class Pedant::CheckScriptNotSignedAndUsingTrustedFunction
Public Class Methods
requires()
click to toggle source
Calls superclass method
Pedant::Check::requires
# File lib/pedant/checks/script_not_signed_and_using_trusted_function.rb, line 29 def self.requires super + [:main, :trees, :codes] end
Public Instance Methods
run()
click to toggle source
# File lib/pedant/checks/script_not_signed_and_using_trusted_function.rb, line 33 def run # This check only applies to plugins. return skip unless @kb[:main].extname == '.nasl' tree = @kb[:trees][@kb[:main]] codes = @kb[:codes][@kb[:main]] tree.all(:Call).each do |node| # builtin trusted functions next unless [ "bind_sock_tcp", "bind_sock_tcp6", "bind_sock_udp", "bind_sock_udp6", "can_query_report", "cfile_open", "cfile_stat", "db_open", "db_open2", "db_open_ex", "db_query", "db_query_foreach", "dsa_do_sign", "dump_interfaces", "file_close", "file_fstat", "file_is_signed", "file_md5", "file_mkdir", "file_mtime", "file_open", "file_read", "file_rename", "file_seek", "file_stat", "file_write", "find_in_path", "fork", "fread", "fwrite", "gc", "get_preference_file_content", "get_preference_file_location", "get_tmp_dir", "inject_packet", "is_user_root", "kb_ssh_certificate", "kb_ssh_login", "kb_ssh_password", "kb_ssh_privatekey", "kb_ssh_publickey", "kb_ssh_realm", "kb_ssh_transport", "kill", "load_db_master_key_cli", "mkdir", "mkdir_ex", "mutex_lock", "mutex_unlock", "nessus_get_dir", "open_sock2", "open_sock_ex", "pem_to_dsa", "pem_to_dsa2", "pem_to_pub_rsa", "pem_to_rsa", "pem_to_rsa2", "pread", "query_report", "readdir", "recvfrom", "rename", "resolv", "rmdir", "rsa_sign", "same_host", "schematron_validate", "script_get_preference_file_content", "script_get_preference_file_location", "sendto", "set_mem_limits", "socket_accept", "ssl_accept3", "ssl_accept4", "syn_scan", "tcp_scan", "thread_create", "udp_scan", "unlink", "untar_plugins", "xmldsig_sign", "xmldsig_verify", "xmlparse", "xsd_validate", "xslt_apply_stylesheet", "xslt_filter", # trusted functions from includes # cisco_kb_cmd_func.inc "cisco_command_kb_item", # macosx_func.inc "exec_cmd", "exec_cmds", "get_users_homes", # ssh_func.inc "ssh_cmd", # ssh1_func.inc "ssh_cmd1", # functions that can call open_sock2() "enable_keepalive", "http_is_dead", "http_keepalive_enabled", "http_open_soc_err", "http_open_socket_ka", "http_recv_body", "http_recv_headers3", "http_recv3", "http_reopen_socket", "http_send_recv_req", "http_send_recv3", "http_set_error" ].include? node.name.ident.name if [ # functions that can call open_sock2() "enable_keepalive", "http_is_dead", "http_keepalive_enabled", "http_open_soc_err", "http_open_socket_ka", "http_recv_body", "http_recv_headers3", "http_recv3", "http_reopen_socket", "http_send_recv_req", "http_send_recv3", "http_set_error" ].include? node.name.ident.name # check if we use the named argument 'target' next unless node.args.any? { |arg| arg.respond_to? :name and arg.name.respond_to? :name and arg.name.name == "target" } next if codes.index("#TRUSTED") == 0 report( :warn, "Plugin is using the function #{node.name.ident.name}() with the 'target' argument, which makes it call open_sock2(), a trusted function, and may need to be signed." ) report(:warn, node.context()) return fail end next if codes.index("#TRUSTED") == 0 report( :warn, "Plugin is using the trusted function #{node.name.ident.name}() and may need to be signed." ) report(:warn, node.context()) return fail end report(:info, "Plugin is not using a trusted function.") pass end