Module: Dawn::Kb::RubyVersionCheck
- Includes:
- BasicCheck
- Included in:
- CVE_2004_0755, CVE_2004_0983, CVE_2005_1992, CVE_2005_2337, CVE_2006_1931, CVE_2006_3694, CVE_2006_5467, CVE_2006_6303, CVE_2007_5162, CVE_2007_5770, CVE_2008_1145, CVE_2008_1891, CVE_2008_2376, CVE_2008_2662, CVE_2008_2663, CVE_2008_2664, CVE_2008_2725, CVE_2008_3655, CVE_2008_3657, CVE_2008_3790, CVE_2008_3905, CVE_2008_4310_a, CVE_2009_4124, CVE_2010_1330, CVE_2010_2489_a, CVE_2011_0188_a, CVE_2011_1004, CVE_2011_1005, CVE_2011_2686, CVE_2011_2705, CVE_2011_3009, CVE_2011_4815, CVE_2012_4464, CVE_2012_4466, CVE_2012_4481, CVE_2012_4522, CVE_2012_5370, CVE_2012_5371, CVE_2012_5380, CVE_2013_0256_b, CVE_2013_1655_b, CVE_2013_1821, CVE_2013_2065, CVE_2013_4164, CVE_2013_6460_b, CVE_2013_6461_b, CVE_2014_3916, CVE_2014_4975, CVE_2014_8090
- Defined in:
- lib/dawn/kb/ruby_version_check.rb
Constant Summary
Constants included from BasicCheck
Instance Attribute Summary collapse
-
#detected_ruby ⇒ Object
Hash in the :version=>“1.9.3”, :patchlevel=>“p342” form.
-
#safe_rubies ⇒ Object
Array of hashes in the :version=>“1.9.3”, :patchlevel=>“p342” form.
Attributes included from BasicCheck
#applies, #aux_links, #check_family, #cve, #cvss, #cwe, #debug, #evidences, #fixes_version, #kind, #message, #mitigated, #name, #osvdb, #owasp, #priority, #release_date, #remediation, #ruby_version, #ruby_vulnerable_versions, #severity, #status, #target_version, #title
Instance Method Summary collapse
- #is_same_version?(target, fixes = []) ⇒ Boolean
-
#is_vulnerable_engine?(target, fixes = []) ⇒ Boolean
return true if ( vv && vengine ) return (ve && vp && vengine ).
- #is_vulnerable_patchlevel?(version, patchlevel) ⇒ Boolean
- #vuln? ⇒ Boolean
Methods included from BasicCheck
#applies_to?, #cve_link, #cvss_score, families, #family, #family=, #initialize, #lint, #mitigated?, #nvd_link, #osvdb_link, #rubysec_advisories_link
Methods included from Utils
#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true
Instance Attribute Details
#detected_ruby ⇒ Object
Hash in the :version=>“1.9.3”, :patchlevel=>“p342” form
8 9 10 |
# File 'lib/dawn/kb/ruby_version_check.rb', line 8 def detected_ruby @detected_ruby end |
#safe_rubies ⇒ Object
Array of hashes in the :version=>“1.9.3”, :patchlevel=>“p342” form
6 7 8 |
# File 'lib/dawn/kb/ruby_version_check.rb', line 6 def safe_rubies @safe_rubies end |
Instance Method Details
#is_same_version?(target, fixes = []) ⇒ Boolean
59 60 61 62 63 64 65 |
# File 'lib/dawn/kb/ruby_version_check.rb', line 59 def is_same_version?(target, fixes = []) fixes.each do |f| debug_me("F=#{f}, TARGET=#{target}") return true if f == target end false end |
#is_vulnerable_engine?(target, fixes = []) ⇒ Boolean
return true if ( vv && vengine ) return (ve && vp && vengine )
52 53 54 55 56 57 |
# File 'lib/dawn/kb/ruby_version_check.rb', line 52 def is_vulnerable_engine?(target, fixes = []) fixes.each do |f| return true if f == target end false end |
#is_vulnerable_patchlevel?(version, patchlevel) ⇒ Boolean
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/dawn/kb/ruby_version_check.rb', line 67 def is_vulnerable_patchlevel?(version, patchlevel) fixes = [] debug_me "is_vulnerable_patchlevel? called with VERSION=#{version} and PLEVEL=#{patchlevel}" @safe_rubies.each do |ss| fixes << ss[:patchlevel].split("p")[1].to_i if ss[:version] == version end debug_me "FIXES IS EMPTY" if fixes.empty? debug_me "FIXES LIST IS #{fixes}" unless fixes.empty? return true if fixes.empty? t = patchlevel.split("p")[1].to_i if patchlevel.include? 'p' t = patchlevel.to_i unless patchlevel.include? 'p' fixes.each do |f| debug_me "PATCHLEVEL FIXES = #{f}, PATCHLEVEL TARGET = #{t}" return true if f > t end false end |
#vuln? ⇒ Boolean
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/dawn/kb/ruby_version_check.rb', line 10 def vuln? vv_a = [] vv_p = [] vv_e = [] vp = false ve = false @safe_rubies.each do |ss| vv_e << ss[:engine] vv_a << ss[:version] vv_p << ss[:patchlevel].split("p")[1].to_i end version_check = Dawn::Kb::VersionCheck.new(:safe=>vv_a,:detected=>detected_ruby[:version], :debug=>@debug, :save_major=>true) vengine = self.is_vulnerable_engine?(detected_ruby[:engine], vv_e) vv = version_check.vuln? ve = self.is_same_version?(detected_ruby[:version], vv_a) vp = is_vulnerable_patchlevel?(detected_ruby[:version], detected_ruby[:patchlevel]) debug_me("#{__FILE__}@#{__LINE__}: check: #{self.name}, engine is vulnerable?=#{vengine}, version is vulnerable?=#{vv}, is same version?=#{ve}, is_vulnerable_patchlevel?=#{vp}->#{vv && vengine}, #{(ve && vp && vengine )}") debug_me("#{__FILE__}@#{__LINE__}: safe ruby is: #{@safe_rubies}") debug_me("#{__FILE__}@#{__LINE__}: detected ruby is: #{@detected_ruby}") if ( vv && vengine) @status = vp if ve @status = true unless ve else @status = (ve && vp && vengine ) end debug_me("STATUS:#{@status}") self.evidences << "#{@detected_ruby[:engine]} v#{@detected_ruby[:version]}-#{@detected_ruby[:patchlevel]} detected" if @status return @status # return true if ( vv && vengine ) # return (ve && vp && vengine ) end |