Class: Dawn::Kb::OwaspRorCheatsheet

Inherits:
Object
  • Object
show all
Includes:
ComboCheck
Defined in:
lib/dawn/kb/owasp_ror_cheatsheet.rb

Constant Summary

Constants included from BasicCheck

BasicCheck::ALLOWED_FAMILIES

Instance Attribute Summary

Attributes included from ComboCheck

#checks, #options, #vulnerable_checks

Attributes included from BasicCheck

#applies, #aux_links, #check_family, #cve, #cvss, #cwe, #debug, #evidences, #fixes_version, #kind, #message, #mitigated, #name, #osvdb, #owasp, #priority, #release_date, #remediation, #ruby_version, #ruby_vulnerable_versions, #severity, #status, #target_version, #title

Instance Method Summary collapse

Methods included from ComboCheck

#dump_status, find_vulnerable_checks_by_class, #vuln?

Methods included from BasicCheck

#applies_to?, #cve_link, #cvss_score, families, #family, #family=, #lint, #mitigated?, #nvd_link, #osvdb_link, #rubysec_advisories_link

Methods included from Utils

#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true

Constructor Details

#initializeOwaspRorCheatsheet

Returns a new instance of OwaspRorCheatsheet.


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/dawn/kb/owasp_ror_cheatsheet.rb', line 6

def initialize
  message = "This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from rails core.  The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, those unfamiliar with the inner-workings of Rails, likely need a basic set of guidelines to secure fundamental aspects of their application. The intended purpose of this doc is to be that guide."

  super({
    :name=>"Owasp Ror Cheatsheet", 
    :applies=>["rails"],
    :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
    :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
    :message=>message,
    :mitigation=>"Please refere to the Ruby on Rails cheatsheet available from owasp.org to mitigate this vulnerability",
    :checks=>[
      Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new,
      Dawn::Kb::OwaspRorCheatSheet::Csrf.new,
      Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
      Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new, 
      Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new, 


    ],
    :vuln_if_all_fails => false
  })

  # @debug = true

end