Class: Dawn::KnowledgeBaseExperimental

Inherits:
Object
  • Object
show all
Includes:
Utils, Singleton
Defined in:
lib/dawn/knowledge_base_experimental.rb

Overview

This is the YAML powered experimental knowledge base

When the old KB format, using Ruby classes will be marked as deprecated, than this one will be the official.

Dawnscanner KB will be a bunch of YAML file, stored in a hierachy of directories resembling security checks family. A digital signature will be also available to prevent KB tampering.

This class will be accountable for:

+ check for KB upgrade
+ fetching the KB file from the Internet
+ verifying the database signature
+ reading YAML file, creating the security check array

Another big change will be the MVC passed as constructor parameter, so only the checks regarding the particular app, will be loaded in the security check array. This should speed up BasicCheck internal routines.

Class usage will be very simple. After getting the singleton instance, you will load the KB content. The load method will be also responsible about all relevant checks.

Example

require “dawn/knowledge_base_experimental”

d = Dawn::KnowledgeBaseExperimental.instance d.update if d.update? d.load

Last update: Fri Oct 7 08:03:43 CEST 2016

Constant Summary collapse

GEM_CHECK =
:rubygem_check
DEPENDENCY_CHECK =
:dependency_check
PATTERN_MATCH_CHECK =
:pattern_match_check
RUBY_VERSION_CHECK =
:ruby_version_check
OS_CHECK =
:os_check
COMBO_CHECK =
:combo_check
CUSTOM_CHECK =
:custom_check
REMOTE_KB_URL_PREFIX =
"https://dawnscanner.org/data/"
FILES =
%w(kb.yaml bulletin.tar.gz generic_check.tar.gz owasp_ror_cheatsheet.tar.gz code_style.tar.gz code_quality.tar.gz owasp_top_10.tar.gz signatures.tar.gz)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Utils

#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true

Constructor Details

#initialize(options = {}) ⇒ KnowledgeBaseExperimental

Returns a new instance of KnowledgeBaseExperimental.



65
66
67
68
69
70
71
# File 'lib/dawn/knowledge_base_experimental.rb', line 65

def initialize(options={})
  if $logger.nil?
    require 'dawn/logger'
    $logger = Logger.new(STDOUT)
    $logger.helo "knowledge-base-experimental", Dawn::VERSION
  end
end

Instance Attribute Details

#descriptorObject (readonly)

Returns the value of attribute descriptor.



62
63
64
# File 'lib/dawn/knowledge_base_experimental.rb', line 62

def descriptor
  @descriptor
end

#pathObject (readonly)

Returns the value of attribute path.



63
64
65
# File 'lib/dawn/knowledge_base_experimental.rb', line 63

def path
  @path
end

#security_checksObject (readonly)

Returns the value of attribute security_checks.



61
62
63
# File 'lib/dawn/knowledge_base_experimental.rb', line 61

def security_checks
  @security_checks
end

Class Method Details

.kb_descriptorObject



78
79
80
# File 'lib/dawn/knowledge_base_experimental.rb', line 78

def self.kb_descriptor
  {:kb=>{:version=>"0.0.1", :revision=>Time.now.strftime("%Y%m%d"), :api=>Dawn::VERSION}}.to_yaml
end

Instance Method Details

#allObject



103
104
105
# File 'lib/dawn/knowledge_base_experimental.rb', line 103

def all
  @security_checks
end

#dump(verbose = false) ⇒ Object



163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# File 'lib/dawn/knowledge_base_experimental.rb', line 163

def dump(verbose=false)
  puts "Security checks currently supported:"
  i=0
  KnowledgeBaseExperimental.instance.all.each do |check|
    i+=1
    if verbose
      puts "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}"
      puts "Description\n#{check.message}"
      puts "Remediation\n#{check.remediation}\n\n"
    else
      puts "#{check.name}"
    end
  end
  puts "-----\nTotal: #{i}"

end

#find(name) ⇒ Object



75
76
# File 'lib/dawn/knowledge_base_experimental.rb', line 75

def find(name)
end

#load(options = {}) ⇒ Object

Load security checks from db/ folder.

options - The list of the options to be passed to KB. It can contain:

+ enabled_checks: an array of security checks that must be enabled
   [:generic_check, :code_quality, :bulletin, :code_style, :owasp_ror_cheatsheet, :owasp_top_10]
+ mvc: the mvc name for the target application, in order for the KB to
       deselect all security checks that don't fit the code to be
       reviewed.
+ path: the path for the KB root folder. Please note that #{Dir.pwd}/db
        is the default location.

Returns an array of security checks, matching the mvc to be reviewed and the enabled check list or an empty array if an error occured.



120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# File 'lib/dawn/knowledge_base_experimental.rb', line 120

def load(options={})
  @security_checks = []
  $path = File.join(Dir.pwd, "db")

  enabled_checks  = options[:enabled_checks]  unless options[:enabled_checks].nil?
  mvc             = options[:mvc]             unless options[:mvc].nil?
  $path           = options[:path]            unless options[:path].nil?

  unless __valid?
    $logger.error "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
    return []
  end

  unless __load?
    $logger.error "The library must be consumed with dawnscanner up to v#{$descriptor["kb"]["api"]}. You are using dawnscanner v#{Dawn::VERSION}"
    return []
  end

  # TODO: untar and unzip from here (look for it in Google)
  if __packed?
    $logger.info "a packed knowledge base it has been found. Unpacking it"
    __unpack
  end

  enabled_checks.each do |d|

    dir = File.join($path, d)

    # Please note that if we enter in this branch, it means someone
    # tampered the KB between the previous __valid? check and this point.
    # Of course this is a very rare situation, but we must handle it.
    unless Dir.exists?(dir)
      $logger.critical "Missing check directory #{dir}"
      $logger.error "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
      return []
    end

    # Enumerate all YAML file in the give dir

  end

end

#update?Boolean

Returns:

  • (Boolean)


82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/dawn/knowledge_base_experimental.rb', line 82

def update?
  FileUtils.mkdir_p("tmp")
  begin
    response = Net::HTTP.get URI(REMOTE_KB_URL_PREFIX + "kb.yaml")
    open("tmp/kb.yaml", "w") do |f|
      f.puts(response)
    end
    response = Net::HTTP.get URI(REMOTE_KB_URL_PREFIX + "kb.yaml.sig")
    open("tmp/kb.yaml.sig", "w") do |f|
      f.puts(response)
    end
  rescue Exception => e
    $logger.error e.to_s
    return false
  end

  # Verify kb.yaml signature

  YAML.load(response)
end