Class: Dawn::Core
- Inherits:
-
Object
- Object
- Dawn::Core
- Defined in:
- lib/dawn/core.rb
Class Method Summary collapse
- .detect_mvc(target) ⇒ Object
- .find_conf(create_if_none = false) ⇒ Object
-
.guess_mvc(gemfile_lock) ⇒ Object
guess_mvc is very close to detect_mvc despite it accepts a filename as input and it tries to guess the mvc framework used from the gems it founds in Gemfile.lock without creating an engine.
-
.help ⇒ Object
TODO.20140326 All those methods must moved from here to Util class and a Dawn::Core namespace must be created.
- .is_good_target?(target) ⇒ Boolean
- .read_conf(file = nil) ⇒ Object
- .registry_db_folder ⇒ Object
- .registry_db_name ⇒ Object
- .sql_log_name ⇒ Object
Class Method Details
.detect_mvc(target) ⇒ Object
85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/dawn/core.rb', line 85 def self.detect_mvc(target) raise ArgumentError.new("you must set target directory") if target.nil? my_dir = Dir.pwd Dir.chdir(target) raise ArgumentError.new("no Gemfile.lock in #{target}") unless File.exist?("Gemfile.lock") lockfile = Bundler::LockfileParser.new(Bundler.read_file("Gemfile.lock")) Dir.chdir(my_dir) lockfile.specs.each do |s| return Dawn::Rails.new(target) if s.name == "rails" return Dawn::Padrino.new(target) if s.name == "padrino" end return Dawn::Sinatra.new(target) end |
.find_conf(create_if_none = false) ⇒ Object
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'lib/dawn/core.rb', line 107 def self.find_conf(create_if_none = false) conf_name = 'dawnscanner.yaml' path_order = [ './', '~/', '/usr/local/etc/', ] path_order.each do |p| fn = p + conf_name if p.start_with?('/') # if outside $HOME the config file must be hidden fn = File.(p) + '/.'+conf_name if ! p.start_with?('/') return fn if File.exist?(fn) end # Dawn didn't find a config file. # If create_if_none flag is set to false, than I'll return nil so the # read_conf method will return the default configuration return nil unless create_if_none # If create_if_none flag is set to true, than I'll create a config file # on the current directory with the default configuration. conf = {"config"=>{:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}} # Calculate the conf file path conf_path = File.('~') +'/.'+conf_name # Open the conf file and write our default config to it File.open(conf_path, 'w') do |f| rv = f.write(YAML.dump(conf)) end conf_path end |
.guess_mvc(gemfile_lock) ⇒ Object
guess_mvc is very close to detect_mvc despite it accepts a filename as input and it tries to guess the mvc framework used from the gems it founds in Gemfile.lock without creating an engine.
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/dawn/core.rb', line 65 def self.guess_mvc(gemfile_lock) ret = {:name=>"", :version=>"", :connected_gems=>[]} a = [] my_dir = Dir.pwd Dir.chdir(File.dirname(gemfile_lock)) raise ArgumentError.new("can't read #{gemfile_lock}") unless File.readable?(File.basename(gemfile_lock)) lockfile = Bundler::LockfileParser.new(Bundler.read_file(File.basename(gemfile_lock))) Dir.chdir(my_dir) lockfile.specs.each do |s| ret = {:name=>s.name, :version=>s.version.to_s} if s.name == "rails" || s.name == "sinatra" a << {:name=>s.name, :version=>s.version.to_s} end ret[:connected_gems]=a ret end |
.help ⇒ Object
TODO.20140326 All those methods must moved from here to Util class and a Dawn::Core namespace must be created.
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/dawn/core.rb', line 19 def self.help puts "Usage: dawn [options] target_directory" printf "\nExamples:\n" puts "\t$ dawn a_sinatra_webapp_directory" puts "\t$ dawn -C the_rails_blog_engine" puts "\t$ dawn -C --json a_sinatra_webapp_directory" puts "\t$ dawn --ascii-tabular-report my_rails_blog_ecommerce" puts "\t$ dawn --html -F my_report.html my_rails_blog_ecommerce" printf "\n -r, --rails\t\t\t\t\tforce dawn to consider the target a rails application (DEPRECATED)" printf "\n -s, --sinatra\t\t\t\tforce dawn to consider the target a sinatra application (DEPRECATED)" printf "\n -p, --padrino\t\t\t\tforce dawn to consider the target a padrino application (DEPRECATED)" printf "\n -G, --gem-lock\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock (DEPRECATED)" printf "\n -d, --dependencies\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock" printf "\n\nReporting\n" printf "\n -a, --ascii-tabular-report\t\t\tcause dawn to format findings using tables in ascii art (DEPRECATED)" printf "\n -j, --json\t\t\t\t\tcause dawn to format findings using json" printf "\n -K, --console\t\t\t\t\tcause dawn to format findings using plain ascii text" printf "\n -C, --count-only\t\t\t\tdawn will only count vulnerabilities (useful for scripts)" printf "\n -z, --exit-on-warn\t\t\t\tdawn will return number of found vulnerabilities as exit code" printf "\n -F, --file filename\t\t\t\ttells dawn to write output to filename" printf "\n -c, --config-file filename\t\t\ttells dawn to load configuration from filename" printf "\n\nDisable security check family\n" printf "\n --disable-cve-bulletins\t\t\tdisable all CVE security checks" printf "\n --disable-code-quality\t\t\tdisable all code quality checks" printf "\n --disable-code-style\t\t\tdisable all code style checks" printf "\n --disable-owasp-ror-cheatsheet\t\tdisable all Owasp Ruby on Rails cheatsheet checks" printf "\n --disable-owasp-top-10\t\t\tdisable all Owasp Top 10 checks" printf "\n\nFlags useful to query Dawn\n" printf "\n -S, --search-knowledge-base [check_name]\tsearch check_name in the knowledge base" printf "\n --list-knowledge-base\t\t\tlist knowledge-base content" printf "\n --list-known-families\t\t\tlist security check families contained in dawn's knowledge base" printf "\n --list-known-framework\t\t\tlist ruby MVC frameworks supported by dawn" printf "\n --list-scan-registry\t\t\tlist past scan informations stored in scan registry (#{Dawn::Core.registry_db_name})" printf "\n\nService flags\n" printf "\n -D, --debug\t\t\t\t\tenters dawn debug mode" printf "\n -V, --verbose\t\t\t\tthe output will be more verbose" printf "\n -v, --version\t\t\t\tshow version information" printf "\n -h, --help\t\t\t\t\tshow this help\n" true end |
.is_good_target?(target) ⇒ Boolean
103 104 105 |
# File 'lib/dawn/core.rb', line 103 def self.is_good_target?(target) (File.exist?(target) and File.directory?(target)) end |
.read_conf(file = nil) ⇒ Object
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
# File 'lib/dawn/core.rb', line 141 def self.read_conf(file=nil) conf = {:verbose=>false, :output=>"tabular", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES} begin return conf if file.nil? file = file.chop if (not file.nil? and file.end_with? '/') return conf if ! File.exist?(file) rescue => e $logger.err "it seems you've found a bug in core.rb@#{__LINE__}: #{e.}" return conf end c = YAML.load_file(file) cf = c["config"] cc = cf[:enabled_checks] # TODO # I must add some sanity check here conf[:verbose] = cf["verbose"] unless cf["verbose"].nil? conf[:debug] = cf["debug"] unless cf["debug"].nil? conf[:output] = cf["output"] unless cf["output"].nil? conf[:enabled_checks] = cc unless cc.nil? return conf end |
.registry_db_folder ⇒ Object
6 7 8 |
# File 'lib/dawn/core.rb', line 6 def self.registry_db_folder "#{File.join(Dir.home, 'dawnscanner', 'db')}" end |
.registry_db_name ⇒ Object
9 10 11 |
# File 'lib/dawn/core.rb', line 9 def self.registry_db_name "#{File.join(registry_db_folder, 'dawnscanner.db')}" end |
.sql_log_name ⇒ Object
12 13 14 |
# File 'lib/dawn/core.rb', line 12 def self.sql_log_name "#{File.join(registry_db_folder, 'dawnscanner-sql.log')}" end |