lib/codesake/dawn/kb/ruby_version_check.rb in codesake-dawn-0.60 vs lib/codesake/dawn/kb/ruby_version_check.rb in codesake-dawn-0.70
- old
+ new
@@ -2,34 +2,44 @@
module Dawn
module Kb
module RubyVersionCheck
include BasicCheck
- # Array of hashes in the {:version=>"1.9.3", :patchlevel=>"p342"} form
+ # Array of hashes in the {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"} form
attr_accessor :safe_rubies
- # Hash in the {:version=>"1.9.3", :patchlevel=>"p342"} form
+ # Hash in the {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"} form
attr_accessor :detected_ruby
def vuln?
vv_a = []
vv_p = []
+ vv_e = []
vp = false
+
@safe_rubies.each do |ss|
+ vv_e << ss[:engine]
vv_a << ss[:version]
vv_p << ss[:patchlevel].split("p")[1].to_i
end
+ vengine = self.is_vulnerable_engine?(detected_ruby[:engine], vv_e)
vv = self.is_vulnerable_version?(detected_ruby[:version], vv_a)
# Since we have also the patch level a fixes version can be the same
# as the vulnerable... we must consider this
ve = self.is_same_version?(detected_ruby[:version], vv_a) unless vv
vp = is_vulnerable_patchlevel?(detected_ruby[:patchlevel], vv_p) if ve
- return true if vv
- return (ve and vp)
+ return true if ( vv and vengine )
+ return (ve and vp and vengine )
end
+ def is_vulnerable_engine?(target, fixes = [])
+ fixes.each do |f|
+ return true if f == target
+ end
+ end
+
def is_same_version?(target, fixes = [])
fixes.each do |f|
return true if f == target
end
false