Module: Dawn::Kb::OperatingSystemCheck

Includes:
BasicCheck
Included in:
CVE_2008_4310_b, CVE_2010_2489_b, CVE_2011_0188_b, CVE_2011_0995_b
Defined in:
lib/dawn/kb/operating_system_check.rb

Constant Summary

Constants included from BasicCheck

BasicCheck::ALLOWED_FAMILIES

Instance Attribute Summary collapse

Attributes included from BasicCheck

#applies, #aux_links, #check_family, #cve, #cvss, #cwe, #debug, #evidences, #fixes_version, #kind, #message, #mitigated, #name, #osvdb, #owasp, #priority, #release_date, #remediation, #ruby_version, #ruby_vulnerable_versions, #severity, #status, #target_version, #title

Instance Method Summary collapse

Methods included from BasicCheck

#applies_to?, #cve_link, #cvss_score, families, #family, #family=, #lint, #mitigated?, #nvd_link, #osvdb_link, #rubysec_advisories_link

Methods included from Utils

#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true

Instance Attribute Details

#safe_osObject

safe_os is an Hash with this form :vendor=>“”, :version=>“”

family can be one of the following:

"linux"
"windows"
"unix"
"osx"
"freebsd"
"netbsd"
"openbsd"
"unknown"

vendor will be either “microsoft”, “apple”, unix flavour or linux distribution accordingly


18
19
20
# File 'lib/dawn/kb/operating_system_check.rb', line 18

def safe_os
  @safe_os
end

#target_osObject

Returns the value of attribute target_os


19
20
21
# File 'lib/dawn/kb/operating_system_check.rb', line 19

def target_os
  @target_os
end

Instance Method Details

#different_family?Boolean

Returns:

  • (Boolean)

34
35
36
37
38
39
40
# File 'lib/dawn/kb/operating_system_check.rb', line 34

def different_family?
  ret = false
  @safe_os.each do |sos|
    ret = true if ! ret && sos[:family] == @target_os[:family]
  end
  ret
end

#different_vendor?Boolean

Returns:

  • (Boolean)

42
43
44
45
46
47
48
# File 'lib/dawn/kb/operating_system_check.rb', line 42

def different_vendor?
  ret = false
  @safe_os.each do |sos|
    ret = true if ! ret && sos[:vendor] == @target_os[:vendor]
  end
  ret
end

#initialize(options = {}) ⇒ Object


22
23
24
25
# File 'lib/dawn/kb/operating_system_check.rb', line 22

def initialize(options={})
  super(options)
  os_detect
end

#os_detectObject


60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/dawn/kb/operating_system_check.rb', line 60

def os_detect
  platform = RUBY_PLATFORM

  @target_os = {}

  @target_os[:family] = "osx"; @target_os[:vendor]="apple" unless /darwin/.match(platform).nil?
  @target_os[:family] = "windows"; @target_os[:vendor]="microsoft" unless /win32/.match(platform).nil?
  @target_os[:family] = "linux" unless /linux/.match(platform).nil?
  @target_os[:family] = "unix"; @target_os[:vendor]="freebsd" unless /freebsd/.match(platform).nil?
  @target_os[:family] = "unix"; @target_os[:vendor]="openbsd" unless /openbsd/.match(platform).nil?
  @target_os[:family] = "unix"; @target_os[:vendor]="netbsd" unless /netbsd/.match(platform).nil?

  begin 
    require 'sys/uname'
    @target_os[:version]= [Sys::Uname.release]
  rescue # otherwise use shell
    @target_os[:version] = [`uname -r`.strip]
  end

  tmp = ""
  if File.exist?("/etc/SuSE-release")
    tmp = File.readlines("/etc/SuSE-release"); 
    @target_os[:vendor]="suse" 
  end

  if File.exist?("/etc/redhat_release")
    tmp = File.readlines("/etc/redhat_release"); 
    @target_os[:vendor]="redhat" 
  end
  if File.exist?("/etc/debian_release")
    tmp = File.readlines("/etc/debian_release");
    @target_os[:vendor]="debian" 
  end
end

#vuln?Boolean

Returns:

  • (Boolean)

27
28
29
30
31
32
# File 'lib/dawn/kb/operating_system_check.rb', line 27

def vuln?
  
  return false if different_family? 
  return false if different_vendor?
  return vulnerable_os?
end

#vulnerable_os?Boolean

Returns:

  • (Boolean)

50
51
52
53
54
55
56
57
# File 'lib/dawn/kb/operating_system_check.rb', line 50

def vulnerable_os?
  ret = false
  @safe_os.each do |sos|
    ret = true if ! ret && sos[:version] = 'none'
    ret = true if ! ret && is_vulnerable_version?(@target_os[:family], sos[:version])
  end
  ret
end