 def osvdb_link "http://osvdb.org/show/osvdb/#{@osvdb}" end |
#rubysec_advisories_link ⇒ Object
210 211 212 |
# File 'lib/dawn/kb/basic_check.rb', line 210 def rubysec_advisories_link "http://www.rubysec.com/advisories/#{@name}/" end |