class Dawn::KnowledgeBase
XXX: Check if it best using a singleton here
Constants
- COMBO_CHECK
- CUSTOM_CHECK
- DEPENDENCY_CHECK
- GEM_CHECK
- OS_CHECK
- PATTERN_MATCH_CHECK
- RUBY_VERSION_CHECK
Public Class Methods
dump(verbose=false)
click to toggle source
# File lib/dawn/knowledge_base.rb, line 631 def self.dump(verbose=false) puts "Security checks currently supported:" i=0 self.new.all.each do |check| i+=1 if verbose puts "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}" puts "Description\n#{check.message}" puts "Remediation\n#{check.remediation}\n\n" else puts "#{check.name}" end end puts "-----\nTotal: #{i}" end
find(checks=nil, name)
click to toggle source
# File lib/dawn/knowledge_base.rb, line 318 def self.find(checks=nil, name) return nil if name.nil? or name.empty? checks = Dawn::KnowledgeBase.new.load_security_checks if checks.nil? checks.each do |sc| return sc if sc.name == name end nil end
new(options={})
click to toggle source
# File lib/dawn/knowledge_base.rb, line 311 def initialize(options={}) @enabled_checks = Dawn::Kb::BasicCheck::ALLOWED_FAMILIES @enabled_checks = options[:enabled_checks] unless options[:enabled_checks].nil? @security_checks = load_security_checks end
Public Instance Methods
all()
click to toggle source
# File lib/dawn/knowledge_base.rb, line 332 def all @security_checks end
all_by_mvc(mvc)
click to toggle source
TODO - next big refactoring will include also a change in this API.
So to match Semantic Version, it must bring to a major version bump. MVC name should be passed as constructor option, so the all_by_mvc
can
be called without parameter, having a nice-to-read code. @checks = Dawn::KnowledgeBase.new
({:enabled_checks=>@enabled_checks}).all_by_mvc(@name)
# File lib/dawn/knowledge_base.rb, line 343 def all_by_mvc(mvc) ret = [] @security_checks.each do |sc| ret << sc if sc.applies_to?(mvc) end ret end
all_padrino_checks()
click to toggle source
# File lib/dawn/knowledge_base.rb, line 359 def all_padrino_checks self.all_by_mvc("padrino") end
all_rack_checks()
click to toggle source
# File lib/dawn/knowledge_base.rb, line 363 def all_rack_checks self.all_by_mvc("rack") end
all_rails_checks()
click to toggle source
# File lib/dawn/knowledge_base.rb, line 355 def all_rails_checks self.all_by_mvc("rails") end
all_sinatra_checks()
click to toggle source
# File lib/dawn/knowledge_base.rb, line 351 def all_sinatra_checks self.all_by_mvc("sinatra") end
find(name)
click to toggle source
# File lib/dawn/knowledge_base.rb, line 328 def find(name) Dawn::KnowledgeBase.find(@security_checks, name) end
load_security_checks()
click to toggle source
# File lib/dawn/knowledge_base.rb, line 367 def load_security_checks # START @cve_security_checks array @cve_security_checks = [ Dawn::Kb::CVE_2004_0755.new, Dawn::Kb::CVE_2004_0983.new, Dawn::Kb::CVE_2005_1992.new, Dawn::Kb::CVE_2005_2337.new, Dawn::Kb::CVE_2006_1931.new, Dawn::Kb::CVE_2006_2582.new, Dawn::Kb::CVE_2006_3694.new, Dawn::Kb::CVE_2006_4112.new, Dawn::Kb::CVE_2006_5467.new, Dawn::Kb::CVE_2006_6303.new, Dawn::Kb::CVE_2006_6852.new, Dawn::Kb::CVE_2006_6979.new, Dawn::Kb::CVE_2007_0469.new, Dawn::Kb::CVE_2007_5162.new, Dawn::Kb::CVE_2007_5379.new, Dawn::Kb::CVE_2007_5380.new, Dawn::Kb::CVE_2007_5770.new, Dawn::Kb::CVE_2007_6077.new, Dawn::Kb::CVE_2007_6612.new, Dawn::Kb::CVE_2008_1145.new, Dawn::Kb::CVE_2008_1891.new, Dawn::Kb::CVE_2008_2376.new, Dawn::Kb::CVE_2008_2662.new, Dawn::Kb::CVE_2008_2663.new, Dawn::Kb::CVE_2008_2664.new, Dawn::Kb::CVE_2008_2725.new, Dawn::Kb::CVE_2008_3655.new, Dawn::Kb::CVE_2008_3657.new, Dawn::Kb::CVE_2008_3790.new, Dawn::Kb::CVE_2008_3905.new, Dawn::Kb::CVE_2008_4094.new, Dawn::Kb::CVE_2008_4310.new, Dawn::Kb::CVE_2008_5189.new, Dawn::Kb::CVE_2008_7248.new, Dawn::Kb::CVE_2009_4078.new, Dawn::Kb::CVE_2009_4124.new, Dawn::Kb::CVE_2009_4214.new, Dawn::Kb::CVE_2010_1330.new, Dawn::Kb::CVE_2010_2489.new, Dawn::Kb::CVE_2010_3933.new, Dawn::Kb::CVE_2011_0188.new, Dawn::Kb::CVE_2011_0446.new, Dawn::Kb::CVE_2011_0447.new, Dawn::Kb::CVE_2011_0739.new, Dawn::Kb::CVE_2011_0995.new, Dawn::Kb::CVE_2011_1004.new, Dawn::Kb::CVE_2011_1005.new, Dawn::Kb::CVE_2011_2197.new, Dawn::Kb::CVE_2011_2686.new, Dawn::Kb::CVE_2011_2705.new, Dawn::Kb::CVE_2011_2929.new, Dawn::Kb::CVE_2011_2930.new, Dawn::Kb::CVE_2011_2931.new, Dawn::Kb::CVE_2011_2932.new, Dawn::Kb::CVE_2011_3009.new, Dawn::Kb::CVE_2011_3186.new, Dawn::Kb::CVE_2011_3187.new, Dawn::Kb::CVE_2011_4319.new, Dawn::Kb::CVE_2011_4815.new, Dawn::Kb::CVE_2011_5036.new, Dawn::Kb::CVE_2012_1098.new, Dawn::Kb::CVE_2012_1099.new, Dawn::Kb::CVE_2012_1241.new, Dawn::Kb::CVE_2012_2139.new, Dawn::Kb::CVE_2012_2140.new, Dawn::Kb::CVE_2012_2660.new, Dawn::Kb::CVE_2012_2661.new, Dawn::Kb::CVE_2012_2671.new, Dawn::Kb::CVE_2012_2694.new, Dawn::Kb::CVE_2012_2695.new, Dawn::Kb::CVE_2012_3424.new, Dawn::Kb::CVE_2012_3463.new, Dawn::Kb::CVE_2012_3464.new, Dawn::Kb::CVE_2012_3465.new, Dawn::Kb::CVE_2012_4464.new, Dawn::Kb::CVE_2012_4466.new, Dawn::Kb::CVE_2012_4481.new, Dawn::Kb::CVE_2012_4522.new, Dawn::Kb::CVE_2012_5370.new, Dawn::Kb::CVE_2012_5371.new, Dawn::Kb::CVE_2012_5380.new, Dawn::Kb::CVE_2012_6109.new, Dawn::Kb::CVE_2012_6134.new, Dawn::Kb::CVE_2012_6496.new, Dawn::Kb::CVE_2012_6497.new, Dawn::Kb::CVE_2012_6684.new, Dawn::Kb::CVE_2013_0155.new, Dawn::Kb::CVE_2013_0156.new, Dawn::Kb::CVE_2013_0162.new, Dawn::Kb::CVE_2013_0175.new, Dawn::Kb::CVE_2013_0183.new, Dawn::Kb::CVE_2013_0184.new, Dawn::Kb::CVE_2013_0233.new, Dawn::Kb::CVE_2013_0256.new, Dawn::Kb::CVE_2013_0262.new, Dawn::Kb::CVE_2013_0263.new, Dawn::Kb::CVE_2013_0269.new, Dawn::Kb::CVE_2013_0276.new, Dawn::Kb::CVE_2013_0277.new, Dawn::Kb::CVE_2013_0284.new, Dawn::Kb::CVE_2013_0285.new, Dawn::Kb::CVE_2013_0333.new, Dawn::Kb::CVE_2013_0334.new, Dawn::Kb::CVE_2013_1607.new, Dawn::Kb::CVE_2013_1655.new, Dawn::Kb::CVE_2013_1656.new, Dawn::Kb::CVE_2013_1756.new, Dawn::Kb::CVE_2013_1800.new, Dawn::Kb::CVE_2013_1801.new, Dawn::Kb::CVE_2013_1802.new, Dawn::Kb::CVE_2013_1812.new, Dawn::Kb::CVE_2013_1821.new, Dawn::Kb::CVE_2013_1854.new, Dawn::Kb::CVE_2013_1855.new, Dawn::Kb::CVE_2013_1856.new, Dawn::Kb::CVE_2013_1857.new, Dawn::Kb::CVE_2013_1875.new, Dawn::Kb::CVE_2013_1898.new, Dawn::Kb::CVE_2013_1911.new, Dawn::Kb::CVE_2013_1933.new, Dawn::Kb::CVE_2013_1947.new, Dawn::Kb::CVE_2013_1948.new, Dawn::Kb::CVE_2013_2065.new, Dawn::Kb::CVE_2013_2090.new, Dawn::Kb::CVE_2013_2105.new, Dawn::Kb::CVE_2013_2119.new, Dawn::Kb::CVE_2013_2512.new, Dawn::Kb::CVE_2013_2513.new, Dawn::Kb::CVE_2013_2516.new, Dawn::Kb::CVE_2013_2615.new, Dawn::Kb::CVE_2013_2616.new, Dawn::Kb::CVE_2013_2617.new, Dawn::Kb::CVE_2013_3221.new, Dawn::Kb::CVE_2013_4164.new, Dawn::Kb::CVE_2013_4203.new, Dawn::Kb::CVE_2013_4389.new, Dawn::Kb::CVE_2013_4413.new, Dawn::Kb::CVE_2013_4457.new, Dawn::Kb::CVE_2013_4478.new, Dawn::Kb::CVE_2013_4479.new, Dawn::Kb::CVE_2013_4489.new, Dawn::Kb::CVE_2013_4491.new, Dawn::Kb::CVE_2013_4492.new, Dawn::Kb::CVE_2013_4562.new, Dawn::Kb::CVE_2013_4593.new, Dawn::Kb::CVE_2013_5647.new, Dawn::Kb::CVE_2013_5671.new, Dawn::Kb::CVE_2013_6414.new, Dawn::Kb::CVE_2013_6415.new, Dawn::Kb::CVE_2013_6416.new, Dawn::Kb::CVE_2013_6417.new, Dawn::Kb::CVE_2013_6421.new, Dawn::Kb::CVE_2013_6459.new, Dawn::Kb::CVE_2013_6460.new, Dawn::Kb::CVE_2013_6461.new, Dawn::Kb::CVE_2013_7086.new, Dawn::Kb::CVE_2014_0036.new, Dawn::Kb::CVE_2014_0080.new, Dawn::Kb::CVE_2014_0081.new, Dawn::Kb::CVE_2014_0082.new, Dawn::Kb::CVE_2014_0130.new, Dawn::Kb::CVE_2014_1233.new, Dawn::Kb::CVE_2014_1234.new, Dawn::Kb::CVE_2014_2322.new, Dawn::Kb::CVE_2014_2525.new, Dawn::Kb::CVE_2014_2538.new, Dawn::Kb::CVE_2014_3482.new, Dawn::Kb::CVE_2014_3483.new, Dawn::Kb::CVE_2014_3916.new, Dawn::Kb::CVE_2014_4975.new, Dawn::Kb::CVE_2014_7818.new, Dawn::Kb::CVE_2014_7819.new, Dawn::Kb::CVE_2014_7829.new, Dawn::Kb::CVE_2014_8090.new, Dawn::Kb::CVE_2014_9490.new, Dawn::Kb::CVE_2015_1819.new, Dawn::Kb::CVE_2015_1840_a.new, Dawn::Kb::CVE_2015_1840_b.new, Dawn::Kb::CVE_2015_2963.new, Dawn::Kb::CVE_2015_3224.new, Dawn::Kb::CVE_2015_3225.new, Dawn::Kb::CVE_2015_3226.new, Dawn::Kb::CVE_2015_3227.new, Dawn::Kb::CVE_2015_3448.new, Dawn::Kb::CVE_2015_4020.new, Dawn::Kb::CVE_2015_5312.new, Dawn::Kb::CVE_2015_7497.new, Dawn::Kb::CVE_2015_7498.new, Dawn::Kb::CVE_2015_7499.new, Dawn::Kb::CVE_2015_7500.new, Dawn::Kb::CVE_2015_7519.new, Dawn::Kb::CVE_2015_7541.new, Dawn::Kb::CVE_2015_7576.new, Dawn::Kb::CVE_2015_7577.new, Dawn::Kb::CVE_2015_7578.new, Dawn::Kb::CVE_2015_7579.new, Dawn::Kb::CVE_2015_7581.new, Dawn::Kb::CVE_2015_8241.new, Dawn::Kb::CVE_2015_8242.new, Dawn::Kb::CVE_2015_8317.new, Dawn::Kb::CVE_2016_0751.new, Dawn::Kb::CVE_2016_0752.new, Dawn::Kb::CVE_2016_0753.new, Dawn::Kb::CVE_2016_2097.new, Dawn::Kb::CVE_2016_2098.new, Dawn::Kb::CVE_2016_5697.new, Dawn::Kb::CVE_2016_6316.new, Dawn::Kb::CVE_2016_6317.new, Dawn::Kb::CVE_2016_6582.new, # OSVDB Checks are still here since are all about dependencies Dawn::Kb::OSVDB_105971.new, Dawn::Kb::OSVDB_108569.new, Dawn::Kb::OSVDB_108570.new, Dawn::Kb::OSVDB_108530.new, Dawn::Kb::OSVDB_108563.new, Dawn::Kb::OSVDB_115654.new, Dawn::Kb::OSVDB_116010.new, Dawn::Kb::OSVDB_117903.new, Dawn::Kb::OSVDB_118579.new, Dawn::Kb::OSVDB_118830.new, Dawn::Kb::OSVDB_118954.new, Dawn::Kb::OSVDB_119878.new, Dawn::Kb::OSVDB_119927.new, Dawn::Kb::OSVDB_120415.new, Dawn::Kb::OSVDB_120857.new, Dawn::Kb::OSVDB_121701.new, Dawn::Kb::OSVDB_132234.new, ] # END @cve_security_checks array # START @owasp_ror_cheatsheet_checks array @owasp_ror_cheatsheet_checks = [ Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new, Dawn::Kb::OwaspRorCheatSheet::Csrf.new, Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new, Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new, Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new, Dawn::Kb::OwaspRorCheatSheet::CheckForSafeRedirectAndForward.new, Dawn::Kb::OwaspRorCheatSheet::SensitiveFiles.new, ] # END @owasp_ror_cheatsheet_checks array @code_quality_checks = [ Dawn::Kb::NotRevisedCode.new, ] @aux_checks = [ Dawn::Kb::SimpleForm_Xss_20131129.new, ] ret = [] ret += @aux_checks ret += @cve_security_checks if @enabled_checks.include?(:bulletin) ret += @owasp_ror_cheatsheet_checks if @enabled_checks.include?(:owasp_ror_cheatsheet) ret += @code_quality_checks if @enabled_checks.include?(:code_quality) ret end