Class: Dawn::Padrino

Inherits:

Object

• Object
• Dawn::Padrino

Includes:

Engine

Defined in:

lib/dawn/padrino.rb

Instance Attribute Summary

• #apps ⇒ Object readonly

  Returns the value of attribute apps.

Attributes included from Engine

#applied_checks, #checks, #connected_gems, #controllers, #debug, #engine_error, #force, #gemfile_lock, #mitigated_issues, #models, #mvc_version, #name, #output_dir_name, #reflected_xss, #ruby_version, #scan_start, #scan_stop, #skipped_checks, #stats, #target, #views, #vulnerabilities

Instance Method Summary

• #detect_apps ⇒ Object
• #get_sinatra_version ⇒ Object
• #initialize(dir = nil) ⇒ Padrino constructor

  A new instance of Padrino.

• #is_mount_call?(a) ⇒ Boolean

Methods included from Engine

#apply, #apply_all, #build_view_array, #can_apply?, #count_vulnerabilities, #create_output_dir, #detect_controllers, #detect_models, #detect_views, #error!, #error?, #find_vulnerability_by_name, #get_mvc_version, #get_ruby_version, #has_gemfile_lock?, #has_reflected_xss?, #is_applied?, #is_good_mvc?, #is_vulnerable_to?, #load_knowledge_base, #output_dir, #scan_time, #set_mvc_version, #set_target, #target_is_dir?

Methods included from Utils

#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true

Constructor Details

#initialize(dir = nil) ⇒ Padrino

Returns a new instance of Padrino.

# File 'lib/dawn/padrino.rb', line 8

def initialize(dir=nil)
  super(dir, "padrino", {:debug=>false}) 
  @apps = detect_apps
end

Instance Attribute Details

#apps ⇒ Object (readonly)

Returns the value of attribute apps.

# File 'lib/dawn/padrino.rb', line 6

def apps
  @apps
end

Instance Method Details

#detect_apps ⇒ Object

# File 'lib/dawn/padrino.rb', line 20

def detect_apps

  apps_rb = File.join(@target, "config", "apps.rb")
  return nil unless File.exist?(apps_rb)
  lines = File.readlines(apps_rb)
  p = RubyParser.new
  apps = []

  lines.each do |line|
    if /^Padrino\.mount/ =~ line

      begin
        tree = p.parse(line)
        if ! tree.nil? && tree.sexp_type == :call
          body_a = tree.sexp_body.to_a
          debug_me("BODY_A=#{body_a[0]} - BODY_A_SIZE=#{body_a[0].size}")
          debug_me("IS_MOUNT_CALL? #{is_mount_call?(body_a[0])}")
          mp = body_a[2][1]
          debug_me("MP = #{mp}")

          # Padrino.mount('HelloWorldPadrino::App', :app_file => Padrino.root('app/app.rb')).to('/')
          sinatra_app_rb = body_a[0][4][2][3][1] if body_a[0].size == 5 && is_mount_call?(body_a[0]) 

          # Padrino.mount("HelloWorldPadrino:App").to('/')
          if body_a[0].size == 4

            # Defaulting the application name if mount point is /
            sinatra_app_rb = "app/app.rb" if mp == "/"

            # Take the app name as mountpoint/app.rb
            sinatra_app_rb = body_a[0][3][1].downcase+"/app.rb" unless mp == "/"

          end

          target = File.dirname(sinatra_app_rb )
          apps << Dawn::Sinatra.new(target, mp)
        end
      rescue Racc::ParseError => e
        debug_me(e.message)
      end
    end

    # if line.start_with?("Padrino.mount")

  end


  debug_me("sinatra version is: #{self.get_sinatra_version}")
  apps.each do |a|
    debug_me("detected sinatra application at #{a.mount_point} ")
  end
  apps
end

#get_sinatra_version ⇒ Object

# File 'lib/dawn/padrino.rb', line 13

def get_sinatra_version
  self.connected_gems.each do |gem|
    return gem[:version] if gem[:name] == "sinatra"
  end

  return ""
end

#is_mount_call?(a) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dawn/padrino.rb', line 74

def is_mount_call?(a)
  return (a[0] == :call && a[1] == [:const, :Padrino] && a[2] == :mount)
end