Class: Dawn::Kb::PatternMatchCheck

Inherits:

Object

Object
Dawn::Kb::PatternMatchCheck

show all

Includes:: BasicCheck

Defined in:: lib/dawn/kb/pattern_match_check.rb

Constant Summary collapse

EXCLUSION_LIST =

[
  "tags",
  "vendor/bundle",
  "features",
  "specs",
  "test"
]

Constants included from BasicCheck

BasicCheck::ALLOWED_FAMILIES

Instance Attribute Summary collapse

#attack_pattern ⇒ Object readonly

Returns the value of attribute attack_pattern.
#attack_pattern_is_regex ⇒ Object readonly

This attribute is false by default.
#avoid_comments ⇒ Object readonly

This attribute is false by default.
#negative_search ⇒ Object readonly

This attribute is false by default.
#root_dir ⇒ Object

Returns the value of attribute root_dir.

Attributes included from BasicCheck

#applies, #aux_links, #check_family, #cve, #cvss, #cwe, #debug, #evidences, #fixes_version, #kind, #message, #mitigated, #name, #osvdb, #owasp, #please_ignore_dep_version, #priority, #release_date, #remediation, #ruby_version, #ruby_vulnerable_versions, #severity, #status, #target_version, #title

Instance Method Summary collapse

#initialize(options = {}) ⇒ PatternMatchCheck constructor

A new instance of PatternMatchCheck.
#must_exclude?(filename) ⇒ Boolean
#vuln? ⇒ Boolean

Methods included from BasicCheck

#applies_to?, #cve_link, #cvss_score, families, #family, #family=, #lint, #mitigated?, #nvd_link, #osvdb_link, #rubysec_advisories_link

Constructor Details

#initialize(options = {}) ⇒ `PatternMatchCheck`

Returns a new instance of PatternMatchCheck.

# File 'lib/dawn/kb/pattern_match_check.rb', line 34

def initialize(options={})
  super(options)
  @negative_search          = false
  @avoid_comments           = false
  @attack_pattern_is_regex  = false
  @glob                     = "**"
  @attack_pattern           = options[:attack_pattern] unless options[:attack_pattern].nil?
  @negative_search          = options[:negative_search] unless options[:negative_search].nil?
  @avoid_comments           = options[:avoid_comments] unless options[:avoid_comments].nil?
  @evidences                = options[:evidences] unless options[:evidences].nil?
  @attack_pattern_is_regex  = options[:attack_pattern_is_regex] unless options[:attack_pattern_is_regex].nil?
  @glob                     = File.join(@glob, options[:glob]) unless options[:glob].nil?
  debug_me("EVIDENCES ARE #{@evidences.inspect}")
end

Instance Attribute Details

#attack_pattern ⇒ `Object` (readonly)

Returns the value of attribute attack_pattern.



9
10
11

# File 'lib/dawn/kb/pattern_match_check.rb', line 9

def attack_pattern
  @attack_pattern
end

#attack_pattern_is_regex ⇒ `Object` (readonly)

This attribute is false by default. If true, it tells pattern matching check that the attack pattern is already a regular expression.



24
25
26

# File 'lib/dawn/kb/pattern_match_check.rb', line 24

def attack_pattern_is_regex
  @attack_pattern_is_regex
end

#avoid_comments ⇒ `Object` (readonly)

This attribute is false by default. If true, it tells pattern matching check to ignore strings starting with the ruby single line comment separator, ‘#’.



19
20
21

# File 'lib/dawn/kb/pattern_match_check.rb', line 19

def avoid_comments
  @avoid_comments
end

#negative_search ⇒ `Object` (readonly)

This attribute is false by default. If true, the vuln? method check if pattern attack is nor present.



14
15
16

# File 'lib/dawn/kb/pattern_match_check.rb', line 14

def negative_search
  @negative_search
end

#root_dir ⇒ `Object`

Returns the value of attribute root_dir.



10
11
12

# File 'lib/dawn/kb/pattern_match_check.rb', line 10

def root_dir
  @root_dir
end

Instance Method Details

#must_exclude?(filename) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/dawn/kb/pattern_match_check.rb', line 49

def must_exclude?(filename)
  EXCLUSION_LIST.each do |ex|
    debug_me "skipping #{filename}" if filename.start_with?(ex)
    return true if filename.start_with?(ex)
  end
  return false
end

#vuln? ⇒ `Boolean`