Module: Spektr

Defined in:

lib/spektr/erubi.rb,
lib/spektr.rb,
lib/spektr/app.rb,
lib/spektr/cli.rb,
lib/spektr/checks.rb,
lib/spektr/version.rb,
lib/spektr/warning.rb,
lib/spektr/exp/base.rb,
lib/spektr/exp/send.rb,
lib/spektr/exp/xstr.rb,
lib/spektr/exp/const.rb,
lib/spektr/checks/xss.rb,
lib/spektr/checks/base.rb,
lib/spektr/checks/csrf.rb,
lib/spektr/checks/send.rb,
lib/spektr/checks/sqli.rb,
lib/spektr/exp/ivasign.rb,
lib/spektr/exp/lvasign.rb,
lib/spektr/targets/base.rb,
lib/spektr/targets/view.rb,
lib/spektr/targets/model.rb,
lib/spektr/exp/assignment.rb,
lib/spektr/exp/definition.rb,
lib/spektr/targets/config.rb,
lib/spektr/targets/routes.rb,
lib/spektr/checks/i18n_xss.rb,
lib/spektr/checks/basic_auth.rb,
lib/spektr/checks/digest_dos.rb,
lib/spektr/checks/evaluation.rb,
lib/spektr/checks/header_dos.rb,
lib/spektr/checks/create_with.rb,
lib/spektr/checks/deserialize.rb,
lib/spektr/checks/file_access.rb,
lib/spektr/targets/controller.rb,
lib/spektr/checks/csrf_setting.rb,
lib/spektr/checks/json_parsing.rb,
lib/spektr/checks/link_to_href.rb,
lib/spektr/checks/json_encoding.rb,
lib/spektr/checks/default_routes.rb,
lib/spektr/checks/content_tag_xss.rb,
lib/spektr/checks/dynamic_finders.rb,
lib/spektr/checks/file_disclosure.rb,
lib/spektr/checks/filter_skipping.rb,
lib/spektr/checks/mass_assignment.rb,
lib/spektr/checks/basic_auth_timing.rb,
lib/spektr/checks/command_injection.rb,
lib/spektr/checks/json_entity_escape.rb,
lib/spektr/checks/detailed_exceptions.rb,
lib/spektr/processors/class_processor.rb,
lib/spektr/checks/cookie_serialization.rb

Overview

This is a copy of module ActionView::Template::Handlers::ERB::Erubi

Defined Under Namespace

Modules: Exp, Processors, Targets Classes: App, Checks, Cli, Error, Erubi, Warning

Constant Summary

VERSION =

'0.4.1'

Class Method Summary

• .logger ⇒ Object
• .run(root = nil, output_format = 'terminal', debug = false, checks = nil, ignore = []) ⇒ Object
• .start_spinner(label) ⇒ Object
• .stop_spinner ⇒ Object
• .swap_spinner(label) ⇒ Object
• .terminal? ⇒ Boolean

Class Method Details

.logger ⇒ Object

# File 'lib/spektr.rb', line 122

def self.logger
  @logger ||= begin
    logger = Logger.new($stdout)
    logger.level = @log_level || Logger::WARN
    logger
  end
end

.run(root = nil, output_format = 'terminal', debug = false, checks = nil, ignore = []) ⇒ Object

# File 'lib/spektr.rb', line 21

def self.run(root = nil, output_format = 'terminal', debug = false, checks = nil, ignore = [])
  pastel = Pastel.new
  @output_format = output_format
  start_spinner('Initializing')
  @log_level = if debug
    Logger::DEBUG
  elsif terminal?
    Logger::ERROR
  else
    Logger::WARN
  end
  checks = Checks.load(checks)
  root = './' if root.nil?
  @app = App.new(checks: checks, root: root, ignore: ignore)
  stop_spinner
  if terminal?
    puts "\n"
    puts pastel.bold('Checks:')
    puts "\n"
    puts checks.collect(&:name).join(', ')
    puts "\n"
  end

  start_spinner('Loading files')
  @app.load
  stop_spinner
  table = TTY::Table.new([
                           ['Rails version', @app.rails_version],
                           ['Initializers', @app.initializers.size],
                           ['Controllers', @app.controllers.size],
                           ['Models', @app.models.size],
                           ['Views', @app.views.size],
                           ['Routes', @app.routes.size],
                           ['Lib files', @app.lib_files.size]
                         ])
  if terminal?
    puts "\n"
    puts table.render(:basic)
    puts "\n"
  end
  start_spinner('Scanning files')
  @app.scan!
  stop_spinner
  puts "\n"
  json = @app.report

  case output_format
  when 'json'
    json
  when 'terminal'
    puts pastel.bold("Advisories\n")

    json[:advisories].each do |advisory|
      puts "#{pastel.green('Name:')} #{advisory[:name]}\n"
      puts "#{pastel.green('Check:')} #{advisory[:check]}\n"
      puts "#{pastel.green('Description:')} #{advisory[:description]}\n"
      puts "#{pastel.green('Path:')} #{advisory[:path]}\n"
      puts "#{pastel.green('Location:')} #{advisory[:location]}\n"
      puts "#{pastel.green('Code:')} #{advisory[:line]}\n"
      puts "#{pastel.green('Fingerprint:')} #{advisory[:fingerprint]}\n"
      puts "\n"
      puts "\n"
    end

    puts pastel.bold("Summary\n")
    summary = []
    json[:advisories].group_by { |a| a[:name] }.each do |n, i|
      summary << [pastel.green(n), i.size]
    end

    table = TTY::Table.new(summary, padding: [2, 2, 2, 2])
    puts table.render(:basic)
    puts "\n\n"
    exit 1 if json[:advisories].any?
  else
    puts 'Unknown format'
  end
end

.start_spinner(label) ⇒ Object

# File 'lib/spektr.rb', line 104

def self.start_spinner(label)
  return unless terminal?

  @spinner = TTY::Spinner.new("[:spinner] #{label}", format: :classic)
  @spinner.auto_spin
end

.stop_spinner ⇒ Object

# File 'lib/spektr.rb', line 111

def self.stop_spinner
  return unless terminal?

  @spinner&.stop('Done!')
end

.swap_spinner(label) ⇒ Object

# File 'lib/spektr.rb', line 117

def self.swap_spinner(label)
  stop_spinner
  start_spinner(label)
end

.terminal? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/spektr.rb', line 100

def self.terminal?
  @output_format == 'terminal'
end