Module: Dawn::Kb::ComboCheck

Constant Summary

Constants included from BasicCheck

BasicCheck::ALLOWED_FAMILIES

Instance Attribute Summary collapse

Attributes included from BasicCheck

#applies, #aux_links, #check_family, #cve, #cvss, #cwe, #debug, #evidences, #fixes_version, #kind, #message, #mitigated, #name, #osvdb, #owasp, #priority, #release_date, #remediation, #ruby_version, #ruby_vulnerable_versions, #severity, #status, #target_version, #title

Class Method Summary collapse

Instance Method Summary collapse

Methods included from BasicCheck

#applies_to?, #cve_link, #cvss_score, families, #family, #family=, #lint, #mitigated?, #nvd_link, #osvdb_link, #rubysec_advisories_link

Methods included from Utils

#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true

Instance Attribute Details

#checksObject (readonly)

Returns the value of attribute checks


6
7
8
# File 'lib/dawn/kb/combo_check.rb', line 6

def checks
  @checks
end

#optionsObject

Returns the value of attribute options


7
8
9
# File 'lib/dawn/kb/combo_check.rb', line 7

def options
  @options
end

#vulnerable_checksObject (readonly)

Returns the value of attribute vulnerable_checks


8
9
10
# File 'lib/dawn/kb/combo_check.rb', line 8

def vulnerable_checks
  @vulnerable_checks
end

Class Method Details

.find_vulnerable_checks_by_class(list = [], klass = Object) ⇒ Object


53
54
55
56
57
58
# File 'lib/dawn/kb/combo_check.rb', line 53

def self.find_vulnerable_checks_by_class(list=[], klass=Object)
  list.each do |l|
    return l if l.instance_of?(klass)
  end
  nil
end

Instance Method Details

#dump_statusObject


45
46
47
48
49
50
51
# File 'lib/dawn/kb/combo_check.rb', line 45

def dump_status
  @checks.each do |check|
    debug_me("check name is #{check.name} and vulnerable status is #{check.status}")
  end

  true
end

#initialize(options = {}) ⇒ Object


11
12
13
14
15
16
17
18
# File 'lib/dawn/kb/combo_check.rb', line 11

def initialize(options={})
  super(options)
  @vuln_if_all_fails = true
  @vuln_if_all_fails = options[:vuln_if_all_fails] unless options[:vuln_if_all_fails].nil?
  @checks = options[:checks]
  @vulnerable_checks = []
  @options = options
end

#vuln?Boolean

Returns:

  • (Boolean)

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# File 'lib/dawn/kb/combo_check.rb', line 20

def vuln?
  ret = true
  at_least_one = false
  @checks.each do |check|
    check_vuln = false
    check.detected_ruby   = @options[:detected_ruby]    if check.kind == Dawn::KnowledgeBase::RUBY_VERSION_CHECK
    check.dependencies    = @options[:dependencies]     if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK
    check.root_dir        = @options[:root_dir]         if check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
    check.debug           = self.debug

    check_vuln = check.vuln? if check.respond_to?(:vuln?)

    ret = ret && check_vuln
    at_least_one = true if check_vuln
    @evidences << check.evidences if check_vuln
    @vulnerable_checks << check if check_vuln
    raise "A check class doesn't respond to vuln? in combo (#{check.class})" unless check.respond_to?(:vuln?)
  end

  dump_status
  debug_me("combo_check: is_vulnerable_if_all_checks_fail = #{@vuln_if_all_fails}, RET = #{ret}, at_least_one= #{at_least_one}")
  return ret if @vuln_if_all_fails
  return at_least_one unless @vuln_if_all_fails
end